Archive for the ‘Credit Card Transactions’ Category

Either by turning away real customers or letting cybercrooks get their hands on goods without paying for them, online retailers could find themselves “on the hook” for a big chunk of money on Cyber Monday.

Officially nicknamed (as opposed to unofficially nicknamed) “Cyber Monday” in 2005, Cyber Monday is the Monday after Black Friday, which is the Friday after Thanksgiving, which is the last Thursday in November. Or, put another way, Cyber Monday is the first Monday after Thanksgiving.

Anyway, in 2010, comScore, which claims to be ” the global leader in measuring the digital world” reported that last year consumers spent $1.028 billion online on Cyber Monday, the highest spending day of 2010. And while other countries don’t celebrate America’s Thanksgiving, they do, indeed, celebrate Cyber Monday everywhere from Canada to New Zealand.

Security expert, Jorge Steinfeld, in a Forbes Magazine piece notes that hackers will be gearing up for Cyber Monday this year by taking advantage of social media. “[Hackers] are busy creating fake profiles on social networking and e-commerce sites. These profiles and Web sites are meant to mimic well-known corporate brands, and coax users into clicking on their content. As a result, malicious content can now lay hidden within Twitter posts and Facebook links…” Social media is one more way cybercriminals can “gather personal and professional information, creating specific profiles on individuals and tricking them into divulging sensitive or personal information [from] credit card numbers to information about their employer’s organization.”

Social media and the continuing dramatic 50% growth in mobile transactions year-over-year since 2005 could make 2011 Cyber Monday a record-breaker. One aspect of Cyber Monday that a lot of people in the technology and retail sectors will be paying particular attention to is who will be the big winner of “Mobile Monday”?  Android or iOS?

Following is a breakdown of transactions by mobile device as compiled from the ThreatMetrix Global Network of more than 15-milllion daily transactions. From November 2010 to November 2011, ThreatMetrix found that mobile as a percentage of total transaction volume decreased for the iPhone by 35%, the BlackBerry by 51%, and the Palm by 96%. Conversely, Android mobile volume showed a massive uptick in 2011, with a 661% increase in overall transactions coming from a mobile device. Windows devices showed a more moderate increase, at 19% year-over-year.

“Based on our findings, the iPhone is still the dominant device where mobile transactions are taking place, but we’ve seen Android gain a lot of traction in 2011,” said Alisdair Faulkner, chief products officer, ThreatMetrix. “It’s now become a two-horse race with mobile. The question does not center around whether or not consumers will make mobile purchases this season, but which device will come out ahead on what’s now deemed ‘Mobile Monday’.”

According to ThreatMetrix Fraud Facts, on average, 3% of transactions worldwide now come from a mobile device. That’s up from 2% in 2010.

“Mobile transactions have higher conversion rates because they are intention-driven,” added Faulkner. “This makes it even more critical for retailers to ensure they are not only delivering an excellent mobile experience, but have a solid mobile fraud prevention strategy in place.”

Faulkner noted that while many retailers will likely experience a record number of purchases coming from mobile this year, many still maintain insufficient or incorrect fraud tools in this channel. The consequence will be lost revenue based on both fraudulent transactions taking place, as well as valid customers being turned away because of incorrect fraud classifications. Faulkner predicts as many as one in four mobile transactions may be incorrectly classified this year.

Top Fraud Threats During Peak Season

With an increased volume of online transactions during the holidays, retailers have less time for manual screening and review of transactions – whether they are coming from a laptop, desktop computer, tablet or mobile device. It makes automated fraud screening vital during this high-volume period.

So what are the top five fraud threats during this time of year?

1. Mobile device spoofing – Merchants are put at increased risk with mobile transactions simply because it’s more user-friendly for fraudsters. Today, most fraud coming from the mobile channel actually originates elsewhere; the device acts like a mobile device.

2. Use of botnets and malware – This is a prominent concern on both traditional desktop and laptop computers, as well as mobile devices, as malware can steal passwords and payment account information. On top of that, many of today’s consumers fail to install appropriate fraud prevention software on their mobile devices, according to Faulkner. Analyzing anomalous behavior and checking third-party IP reputation can help detect malware.

3. Cookie-wiping – Merchants could previously track repeat visitors through cookies, yet many of today’s consumers and fraudsters remove cookies by using add-ons and private browsing modes. This makes it difficult to recognize suspicious repeat visitors and identify returning good customers; cookieless device identification is more important than ever.

4. IP address cloaking – It has also become easier for criminals to spoof or mask IP addresses. This makes it harder for merchants to know the “true” IP of the visitor and distinguish the good transactions from the bad. Identifying proxied visitors is crucial; this can be done by inspecting HTTP headers, maintaining a blacklist of known proxy sites, dynamically detecting proxied requests and piercing the proxy with a callback request.

5. Use of Virtual Private Networks (VPNs) – VPNs use separate software on the originating device to place it on a different network, showing traffic is originating from a different address than its true network. To identify fraudsters who are using VPNs, it’s important to monitor time zone and language settings, as well as global anomalies.

For more information about these Cyber Monday threats, and tactics for defeating cybercriminals during this peak transaction period, check out ThreatMetrix videos, “The Mobile Fraud Threat,” “Malware and Mobile: How Big of a Threat Is It?” and “Top Three Tactics to Consider for Mobile Fraud Detection.”

Integrated into the latest release of the ThreatMetrix™ Cloud-Based Fraud Prevention Platform is a new multi-layered data encryption architecture feature that takes data encryption to a whole new level.  Addressing strict security requirements, the new feature provides multi-layered encryption of customer-siloed data and global customer data with minimum impact on customer response times.

Should any one customer account be compromised, data loss is limited to that one customer.  Even if the data center hosting ThreatMetrix services were compromised, the encrypted data would remain confidential. Customer data shared with ThreatMetrix™ for fraud protection purposes remains secure. And, there’s no worry about a degradation in performance.

“It’s our goal to raise the bar for the level of security and privacy of online transactions,” said Alisdair Faulkner, chief products officer, ThreatMetrix. “The question is not if a consumer’s identity will be compromised, but it’s a matter of when it will be compromised. Credit card companies can update their credit cards if they’ve been compromised, but consumers can’t simply recycle their identity. ThreatMetrix is staying one step ahead so fraudulent activity is minimized and our clients can do a better job of protecting their customers.”

Faulkner added, “ThreatMetrix, in broadening its strategy as a leader in digital cyber identification, views the new data encryption feature as a critical next-step toward protecting privacy and enhancing the security of confidential consumer information during online transactions. Activities associated with hacker group LulzSec and many recent high-profile data breaches like Epsilon and PlayStation — which resulted in millions of compromised accounts — underlines the need for new encryption technology that better protects both online brands as well as consumers.”

The new release offers a host of new benefits including new fraud detection rules, device identification improvements, administrative enhancements, queue management improvements, and changes to the ThreatMetrix Portal around access and data privacy.

Faulkner observes, “PII is no longer an effective authentication tool by itself, as it can’t authenticate the person behind the transaction.  Context is key, which means looking past the device and also considering other factors associated with the device, like phone number and email. We’re looking for anomalies in customer data, in conjunction with the underlining device reputation behavior. It’s whether or not all transactions and customer and device information make sense in the context of that transaction. We then apply this intelligence across a comprehensive global network to stop fraud in real-time and better protect consumers.”

Today, ThreatMetrix serves social networks, financial services, e-commerce companies et al. by authenticating payments, new accounts, and customers in real-time —without hassling those customers for personal information like Social Security Numbers, mothers’ maiden names, etc. It’s estimated that ThreatMetrix helps screen up to one-billion online transactions each month and is successfully eliminating the threat of an estimated 300,000 fraudulent attempts every day!  That’s why ThreatMetrix has become the fastest growing provider of cloud-based fraud prevention solutions that don’t require personally identifiable information.

Following a rash of security breaches at Sony, Google, Lockheed Martin, Citigroup, the International Monetary Fund and more, the Securities and Exchange Commission told public companies to disclose cyberattacks that could potentially lead to unexpected losses.

Senator John Rockefeller asked the SEC to issue rules governing what companies are required to disclose. The guidelines come as a result of the concern that companies might be failing to mention data breaches in their public filings.

According to a report in Venturebeat.com, the SEC said that if a cyber attack leads to losses, companies have to disclose the losses, or at least “reasonably possible” estimates of those losses.

In a statement to Reuters, Rockefeller noted, “Intellectual property worth billions of dollars has been stolen by cyber criminals, and investors have been kept completely in the dark. This guidance changes everything.”

Because it could help cybercriminals, companies would not be required to describe how they would go about protecting themselves. However, companies are responsible for disclosing:

• The costs of fixing compromised networks

• Increased cyber protection costs that might involve changes to personnel

• Lost revenue from unauthorized access to information

• Losses related to the failure to retain customers after an attack

• Litigation costs, and reputation damage after an attack

There’s one way not to have to report bad news.  That’s not to have bad news to report. With ThreatMetrix™ solutions, the news is invariably good.  Without requiring personal identifying information that can be compromised, ThreatMetrix solutions catch cybercriminals in real time before they can do real damage.

ThreatMetrix combines a computer’s packet signature data with transaction details and credentials that are obtained anonymously and “unlinkably” by the user to differentiate between cybercriminals and genuine customers.

Everybody seems to be looking at privacy. Talk about an oxymoron. But, because of a raft of security breaches that disclosed personal identification information that could be used for everything from blackmail to identity theft, the U.S. and other governments, privacy-advocacy groups and the security industry itself has become “major-league” privacy conscious.

One of the leading organizations taking up online privacy is the International Association of Privacy Professionals or IAPP.  Founded in 2000, the IAPP is the world’s largest association of privacy professionals. Its more than 9,000 members in 70 countries help define, support and improve the privacy profession through networking, education and certification.

The IAPP deals with tough questions that face all security professionals.

• Could your organization’s reputation survive a breach?

• Is there a possibility that your corporation could be the target of an FTC enforcement action?

• How do you ensure that your organization’s products are trustworthy?

The IAPP’s programs, symposia, dinners, Web conferences and events include a Privacy Academy. The last one, held in Dallas, Texas in September, offered 60 sessions featuring operational programming and tools covering issues like mobile applications, consumer-data protection, employee privacy and building bridges between security and privacy. In addition, there were keynotes from consumer privacy leaders that included FTC Commissioner Julie Brill.

Another organization at the forefront of the online privacy movement is the National Cyber Security Alliance (NCSA). Board members include: ADP, AT&T, Bank of America, Cisco Systems, EMC Corporation, ESET, Facebook, General Dynamics Advanced Information Systems, Google, Intel, Lockheed Martin Information Systems & Global Services, McAfee, Microsoft, PayPal, Science Applications International Corporation (SAIC), Symantec, Verizon and VISA.

A non-profit public-private partnership focused on cybersecurity awareness and education, NCSA is organizing and leading the effort to make January 28, 2012 Data Privacy Day. Scheduled to be an annual event, this international awareness initiative promotes data privacy and protection across the United States, Canada, and a host of other countries across the world.

Another organization stands at the forefront of privacy. That organization is ThreatMetrix™. Because the ThreatMetrix™Cloud-Based Fraud Prevention Platform does not rely on passwords, user names and other personal data to identify returning visitors, it offers unmatched security and unrivalled privacy. ThreatMetrix’s Cloud-Based Fraud Prevention Platform provides a global perspective of risk from a worldwide network of shared intelligence across tens of millions of transactions across all ThreatMetrix customers. Information is always up-to-date and always available. With ThreatMetrix, companies can have it all —privacy and security.

A long time ago, online retailers caught onto cybercriminals using stolen credit card accounts to buy expensive consumer products online, then turning around and reselling them in Eastern Europe, North Africa or Russia. The retailers’ answer was to stop shipping goods to these places.

But, reports security expert Brian Krebs in his blog, KrebsonSecurity, “these restrictions have created a burgeoning underground market for reshipping scams, which rely on willing or unwitting residents in the United States and Europe to receive and relay high-dollar stolen goods to crooks living in the embargoed areas.”

Krebs points out, “There are dozens of businesses in the criminal underground engaged in merchandise laundering, known as ‘Drops for stuff’ on cybercrime forums.”

The people “hired” to do the reshipping are variously known as reshippers, mules or drops. “The ‘drops,’” says Krebs, “are people who have responded to work-at-home package reshipping jobs advertised on craigslist.com and job search sites. Most reshipping scams promise employees a monthly salary and cash bonuses. But the crooks almost always sever communications with drops just before the first payday, usually about a month after the drop ships their first package.

“A typical drop will receive and reship between two and four packages per day. The packages arrive with prepaid shipping labels that are paid for with stolen credit card numbers, or with hijacked online accounts at FedEx and the U.S. Postal Service. Drops are responsible for inspecting and verifying the contents of shipments, attaching the correct shipping label to each package, and sending them off via the appropriate shipping company.”

Dropforrent.com is a kind of cyberspace fence operation that offers “clients” (cybercrooks) and “managers” (people who do recruitment scams) a percentage of what they steal. Krebs explains that Dropforrent pays managers and clients 30 percent of the value of laptops from ACER, HP, Toshiba, Dell, Compaq and Samsung, for example, and more than 40 percent of the retail price for Apple, Sony, VAIO, Canon and Nikon products. Incidentally, if you do a search for Dropforrent online, you’ll get a score of websites warning you to stay away, that the jobs the site offers are a  scam.

In addition to electronics, Krebs says, “Drops also can be used to reship virtually anything else that the client or manager would like to use or consume themselves, such as clothes, jewelry, and candy. For this service, clients and managers pay a flat rate of 50 percent of the value of the goods to have the items reshipped abroad.

Reproduced here without editing KrebsonSecurity.com at http://krebsonsecurity.com/wp-content/uploads/2011/10/applestore-directinstructions.html gives an example of a standard operating procedure of rules for mules:

Use your applestore-direct.com Account to:

- Check a shedule about package deliveries
- Send messages to your manager
- Edit Your Default address and shipping address
- Upload your resume and documents for an approvement
- To check total scores and money you earn

IMPORTANT INFORMATION ABOUT SCORE AND PAYMENT SYSTEM:
YOU WILL RECEIVE APPROXIMATE 40 PACKAGES FOR MONTH
YOUR SALARY BASED ON THE 2000$ MONTHLY PAYMENT, STARTING FROM THE SHIPPING FIRST PACKAGE
AND THERE IS A BONUS SCORE SYSTEM
FOR EVERY SHIPPED PACKAGE YOU GET A SCORE
10-SCORES IF YOU SHIPPED A PACKAGE ON THE SAME DAY BEFORE THE NEXT DAY NOON
5-SCORES IF YOU SHIPPED A PACKAGE ON THE NEXT DAY
0-SCORES IF YOU DELAYED PACKAGEs SHIPPING FOR 3 DAYS AND MORE

ON YOUR PAYDAY THE SCORES WILL BE CHANGED TO MONEY AND ADDED TO YOUR TOTAL INCOME IN RATE OF
10 SCORES-50$
5 SCORES-25$
3 PENALTIES- MINUS 100$

PENALTIES CAN BE USED BECAUSE OF ANY SHIPPING DELAYS, NOT CONTACTING YOUR REGIONAL MANGER IN TIME, NOT COMPLETED

ORDERS,
MISSED PACKAGES TO YOUR ADDRESS WITHOUT ANY REASONS

Krebs observes, “Well-run reshipping schemes can launder huge volumes of stolen goods in a relatively short time. The minimum order dropforrent.net accepts is $300. Records at dropforrent.net show that since the beginning of this year, drops hired through one front site have shipped more than 800 orders — at least a quarter million dollars worth of stolen goods.”

And, the best part about the scam from the cybercriminals’ point of view?  If anything happens, the drop or reshipper or mule is the person the long arm of the law will snag.

For online businesses to avoid being victims of reshipping, the answer is ThreatMetrix.  Device identification is the first and most effective layer in a multi-layered defense against cyber criminals. Offering transaction security from hidden proxies, scripted attacks and cookie and browser manipulation, the ThreatMetrix™ Cloud-Based Fraud Prevention Platform lets companies authenticate payments, new accounts and returning customers in real time. And it doesn’t matter what device is being used from smartphones to PCs to tablets. Combined with aggregated fraud intelligence in the cloud, ThreatMetrix device identification offers companies maximum protection without the need to collect social security numbers, email addresses or bank account information.

For anybody who is unfamiliar with it. Queens is one of New York City’s five boroughs. It is the home of the New York Mets, JFK and LaGuardia airports, the U.S. Open tennis tournament and now, the biggest identity theft bust in U.S. history.

Restaurant workers, bank tellers and other service employees skimmed, swiped and scammed millions of dollars worth of personal credit information from thousands of American and European consumers. The cost to victims, financial institutions and retail business was more than $13 million over a 16-month period. Now 111 people are charged and 86 are in custody.

In New York, employees of banks, retail outlets and restaurants would skim credit card information while swiping customers’ credit cards. Others were tasked with stealing credit card information online.  The numbers were then handed off to teams who, using blank credit cards from overseas, forged Visas, MasterCards, Discover and American Express cards as well as fake IDs.

Sometimes the alleged crooks would employ an “impersonator,” an individual who contacted financial institutions or retail stores and impersonated the true cardholder to check on the actual cardholders’ credit.  After all, they probably didn’t want to get charged fees for going over their credit limits.

Anyway…

The bogus plastic was turned over to teams who went on spending sprees at higher-end stores including Apple, Bloomingdale’s and Macy’s in New York, Florida, Massachusetts and Los Angeles. During these shopping sprees, criminals used forged credit cards to stay at such five-star hotels as the Fontainebleau and The Royal Palm in Miami Beach and the high-end private villas of the El Conquistador in Puerto Rico. They are also alleged to have used forged credit cards to rent Lamborghinis and Porsches and, in one instance, a private jet to take them from New York to Florida.

The groups would then resell the merchandise that included iPads, iPhones, computers, watches and upscale handbags from Gucci and Louis Vuitton in China, Europe and the Middle East.

In addition to credit card fraud, twenty-four defendants were variously charged with burglaries and robberies throughout Queens County, including conspiring to commit a bank robbery. Five are charged with stealing more than $95,000 worth of cargo from Kennedy Airport and seven of stealing approximately $850,000 worth of computer equipment from the Citigroup Building in Long Island City.

“This is by far the largest – and certainly among the most sophisticated – identity theft/credit card fraud cases that law enforcement has come across,” said District Attorney Brown. “Credit card fraud and identity theft are two of the fastest growing crimes in the United States, afflicting millions of victims and costing billions of dollars in losses to consumers, businesses and financial institutions…. Even after the culprits are caught and prosecuted, their victims are still faced with the difficult task of having to repair their credit ratings and financial reputations. In some cases, that process can take years.”

The investigation involved physical surveillance, intelligence gathering and court-authorized electronic eavesdropping on dozens of different telephones in which thousands of conversations were intercepted. Many required translation from Russian, Mandarin and Arabic to English.

Indictments charge that Imran Khan, Ali Khweiss, Anthony Martin, Sanjay (a/k/a/ Rocky) Deowsarran and Amar Singh were “bosses” of the criminal enterprise.

In what could be considered an act of irony or chutzpa or both, one defendant, Nelson Feliciano, who owns a security firm, allegedly allowed others to make a counterfeit credit card using his business account information and to use that account to make $50,000 in purchases before claiming that the charges were fraudulent and that he was a victim of identity theft.

The indictment also alleges that Jonathan Ortiz, Wilfred Rodriguez, Travis Hassang, Angel Quinones and two other individuals, who have not been apprehended, were charged with stealing approximately $850,000 in computer equipment. In a stirring demonstration of motherly devotion, Jonathan Ortiz’s mother, Maria, has been charged with hindering prosecution by logging into her son’s Facebook account to create an alibi for him – allegedly.  Now, don’t you just hate it when parents insist on checking what their kids do online

Govinfosecurity.com’s Managing Editor, Tracy Kitten, gathered analysis from security experts:

Gartner’s Avivah Litan, says “I think this does point out that U.S. law enforcement has beefed up multilingual capabilities in Russian, Mandarin and Arabic, which is critical to its activities, and is a big improvement over the situation pre- 9/11.”

Aite Group’s Julie McNelley observes, “While the operation spanned the five continents, the focus of this bust appears to be the hub of the operation in Queens.”

Security author and writer Neal O’Farrell notes, “We know there are scams like this being run in almost every city, usually in the $500,000 to $1 million range. That usually makes them too big for local law enforcement to investigate and too small for federal agencies to pick up. The big problem we’re seeing is that because the low- to mid-level crooks and gangs are going unchallenged, they simply have more time to get better, perfect their art, steal more, and hide their tracks. By the time law enforcement uncovers them, there’s little left to prosecute.”

The ThreatMetrix™ Cloud-Based Fraud Prevention Platform offers a global perspective of risk from a worldwide network of shared intelligence across tens of millions of transactions across all of ThreatMetrix customers. The information is always up-to-date and always available. The ThreatMetrix Cloud-Based Fraud Prevention Platform, incorporating ThreatMetrix SmartID™ cookieless device identification, lets financial institutions and others verify new accounts, authorize payments and transactions and authenticate user logins in real-time — without relying on personally identifiable information (PII). So, even in a worst case scenario where a breach has occurred, cybercriminals never have access to personal information such as birth dates, maiden names and Social Security numbers.

From October 9-10, more than 175 fraud fighters from around the world gathered in Monterey, Californa for the first annual ThreatMetrix 2011 Fraud Fighters Summit.  After enjoying the beautiful scenery of Monterey through a golf outing, as well as biking and kayaking tours, attendees participated in a packed conference that concluded with a private reception and dinner at the world-famous Monterey Bay Aquarium.

Presentations were spearheaded by ThreatMetrix executives, clients (including several Fortune 100 brands) and industry analysts, covering fraud issues that spanned across the online retail, mobile, government, financial services and social media sectors. Topics ranged from addressing organized stealth and cybersecurity, navigating the risk environment online and in the mobile channel, building an effective fraud prevention system, to challenges and opportunities in contemporary money movement.

Really hitting home the seriousness of fraud today was Julie Conroy McNelley, senior analyst with the Aite Group, and one of the first presenters of the conference. McNelley cited there are 73,000 new malware threats being released every day, a 26% increase since 2010. One of the biggest targets? The mobile channel, especially the App Store. According to McNelley, the App Store is the “greatest malware distribution platform ever invented” because consumers are willing to download apps with little information about who created them.

With the prominence of data breaches this year, McNelley also said the cybercrime trend line will only increase as the true impact of the compromised data and accounts have yet to be fully realized (with many of the hackers trying to lie low for awhile).

Stay tuned for more insight from McNelley and other fraud experts that presented at the ThreatMetrix 2011 Fraud Fighters Summit. Video interviews and photos photos of the event will be available in the days ahead.

In the interim, please view this video that opened the ThreatMetrix user conference.

Like the knights of yore who converged on King Arthur’s Round Table (not to be confused with the pizza restaurant) to discourse on fighting dragons and saving distressed damsels, industry leaders are coming together at the Monterey Plaza Hotel and Spa in Monterey, California (October 9-10) to address the threat of online fraud and to promote e-commerce.

Based around the theme, “Defeating Online Fraud and Promoting E-Commerce Together,” the ThreatMetrix 2011 Fraud Fighters Summit brings together the top fraud-fighting professionals in the industry, people who have maximized the effectiveness of their ThreatMetrix solutions.

Attendees will have an opportunity to network with peers and share fraud-fighting strategies. They’ll learn new ways to benefit from the ThreatMetrix Cloud-Based Fraud Prevention Platform from experts and come away better informed, motivated and prepared to wage the daily battle against fraudsters.

Presentations from well-known brands will be a highlight of the packed, two-day summit agenda. Featured presenters include:

• Reed Taussig, ThreatMetrix CEO and president, who will formally open the summit and provide an industry overview.
• David Burns, manager of operational risk, Optimal Payments, who will speak on: “Incorporating ThreatMetrix into Real-Time Rule Decisions.”
• Julie Conroy McNelley, senior analyst with the Aite Group’s Retail Banking practice, who covers fraud, data security, anti-money laundering, and compliance issues, will present on “Online and Mobile:  Navigating the Risk Environment.”
• Rhonda MacLean, founder of MacLean Risk Partners LLC, a consulting firm that provides strategic advisory services, will lead a financial service fraud prevention roundtable.
• Steven Boutelle, Lieutenant General, U.S. Army (Retired) and former chief information officer of the U.S. Army responsible for the U.S. Army’s use of information technology, will present on “Cybersecurity: A Government Perspective.”
• Alisdair Faulkner, ThreatMetrix chief products officer, will present a product development roadmap.

Other topics will cover everything from “Building an Effective Fraud Prevention System,” to “Addressing Organized Stealth with ThreatMetrix SmartID,” to “The Identity Challenge,” as well as best practices surrounding the use of ThreatMetrix professional services.

As an added bonus, the conference concludes with a private dinner at the world-famous Monterey Bay Aquarium.

Somebody else ran up all those bills that ruined his credit. But how’s a guy gonna complain when he can’t even talk yet. Crooks, cyber and otherwise, are coming after everyone who walks – and even those who don’t.

Men and women in the 29 to 40 age group, who are in their prime earning years, are prime targets for financial identity theft.  Also, the elderly, who often lack technical expertise, are at risk for having their identities stolen. Now, there’s another group that thieves target because stealing from them is like…well, stealing candy from babies. That group, of course, is made up of newborns to teenagers.

According to MarketWatch.com, children’s identities provide the kind of clean backgrounds that make it possible for thieves to create credit histories from whole cloth.  And, because there aren’t a whole lot of Shirley Temple’s, i.e, kids who earn money from the time they’re toddlers, it can take years before anyone realizes that a youngster’s Social Security number has been compromised.

The Federal Trade Commission received 18,300 complaints involving identity thefts on people 19 and under last year. Eight percent involved children, a one percent increase over the previous year.

When thieves use an adult’s Social Security number to open a line of credit, they are forced to provide additional personal information such as the mother’s maiden name, date of birth, etc. And, these bits of information have to match entries that the adult has already established. Naturally, no such problem exists when an infant or child’s Social Security number is ripped off. All thieves have to do after they get their hands on a child’s Social Security number is mix it with another name and birthdate, and bam — instant credit for a person who doesn’t exist. However, at some point, when the child has need of his/her Social Security number, he or she is in for some major hassles.

One case reported by MarketWatch.com came to light when Adora McLemore tried to get her children state medical benefits, and was almost denied because her one-year-old daughter, Kenna, was apparently earning money.

“How could she be earning income when she was only one?” questioned an incredulous Adora. Numerous calls to the Social Security Administration and local police provided no help.

Years passed and an identity monitoring service discovered that eight-year-old Kenna had accumulated $39,000 worth of debt and multiple credit-card accounts tied to three other people using her Social Security number.

“We’ve been buried in a paperwork storm trying to prove Kenna is the real holder of that social security number,” said Adora who wanted the matter cleared up before he daughter started applying for college loans.

So how does an online company protect itself from being victimized by cybercriminals using a child’s stolen identity?  By turning to ThreatMetrix.  The ThreatMetrix™ Cloud-Based Fraud Prevention Platform, incorporating ThreatMetrix SmartID™ cookieless device identification, provides online businesses with the ability to protect themselves and their customers by verifying new accounts, authorizing payments and transactions and authenticating user logins in real-time — without relying on personally identifiable information (PII) such as birth dates, maiden names and Social Security numbers.

Ukrainian Cossacks had a pretty fair reputation for being hackers. Of course, that was with swords.  Can’t say whether the guys who were busted in the Ukraine were Cossacks, but they were also pretty fair hackers. They got away with $20-million in fraudulent payment cards  – well almost.  So maybe they weren’t that good after all.

With U.S. agents assisting in the investigation, the four were detained and charged under Ukrainian Criminal Code for various offenses involving computer and network breaches.

According to the Ukrainian security service, SBU,  the four were seized, along with data stored on a computer for about 100,000 cards. The thieves were part of a gang that made unauthorized transfers from private bank accounts.

A statement from the SBU explained, “Members of the group have created an extensive, well hidden network throughout Ukraine, consisting of more than 20 people from among citizens of Ukraine and foreigners.

“Using specialized software and hardware devices, and modern computer technology, members of the group carried out unauthorized copying of confidential information about bank cards needed for making fake plastic [credit cards to be used] to steal money from bank accounts of citizens from different countries.”

The ThreatMetrix™ Cloud-Based Fraud Prevention Platform, incorporating ThreatMetrix SmartID™ cookieless device identification, provides online businesses with the ability to protect themselves and their customers by verifying new accounts, authorizing payments and transactions and authenticating user logins in real-time — without relying on birth dates, maiden names and Social Security numbers.  So, when there’s nothing to hack, a hacker gets nothing.