Call Us 866-784-9550

Coulee Bank

June 2017 E-Newsletter

What Happens to your Information after a data breach?

Data breaches have become all-too-common amongst retailers, businesses, educational institutions and health care facilities. Last year, 1,093 data breaches led to over 36 million compromised records in the United States, leaving millions of Americans’ personal information exposed. 
 
The best way you can protect your information from compromise is by taking proactive measures to safeguard it, especially after a data breach. Follow us as we break down what can happen to your information after a data breach, what the law says about notifying you of breached data and how to secure information that has already been compromised. 

Why are data breaches so catastrophic?
The severity of a data breach relies heavily on three elements: type of information exposed, number of records compromised and number of individuals left vulnerable. Potentially compromised information can include personally identifiable information (PII) like your name, address and Social Security number, medical records, login credentials and financial account numbers. Whether your information finds itself on the online black market, is used to make unauthorized purchases or to create new financial accounts, data breaches allow criminals access to large pools of highly sensitive data to use however they’d like.
If a data breach compromises low-risk information like phone numbers or email addresses, your identity is probably still safe. However, criminals can use that information to target you in phishing emails and scam calls, hoping to obtain more sensitive information.
If more sensitive information like your Social Security number, passwords or birth date are exposed in a breach, you may face more serious threats like fraud and identity theft. Unfortunately, there’s no way to know for sure what will come of your compromised information immediately after a breach.   
 
What does the law say about data breach notifications?
As of March 2017, nearly every state and U.S. territory has data breach notification laws put into place. Data breach notification laws regulate how companies notify their customers of data breaches involving the exposure of personal information. Because these laws are governed on a state level, they can sometimes be confusing — and even contradictory.
Breach Notification Statutes Vary State-to-State
Breach notification laws assess what is deemed “personal information,” how notifications are sent to customers and time frames for notification. These specific elements can vary state-to-state.
 
Personal Information
Each state defines what it considers to be “personal information” to determine if a breach notification is necessary. Most states consider personal information to be an individual’s name paired with either a Social Security, driver’s license, or state identification card number or financial information. Some states, like Nebraska and Wisconsin, consider voiceprints and DNA fingerprints to be personal information. Other states include record-based documents like tax and health insurance data.
 
Notification Triggers
Notification triggers can be a particularly grey area for breach notification laws. Most states play it safe and notify customers when personal information “was or is reasonably believed to have been” compromised. But, some states allow companies to first determine the risk of the exposed information before notifying impacted individuals. Other states have no specified method of determining exposure risk, but an investigation is usually opened immediately regardless of individual state statutes.
 
Time Limits and Delays
Delays in notification are necessary when companies are working with law enforcement to investigate a data breach. With a few exceptions, laws do not require companies to notify customers within a specified time frame. Most states merely indicate that companies must send out notifications “in the most expedient time” or “without unreasonable delay.”
 
Data breaches will continue to rise in 2017
Today’s technology-first atmosphere has given us so many ways to send, receive and share information about ourselves and others. Between smartphone apps, social media sites, online shopping profiles and service web portals, hackers take advantage of the digital world we live in where information exchange is constant, normal, and in many scenarios, deemed necessary.
 
According to a study conducted by digital security firm Gemalto, 2016 saw a small decrease in the total number of data breaches worldwide, but an 86 percent jump in the number of records compromised. On a national scale, data breaches have increased in the U.S. nearly 40 percent since 2015.
 
In 2016, 52 percent of all data breaches in the U.S. exposed Social Security numbers, and 13.1 percent exposed credit and debit card numbers. Additionally, the IRS discovered a 400 percent surge in phishing emails, aligning with the 55.5 percent of U.S. data breaches caused by phishing attacks last year.
 
In short, criminals are changing their focus to organizations with large pools of highly sensitive data, and the surge in phishing emails suggests they’ve found an efficient method of obtaining it.
 
What Should you Do?
If you’ve fallen victim to a data breach, use these tips to help secure and avoid further misuse of your compromised information:
  • Passwords: Change passwords immediately and consider using a password generator to create strong, unique passwords. Avoid password reuse so that criminals can’t gain access to more than one of your accounts with the same credentials.
  • Email/Phone Numbers: Be aware that you may be targeted in phishing emails or scam calls in an attempt to steal more sensitive information. Avoid falling for these scams by contacting the breached organization directly with questions about the event; be wary if you receive emails and phone calls about the incident.
  • Credit/Debit Cards: If fraudulent transactions occur following a data breach, you’re typically not liable for these charges. Check with your bank or card provider for your specific card’s liability policies, and request new cards immediately following a breach.
  • Social Security Number: Contact one of the three major credit bureaus to place a fraud alert on your account. Be on the lookout for signs of identity theft, such as new financial accounts or lines of credit opened under your name. You may also issue a credit freeze so new credit cannot be opened in your name without your consent.
 
Keep following Fighting Identity Crimes to stay up-to-date on the latest breach and scam news, as well as learn more about protecting your identity with tips from our industry experts.
 
Source: https://www.fightingidentitycrimes.com/what-happens-to-information-after-data-breach/?utm_source=EZShield&utm_medium=email&utm_campaign=Engagement%20-%20Advocacy%20/%20Education.2017_04_Fraud_Summary_Newsletter

Coulee Bank's Q-Tip: Chipotle Compromise

While most of us were preparing for a well-deserved holiday weekend, another restaurant announced credit card data had been stolen.  Chipotle determined that between the middle of March and the middle of April, most of their Chipotle locations, and many of their Pizzeria Locale stores, had credit card data stolen from them. 

Specific locations and dates of compromise can be found on Chipotle’s website.  The breach itself is fairly common– point of sale (POS) devices were infected with malware that allowed the attackers to obtain credit card data as the information traveled through the device.

If you, like many of us, enjoyed a meal at a Chipotle or Pizzeria Locale restaurant during the affected timeframe, keep an eye on your bank statement and immediately report any fraudulent charges.  It would be a shame if a bite to eat cost thousands more than the price of a burrito. 

Q-Tips are provided by Coulee Bank's IT Network Risk Manager, Quentin Fisher. He is always on the lookout for ways to keep our customers' information safe, here at the bank, at work and home.

Can You Spot a Skimmer? An Inside Look at the New Technology

They steal your information with swipe of a card. But could you spot a card skimmer if you saw one? As technology becomes more and more advanced, several lawmakers want to make possessing a skimmer a felony crime.
 
Installing a skimmer takes a criminal less than five minutes.
 
In a video from the Milwaukee Police Department, the installation of a skimmer was captured. The criminal fixed a pinhole camera to a bank ATM and also placed a blue skimming device over the card reader. The criminal tested it out and then disappeared.

Detective McQuown said the camera was positioned to capture pin numbers while the skimming device stole the card information.
 
"Then the bad guys come in, retrieve both pieces and they put it together," McQuown said.
The Milwaukee Police Department has confiscated skimmers and cameras from all over the city. McQuown said they can be tough to spot.
 
"The color is pretty close to the same," McQuown said.
 
In order to see if a skimmer has been attached to a card reader, McQown offered this advice:
  • Squeeze and shake the reader before inserting a card
  • Look for anything that looks attached to the machine
  • Cover your hand while entering your PIN
In one video from Milwaukee police, a skimming victim attempts to cover his hand, but it wasn't enough.
 
"The person had his hand over here, but if the cameras over here, you can still see it," McQuown said about the video.
 
Back in February, Greenfield police released a photo of a new and more discreet skimmer discovered on several ATMs in Chicago. McQuown said often, these thieves will move from Illinois to Wisconsin.
 
"A thousand dollars here, a thousand dollars there and you move onto the next city," McQuown said.
 
The skimmer devices aren't just attached to ATMs. From August 2016 to January 2017, Wisconsin saw a sharp increase in gas pump skimmers. The devices were discovered in Mequon, Menomonee Falls, Delafield, Elm Grove, Brookfield, Franklin and Oak Creek.
 
"Once the arrests were made, they dropped off a little bit and now we're seeing a smattering," said Frank Frassetto with the Wisconsin Department of Consumer Protection.
 
Josue Garcia Moret and Richard Rivera Garcia of Miami were arrested and charged with identity theft in Waukesha County. According to the criminal complaint, one skimmer uncovered had approximately 200 credit card numbers on it. 
 
Wisconsin Consumer Protection officials said one thing contributing to the problem is that many pumps can be opened with universal keys.
 
"You can get these universal keys online for four, five bucks and once you have these universal keys, you can go around looking for a dispenser you can use it in," Frassetto explained.
The co-owner of Jetz Convenience Centers, Tim Klein, opened a gas pump to show FOX6's Contact 6 how a skimmer could be installed.
 
"You have two universal locks on most gas dispensers. We have a third lock that we installed and this is a site-specific lock," Klein said.
 
Most gas pump skimmers are internal. You can't detect them from the outside. In fact, several skimmers are now Bluetooth enabled, which means the criminal can sit nearby and collect a person's information live.
 
If you want to make sure a pump is secure, look for a piece of tape over the access panels. If the tape is broken, don't use the pump.
 
"So it might be a piece of electrical tape just something that will let them know if they're checking their dispensers," Klein said.
 
There are other things you can do to help protect yourself from being the target of a skimmer. First, try to use a pump closest to the building in view of the cashier. Skimmers are often placed on pumps farthest from the storefront. Second, be cautious at travel center stations. Criminals often target these because it's easy to sneak in undetected in a crowd. Finally, pay with cash if can. If not, pay inside. If you do use a card, credit cards offer more protection when it comes to fraud.
 
A bill under consideration in Wisconsin would criminalize the possession of a skimmer with the intent of using it for identity theft and make it illegal to use a skimmer.
 
Read the original article and watch the video at FOX6.
 
Source: WBA Daily Banker News Clips

Planning for a Fun, Frugal Summer

Temperatures are climbing, school is ending soon and everyone wants to beat the doldrums with some fun summer activities. However, keeping the kids (and yourself) entertained can put a strain on your wallet. Here are some strategies for having fun in the sun without breaking the bank.
 
Create a spending plan. As with any budget, creating a plan for how you will spend your money and when is critical to enjoying a cost-effective summer. One method is to allot each child a specific amount of "fun money" for each week. The kids can then practice good financial habits by determining how they will spend their portion. A spending plan also helps reduce spontaneous purchases that can add up throughout the summer. For example, planning meals the week before a picnic can prevent the potential cost incurred by ordering pizza or fast food during the week.
 
Research budget-friendly activities. Many towns and cities in Wisconsin offer inexpensive or free activities during the summer. Your city's Chamber of Commerce or Travel & Visitors Bureau will have a full list of movie theater specials, park activities, zoo schedules and outdoor concerts. Many local libraries also have free reading sessions for kids on weekdays during the summer, which can be a nice break from the heat if the rest of your time is spent outdoors.
 
Enjoy a DIY waterpark. For a family of four, admission alone can cost over $100 at a large waterpark, and then you have to factor in concessions, parking, gas for travel, etc. Rather than spending all that money for a day in the pool with hundreds (or thousands) of people, organize a neighborhood water park party! Each family that gets involved contributes something to the event: food, a slip n' slide, water guns/balloons, prizes, etc. Keep it low-key or go all out; it's up to you.
 
With a little research, careful planning and some creativity, you can have an exciting and enjoyable summer without squeezing your budget! 
 
Source: WBA Consumer Column E-Newsletter

Help Your Teen Use Summer Job Earnings Wisely 

Teens with summer jobs might be earning their own money for the first time — but it won’t be the last. The money habits they learn now could last for decades.
Here’s how to help your teen make the most of a job and those paychecks.
 
Encourage goal-setting
Susan Beacham, founder and CEO of financial education company Money Savvy Generation and co-author of the “O.M.G. Official Money Guide for Teenagers,” suggests teens ask themselves a few questions — perhaps with parental prompting — before job searching: Why do they want to work, and what needs or wants will the job address?
 
This helps them determine the kind of job to pursue, Beacham says. For example, your child might want hourly work in a potential career field, or maybe he or she wants to make money to contribute toward family finances.
 
And ideally, goal-oriented teenagers are more thoughtful come payday. Bailey Steger, a 17-year-old working at a restaurant in Half Moon Bay, California, just learned that she’ll be responsible for paying for most of her college expenses besides tuition. She’s now saving more of her earnings.
 
As an example, Steger mentions recently wanting to buy a cute — but pricey — shirt. Her mom reminded her that she’d have to dip into the paycheck she’d just received to buy it. And, just like that, Steger says, “that shirt wasn’t that cute anymore.”
 
Teens who know why they’re working also tend to be more focused employees. A camp counselor wrangling kids in 90-degree heat might feel more positive if he plans to pursue a career in early childhood education. And a teen saving for a car might view her eight-hour shift as eight hours’ worth of pay going toward new wheels.
 
Discuss investing opportunities
Saving for goals isn’t the only smart step teens can take with their summer earnings. Beth Kobliner, author of “Make Your Kid a Money Genius (Even if You’re Not),” suggests teens invest part of their earnings in a Roth IRA if they can. Workers invest post-tax income in these individual retirement accounts. They can withdraw contributions without penalties at any time, but they must pay taxes and fees to tap interest earnings before age 59 1/2.
 
Investors can contribute no more than they earn in a year to a Roth IRA, up to $5,500 per year. If your child earns $1,000 at her job this year, she can only contribute that much to her IRA.
Roths help young workers bank toward retirement and teach the power of compound interest. Say an 18-year-old invests $500 of his earnings this summer. If he invests $1,000 more each year with a 6% return until he’s 65, he’ll end up with $47,500 in contributions and $215,798 in earnings for a total of $263,298. If he’d waited until he was 28 to invest $500 and contributed the same amount each year at 6%, he’d have earned only about $138,000 at age 65.
 
Contributing to a Roth also encourages the savings habit. Automatic transfers from a checking account to an IRA can make contributing effortless, Kobliner says. Young investors can have a certain amount transferred every payday. The extra money for a cute — or not that cute — top just won’t be in the checking account to spend.
 
Building this investing habit might benefit teens later, Kobliner says. When they’re on their own and possibly cash-strapped, they’ll likely be capable of finding extra money to invest. “It’s like flossing,” Kobliner says. “It’s a good routine that sticks if you learn it early.”
 
Make the abstract concrete
Beacham points out that teenagers are more likely to absorb and use money concepts when they aren’t abstract.
When your child learns the pay rate and hours for her new job, get out the calculator to determine how much she’ll earn over the summer. This will give her a realistic expectation of her earnings and perhaps prompt her to think about what she’ll do with it.
Printing paychecks or receiving physical copies also solidifies how much your teen has earned — and can thus save or invest. With direct deposit alone, that money might seem easier to spend. And when it comes to explaining that IRA, point your child toward a compound interest calculator. That way, he can input hypothetical timelines and contributions and see that money multiply.
 
Whether it’s handing teens a calculator or asking why they’re working, parents can help them be more thoughtful with their earnings — now and in the future.

The article Help Your Teen Use Summer Job Earnings Wisely originally appeared on NerdWallet.