Do You Know Where Your Kids’ Data Is?

It’s not unusual for today’s toddlers to be able to easily navigate an electronic device. It’s an intuitive part of their daily lives, despite some parents’ quest to shield them from it.

Most children born after 2002 use technology on a daily basis, and it’s important for parents to know how to protect their children online—specifically when using apps.

The FTC has published studies on privacy disclosures on children’s apps annually since 2012. The inaugural reports, “Mobile Apps for Kids: Current Privacy Disclosures are Disappointing” and “Mobile Apps for Kids: Disclosures Still Not Making the Grade,” uncovered that a staggering amount of apps share user information with third parties, unbeknownst to the children who are using those apps.

The key to keeping hold on what apps are putting your child’s security at risk is to investigate their privacy practices. Easy enough, right?

Well, not exactly.

In the most recent survey, 45 percent of the 364 apps tested turned out to have privacy practices available only after downloading. An additional 38 had privacy practices available in harder-to-find places, the FTC reports, such as through a link to a developer’s website.

The kind of privacy data in question includes children’s geolocation data, photos, videos, and audio recordings, as well as persistent identifiers such as cookies that can track a child’s activity online.

Seek out age-appropriate apps for children

Chris O’Shea, founder of Cowly Owl, a London-based children’s app company, says that his biggest advice to parents is to stick to apps that are made for their child’s appropriate age group.

“On the Apple App Store, there is a ‘Kids’ category, and on Google Play, there is a ‘For Families’ category,” he says. “To have an app in those categories, developers must provide a privacy policy that can be visible from the store before you download an app. The platform holders then approve [the] app to be in those categories—but [parents should] still check the privacy policies.”

Parents should also beware of free apps, especially those riddled with pop-up and other forms of advertising that can take children out of the app and onto a third-party site, putting them at risk.

“Not only could the advertising not be age appropriate, but the advertising networks that they use can often track your device across apps to build up a behavior pattern of what your interests are,” O’Shea says.

COPPA can help protect children’s information

The Children’s Online Privacy Protection Act (COPPA) was established in January 2014 by the FTC to place parents in control over what information is collected from children online.

The COPPA Rule was designed to protect children under age 13, and it applies to operators of commercial websites and online services, including mobile apps. The rule includes requirements to post a clear and comprehensive privacy policy, to directly notify parents before personal data is requested, and to provide parents with the choice of whether to consent to an operator’s use and collection of data.

“The rule also applies to websites or online services that have actual knowledge that they are collecting personal information directly from users of another website or online service directed to children,” the FTC states in its COPPA FAQs.

O’Shea says that when going over a privacy policy, parents should understand that there is a difference between analytics and personal data.

“Don’t be afraid if you see that an app uses analytics,” he says. “If it is anonymous data, the developers use this information to help improve their apps, [such as] fixing usability or gameplay [or] knowing what is and isn’t working. [Be sure that] the privacy policy states that this is not personal information and you aren’t being asked for your personal details.”

Related Articles
Data Breach Fatigue: The New Identity Theft Risk
How You Can Help Protect Against Identity Theft
What You Can Teach Your Children Right Now About Credit

Protect Yourself from Security Weaknesses in Wireless Networks

WirelessVulnerabilitiesEvery day, millions of Americans use their electronic devices while out shopping, having coffee, or changing planes, often without a thought about the wireless networks they’re using. Unfortunately, those networks could be making everyone’s favorite devices vulnerable to viruses or malware attacks.

For example, in the summer of 2015, flaws were discovered in both Apple and Android devices that could allow hackers to install harmful malware on a phone without the user even being aware that the phone had been compromised.

iPhones and MacBooks

A serious vulnerability was found in iOS 8.4.1 (for iPhones) and OSX Yosemite (for MacBooks) that allowed hackers to access and install malware via the Bluetooth-enabled feature Airdrop. If a hacker is in range of your device, all he or she had to do is drop the malicious app onto it, without your knowledge or permission, using a wireless network. Then, the malware simply installed itself the next time you turn on the device.

Thanks to Apple’s design, the amount of user data to which a hacker could gain access to is limited.

Even so, hackers might be able to track the location of your phone or make in-app purchases through your iTunes account.

Here are two simple steps you can take to help protect your iPhone or MacBook from attack:

  • Upgrade your iPhone to the iOS 9 operating system, which includes a fix for this problem.
  • If you don’t want to update your MacBook’s operating system, disable Airdrop or your computer’s Bluetooth feature to help keep your device secure.

Android devices

Android devices recently had their own set of security challenges. A security analyst in Texas discovered a simple way to bypass the lock screen on his own phone, which was running the widely used version 5 of the Android OS. Although a hacker would have to be in possession of the phone to bypass the screen, the weakness can allow easy access to all of the apps and data the phone has to offer.

This discovery came on the heels of another flaw, called Stagefright, which is even more dangerous. A mobile security researcher at Zimperium Labs found that the Stagefright flaw exposes devices via text messages that send a video file containing a piece of malicious code to a ’victim’s Android device. Because Android phones begin to process video automatically, hackers could use this tactic to steal data or take control of apps.

Here are some steps you can take to help secure your Android devices:

The lock screen bypass

  • Don’t leave your phone unattended. A hacker has to have your phone in his or her possession to bypass the lock screen.
  • If you currently use a password to protect your phone, you might want to change to a PIN or pattern instead.
  • Some phone carriers have issued a patch for this problem, so always keep your device’s software up to date.
    Stagefright
  • Check with your carrier to see if it has issued a software update to fix this weakness. If so, follow the carrier’s instructions to update your device.
  • If your carrier doesn’t yet have an update, look into how you can take steps yourself to disable the automatic download function that allows Stagefright to obtain access to your phone.

Protect your wireless network

Although updating the software on all of your devices can provide an important layer of protection, the best strategy to help protect your devices is to keep your own wireless network safe and secure. You can do so by taking the following steps:

  • Encrypt your wireless network.
  • Confirm that your router is secure.
  • Limit outside access to your network.
  • Ensure that your network is secure during mobile access.

Taking these steps now may help you keep your favorite mobile devices free of viruses and malware, both at home and on the go.

Related Articles
Is the Barcode on Your Boarding Pass Secure?
Losing Control: The Emotional Toll of Identity Theft
How You Can Help Protect Against Identity Theft

Secure Your Credit and Debit Cards After Your Wallet Is Mobile

SecureMobileWalletWhen leaving the house, you usually have to search for a few items: your wallet and mobile phone. But if some major technology companies and financial institutions have their way, soon you may only need your phone.

A mobile wallet allows consumers to carry payment information, including debit and credit card information, in digital form on a mobile or wearable device. This means consumers could, theoretically, begin leaving their credit and debit cards at home.

Sounds convenient, right?

According to a 2013 global PayPal study conducted by Wakefield Research on consumers’ attitudes toward various payment methods, 83 percent of respondents said they didn’t want to have to carry a physical wallet. Additionally, 29 percent of Americans surveyed said they would choose to only bring a smartphone and not a wallet when going out. Mobile wallets are clearly gaining in popularity.

“Over the next couple of years, we’ll see up to 50 percent of transactions being done with a phone or other mobile device,” says Peter Olynick, card and payments practice lead for Carlisle & Gallagher Consulting Group.

However, once you’ve started using a digital system, what do you do with all the credit and debit cards you’ll no longer take with you when you leave the house?

Protecting the information on your physical credit and debit cards

You may want to keep the actual cards in case you decide to switch back from a mobile wallet to a physical one or if your mobile device is lost or stolen.

In that case, the Federal Trade Commission (FTC) suggests keeping the information stored in a secure location, like a fireproof lockbox in your home or a safe deposit box at your bank. The FTC also says you should regularly check your credit card and bank statements to be sure there’s no suspicious activity.

Elie Bursztein, who leads anti-cybercrime efforts for Google and who blogs at Elie.net, suggests scratching off the three- or four-digit security code from the physical card (and, if need be, storing that information separate from the card) and writing “See ID” in place of a signature on the signature line. This way, if your cards are ever taken from your home, you may still have some protection from their misuse.

If you feel you’ll never need your physical credit cards again or wouldn’t mind ordering new copies if using your mobile wallet doesn’t work out, be sure to fully destroy the cards. In this age of identity theft, simply cutting a card in half no longer works, experts at creditcards.com say.

Instead, cut cards into many small pieces, or shred them (being sure to destroy any magnets or chips), or, if you want to be really safe, burn the card in pieces.

Don’t throw away your wallet just yet

For now, though, even if you leave your credit cards at home, you’ll still have to keep your wallet with you, Olynick says.

“We’re a number of years away from being comfortable enough to accept only mobile payments,” Olynick explains. “There will be an extensive period when either is accepted… but it will be some time before you can say, ‘I don’t need to bring a physical wallet.’ ”

When will you finally be able to leave your wallet at home? It’s not the mobile payment systems that will hold consumers back from completely digital wallets, Olynick says. It’s the national and statewide identification systems such as driver’s licenses that will keep wallets in people’s pockets.

“At some point, governments will have to figure out, do they want to allow mobile identification? When that happens, that’s really when people will have the ability to leave their wallets at home,” he says.

Related Articles:
Mobile Payment Apps Add Rewards, But Will Consumers Follow?
Financial Planning: There’s an App for That
More Millennials Are Shirking Credit Cards—But that Doesn’t Mean They Should

My Identity Has Been Stolen: Now What?

MyIDWasStolenYou have just been denied a loan for a new home because of your credit, which surprises you because you’ve always kept on top of your finances. That’s when it hits you: You’re one of millions of Americans each year whose identity is stolen.

“Most people are going to find out that they have been victims of identity theft at the most inconvenient times,” says Eva Velasquez, president and CEO of the nonprofit Identity Theft Resource Center (ITRC).

Usually, the news comes as part of a background check for a potential job or new apartment. As a result of running that check, people are denied credit due to potentially negative information found in their credit report.

Velasquez’s top advice for identity theft victims: “Don’t panic, but do react.”

After recovering from the initial shock of your identity being stolen, Velasquez recommends taking these five steps to mitigate the damage:

1. Contact any financial institutions or companies where you know identity theft has occurred.

All credit card companies have identity theft departments, and the FTC suggests calling those departments to report that your identity has been compromised. The companies you contact should then close or freeze the accounts for you so no one can add new charges without your permission.

2. Put a fraud alert on your credit reports with the three major credit reporting agencies.

Once you contact one major credit reporting agency (CRA) and explain that you’re a victim of identity theft, that agency is required to alert the other two. According to the FTC, an initial ID theft alert can make it harder for an identity thief to open additional accounts in your name.

3. File a police report with your local law enforcement agency.

According to the FDIC, which insures many of the nation’s consumer bank accounts, reporting identity theft in a timely fashion may improve the chances of recovering what you’ve lost and allows the authorities to take appropriate action. Although it’s also important to report the issue to federal authorities, local law enforcement agencies may be able to provide the most direct advice and assistance.

4. Fill out an ID Theft Affidavit with the FTC.

The FTC accepts reports in three ways: on its website at www.ftc.gov, by telephone at 1-877-IDTHEFT, or by mail to Consumer Response Center, FTC, 600 Pennsylvania Ave, NW, Washington, DC, 20580. All ID Theft related complaints sent to the FTC are entered into Consumer Sentinel, a secure online database that law enforcement agencies nationwide and overseas can search.

5. Start monitoring all your accounts.

If you’ve been a victim of identity theft, you should be checking your credit reports regularly. You can obtain one free copy of your credit report each year from all three major CRAs at annualcreditreport.com. The U.S. Department of Justice also suggests carefully checking monthly credit statements for any suspicious or false charges.

“Of course, the sooner you find out about the problem, the less time has lapsed in which the thief can use your identity,” Velasquez says. “The longer the individual’s personal information is used unnoticed, the more damage is done and the longer it may take to clean up.”

Once you’ve taken these initial steps, you can begin to turn the focus to any long-term steps to repair your good name.

“When you are a victim of identity theft, there is most often not an overnight solution,” Velasquez says. “So act quickly, take good notes, and stay organized. Make sure to take care of yourself emotionally, as identity theft has many [effects] on victims more far-reaching than the most widely known financial impact.”

Megan Craig is a Chicago-based journalist and communications professional who writes mostly about personal finance and consumer issues. She is a former reporter and editor for the Chicago Tribune. Follow her on Twitter @megcraig1.

Related Articles
The Top Six Mistakes I Made After Tax Identity Theft
What to Know About Identity Theft When Buying or Selling Your Home
Identity Theft Protection: How to Safely Carry Your Medicare Card