B2B Vault Episode 48: Security & Identity Theft

B2B Vault Episode 48: Security & Identity Theft

In today’s podcast, we will talk about Cybersecurity and Identity Theft. How to protect yourself and your business — so you do not fall victim to identity theft.

We go into a story about what happened to one business owner recently — how his identity was stolen, what damage was done, and how it could have been prevented.

We got into Credit Monitoring, the dark web, securing your data and access to websites, using password programs, and 2-factor authentication.

We go into PCI compliance and why it is essential, along with basic website security with Justin, our website wizard.

Touch on some state and federal laws about cybersecurity — the laws are very vague. We get into how many cybersecurity products are out there that miss the mark and how there is not something affordable for small to medium-sized businesses. Some offer insurance, and some do not, and they are very vague about their offerings.

You should save this podcast and look into some of the free resources we share. For free credit monitoring, password security, and more. Catch B2B Vault on YouTube or your favorite podcast network.

Carpe Diem,

Have a great day!

Video Transcription

Hey, this is Allen Kopelman with the B2B vault podcast, the payment technology podcast, providing educational information for business owners and merchants. And don’t forget, you can follow us on social media, B2B vault, Instagram, Facebook, Twitter, and on the world wide web on our website, B2B vault.info, and more on all the popular podcasts streaming networks. So today, we’re going to talk about security and identity, identity theft, security, and identity theft. Security & Identity Theft is a crazy subject, you know, and something happened the other day. So we’re going to talk about what happened. So I get a phone call. I get an application in, and the application doesn’t look right. Then, the email that didn’t match the business’s URL to their website was a different, a different, different name on the different, you know, domain name for the email and the phone number. When I called it, nobody answered. And it was like one of those voice-to-text lines. So I decided to leave the person a message send them a text, never heard back.

So I Googled the business, none of the information matched; the address matched the website, but it was a different phone number. I called up; low and behold, the business owner told me that somebody had stolen his identity and applied for several merchant accounts. And they asked me for the information which I sent over to them. You know, there were a lot of suspect things about the application. And then I got a call from the police and the police because the police called me on the phone twice to discuss the, you know, could I find out who the person was and all that. I told them everything that I found out. And then I found out this business owner got scammed. Somebody opened up three or four merchant accounts, and they signed some leases and over $25,000 in chargebacks. I felt bad for this guy. The problem with all of that is that companies, you know, need to do a better job of screening applicants, you know, and making sure that information matches. One of the things that we do is, you know, we look for, do they have a domain email?

Sometimes people do use Gmail. So, you know, but we always prefer if they have their email going to their domain name, we make sure they have a real phone number. You know, that’s an 800 number, a landline, a cell phone, not one of these Google voice numbers or text to voice numbers. And you know, and you’ve got to look at the check, and you got to look at their driver’s license to make sure like that it all looks legit. And that application didn’t look legit, but four people set the guy up. Now there’s 25 grand in chargebacks shared that his credit and his business credit are all ruined. So what should you do as a business owner to protect your business and your credit? A few years ago, I found out that my information was on the dark web. This is a joke because I think everybody’s information is on the dark web. After all, they can go through Google and find basically like your name, your telephone number, your address, maybe, you know, federal tax ID numbers are pretty much public some in some places, you know? And so that’s, you know, that’s a that’s kind of a thing where, you know, a lot of information you don’t want out on the dark web is your driver’s license number, your driver’s license, picture your, you know, your email address, this problem we out there and your social, you don’t want that on the dark web. So if you find out like, you know, some of your more sensitive information like social security number driver’s license is on the dark web, you need to make sure you have credit monitoring, want to know a fun fact.

What’s a fun fact, just as fun as I Googled how much his social security number is worth on the dark web. They take a gift, a couple of grand, two bucks, two bucks, that’s it? Wow. They can’t do much if you have, if they have just your social security number, there’s not much someone can do, but like you’re saying, if they have your driver’s license there, that number and your social security number, then you’re screwed, Right. You’re messed up. But I mean, basic thing, like I, something happened a few years ago in there, you know, and I learned that I should have, so I set up credit karma. Then I got a free, you know, Experian account, and you can get a free TransUnion account because not every company uses the same thing. They either use transient Experian or sometimes they use Lexus nexus. And that, that Lexus nexus poles from various sources, but Equifax and TransUnion are the two main ones. So if somebody’s pulling your credit, you know, there’s another side I found called nav, but they charge, and it says something for business credit, you know, and DNB dun and Bradstreet. But that doesn’t work either. They want a bunch of money to set up something like credit poles for your business. But maybe if you have a massive business, you know, stuff is getting reported. But in general, you know, not much is getting reported on these business sites, and I’m not sure, oh, Rocky, come on, no barking.

We’re making the podcast, you know, so you have to have some credit monitoring set up on your, you know, your personal and maybe even your business to make sure so that if somebody goes. You know, somebody goes and applies for some credit, you know, like I help went with my son to get a car loan. And I got emails from credit karma. I got emails from Equifax. Oh, did you apply for our car loan? Did you apply for a car loan so you can get alerted? And if your social security number is the, on the dark web lock, those credit reports, contact TransUnion, contact, Equifax, have your credit locked, they’ll lock it. And then they’ll give you a code. And then you give the person a code that needs to get in and pull your credit. If they need to pull your credit. And that way, your credit is protected; it’s crucial. And if your credit has been compromised, the one thing you should do, even if they can’t do anything, is filing a police report. So you have a copy of the police report because if you apply for a merchant account, and then there’s some crazy stuff on your credit report that you spent the money to get rid of like somebody opened up some fake merchant account, and there’s some dang on your credit report. You need to have a police report to show somebody to go, Hey, and send it to the credit company and say that wasn’t me. I filed a police report saying somebody opened a merchant account, not me. So you need to do that to it’s highly, highly important. The other thing is, you know, what other security can you take? Two-factor authentication on websites apps for your social media can somebody this morning was telling me all their social media was completely messed up. One of my friends they were like, what do I do? What do I do? I’m like, immediately change your password.

LA hit log out of all devices. And they could see on their phone. It said someone logged into your account from Tampa, from India, from Russia. I was like, come on. You got, you know, you can’t mess around. Cause someone could get on your social media, start contacting all your friends, start downloading, whatever you got on there. Look at conversations. I mean, who knows what they’re going to do? They can start contacting people. So I told them you don’t change the password, sign out a messenger, sign out of your Facebook, sign out of your Instagram, and change all the passwords. I mean, I have no idea. These people, I heard scams the other day where somebody was sending a tech text message, and I’ve gotten those text messages on my phone before it’ll say, oh, there’s a problem with your bank account log in here. Okay. I’m not clicking that link. Like there’s no way if there’s a problem with my bank account, I’m sure my bank for my credit card company is going to call me on the phone or send me an email, or it’s going to look more legit than that, than that because, and people have clicked on those. And then it’ll say, oh, put in your login information, right? And it’ll look like your bank. And you’re going to put in your username and password to your bank.

Right? And then you’re on some fake website. And the other day somebody did that. I saw the story on the news, and the person got into their bank account because they already had their login and then Zelle down money. And you can’t get that money back. Like the money’s gone like someone’s held out a couple of grand out of their bank account, started doing a bunch of Zell’s. And when someone’s doing Zell, you get a text on your phone that says, oh, you just sent 50 bucks. Right. They should have logged in and shut down their bank account. So you must be careful with your login for your bank and stuff. I have two-factor authentication. I mean, it’s a pain in the butt you log in, then they got to send you a text message. And then you got to put the code in. But you know, you got to take extra steps. Cause these criminals they’re taking extra steps. I just saw a news story. Before we filmed the podcast. I was showing Justin about people putting, ran fake QR codes, you know, giving people like a piece of paper, and the QR code doesn’t go to the actual business. It’s some fake thing. Like it’s supposed to look like it’s from your bank or something or your credit card.

You go scan, and it takes you to a website you’re putting in your login information. The criminal is catching your login to your bank. Maybe they figure out where you bank after that. And then guess what? Boom, they’re logging into your bank account. Do you know? So it’s very, very dangerous. I’ve heard people getting their GoDaddy account hacked and having domain names disappear. Okay. One of our customers a few years ago where somebody hacked into their GoDaddy account. All of their websites had like a bunch of restaurants, and all the websites disappeared, completely gone. The person who turned out it was somebody who worked at the business. And they, I don’t know what happened to the person, but they found that kind of who did it and it, but still at the same time, if that two-factor authentication for the login that would have never happened, you know, a good thing is to have password programs. Don’t keep passwords on your computer. Someone acts, or the computer pulls down some spreadsheet with all your passwords on it. You’re done, you know, and another overlooked thing is PCI compliance and, you know, PCI compliance, everybody who has a merchant account has to fill out a self-assessment questionnaire.

I think one of the next one or two podcasts is coming up, and we’re going to do a podcast all about PCI and PCI compliance. So security and identity theft, cyber security. What’s crazy is that Florida recently passed the law, and some other states have passed laws about cybersecurity and what businesses need to do to protect their information and their customer’s information. But they don’t have a solution as to what you could do. Now. I’ve had probably at least five-six demos. And Justin was with me at a trade show recently, and we saw two or three companies. They’re all selling some security for your computers, for your business computers. And it was some ridiculous amount of money, like 25 to $50 per computer and phone. I was like, who’s going to pay for that cyber security. In 2022 and moving forward, we are going to be one of those booming industries. Right. Cause you know, McAfees and all the Norton’s and all that other stuff aren’t cutting it for today’s technology. All right. So yeah, the hackers are smarter, faster. They’re figuring out vulnerabilities all the top. Apple is constantly updating its software. Android is constantly updating its firmware, right. To protect the phones because the vulnerabilities are discovered by white hat they call the hackers, they got the white hat and the black hat, the white hat is good, and the cat is bad. So then, yeah.

So, you know, you have to make sure like, and then what the cyber security program is. One of the things I ask them is I said, oh, does he come with insurance? Like, are you getting some insurance with that? And I have seen one of them say, yeah. And I was like, well, I want to see the policy. And then I had another company call me, and they sell like cyber insurance, but what does it cover? Like it’s some ransomware attack, and some guy gets on my laptop and locks it up. You know, what are they going to do? Give the guy the Bitcoins that the guy wants. They got one, some 500 bucks a Bitcoin to unlock my laptop that happened to us. Once, we took the laptop and just threw it in the garbage, destroyed. It’s just literally what was off. So the person couldn’t do anything. You know, the minute it locked up, I was like, turn the thing off, kill the power, take it off the internet. So they couldn’t access anything on it. Right. So whatever, they didn’t download anything they were attempting to. But you know, it’s you know, it’s going to be interesting to see, like what happens, like who’s going to do something about cybersecurity. Like, is Microsoft going to do something? Is Google going to do something? You know, what, what, what company will come out and actually what’s that other one CrowdStrike, right? It’s all over the radio. Right. All these companies, but what do they really, you know, what do they do? I mean, for somebody, maybe a big company, right? You’re a big company with hundreds of employees, or maybe you can put some server, some stuff on your servers and all that, you know, but for small businesses, there needs to be like some kind of product. So For, for small businesses, right.

So if you have a website, the basic that you should install some sort of security plugin, right? Like a word fence or security, the bare minimum, Right? Yeah. SSL certificates get yourself. If you have a website in 20, 22, and it’s not running an SLC SSL certificate on it, you’re losing. Right. Come on, get with it. Yeah. Google requires it in their Searches. People are leaving your website. If you don’t have the SSL certificate that says you know, you want to get the SSL. You want to install some sort of security plugin on a site. There are anti-spam plugins that you can install on your website. So people aren’t leaving, you know, weird links in the comment section on your blogs. Like, you know, you don’t want that. So those are, you want to keep your website updated, right? You want it; if you’re not on a maintenance plan now with a website, get onto it because if you’re good, you’re going to run into any problems. You know, as Allen said, the hackers they’re getting better. They’re smarter, and they’re faster. There’s more of them. They’re working in teams. You know, it’s all coming from China, Russia, a lot of it. So you can’t keep up. Right. And they’re working while we’re sleeping.

Also. That was literally about to say why we’re all asleep, and they’re fast away breaking down doors, literally Trying to serve another time zone for right. So, You know, those are all just specific things that you could do for your website, change your passwords. Like you can have Rocky 1, 2, 3 as your password anymore. You know, like it’s time to use some sort of encryption, a password generator, like last pass, Last Testament to that. So we started using that recently because so many passwords were saying, coming up in the list, compromise, generating a path, new passwords for sites, and using encrypted programs. So that not to repeat the same password over and over again. Right. Like, because, you know, Yeah. Cause if somebody hacks into one of your things, they get into all of your stuff. Right. Because then they start going through like, oh, what, what else does this person use? Yeah. Don’t use the same usernames either. Although a lot of things want your email address as your usernames. Yeah. I mean, but then, you know, that’s just making sure that you don’t have, like, like I said, like the super, your birthday as a password, right. You can’t do that anymore, you know? But so for WordPress, if you run a WordPress, definitely installed, installed security or a word fence, Akismet comes built-in with WordPress, just, you know, set that up, generate your free API key. Keep it up.

They did. Yeah. A lot of people use managed WordPress hosting. GoDaddy is great with that, you know? And so Other people are coming out with that too, being its WordPress hosting. So things get updated promptly. And they’re sending you out a notification. So, you know, like, oh, we’re updating a WordPress, you know, you have to check your site. It’s essential to keep your site up today, you know because you know, that’s how the hacker’s break-in. They’re always updating vulnerabilities. Here’s the free credit Karma’s and Experian and TransUnion offer free. I’m sure there are other credit ones, Credit Sesame. There’s a whole bunch of these credit companies, you know, so you can get free credit monitoring and make sure that you’re, at least monitoring your credit, you see something pop up, boom, you can take care of it. But, if your social and your driver’s license act, you know, you want to make sure you lock your credit, you know, protect yourself, protect your business because you know, if you have a problem like this merchant we were talking about earlier, you know, he’s got the police involved. I’m sure the FBI has probably been contacted. Now the credit, whoever gave these merchant accounts lost these chargebacks total over 25 grand, and they’re out a bunch of money for not doing their homework.

Okay. And making sure who they were doing business with, you know, but now, you know, the person who had their identity stolen, you know, is it, you know, has a problem. How much is that going to cost? You might have to get a lawyer that you’re going to hire somebody or, or do it yourself and call these credit bureaus up and send them letters and police reports until they remove those negative things from your credit report. To protect yourself, protect your business. You know, two-factor authentication, get an encrypted password program. You know, everybody that people don’t want to spend a lot of money, like even in your business, like, I’ll give you a scenario. You have your wife, your, you have your internet and to your business, right. And then you have public wifi. So maybe you shouldn’t have public wifi on the same router that you have all your computers on. Cause someone could hack in. I don’t know if people say you shouldn’t. Yeah. A few years ago, I remembered a big breach with TJ involving a TJ Maxx, and TJ max was this Russian guy. And how did he break into TJ? Max? His system. He drove up outside in a van with a laptop. Now he formerly worked for them. So he knew a little bit, and he got on their wifi, then he hacked into their system, and they got downloaded tens of thousands, hundreds of thousands of credit cards. He planted something in there, and he got all their payment data.

That was one of the largest breaches ever. You know, when it comes to, when it comes to credit card breaches, I was one of the biggest ones. So you gotta, you know, security. I think that we will be talking about cyber security ransomware attacks. I think we’re going to hear a lot about it in 2022. I think there needs to be, and I think the government needs to put pressure on people like Google and Microsoft because they’re the ones that control most of the internet.

#b2bvault #npsbank #nationwidepaymentsystems #merchantservices #paymentprocessing #B2B #hotels #nonprofits #emergingmarkets #insurance #cashdiscount #highriskbusinesses #ecommercesolutions #giftcards #chargebacks #ach #merchantfinancing #consumerfinancing #acceptcryptocurrency #ATM #virtualterminal #cardpresent #cardnotpresent #mobilesolutions #paymentportal

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Allen Kopelman

The entrepreneurial bug started early in Allen’s life as comes from a family of business owners and learn about business from early age behind the cash register