chipped credit card fraud

Are New Chipped Credit Cards Really Safe From Fraud?

Recent reports have indicated that the new chipped credit cards, i.e., credit and debit payment cards equipped with EMV technology, are not as secure as initially hoped, and show that fraud involving payment cards is still on the rise despite the full deployment of the new, more secure technology. The new chipped credit cards were touted as being safer and more secure since the they integrate EMV (which stands for Europay, MasterCard, and VISA) and pin technology, meaning that not only must the user have the chip associated with the credit card, but he or she must also have the appropriate PIN, in order to use the credit card. How is so much fraud being committed with these new chipped credit cards that are supposed to be more secure than the old magnetic strip version?

Fraud Committed with Chipped Cards is Committed in Familiar Ways

Not surprisingly, most of the new chipped credit card fraud involves exploiting old ways of committing fraud. For instance, whether a stolen credit card is chipped or not has little effect when the fraud is done by making online purchases. To make a fraudulent online purchase all you need is the credit card number and the CV code for the card; the chip plays no role. For this reason, online purchasing is the leading type of fraud that is committed with chipped credit and debit cards.

The other way that criminals are exploiting chipped payment cards is by using stolen cards at retailers that have not yet implemented chip reading equipment in their payment systems. There are plenty of retailers who are holding off as long as possible to upgrade their payment systems, which means that they have the older, magnetic swipe reading payment machines.

Additionally, hackers are able to gain access to vulnerable payment systems that are connected to the internet. Once hackers breach the security of a vulnerable payment system, they can install files that will track and transmit payment card data that are used at the compromised payment system. The credit card number and CVV code can be stolen and it is even possible to record and transmit the corresponding PIN code for the card. With the stolen card information, hackers can produce cloned cards, or can use the stolen data for online transactions.

Hackers Create Cards With Chips That Impersonate Real Chipped Cards

Another way that hackers have taken advantage of chip card technology is to create cards that impersonate real chipped cards. Chipped cards are supposed to be harder for thieves to duplicate, so while the new chipped payment cards are more difficult for thieves to clone, they are not necessarily more difficult to impersonate. For instance, there are ways in which a chipped card can be impersonated or mimicked to make an ATM shim, which can be inserted into an automated teller machine to make the ATM dispense cash.

Data Breach Lawyers

Revision Legal understands the dynamic nature of Cyber Security. If your payment system was compromised by a cyber attack, or your customers’ payment card information was stolen in a data breach, you need to work with an experienced data breach lawyer. Revision Legal can help with ensuring compliance with state notification laws and international law. Contact us using the form on this page or call us at 855-473-8474.

Image credit: Finance Blue.

active cyber attacks

Active vs Passive Cyber Attacks Explained

Cyber attacks involve the unauthorized access of private or confidential information contained on computer systems or networks, but the techniques and methods used by the attacker further distinguish whether the attack is an active cyber attack, a passive type attack, or some combination of the two. According to Symantec, both active and passive cyber attack types are defined by unique characteristics and techniques, and each type of attack presents unique challenges to victims, system users, system administrators and cybersecurity professionals. Knowing the difference between passive and active cyber attacks can help system users and administrators identify when an attack is taking place so that action can be take to try and contain the attack.

Active Cyber Attacks

Active cyber attacks are often aggressive, blatant attacks that victims immediately become aware of when they occur. Active attacks are highly malicious in nature, often locking out users, destroying memory or files, or forcefully gaining access to a targeted system or network. Viruses, worms, malware, Denial of Service attacks, and password crackers are all examples of active cyber attacks. Usually, hackers that use active attacks are not much concerned with their activities being detected because by the time the attack is detected the damage is already done or is underway.

Passive Cyber Attacks

Passive cyber attacks often employ non-disruptive and covert methods so that the hacker does not draw attention to the attack. The purpose of the passive attack is to gain access to the computer system or network and to collect data without detection. Many data security breaches involving the exposure of credit card and debit card payment information are the result of passive attacks, as are data breaches where the targeted data collected during the attack is user name, passwords and other personal identifying information.

Passive attacks are usually data gathering operations, which means they usually employ some sort of malware or hack that eavesdrops on system communications (i.e., scrubs email for personal identifying information) or records system communications (i.e., keystroke recording malware). Information that is gathered in a passive cyber attack is usually sold on the blackmarket and dark web for the financial gain of whoever perpetrated the passive attack.  

Use of Both Active and Passive Attacks

There are many hackers that use a combination of active and passive techniques to gain unauthorized access to a system, network, or data. Oftentimes, a passive information gathering technique will be used first, and then once desired data has been collected, the hacker often launches an active attack to make a point or to accomplish some other goal. For instance, it is not uncommon for a hacker to acquire login credentials using a passive attack technique, and then actively access the system to wreck havoc on the network once inside. We’ve written previously about how hackers gain access to computer systems here.

Contact a Data Breach Lawyer

Any business that is subjected to a cybersecurity breach needs to take steps to contain the breach and to notify those who have had their personal identifying information or payment information exposed as a result of the attack. Many states have breach notification laws that specify certain timeframes in which victims need to be notified. You will have to move quickly after a cyber security breach. The professionals at Revision Legal can help. Contact us using the form on this page or call us at 855-473-8474.

Image Credit: GlobeSign

advanced persistent threats

What are Advanced Persistent Threats?

In cyber security, an undetected attack by which someone gains unauthorized access to a network or system for an extended period of time is referred to as an advanced persistent threat. It is a form of security data breach whereby the attacker has gained access to the system and is able to come and go within the system without detection. The purpose of an advanced persistent threat or attack on a network or system is for the attacker to collect data. Advanced persistent threats often do not cause damage to the system, but are still a breach of the security of the system, which need to be identified and addressed as soon as possible.

Advanced persistent threats are characterized as sophisticated attacks that often require a decent amount of effort on the part of the attacker to ensure that their penetration into the computer system or network remains undetected. Attackers engage in various activities to cover their tracks, so to speak, such as creating a backdoor in the system code and updating or rewriting code to hide their presence or access to a system, as well as employing a number of intricate evasion techniques. Advanced persistent threats are unique in that they require a high level of skill, the attack itself is highly customized to the target, and attack often involves a slow buildup to actually gaining access to the system.

What Industries are Most Likely Affected by Advanced Persistent Threats?

As most advanced persistent threats are intended to help facilitate data gathering efforts, and attackers often target networks and computer systems in industries where any collected data can have a lot of value. According to a recent Symantec report, several industries are particularly desirable targets for perpetrators of advanced persistent threats, include but not limited to:

  • Military and national defense industries.
  • Financial industries, including banks, financial institutions and insurance companies.
  • Government agencies.
  • Globally competitive manufacturers.
  • Energy and minerals.
  • Telecommunications.
  • Transportation.
  • Utilities.

Due to the target-specific nature of advanced persistent threats, it is unlikely that small businesses would fall victim to these types of security breaches, but it is not unheard of. Advanced persistent threats are more likely in larger industries that deal in high-value data, where attackers have a lot to gain from their efforts.

What Can Companies Do to Combat Advanced Persistent Threats?

If you are concerned that your company is likely to be a target for advanced persistent threats, there are several things that can be done to defend against these security threats. Regularly assessing your company’s security situation is one of the best ways to identify advanced persistent threats early before they can do much to your system. Performing regular security tests and scans can help detect problems and intrusions. Conducting periodic vulnerability assessments can also help keep your system’s security strong.  

Talk to an Experienced Data Breach Attorney

Once a problem or vulnerability is identified, it is vitally important that your company takes immediate steps to address the issue. Responsiveness is key when dealing with advanced persistent threats and data breaches. If your system is breached, you will have to act quickly to notify any parties who may be affected by the data breach. Contact the data breach lawyers at Revision Legal today. Contact us using the form on this page or call us at 855-473-8474.

Image credit: Roland Buulolo

chicago trademark attorney

Chicago Trademark Attorney

Revision Legal’s intellectual property lawyers are located in Southwestern Michigan and are Chicago trademark attorneys that give businesses the advice they need at the price they want.

Our experienced intellectual property lawyers have registered hundreds of trademarks and protected the intellectual property rights of businesses across the United States, including Chicago-based businesses.

While a majority of our work can be accomplished through teleconferencing, our location just 90 minutes outside of Chicago allows our attorneys to easily travel to Chicago for face-to-face meetings. There is no better option for a Chicago trademark attorney.

If your Chicago-based business requires trademark registration, trademark infringement, or consulting on the process and why it serves a vital purpose for your business, please contact our Trademark Attorneys with the form on this page or call us at 855-473-8474.

 

Discover Data Security Breaches

Employees Most Likely to Discover Data Security Breaches

One thing that all data security breaches have in common is that someone must first uncover the breach and then reveal the breach to the appropriate parties (i.e., employers, law enforcement, other appropriate state and federal agencies, etc.). In the case of a business that is attacked and breached, an undetected data breach can wind up being costly for a business as the business must immediately address the lost data, implement security updates, and issue notifications once the breach is identified. Due to the ever-evolving state of cybersecurity and data protection, it can be difficult for companies to stay up to date with the current best practices for protecting data, which can leave them vulnerable to attacks. In today’s current state, it is less a question of if a data breach will occur at a company and is rather a question of when a data breach will occur at a company.

Who is Most Likely to Discover Data Security Breaches?

According to a survey conducted by AT&T, employees are the most likely to discover data security breaches. This makes sense since it is often employees who are using the company’s computer system. But generally speaking, employees are also likely to be those responsible for causing or enabling a data breach to happen in the first place. Employees who implement weak password protection techniques, or employees who open phishing-type emails containing malware or ransomware are some of the main reasons why a data breach happens in the first place.

It is also becoming more common that law enforcement is the source of the identification of a data breach affecting a company. Nearly 25% of data breaches affecting companies are identified by law enforcement agents who have come into possession of certain files or data that they may  not otherwise have unless a data breach had occurred.

The Impacts of a Data Breach

Security breaches can be a real problem for an affected company. Often times systems must be taken offline in order to address existing security vulnerabilities and problems, which translates to lost work time and production. Furthermore, once customers learn that there has been a data security breach at the company, the company is likely to suffer reputation damage or a loss of customers due to damaged perceptions of trust. It is important that companies that are affected by a data breach act quickly to address the problem and to notify those customers, partners, vendors, suppliers and other third parties that may have been affected by the data security breach.  

Work With a Data Breach Lawyer

It does not matter if your run a large business or a small one, data security breaches happen and when one happens to your business you need to be ready to act. Most companies prepare in advance of a data breach a response plan that lays out how the company will address the major events that happen after a data breach is identified. Closing the system vulnerability, raising awareness about data security amongst employees and notifying affected parties are all critical early steps that need to be taken after a data breach. Data breach notification laws vary from state to state, but the data breach notification lawyers at Revision Legal are ready and available to help you. Contact us using the form on this page or call us at 855-473-8474.

 

Image Credit: Techtw twyahoo.

data security breaches

America First! (in Data Security Breaches)

In the United States we pride ourselves on being world leaders, but not when it comes to the number of data security breaches that we fall victim to. According to a report published by The Hill, the United States outpaced the rest of the world concerning the number of data security breaches that took place here. We outdid every other country by leaps and bounds, in fact, and it is quite clear that we will need to work harder in the future to help prevent data breaches from occurring.

Some Eye-Popping Data Security Statistics for 2016

Data breaches have become more and more frequent occurrences over time and are only predicted to get worse in the future. Naturally, 2016 was worse in terms of data breaches than 2015, just as 2015 was worse than 2014. Below are a few data breach statistics from 2016:

  • Eight of the top 20 worst data breaches of all time occurred in 2016.
  • Across the entire world in 2016 there were 4,149 data breaches that exposed a total of 4.2 billion records.
  • Of those, 47% of all instances of data breaches where user data was exposed occurred in the United States last year.
  • 68% of all data breaches involving record exposure occurred in the United States, as well.
  • The US is responsible for compromising a whopping 2.9 billion records.
  • Compared to other countries, the United States beat out its nearest competitors by a factor of 10.
  • The United Kingdom came in second behind the United States in terms of the number of data breaches that occurred in the country, and in terms of total records exposed, the United States beat out Russia.  

Why Was the United States So Far Ahead of Other Countries?

Several factors contributed to the United States ranking so high in data breaches last year compared to other countries. Part of the reason that so many data security breaches occur in the United States is because the US is home to so many highly valuable companies, which makes the United States an attractive target. The United States is also home to a number of companies that have a large online presences, which makes them particularly vulnerable to cyber security breaches. In particular, the pair of Yahoo data breaches that were disclosed in 2016 occurred in the US and accounted for approximately 1.5 billion exposed records on its own.

Talk to a Data Breach Lawyer

Data Security is a dynamic area and Revision Legal is dedicated to staying up to date on the latest developments in the law. Whether you have been involved in a data breach, or a cyber security breach, Revision Legal can help you. We have worked with businesses of all sizes to deal with the aftermath of a data breaches and can provided counsel on how to manage breach notification for those where were affected by the breach under the laws of all 50 states. Since civil fines are available in some states for a failure to expeditiously notify those affected by breaches, it is important that you work with an experienced data breach attorney immediately. You need the legal team from Revision Legal in your corner today. Contact us using the form on this page or call us at 855-473-8474.

Image credit: walthsu

trademark first use in commerce

Trademark’s First Use in Commerce

A trademark is a symbol, phrase, or word used to identify a specific business and distinguish that business’s products from those of other businesses. Trademark is about brand recognition. Trademarks make it easier for consumers to readily identify the source of a product (example: Nike’s “swoosh” sign). In some instances, trademark protection extends beyond a symbol, phrase, or word to include other features of a product, like its packaging or color. These features are considered “trade dress,” and may be protected if consumers identify them with a particular business rather than the product in general.

Trademarks, and the reputation these brands represent, influence consumers’ purchasing decisions. Put simply, a trademark is like a company’s brand name. It is important to understand the value of a trademark, how it can be used to grow your business, and how to protect that interest.

Registering a trademark may seem like a daunting task, but it isn’t. However, the confusion usually arises when you are trying to determine “first use”. The first time you used your trademark could, but is probably not, the correct date to use as the “first use in commerce” date in the trademark application. That is because the trademark’s first use was likely on your website or other material before an actual sale of goods or service rendered, and this date is not enough to establish “first use in commerce.”  

First Use in Commerce

The federal trademark application requires that you declare when you first used the mark in commerce for goods or services. The date of first use in commerce is the date when the goods were first sold or shipped, or the services were first rendered. The exclusive right to a trademark depend on the originality of the mark and the date of first use in commercial trade.

A trademark owner automatically has exclusive trademark rights in his original work from the moment he uses the original mark to identify his goods or services in the marketplace. The date of first use of a trademark establishes exclusive ownership rights prior to trademark registration. Trademark registration offers additional security against trademark infringement (learn more about protecting your trademark here). Further, it provides a public record of trademark use and informs the public of the designated use.

  • Use with goods.

In relation to goods, a trademark is used in commerce when it is placed in any manner on the goods, and the goods are sold or shipped in commerce. For example, if you sell electronics, it is not enough that the electronic good was advertised. It must also be sold and “transported in commerce.” Therefore, if you advertised a TV on your website on March 11 and then made a first sale on March 14 having the trademark to an out-of-state customer, then the first use date for the federal trademark application would be March 14.

  • Use with services.

For services, the trademark is used in commerce when the mark is used or displayed in the sale or advertising of services and the services are rendered in commerce. Trademark is also used in commerce when the services are rendered in more than one State or in the U.S. and a foreign country, and the person providing the service is engaged in commerce in connection with the service. Let’s say that you are an architect and you launched your website August 3. You signed a contract with an out-of-state client to provide your service on August 8 and delivered your designs to the client on August 14. The use of your trademark on August 3 is not sufficient because the service had not yet been rendered under the mark. It is likely that the service was rendered on August 14 because that is the day you delivered your work product.

Multiple Items in the Description

If there are multiple items listed in your description of goods or services in the same class, you should provide the date when all the goods or services listed in that class were sold or rendered. For example, let’s say that you sell furniture. On your application you declare the goods of chairs, tables, and footrests. You first sold a chair having the mark on January 2. You first sold a table on February 1. You first sold a footrest on April 11. Since you would list all of these items in the same class, the first use date for all of these good in this particular class would be the latest date of April 11. April 11 is the earliest date when on or before that date all of the listed goods in that class had been sold with the mark.

Trademark Attorney’s Role in Determining First Use

Declaring a first use date before the actual use can negatively impact your registration. The application states “at least as early as,” which means that you can always show an earlier date during a dispute if needed. If you are uncertain if the date qualifies as first use, a trademark attorney can help you make this determination. A trademark attorney can also help if another party challenges your trademark application or registration.

In cases involving trademark infringement, courts look to the date of first use of the original mark in the marketplace, in relation to the rightful owner’s specific goods and services. The original owner must prove an earlier date of first use to prevail. Federal registration of trademark provides a legal presumption of exclusive trademark rights.

In the meantime, save proof of the first use date. The United States Trademark and Patent Office (USTPO) does not require proof of the date when you first used the mark in commerce, but it does require proof of the mark in use. For example, the USPTO does not require that you submit an invoice showing the date of first sale, but you should keep a copy of such a document for your records. In some circumstances, providing an incorrect first use in commerce can result in your registration being cancelled or denied.

For more information about first use in commerce, contact Revision Legal’s team of experienced trademark attorneys through the form on this page or call 855-473-8474.

Image credit: Jesse Gardner.

Contact Revision Legal

medjacking

NH Strengthens Healthcare Cybersecurity in Response to 2015 Hack

In New Hampshire, state officials are diligently working to update and strengthen the state’s computer systems against breaches after there was a cybersecurity breach in 2015 involving the New Hampshire Department of Health and Human Services (DHHS). The DHHS press release regarding the data breach can be found here. According to the Concord Monitor, as a result of the 2015 attack on the DHHS, the confidential personal information of approximately 15,000 patients who had received services from the DHHS were exposed. Patient names, addresses, Social Security numbers, and Medicaid numbers were posted to social media sites on the internet.

Former Psychiatric Patient Perpetrates Breach

The healthcare cybersecurity breach of New Hampshire’s DHHS patient data was perpetrated by a former patient of the psychiatric hospital while using a computer station in the hospital library, rather than by a mysterious outside entity over the internet. While the state customarily provides some government computers for public use at locations such as state-run hospital libraries, the 2015 data breach was unprecedented. The former patient gained access to the state’s network and amassed confidential patient data, which was then posted to the internet via social media channels. This type of hack, i.e., access to a state’s computer network via a state-owned computer, is extremely rare, and the DHHS data breach incident is likely the first one of its kind in the state of New Hampshire.

Gaining access to the state’s network was not as easy as it may sound for the former patient hacker. The former patient had to hack into the state’s computer network from the hospital library computer. The state employs a number of cybersecurity breach prevention techniques, including two-factor authentication and the frequent mandatory changing of user passwords. While few details have been released about the breach because of an on-going criminal investigation, it was made clear that the former patient had an interest in hacking activities.

DHHS Sending Out Data Breach Notifications

The DHHS is busily preparing and sending out data breach notifications in compliance with state and federal law to the patients that were affected by the hack. At present the DHHS has no reason to believe that the personal information of those affected by the data breach has been misused, but there is clear evidence that the personal information was exposed. Additionally, none of the information that was disclosed was credit card or banking information. The New Hampshire Department of Justice Office of the Attorney General tracks instances of data security breach on a website that is accessible by the public.

Speak With a Data Breach Lawyer

We have written previously about healthcare cybersecurity here and here. Healthcare organizations are 4 1/2 times more likely to suffer from a data breach. Organizations should not be concerned about being hacked, but about having a plan in place for when they are hacked.

We have helped businesses of all sizes and government entities and institutions deal with the aftermath of a patient privacy breach. We provide thoughtful and knowledgeable counsel to help you fulfill your breach notifications obligations under the law in any of the 50 states. Since civil fines are available in some states for a failure to expeditiously notify those affected by data breaches, it is important that you act quickly to comply with the required breach notification laws that apply to your particular situation. You need the legal team from Revision Legal in your corner today. Contact us using the form on this page or call us at 855-473-8474.

business after a data breach

How Do Customers Perceive Businesses After a Data Breach?

Nothing can be quite as devastating to a business’s customer base than a data breach. How do customers perceive businesses after a data breach? What was once a highly-trusted, well-regarded company could be quickly downgraded to an untrustworthy, irresponsible company after a data breach. The public generally perceives data breaches as a sign that a business was irresponsible with customers’ personal and payment data. A business that is victimized by a security breach is not viewed by customers as a victim. Instead, customers are often harsh in their reaction to a data security breach, oftentimes because they feel that their data has been exposed and because the trust between them and the business has been breached.

Many companies have endured a data breach, and have managed to recover with their customers. While not all customers may choose to continue their relationship with a business after a data breach, many customers will return to a business once they feel that the business can be trusted again.

Steps Businesses Can Take to Rebuild Trust With Customers

Even after a highly-publicized data breach, there are steps that a business can take to start rebuilding trust with its customer base. One of the most important steps for a business to take after a data breach is to acknowledge that the breach happened and apologize for it. Customers may initially react emotionally to news that their personal data or payment information has been compromised as the result of a data breach, but customers can be reminded that data breaches happen to a lot of businesses.

Additionally, taking the appropriate steps to notify the affected customers also helps customers to start rebuilding their sense of trust in the business. A business that reaches out to affected customers in a timely manner appears to be taking responsibility in the aftermath of a data breach. Timely notification about the breach in compliance with state and federal breach notification laws also makes the customer feel like the business cares that this unfortunate circumstance befell the company and the customer.

Finally, businesses can inform customers about how the business is coping with the data breach. By explaining to customers the steps that the business is taking to ensure that a similar breach does not occur again in the future, a business can begin to foster as sense of trust between the customer and itself. Customers like to see businesses that have been victimized by a data breach taking measurable steps forward to secure against future data breaches.

Speak With a Data Breach Lawyer

Businesses large and small fall victim to data security breaches and when a breach happens to your business it could have a negative impact on how your customers perceive you. The team of data breach lawyers at Revision Legal has helped a number of companies across the country deal with data security breaches and data breach notification compliance. The laws associated with data breach notification can vary from state to state and additional federal requirements might exist depending on what industry the data breach occurred in. Things need to move quickly after you have confirmed that your business has been subject to a data breach. You need the legal team from Revision Legal in your corner today. Contact us using the form on this page or call us at 855-473-8474.

Image credt: Free Press/ Free Press Action Fund

fix the UDRP

Here is How to Fix the UDRP

Today at Namescon I had the pleasure of watching three of my esteemed colleagues, Nat Cohen of Telepathy, Inc., Jason Schaeffer of Esqwire.com, and Zak Muscovitch of DNAttorney.com, examine three of the most shocking UDRP decisions of 2016. These decisions involved overreaching trademark owners, extraterritorial trademark rights, and panelist conflict of interests. In listening to the panel’s explanation of these cases, however, it dawned on me that there is a simple way to fix the UDRP. These are my brief thoughts on how to provide a long-term solution to the problems that those within the domain industry see in the UDRP in advance of revisiting the Policy next year.

Most lawyers are, by their nature, pragmatists. That means that, if we can secure a win for our clients without subjecting them to additional legal or financial risk, we will. We aren’t paid to provide a coherent legal philosophy—we are paid to win. And, contrary to federal and state court, where fee-shifting statutes and sanctions protect against abuse, the UDRP provides no disincentive to overreaching, or even simply creative, attorneys.

Obviously, fee-shifting or sanctions under the UDRP would be ideal. If there was a financial risk to overreaching, those risks would be analyzed at the outset and both attorneys and their clients would be less likely to file suspect claims. And fee-shifting would provide attorneys with an incentive to represent clients who cannot typically pay for a UDRP defense. But fee shifting becomes more complex when it needs to be applied across the world.

The New York Convention

Enter the Convention on the Recognition and Enforcement of Foreign Arbitral Awards. Better known as the New York Convention, the Convention is a treaty that requires courts of signatory states to recognize and enforce arbitration awards made in other signatory states as if they were made in their own. This means that, if a UDRP panel were to find that a complainant located in the United States is responsible for reverse domain hijacking against an Indian registrant, and if that panel awarded fees in favor of the Indian registrant, the Indian registrant could take that award and enforce it in court in the United States by filing a petition for confirmation of the foreign arbitration award. This award can only be challenged on very limited grounds and can be enforced quickly and without substantial cost. If the amount of the award is high enough, the Indian registrant could either afford to pay an attorney in the United States to file the petition, or he or she could find one that would take the issue on a contingent fee basis.

If complainants were at risk of monetary damages for filing frivolous UDRP complaints, they would be less likely to file them. And where they do, the incentives line up and provide registrants’ attorneys with an incentive to do what is right. It is win-win, except for abusive complainants. That is a good thing.