GE Digital Energy field tests mobile damage app

By Karen Haywood Queen/Published Sept. 08, 2015/Smart Grid Today

EXCLUSIVE INTERVIEW

Makes predictions based on partial outage data

Helps manage, maximize benefit from foreign crews

GE Digital Energy’s new mobile damage-assessment app could shave one to two days from a two-week, major storm-related outage – saving utilities millions of dollars, John Chisum, utility product line leader for GE Digital Energy, told us recently in an exclusive interview.

The app was released in February, according to the GE website, and this interview was our first inquiry into what it offers utilities that use it.

“Using this application, a utility can start inspecting things in the field a day earlier after a major storm or other event than they could using traditional logistic systems,” Chisum said. “Putting people in the field a day earlier can cut days off recovery time and save multi-millions of dollars.”

For a major hurricane, a full restore might take 14 days without using the app, he added. “If we can restore them in 12 days, we can save the utility millions in revenue stream and the cost of foreign crews.”

“Workers can be out in the field as soon as it is safe,” Chisum said. “This could be within hours of the storm passing, based on safety conditions. A utility could have repair crews staged in a safe location with the app downloaded so as soon as conditions are safe, they could be sent into the field immediately,” he added.

This app offers a simple user interface, a GPS feature and works on any popular mobile device – not just those owned by the utility, Chisum said. During major storm recoveries, mutual-assistance crew members from other utilities can download the app onto their own devices, he added.

As crews check for damage and enter new information, the GPS can identify their location.

Although the app will work with legacy meters, smart meters enhance the performance of the app by offering more real-time data, thus restoring power faster, Chisum said.

The cost to the utility is expected to cost about $1 million for a utility with a million smart meters, Chisum said, though the firm believes he savings from a single major outage could offset the investment. The firm considered a shared-risk model of pricing, where the utility would pay based on how much money the app saved after a storm.

“If you were able to pull one to three days off that event, what would that be worth to you?” he said. “They might save tens of millions of dollars.

“That risk-sharing model could be much more profitable to GE,” but utilities might not have been happy with the bill, Brian Friehauf, GE Digital Energy asset management product line leader, told us. “That’s the tricky part. That’s why we went with a more traditional pricing model.”

Two utilities are field-testing the app to let GE further refine it, Friehauf said. Five utilities expressed interest, but the technology firm limited the rollout and the two do not want to be named at this stage, he added.

GE expects to offer the app more widely by the end of this year, he added.

Many utilities still use manual, paper-based processes, requiring data-entry at the home office to evaluate damage after an outage, Chisum noted.

“Probably 75% of utilities are still gathering data manually to some extent, even if they have a mobile solution for their own staff, because they don’t have devices to give to outside contractors,” he added. “If you’re doing it on paper in the field, a lot of the information has to be re-entered in the office.

“Anybody coming into the area to assist can use the device they brought with them,” he added.

With other apps, when the mutual-assistance people show up, the utility need needs to give them a laptop and credentials and teach them how to use the app. That this is not always a smooth process as some foreign crews are resistant to using another utility’s system.

GE has an older mobile app but use of it has been limited to a utility’s own employees, Friehauf said.

“Crews could download information onto their specific devices, but we couldn’t leverage the devices to mutual-assistance crews.

“It was a tool useful to utilities but it stayed within the utility’s boundaries. This [new app] allows us to perform a much better damage triage assessment.”

Damage prediction included

Information available on that older app is more limited, Friehauf said.

“If you’re doing damage assessment on a company’s existing mobile solution, the information doesn’t come back in a form that lets a utility say, ‘Based on the data we have, there are 50,000 poles we need to replace,'” because older systems typically do not have the ability to predict totals based on a partial collection of data.

Smart meters can help give utilities a more detailed damage assessment, and as a utility installs more smart meters, the overall system will become more adept at providing data, Friehauf said.

During an outage, utilities get good information already from smart meters but it is incomplete, Chisum noted.

Acting on AMI info

“If I have a great smart metering infrastructure out there, I would get the signaling or lack of signaling to know who is out of power. That helps with the outage-restoration process, but there are still some details missing for restoration of the network.

“The automated system can tell me that everyone on the street is out of power, but it can’t tell me about the infrastructure requirements. It can’t tell me if five or three poles are down.”

In an initial damage assessment with the new app, a storm team can walk 10% of the affected area and the app will let them accurately predict total damage, Chisum said. The utility can then order the right number of foreign crews and provide statements to the media about how long it will take to restore power, he added.

It is still the case that “in some cases, mutual-assistance crews are brought in and the utility doesn’t know yet where to put them to work,” he said, “or first responders show up and may not have all the skills and materials to make the repairs.”

Possible scenarios include a bridge needed for access being so small only one type of truck can cross it. “Very often, a large bucket truck that can’t cross that bridge will get sent and then another truck has to be sent. With the app, they will have this information.”

Efficiency for minor outages

Utilities can benefit from using the app in a minor outage not related to a storm, Chisum said. It helps them determine the experience a crew would need to correct it and, again, lets the main office know of any size restrictions on access roads and bridges.

One of the utilities field testing the app had calm-weather days in mind when requesting the app, he added. The utility wanted its workers to get accustomed to using it before a big emergency, he added.

Most of the requested refinements from the early adopters were minor, such as changes to the graphics interface and better usability, Chisum said. The app works now on mobile devices using Apple and Windows operating systems, he added, and Friehauf said that by fall, an Android version will be added.

Other officials can help

A utility could provide the app to police and firefighters to let them share information with the utility, Chisum said. If such government employees saw a utility pole down or other issue, they could let the utility know via the app.

Such information sharing would be one-way only, he added, noting the police and firefighters would not have access to the big-picture data.

 

Know your fraudster: 8 types of card criminals

The crooks specialize now, from malware coders to mules

Published Jan. 26, 2015 for CreditCards.com

By Karen Haywood Queen

You open your credit card bill and see a bogus charge. Yep, you were hacked. You’re not alone – but most likely, neither was the criminal who used your card.

Card fraud is a staggeringly big business: A Federal Reserve payments study released in July 2014 found more than 28 million unauthorized transactions on credit, debit and prepaid cards, totaling $4 billion in fraudulent charges. Behind those numbers are multiple layers of criminals.

“A lot of people assume that the hacker is the person who steals the credit card number and uses it — a single person,” says Jeff Foresman, information security compliance lead with Rook Security in Indianapolis. “But the concept of some guy sitting in his basement doing all this is not valid anymore.”

Until 2003, most online crimes were isolated vandalism — “anti-social self-expression using high-tech means,” according to a 2013 report from Kaspersky Lab. By contrast, today’s cybercrime is a sophisticated, widespread business meant to make money illegally, the report says.

While a few rogues still steal information and use it themselves, most credit card fraudsters are part of a large underworld industry.

Organized crime, much of it based in Eastern Europe and Russia, helps bankroll the criminals involved, says Loc Nguyen, chief marketing officer at data security company Feedzai Inc., in San Mateo, California. An IT specialist working for organized crime gangs in Eastern Europe can make 10 times what he’d make in a legitimate job — or more.

“These are not high school kids — these are highly organized, well-funded organizations,” says Nguyen. “The business of hacking has gone from a mischievous activity conducted by hobbyist developers to an occupation of paid professionals working closely with organized criminals. Just like any company, they have specialists, people who write the code, people who run the equivalent of e-commerce sites and people who buy the card numbers. They have upper management and an endless supply of workers.”

There are multiple ways to get your credit card information and there are different types of criminals who specialize in each. Once they have your info, numerous players stand ready to use it for their profit. The whole industry includes malware writers, several types of thieves who use card skimmers, operators of websites selling card data, credit card counterfeiters and end users: people who buy and shop with stolen credit cards. (To get a taste of life on the lower rungs of this criminal enterprise, check out “‘A day in the life of a common credit card crook.”)

Sound complicated? This guide breaks down the eight professions and their job descriptions.

  1. Malware writers
    Malware authors write the software code that remotely hacks into major databanks to get stored credit card numbers, Nguyen says. Many are young men who are either from Eastern Europe and Russia, or who have connections to people in those areas, he says. Some malware writers are part of organized crime rings, others are freelancers selling code with no idea of who uses it, says Jay Jacobs, managing principal and co-author of the 2014 Verizon Data Breach Investigations Report.

“Someone will create the malware, then they sell it for hackers to use to steal credit card data,” Rook Security’s Foresman says.

The code writers evolve quickly to stay ahead of the good guys. After the 2008 arrest of master hacker Albert Gonzalez for, among other things, stealing credit card information from clothing retailer TJ Maxx, malware writers changed their focus from major companies to smaller businesses, says Jay Jacobs, managing principal and co-author of the 2014 Verizon Data Breach Investigations Report. They began using devices or small programs known as keystroke loggers to capture information typed into the systems of small businesses whose point-of-sale terminals are often open directly to the Internet via third party servers, Jacobs says.

Now the focus is back on major retailers and businesses using programs called RAM scrapers that take payment card information from the merchant’s point-of-sale system while it’s still being processed inside the terminal, Jacobs says.

Because the terminals at large businesses are not directly connected to the Internet, the criminals must work their way through the company’s system to find a part that is connected to the Internet so they can get the stolen data out. That can take time, but the payoff is potentially huge. “Rather than focusing on 10 victims and getting a little data from each, there’s a shift back to multiple weeks targeting a lot of data from one large victim,” Jacobs says.

  1. Phishers and spoofers
    Some malware coders specialize in creating phishing emails designed to get you to give up your personal information. Others perform these duties in addition to writing other kinds of code, Nguyen says.

These phishing fraudsters may work with or separately from spoofers — criminals who create websites that are designed to look like the real thing but are instead run by criminals seeking your personal information, Nguyen says.

“They may have hacked into a database to get your email address ,” he says. That’s why you should be concerned about email hacks such as the one discovered at Home Depot.

Besides targeting consumers, phishers also often target nontechnical employees of banks or retailers that handle a lot of consumer data. The “From” address is spoofed to make it look like it has come from a trusted insider.

  1. Shady clerks and wait staff
    The same guy that’s serving your food may be dishing out your credit card number to an organized crime ring. Gangsters sometimes score credit card information by putting employees of legitimate businesses on their payroll, Jacobs says. “They’ll approach an employee — at a restaurant, hotel, retail chain or anywhere that handles credit cards — and bribe them” to skim customers’ credit card numbers when they swipe the credit cards, he says. “The employee is paid by the number of cards they’re able to skim.”

These employees use small portable skimmers that fit in the palm of the hand and steal your credit card number as they process your payment for the legitimate business, he says.

Working the skimmer scam in person is easier at restaurants where the server takes your card away than at retailers or hotel chains where the employee has to use the skimmer under the counter right in front of you, Jacobs says.

Although many of these workers answer to organized criminals, some work alone, skimming your credit card information for themselves, Jacobs says.

  1. Skimmer installers
    Another brand of criminals mounts hidden skimming equipment anywhere credit cards are swiped. Good targets are unmonitored payment locations, such as gas pumps, vending machines and train ticket kiosks, Jacobs says.

These skimmer installers vary widely in skill and sophistication. Like the shady employee with a skimmer, some operate as part of organized crime gangs and others operate alone.

They may leave a skimmer in one location for a few days, gather a few hundred credit card numbers and then stop collecting data before they get caught. “The longer the skimmers are on there, the more likely they are to get noticed,” Foresman says.

Yesterday’s old-style skimmer installers were often caught when they came back to retrieve the equipment and stolen data. New technology creates wider buffers. Today’s more sophisticated installers use skimmers connected via Bluetooth so they can download stolen data from the safety of the parking lot, the Verizon report says.

Tech savvy fraudsters can also buy skimmers with built-in SIM cards enabling remote configuration, remote data uploading and even tamper alerts that, if triggered, will cache the data and send it out immediately.

Sometimes these skimmers also are paired with cameras or keystroke loggers to capture additional information including your PIN, ZIP code and the card validation code (also called CVV2 or CVC2) that is written but not embossed on your credit card, Foreman says.

  1. Fake technicians
    This con artist looks and acts like a company technician. But beneath the designed-to-fool persona you’ll find a fraudster out to tamper with a legitimate company’s credit card processing machines.

The scenario plays out with someone walking into a store with an authentic-looking work order to replace the old credit card terminal, Foresman says. But this tech guy has no connection to the real processing provider. The new terminal installation comes with an extra feature: a computer chip that copies credit card numbers and sends it out to another online server.

These setups allow fraudsters to get all the magnetic stripe information and PIN numbers from swiped cards, Foresman says. “If I can capture the entire track that’s on the magnetic strip on the back, I can make a new card or overwrite an existing card,” he says.

  1. Counterfeit credit card manufacturers
    These modern day counterfeiters don’t make $20 bills. Instead, they buy stolen credit card numbers and make fake credit cards. All that’s needed are imprint machines, a magnetic card writer and, sometimes, credit card stock — all of which are for sale legally, Nguyen says.

“With less than $1,000 invested, you can have your credit card maker,” he says. “The equipment itself isn’t illegal.”

Sometimes, criminals don’t even need new card stock. Instead, they can take the magnetic stripe data from the stolen cards and overwrite it onto existing credit cards or even onto hotel key cards, Nguyen says.

That’s one reason merchants may ask to see your credit card for a transaction. They want to compare the last four numbers embossed or printed on the front of the card with the last four digits of the account number that the magnetic stripe sends to their system to make sure it matches, he says.

  1. Data sales websites
    The credit card numbers that don’t end up on fake cards often end up on websites offering credit card numbers for sale. Operators of these sites offer thousands of credit card numbers and associated information for sale.

“You can go online and buy 1,000 Visa platinum cards,” Foresman says.

Also for sale are card expiration dates, card validation codes, ZIP codes and PINs, Foresman says. The prices vary from $2 for a single unchecked credit card number to more than $100 for a complete data sets called fullz.

“It’s just like eBay,” Nguyen says. “You go on, put in your search criteria, where you want the card. Do you want MasterCard or Visa? Do you want the PIN and the address? The more valuable the information, the more the fraudsters are willing to pay for it.”

Unattended gas stations and vending machines are more than great places to obtain credit card numbers — they’re also good places to test hot cards and card numbers, he says. If a small purchase goes through, the card is verified.

  1. Shoppers, mules
    At the end of the chain are crooks who buy the fake credit cards or fraudulently obtained card numbers and shop with them, typically for items that then can be resold. They buy big-ticket items at electronics stores such as Apple or major retailers such as Home Depot, Nguyen says.

Grocery stores — because they sell gifts cards that can easily be resold — are another big target. “They want to use cards and get cash out of the system,” he says. “They buy $500 or $1,000 worth of gift cards and go and resell them.”

Spending habits differ by the mode of purchase. Thieves who use the cards in face-to-face transactions tend to spend about $450 in the course of a week, often at supermarkets and home-supply warehouses, according to data compiled by Feedzai.

Those shopping online tend to spend about $900 over five days. They target electronics sellers and discounters, according to Feedzai data. To avoid detection, they have the items shipped somewhere other than their home address, Nguyen says.

Though the latter would seem to be more efficient, it’s all a matter of taste if you’re a criminal. In-person crooks prefer not to have to deal with e-commerce hassles such as fake shipping addresses or proxy servers. “To each their own,” says Nguyen. “The opportunity, or ‘market,’ for fraud is so big that there’s room for all kinds of talents, just like honest professions.”

Sometimes, “mules” are hired to do the shopping — often unaware that they’re part of a scam. These end-of-the-line criminals are the ones who tend to get caught, Nguyen says. “They get arrested, make the news, and then are replaced with other people,” he says.