Our company and our products have been in “stealth mode” for the past year and a half as we designed and built the Chip Shield device, implemented back end servers and client libraries to support the devices, and built our web sites and mobile apps.
After all these months of secrecy, we’re finally ready to announce our product, and share information about what we do, and how we do it.
Our Solutions section gives a lot of details of what the new device can do: http://new.chipshield.com/our-solutions/
So, I thought I would use this blog post to talk about why we’re doing this, and how we started working to solve the problem of credit card theft and fraud.
The Pervasive Problem of Fraud
When we first started thinking about the problem of credit card fraud the Target data breach was still in the news, and the Home Depot story was just breaking. It felt like everywhere you looked you would hear reports of fraud, data breaches, identity theft and organized crime.
We started to feel the personal effects of card theft with bank notices and cards being replaced. My wife and I had 3 cards replaced in just a few months, and then later received a friendly notice that our personal information had been lost in the Anthem data breach.
It wasn’t only us. It was our friends, our families, and it was starting to impact virtually everyone. Just this week my dad had another card replaced.
Not long ago, Gallup asked Americans about their biggest crime fears and 85% of wealthier households listed credit card theft as their largest fear.
Also, more than 25% of the people surveyed reported that a family member had their credit card stolen by computer hackers in the past year.
http://www.gallup.com/poll/178856/hacking-tops-list-crimes-americans-worry.aspx
A more recent survey from MasterCard shows a similar level of anxiety, and amusingly 55% of the people surveyed would rather have nude photos of themselves leaked online than have to deal with the theft of their financial information.
A Personal Experience with Fraud
Finally, the problem hit closer to home.
My mom, who is in her mid-70’s and lives on her own, woke up one fine morning to learn that her checking account had been hacked into and more than $1,700 had disappeared in a few hours.
Our family spent the next few weeks trying to unravel the source of the hacked account as it played out a bit like a murder mystery.
Was it because my mom had used the same password for years?
Was it because, like many people, she used the same password for all sorts of accounts?
Was it the sheet of paper on her desk with her passwords written on it?
Was it a virus, later discovered on her computer that had logged keystrokes and sent them to a website in a distant country?
Was it the new housekeeper that had recently started working for my mom, who seemed a bit too chatty? Did she find the sheet of paper? Did she install the virus?
Was it my sister, or me, who took the money, since we both had our own login/passwords to the account?
Were our accounts with the same bank at risk?
Collateral Damage
The worst part of a computer hack is the side effects it can have on people’s lives, and the paranoia it can create around things and people you used to trust.
In hindsight, everything feels like an overreaction, but at the time, my mom was not sure who to blame.
The housekeeper, of course, had to be replaced, because it could have been her.
The computer, of course, had to be replaced, because it could no longer be trusted.
Online banking, of course, had to be permanently disabled and only paper statements used for the accounts.
Other online accounts, of course, had to have new, crazy long passwords created, since they could have been hacked also.
The little piece of paper with all my mom’s passwords on it now had to be written in code, with only hints at what each crazy long password might be. Of course, we could never remember what the codes meant.
The Bank Handles Everything
I’m sure the folks at the bank do their best trying to fix these issues, but it can be a mess to clean up.
The accounts all had to be closed and re-opened, which was done incorrectly, so they had to be closed and re-opened again, with the process taking more than a week.
The replacement funds had to be deposited into the account, and went into the wrong account, and had to be done again, which took another few days.
All the while, checks written to pay utility bills were merrily bouncing and triggering fees from those companies.
Then, somewhere along the way, the bank decided that the hack had actually come from my sister’s login (although they offered no reason except “its technical”), so they held back part of the funds and re-opened a fraud investigation under my sister’s name.
My poor sister had to endure 90 minutes of what she termed an “interrogation” by the bank because someone in the fraud group decided she was stealing our mom’s money.
Did They Get Away with It?
Of course they got away with it. The hackers are long gone with the funds and probably working on their next victims.
Our bank told us that the funds were drained through fake PayPal accounts, but PayPal wouldn’t provide them any information about where the money ended up.
PayPal had no reason to pursue the matter because they weren’t the ones who had to reimburse the stolen funds.
The police also had no interest in tracking down a small theft that would cost them thousands to pursue, with likely no results.
Son, Just Fix It!
While all of this was unfolding, my mom also had a credit card replaced (she thinks because of the Target hack).
So, my mom told me to just fix these problems, like I had fixed the VCR when I was 10 or the hair dryer when I was 12.
Well, mom, I’m working on it…