Do You Think Faxing Something Means It's Secure?

Not necessarily. There are vulnerabilities that can make faxing risky. The first, and most obvious, is that faxes are initiated by people. People make mistakes. People punch in the wrong number. People inadvertently fax things to the wrong person. It happens. You can remind people to be careful, but mistakes are just going to happen. Just the other day someone I know received a fax from a Bank that included a list of names, social security numbers, and account numbers. A big oops.

To help address this issue, pre-program the fax numbers for the recipients that you commonly send sensitive information to. Also make sure that you use a cover page that clearly states who the intended recipient is, that the fax is only for that recipient, and provide instructions for an accidental recipient to follow in case they were to receive a fax in error.

The other issue is that many fax recipients are not walking up to the fax machine to pick up the received document. Instead, faxes are forwarded to the organizations email system where they are attached as images or as a PDF document. Why does this matter? You may not have intended for that potentially sensitive fax to be stored in the recipients email inbox on their local hard drive, on their corporate email server, in their email archiving solution, and now stored permanently on the email server backup media. Will the access controls you intended for this document continue to be upheld for these additional digital copies now floating around? Probably not. If that fax included payment card information or personally identifiable information, like social security numbers, then a law or rule was just broken. That sensitive information is now likely stored unencrypted on multiple systems that do not provide the access controls and protection now required for such data.

Just because it's faxed doesn't mean it's completely immune to security risk.

©2008 Kenneth M. Smith

Using Your Credit Card By Phone

©2008 Kenneth M. Smith

Card transactions often take place by phone. This is also a common way for fraudsters to try to rip you off. A few tips to help protect you:

1. Never give your card number to anyone by phone when they have called you. Even if you feel that it's legitimate, just don't do it! Someone calling you to ask for your card number is a little suspicious, but it does sometimes happen for valid reasons. Take down their name and phone number, confirm that they are for real, and call them back if it's appropriate.

2. Avoid giving your card security code, known as the Card Verification Value (CVV), over the phone. This number is only intended to be entered into a computer as a way to confirm that you do have the card with you. If you are giving this number to someone by phone, there is a good chance that they are writing it down or typing it into a database. Neither of these should be done by any merchant.

3. Use a secure phone line. Sniffing and eavesdropping of telephone conversations is possible, especially with wireless devices. If you are using an older 'cordless' phone or cell phone, there is a good chance that someone could listen in on your conversations using equipment that can be readily purchased at electronics stores.

For the best Notebook CPU performance, set power management to 'Always On'

If you use applications that need a lot of CPU cycles, or you use virtualization applications such as VMWare Workstation of Microsoft VPC, the default settings for most notebooks will not result in the best performance. I have found that even when you have your system plugged in and set to 'Maximum Performance' or 'Home Office/Desk' under the power management options, the system will still automatically throttle the CPU according to the needs of the application and the operating system. This throttling has gotten much more intelligent over the years, but you will still probably notice a performance hit in certain situations.

Starting with Windows XP, the CPU throttling functionality became integrated with the operating system. The only setting that will guarantee that your system runs at full speed all the time is if you set the power management scheme to 'Always On'. At least this has been the case on a few Dell notebooks and a Thinkpad I have used. Note that doing this will make the system run hotter, will probably trip the fan more often, and will of course use more power. But a fast and consistent CPU speed is important for virtualization to behave properly. There are a few cool CPU management utilities available that help you to further tune and tweak these things, such as SpeedswitchXP and RMClock.


15 Steps for Protecting Your Credit Card Information During Retail Purchases

How to Protect Yourself When Using Your Credit Card for Retail Purchases
Copyright (c) 2008 Kenneth M. Smith

For years, most of the focus and buzz has been around the threats posed by the Internet and online transactions. But a substantial amount of security breaches have had nothing to do with the Internet. There are vulnerabilities in the "card-present" transaction process just as there are in the online world. Every time you take your card out of your wallet there is some risk involved.

In a previous article, "Checklist For Protecting Your Credit Card Information Online", I provided some tips on protecting yourself when using your credit card for online transactions. As promised, here are some tips for protecting yourself from payment card fraud and identity theft when using your card for purchases at retail establishments.

1. Always get a receipt - Although merchants are no longer required to provide you with a receipt by default for purchases of $25 and under, you should still request one. This is your only record and proof of the amount of the original transaction and what you purchased.

2. Check that the receipt shows only the last four digits of your card number and that the expiration date is not printed.
If it is, use a marker or pen to cross out this information and ask to speak with the manager. Remind them that this is against payment card rules and, depending on the state you are in, may even be against the law.

3. Fill out your duplicate receipt.
This is typically for establishments like restaurants. Fill out your copy with the amount you gave for a tip and add up the total again. This allows you to confirm your math and also allows you to keep track of what the actual transaction total was. There have been a number of scams involving the fraudulent modification of the tip and total amounts on the restaurant copy of the receipt.

4. Use your credit card instead of your debit card.
Most credit cards provide some form of protection in case fraud were to occur. For example, you are usually not liable for any fraudulent purchases if you notify the card company quickly and complete an affidavit. But you don't normally get these protections and liability limits if you use one of the many types of debit cards available that can also be used as if they were a credit card. They are not truly a credit card and they do not have the same benefits.

5. Set purchase limits. Set a single purchase limit or daily purchase limit on the cards you normally carry with you.

6. Set card notification alerts.
Setup notification alerts with your card provider so that you will receive some sort of notification when a transaction exceeds a certain amount.

7. When your card is out - keep your wallet in hand.
After you have given a clerk your credit card, keep your wallet out in your hand. This will help prevent you from accidentally leaving without your card.

8. Watch what the cashier does with your card.
Your card should remain within your sight as much as possible. Watch for anything suspicious, like a cashier swiping your card with a small hand-held "skimmer" device or clicking a picture of it with their cell-phone camera.

9. Avoid small establishments that take your card out of sight.
Small gas stations and many restaurants still fall into this category and are a few of the last types of retailers that take your card from you and out of your sight. Table checkout solutions are gaining in popularity to address this problem in restaurants. And most gas stations have pumps that let you swipe your card, or they let a full service attendant do so within your view.

10. Write 'ASK FOR I.D.' on the back of your card.
Use large letters and a permanent marker, write this above or below your signature on the back of your card. You will find that many clerks will still not ask for your ID, but it only takes a few seconds to write this on your card and could stop a fraudulent purchase.

11. Sign your card.
Some think that not signing the back of the card forces the cashier to ask for an ID, making the transaction somehow more secure. This couldn't be further from the truth. Actually this makes it more risky. According to card company rules, your card is not valid until it's signed and merchants are not supposed to accept an unsigned card. So, sign your card now.

12. Do not allow the merchant to write down any information from your card.
This includes situations in which the merchants electronic payment system isn't working properly. Don't take their offer to write down your card information to settle the transaction later. If they don't have a way for accepting your card payment and you don't have the cash, they don't get the sale. Be especially prudent to be sure that no one writes down the CVV security code found on the back of the card.

13. Do not let anyone make a photo copy of the back of your card.
The back of your card contains your CVV code as well as your signature. The practice of making a photocopy of your credit card, especially for large amounts, is common at merchants such as automobile dealerships. It's a way for them to prove that the card was 'present'. If they do make a copy of the front of your card, ask them about their security procedures and how they are going to protect that photocopy. Regardless, never allow anyone to make a copy of the back of the card.

14. Don't put those miniature credit cards on your key-chain. I honestly don't know what anyone was thinking when they came out with these. Most people do not protect their keys as they do their wallet. Even if you don't put one of these little cards on your key-chain, they are easier to misplace and just increase the chances of your card information getting in the wrong hands. I don't recommend using them at all.

15. Never write down the CVV security code from your card. If you are ever asked to write this number down, just say no. For paper order forms, it's O.K. for the merchant to ask for your name, card number, and expiration date. It's not O.K. for them to ask you to write down the CVV code, anywhere. This number is never to be stored by a merchant, and having it written down on a form is storing it.

If you have found this check-list helpful, please let me know. You may forward a link to this post to anyone on any planet. You may reproduce this article as long as the author is credited and a link to this blog ( is provided. If you would like to use this article for commercial purposes, please contact me by leaving a comment below.

Contents Copyright (c) 2008 Kenneth M. Smith