fbpx

+1 (954) 478-7714

info@npsbank.com

B2B Vault Episode 48: Cyber Security & Identity Theft
B2B Vault Episode 48: Cyber Security & Identity Theft

Written by Allen Kopelman

February 2, 2022

Video Transcription

Hey, this is Allen Kopelman with the B2B vault podcast, the payment technology podcast, providing educational information for business owners and merchants. And don’t forget, you can follow us on social media, B2B vault, Instagram, Facebook, Twitter, and on the world wide web on our website, B2B vault.info, and more on all the popular podcasts streaming networks. So today, we’re going to talk about security and identity, identity theft, security, and identity theft. Security & Identity Theft is a crazy subject, you know, and something happened the other day. So we’re going to talk about what happened. So I get a phone call. I get an application in, and the application doesn’t look right. Then, the email that didn’t match the business’s URL to their website was a different, a different, different name on the different, you know, domain name for the email and the phone number. When I called it, nobody answered. And it was like one of those voice-to-text lines. So I decided to leave the person a message send them a text, never heard back.

So I Googled the business, none of the information matched; the address matched the website, but it was a different phone number. I called up; low and behold, the business owner told me that somebody had stolen his identity and applied for several merchant accounts. And they asked me for the information which I sent over to them. You know, there were a lot of suspect things about the application. And then I got a call from the police and the police because the police called me on the phone twice to discuss the, you know, could I find out who the person was and all that. I told them everything that I found out. And then I found out this business owner got scammed. Somebody opened up three or four merchant accounts, and they signed some leases and over $25,000 in chargebacks. I felt bad for this guy. The problem with all of that is that companies, you know, need to do a better job of screening applicants, you know, and making sure that information matches. One of the things that we do is, you know, we look for, do they have a domain email?

Sometimes people do use Gmail. So, you know, but we always prefer if they have their email going to their domain name, we make sure they have a real phone number. You know, that’s an 800 number, a landline, a cell phone, not one of these Google voice numbers or text to voice numbers. And you know, and you’ve got to look at the check, and you got to look at their driver’s license to make sure like that it all looks legit. And that application didn’t look legit, but four people set the guy up. Now there’s 25 grand in chargebacks shared that his credit and his business credit are all ruined. So what should you do as a business owner to protect your business and your credit? A few years ago, I found out that my information was on the dark web. This is a joke because I think everybody’s information is on the dark web. After all, they can go through Google and find basically like your name, your telephone number, your address, maybe, you know, federal tax ID numbers are pretty much public some in some places, you know? And so that’s, you know, that’s a that’s kind of a thing where, you know, a lot of information you don’t want out on the dark web is your driver’s license number, your driver’s license, picture your, you know, your email address, this problem we out there and your social, you don’t want that on the dark web. So if you find out like, you know, some of your more sensitive information like social security number driver’s license is on the dark web, you need to make sure you have credit monitoring, want to know a fun fact.

What’s a fun fact, just as fun as I Googled how much his social security number is worth on the dark web. They take a gift, a couple of grand, two bucks, two bucks, that’s it? Wow. They can’t do much if you have, if they have just your social security number, there’s not much someone can do, but like you’re saying, if they have your driver’s license there, that number and your social security number, then you’re screwed, Right. You’re messed up. But I mean, basic thing, like I, something happened a few years ago in there, you know, and I learned that I should have, so I set up credit karma. Then I got a free, you know, Experian account, and you can get a free TransUnion account because not every company uses the same thing. They either use transient Experian or sometimes they use Lexus nexus. And that, that Lexus nexus poles from various sources, but Equifax and TransUnion are the two main ones. So if somebody’s pulling your credit, you know, there’s another side I found called nav, but they charge, and it says something for business credit, you know, and DNB dun and Bradstreet. But that doesn’t work either. They want a bunch of money to set up something like credit poles for your business. But maybe if you have a massive business, you know, stuff is getting reported. But in general, you know, not much is getting reported on these business sites, and I’m not sure, oh, Rocky, come on, no barking.

We’re making the podcast, you know, so you have to have some credit monitoring set up on your, you know, your personal and maybe even your business to make sure so that if somebody goes. You know, somebody goes and applies for some credit, you know, like I help went with my son to get a car loan. And I got emails from credit karma. I got emails from Equifax. Oh, did you apply for our car loan? Did you apply for a car loan so you can get alerted? And if your social security number is the, on the dark web lock, those credit reports, contact TransUnion, contact, Equifax, have your credit locked, they’ll lock it. And then they’ll give you a code. And then you give the person a code that needs to get in and pull your credit. If they need to pull your credit. And that way, your credit is protected; it’s crucial. And if your credit has been compromised, the one thing you should do, even if they can’t do anything, is filing a police report. So you have a copy of the police report because if you apply for a merchant account, and then there’s some crazy stuff on your credit report that you spent the money to get rid of like somebody opened up some fake merchant account, and there’s some dang on your credit report. You need to have a police report to show somebody to go, Hey, and send it to the credit company and say that wasn’t me. I filed a police report saying somebody opened a merchant account, not me. So you need to do that to it’s highly, highly important. The other thing is, you know, what other security can you take? Two-factor authentication on websites apps for your social media can somebody this morning was telling me all their social media was completely messed up. One of my friends they were like, what do I do? What do I do? I’m like, immediately change your password.

LA hit log out of all devices. And they could see on their phone. It said someone logged into your account from Tampa, from India, from Russia. I was like, come on. You got, you know, you can’t mess around. Cause someone could get on your social media, start contacting all your friends, start downloading, whatever you got on there. Look at conversations. I mean, who knows what they’re going to do? They can start contacting people. So I told them you don’t change the password, sign out a messenger, sign out of your Facebook, sign out of your Instagram, and change all the passwords. I mean, I have no idea. These people, I heard scams the other day where somebody was sending a tech text message, and I’ve gotten those text messages on my phone before it’ll say, oh, there’s a problem with your bank account log in here. Okay. I’m not clicking that link. Like there’s no way if there’s a problem with my bank account, I’m sure my bank for my credit card company is going to call me on the phone or send me an email, or it’s going to look more legit than that, than that because, and people have clicked on those. And then it’ll say, oh, put in your login information, right? And it’ll look like your bank. And you’re going to put in your username and password to your bank.

Right? And then you’re on some fake website. And the other day somebody did that. I saw the story on the news, and the person got into their bank account because they already had their login and then Zelle down money. And you can’t get that money back. Like the money’s gone like someone’s held out a couple of grand out of their bank account, started doing a bunch of Zell’s. And when someone’s doing Zell, you get a text on your phone that says, oh, you just sent 50 bucks. Right. They should have logged in and shut down their bank account. So you must be careful with your login for your bank and stuff. I have two-factor authentication. I mean, it’s a pain in the butt you log in, then they got to send you a text message. And then you got to put the code in. But you know, you got to take extra steps. Cause these criminals they’re taking extra steps. I just saw a news story. Before we filmed the podcast. I was showing Justin about people putting, ran fake QR codes, you know, giving people like a piece of paper, and the QR code doesn’t go to the actual business. It’s some fake thing. Like it’s supposed to look like it’s from your bank or something or your credit card.

You go scan, and it takes you to a website you’re putting in your login information. The criminal is catching your login to your bank. Maybe they figure out where you bank after that. And then guess what? Boom, they’re logging into your bank account. Do you know? So it’s very, very dangerous. I’ve heard people getting their GoDaddy account hacked and having domain names disappear. Okay. One of our customers a few years ago where somebody hacked into their GoDaddy account. All of their websites had like a bunch of restaurants, and all the websites disappeared, completely gone. The person who turned out it was somebody who worked at the business. And they, I don’t know what happened to the person, but they found that kind of who did it and it, but still at the same time, if that two-factor authentication for the login that would have never happened, you know, a good thing is to have password programs. Don’t keep passwords on your computer. Someone acts, or the computer pulls down some spreadsheet with all your passwords on it. You’re done, you know, and another overlooked thing is PCI compliance and, you know, PCI compliance, everybody who has a merchant account has to fill out a self-assessment questionnaire.

I think one of the next one or two podcasts is coming up, and we’re going to do a podcast all about PCI and PCI compliance. So security and identity theft, cyber security. What’s crazy is that Florida recently passed the law, and some other states have passed laws about cybersecurity and what businesses need to do to protect their information and their customer’s information. But they don’t have a solution as to what you could do. Now. I’ve had probably at least five-six demos. And Justin was with me at a trade show recently, and we saw two or three companies. They’re all selling some security for your computers, for your business computers. And it was some ridiculous amount of money, like 25 to $50 per computer and phone. I was like, who’s going to pay for that cyber security. In 2022 and moving forward, we are going to be one of those booming industries. Right. Cause you know, McAfees and all the Norton’s and all that other stuff aren’t cutting it for today’s technology. All right. So yeah, the hackers are smarter, faster. They’re figuring out vulnerabilities all the top. Apple is constantly updating its software. Android is constantly updating its firmware, right. To protect the phones because the vulnerabilities are discovered by white hat they call the hackers, they got the white hat and the black hat, the white hat is good, and the cat is bad. So then, yeah.

So, you know, you have to make sure like, and then what the cyber security program is. One of the things I ask them is I said, oh, does he come with insurance? Like, are you getting some insurance with that? And I have seen one of them say, yeah. And I was like, well, I want to see the policy. And then I had another company call me, and they sell like cyber insurance, but what does it cover? Like it’s some ransomware attack, and some guy gets on my laptop and locks it up. You know, what are they going to do? Give the guy the Bitcoins that the guy wants. They got one, some 500 bucks a Bitcoin to unlock my laptop that happened to us. Once, we took the laptop and just threw it in the garbage, destroyed. It’s just literally what was off. So the person couldn’t do anything. You know, the minute it locked up, I was like, turn the thing off, kill the power, take it off the internet. So they couldn’t access anything on it. Right. So whatever, they didn’t download anything they were attempting to. But you know, it’s you know, it’s going to be interesting to see, like what happens, like who’s going to do something about cybersecurity. Like, is Microsoft going to do something? Is Google going to do something? You know, what, what, what company will come out and actually what’s that other one CrowdStrike, right? It’s all over the radio. Right. All these companies, but what do they really, you know, what do they do? I mean, for somebody, maybe a big company, right? You’re a big company with hundreds of employees, or maybe you can put some server, some stuff on your servers and all that, you know, but for small businesses, there needs to be like some kind of product. So For, for small businesses, right.

So if you have a website, the basic that you should install some sort of security plugin, right? Like a word fence or security, the bare minimum, Right? Yeah. SSL certificates get yourself. If you have a website in 20, 22, and it’s not running an SLC SSL certificate on it, you’re losing. Right. Come on, get with it. Yeah. Google requires it in their Searches. People are leaving your website. If you don’t have the SSL certificate that says you know, you want to get the SSL. You want to install some sort of security plugin on a site. There are anti-spam plugins that you can install on your website. So people aren’t leaving, you know, weird links in the comment section on your blogs. Like, you know, you don’t want that. So those are, you want to keep your website updated, right? You want it; if you’re not on a maintenance plan now with a website, get onto it because if you’re good, you’re going to run into any problems. You know, as Allen said, the hackers they’re getting better. They’re smarter, and they’re faster. There’s more of them. They’re working in teams. You know, it’s all coming from China, Russia, a lot of it. So you can’t keep up. Right. And they’re working while we’re sleeping.

Also. That was literally about to say why we’re all asleep, and they’re fast away breaking down doors, literally Trying to serve another time zone for right. So, You know, those are all just specific things that you could do for your website, change your passwords. Like you can have Rocky 1, 2, 3 as your password anymore. You know, like it’s time to use some sort of encryption, a password generator, like last pass, Last Testament to that. So we started using that recently because so many passwords were saying, coming up in the list, compromise, generating a path, new passwords for sites, and using encrypted programs. So that not to repeat the same password over and over again. Right. Like, because, you know, Yeah. Cause if somebody hacks into one of your things, they get into all of your stuff. Right. Because then they start going through like, oh, what, what else does this person use? Yeah. Don’t use the same usernames either. Although a lot of things want your email address as your usernames. Yeah. I mean, but then, you know, that’s just making sure that you don’t have, like, like I said, like the super, your birthday as a password, right. You can’t do that anymore, you know? But so for WordPress, if you run a WordPress, definitely installed, installed security or a word fence, Akismet comes built-in with WordPress, just, you know, set that up, generate your free API key. Keep it up.

They did. Yeah. A lot of people use managed WordPress hosting. GoDaddy is great with that, you know? And so Other people are coming out with that too, being its WordPress hosting. So things get updated promptly. And they’re sending you out a notification. So, you know, like, oh, we’re updating a WordPress, you know, you have to check your site. It’s essential to keep your site up today, you know because you know, that’s how the hacker’s break-in. They’re always updating vulnerabilities. Here’s the free credit Karma’s and Experian and TransUnion offer free. I’m sure there are other credit ones, Credit Sesame. There’s a whole bunch of these credit companies, you know, so you can get free credit monitoring and make sure that you’re, at least monitoring your credit, you see something pop up, boom, you can take care of it. But, if your social and your driver’s license act, you know, you want to make sure you lock your credit, you know, protect yourself, protect your business because you know, if you have a problem like this merchant we were talking about earlier, you know, he’s got the police involved. I’m sure the FBI has probably been contacted. Now the credit, whoever gave these merchant accounts lost these chargebacks total over 25 grand, and they’re out a bunch of money for not doing their homework.

Okay. And making sure who they were doing business with, you know, but now, you know, the person who had their identity stolen, you know, is it, you know, has a problem. How much is that going to cost? You might have to get a lawyer that you’re going to hire somebody or, or do it yourself and call these credit bureaus up and send them letters and police reports until they remove those negative things from your credit report. To protect yourself, protect your business. You know, two-factor authentication, get an encrypted password program. You know, everybody that people don’t want to spend a lot of money, like even in your business, like, I’ll give you a scenario. You have your wife, your, you have your internet and to your business, right. And then you have public wifi. So maybe you shouldn’t have public wifi on the same router that you have all your computers on. Cause someone could hack in. I don’t know if people say you shouldn’t. Yeah. A few years ago, I remembered a big breach with TJ involving a TJ Maxx, and TJ max was this Russian guy. And how did he break into TJ? Max? His system. He drove up outside in a van with a laptop. Now he formerly worked for them. So he knew a little bit, and he got on their wifi, then he hacked into their system, and they got downloaded tens of thousands, hundreds of thousands of credit cards. He planted something in there, and he got all their payment data.

That was one of the largest breaches ever. You know, when it comes to, when it comes to credit card breaches, I was one of the biggest ones. So you gotta, you know, security. I think that we will be talking about cyber security ransomware attacks. I think we’re going to hear a lot about it in 2022. I think there needs to be, and I think the government needs to put pressure on people like Google and Microsoft because they’re the ones that control most of the internet. It’s sad to say, when you look at it right, that they control, you know, all the browsers. Right. And probably if you look at email, okay. From the standpoint of email, I guarantee you 80% of email is running through Google Gmail suites and or Microsoft 365, which has both of them in the cloud. Now I think the government needs to put pressure on these companies to up the security on all these kinds of programs and the browsers on the internet and protect the public. Because those things now are like a public utility, just like electricity and water as a public utility. What do you think, Justin? I mean, the internet is a public utility. I think it should be considered. Yeah. Yeah. And I think that I mean, this is a whole different podcast.

I mean, the internet itself should be considered like food water. Right. You know, because look at what the pandemic did. Like without the internet, the whole world would have shut down. Exactly. Do you know what I mean? So, everything was being done through the internet because of the pandemic that increased the internet. You know, I guarantee you, you know, downloading movies, movies, Netflix, Amazon food delivery, Awesome. Subscription-based services via the internet or up 10 X, you know? I mean, like it’s crazy, but you know, the whole, the way, you know. Yeah. I think it should be considered like water, like electricity And there’s electricity there. Public utilities, I think so. And I think they should be held to a higher standard, and it’s about time. Yeah. But you know, you look at the government now, see we’re going into it, but like, look at it now. Like they’re not embracing, you know, they’re not making sure that the internet is the same for everywhere, you know? So I think that, Well, we can get into a whole debate, you know, look what happened with Joe Rogan. But it’s crazy, you know? Huh. No, no, Joe Rogan. And what’s it, Neil young got in a fight now, Spotify, they didn’t get rid of Joe Rogan. They got rid of the dealer. Yeah. Well, then he said, that’s what Neil Young said it. He says, either you pick Joe Rogan or me, and they, their Spotify, weren’t going to make a choice. Right. They’re going to make money regardless. Well, Joe, Rogan’s the number one podcast, right? You’re not going to kick Joe Rogan off often spot no one. I don’t know how to get kicked off of it. Some sort of streaming, you have to do something crazy. I’m sure. But you know, sorry for Neil young. Hopefully, he gets picked up by title or some other streaming platform, and well, He’s probably on everything else anyway.

I’m sure he’s Fine. Not worried about Spotify. And he’s got enough money, the mailbox money that they get $3 and 25 cents in royalties every quarter which does No. Still, you know, I think cyber security and identity theft will be a big thing coming into 20, 22, and beyond probably for the next couple of years. And I think that you know, the, I think the government should act on it, forget all these laws like Rhonda Sanchez pass on, you know, some law it’s of these laws are useless, and there’s nothing out there. There’s not a product out there that I have seen. So if you’re listening to this podcast, you have a cyber security product for small and medium-sized businesses. Reach out to me through the podcast. We’ll interview you on the pious. You’ll give us a demo first to see what it is. And if it’s something good, then we’ll bring it onto the podcast. But so far I haven’t seen anything that, that, that somebody showed me. That’s affordable for small and medium-sized businesses. No, one’s going to spend three, four, or $500 a month on something they’re not going to do it. It’s not. I like what you said too expensive. It’s out there. No, it’s not out there. It’s there are expensive products out there. Right. But with the level of version, the level of protection is not there. Like when you ask them what’s the level of protection. No, they don’t have; they’re not sure. No, one’s shown me the level of production. So thank you today for listening to the B2B vault podcast. We got a little crazy on the topic, but listen, and it’s an exciting topic. Maybe we’ll cover it again. We’re going to go out and research some of the laws out there and see which states have cybersecurity laws and, you know, and maybe the federal government, I have no idea, maybe Marco Rubio, but tag him on this and see if he’s listening. And Rick Scott, the senators for Florida or anybody in our house of representatives, right. Maybe they’re listening to the podcast, and you know, and they’re taking note of, you know, a suggestion or two.

So check us out. We’re on Spotify, Apple, Google, YouTube, or Amazon Music, Stitcher, IRR, and follow us on social media. Thank you for listening to Allen and Justin’s B2B Vault. Carpe Diem.

Merchant Statement Analysis | Merchant Services Statement Analysis

SUBSCRIBE TO OUR NEWSLETTER

Related Articles

No Results Found

The page you requested could not be found. Try refining your search, or use the navigation above to locate the post.

Subscribe To The Payment Technology Newsletter

Join our mailing list to receive the latest news and updates from the NPSBANK team.

You have Successfully Subscribed!

Share This