Twenty-four hours. That’s how long a business has to detect and report fraudulent account activity.
For personal accounts it’s 60 days. Otherwise the theft isn’t covered by banks.
In the 1930s, bank robbers and kidnappers were the kings of crime. During the ’80s it was mobsters. Today it’s hackers committing cyberfraud every 18 seconds, racking up more than $110 billion in stolen funds each year.
Retired FBI agent Jeff Lanza from Kansas City, Mo., shared tips for staying safe Wednesday at a City National Bank event at the InNEVation Center.
Besides taking basic precautions — installing anti-virus software, keeping up with system updates, choosing a complex password — Lanza said tech users should take extra steps to protect their information online, especially business owners, who typically have more at stake but less time to report theft and have it covered.
Several key points emerged from Lanza’s talk.
■ The words “DHL,” “notify” and “delivery” are the top three words used in phishing emails, where scammers pose as reputable companies to try to steal usernames, passwords or account information. “Don’t give anyone information unless you know who they are and why they need that information,” Lanza said. If an email looks suspicious, carefully check the URL, or website address. Hover over hyperlinks with the cursor to reveal the true URL.
■ If a “site maintenance” warning pops up after logging into a bank website, immediately call the bank to confirm. Most do not perform site maintenance during business hours and the warning could be a ruse to buy thieves time to steal money.
■ If possible, set aside one computer that is to be used only for accessing online accounts. No email or social media or spreadsheets — those tasks can be completed on other computers, Lanza said.
■ Make sure passwords are at least eight characters long, which increase the number of password possibilities to a quadrillion, making it harder for hackers to crack. Mobile phone app Keeper, available for iPhone and Android, saves passwords in folders. Mobile and Web app Dashlane manages passwords and automatically logs users into their accounts.
■ There are a few different types of Wi-Fi protected access. Always choose WPA2 encryption to secure a wireless network.
■ To check for identity theft, request credit reports three times per year, once with each agency — Equifax, Experian and TransUnion. The Federal Deposit Insurance Corp. allows consumers to request a free credit report every 12 months from each of the agencies by calling 877-322-8228 or visiting www.annualcreditreport.com.
■ Establish a culture of security. Don’t warn employees just once; review policies regularly at meetings.
Lanza said he never uses a debit card online or at gas stations or restaurants. Instead he uses credit cards because they aren’t directly linked to a checking account.
Regardless of safeguards used, use common sense.
“Sometimes technology fails,” Lanza said. “Our backup is our brain. Our backup is our vigilance.”
Contact reporter Kristy Totten at firstname.lastname@example.org or 702-477-3809. Follow kristy_tea on Twitter.