Two-Factor Authentication

A few days ago I received an e-mail from my credit card company asking if I had made a certain charge. I had not and so they cancelled my card and overnighted me a new one. In the 30 years I have had that credit card, I had never had a single fraudulent charge. Unfortunately the e-mail I received was the second such e-mail in about a month's time. That means someone used my card a month ago and somehow received my new credit card number and pertinent information to do the same thing again. How do I know it was the same person or organization? Well both fraudulent charges were to the same company, which is more than a coincidence. Fortunately my credit card company caught the theft and I didn't have to worry about disputing the charge.

I find it very interesting that a credit card I have had for 30+ years suddenly became compromised. It had me concerned about all of my other financial interests. After all if someone could get my credit card number so easily, what about my other cards or my bank account. The first thing I did was to enable two-factor authentication for all of my online financial accounts. That means that even if someone is able to break my fairly complicated password, they won't be able to get into my accounts unless they also manage to steal my mobile phone.

Two-factor authentication relies on two methods of verifying you are who you say you are. The first locked door is your password. The second locked door is associated with a physical device such as your phone or computer. When I log into my bank account, I can't complete logging in until I provide a very temporary unique code that has been sent to one of my phones. Should I get a notification on my phone that I didn't initiate, I can immediately lock my account before anything nefarious happens.

With online theft happening more and more, I highly suggest setting up two-factor authentication for all of your online financial access. This includes banks, credit cards, brokerage accounts, and any other account that has access to your money. While it is not foolproof, it is another layer of protection that could save you some serious heartache.

My iTunes Account Hacked

Several weeks ago I got a receipt from iTunes in my e-mail. I knew that I hadn't made any recent purchases from Apple and so I looked more closely at the transaction. The receipt said that I purchased a $40 gift card for another user. I looked at the e-mail headers to make sure the e-mail really did come from Apple and that it wasn't some kind of hoax. Sure enough, it was legitimate and I knew my iTunes account had been hacked.

The first order of business was to log in and change my password. I was too late. The hackers had already done that and I couldn't even log into my account. The only thing to do was to get a hold of Apple and request their help. If you go to the Apple website and click on the support tab (upper right corner), there are a list of products. As the hack took place on iTunes, I clicked on the iTunes button and it took me to http://www.apple.com/support/itunes. I spent some time going through the various links only to discover they contained information on how to do things, not talk to a real person. There was a section at the bottom of the regarding the "Apple ID Support" with a link that said, "Start here." I gave it a click and there was a link on the next page that said "Contact Support." I clicked it and went to a page with yet another link. By this time, I figured they really were trying to keep people from contacting them by obfuscating how to really get a hold of them.

I kept clicking away and eventually got to https://expresslane.apple.com/Symptoms.do. The page asked for an issue description along with some other questions, which I filled out. I then had the option of signing into my iTunes account. Since my password was changed to something I didn't know, I clicked the "Continue" button. Underneath it had some text that said, "Without signing in." I was presented with 3 options (your mileage may vary depending on time of day): Phone, Chat, or E-mail. I was in a hurry and so I chose the phone option. It gave me a number to call, which I did. I was asked for some information and was immediately put on hold. Furthermore, I was told it would be about 20 minutes before they got to my issue. Not wanting to wait on the phone that long, I hung up. About 10 minutes later I got a call back from Apple and they were able to help me resolve the issue.

None of the money in my account was used to purchase the bogus gift card and so there was no need to re-credit my account. I was able to change my password and security questions. While I never did have any credit card numbers associated with my iTunes account, had there been, I would have made sure to remove them. While you may feel you can trust online merchants to store your credit card information, I reserve the right not to. After this, I will be very careful whom I let store those numbers.

Stored-Value Cards

Today is my last one in Japan. I will be taking a plane back to Los Angeles and then continue back to Salt Lake. It has been a lot of fun here in Tokyo. My parting thought before heading back to the States is the ubiquity of stored-value cards here in the Far East.

I am always using my credit card to make purchases back home. It is easier than carrying cash and then I make sure to pay the full bill at the end of the month to avoid any extra charges. The problem with credit cards is that merchants need to be connected to bank card network. Otherwise there is no way to verify that the card is valid and the transaction is recorded correctly. With stored-value cards, there is an amount physically stored on the card. When a purchase is made, the price is subtracted from the card's balance and it doesn't require any communication with a central bank.

Stored-value cards are used all over Japan. When I arrived at the airport on Saturday evening, I picked up a card and have been using it for train travel around Tokyo. Then a few nights ago, I was in the mood for a little dessert. I stopped into a 7-Eleven and bought a Kit Kat. Rather than having to use cash, I just swiped my stored value card. I have to say it was very convenient.

There are problems with stored-value cards though. There are a number different card providers and not all of them are accepted everywhere. That means I can use my Suica card for trains and convenient stores. But to get lunch at the corporate cafeteria, I need an Edy card. There is also a Pasmo card, but I haven't bothered to pick one up.

Another problem is that if you lose your card, you can't get your money back. That is a huge incentive to keep a minimum amount of money on the card and not load it up with cash. Furthermore there are some unscrupulous individuals that are running around with card readers pulling cash off people's cards. All someone has to do is bump up against you with a card reader on the train and money is transferred from you to them.

It was interesting to see stored-value cards in action. I wouldn't want to replace my credit card with one, but they definitely are faster at the check-out counter. Especially when you need a Kit Kat before heading back to the hotel late at night.