Posts Tagged ‘PII’

Documents obtained by The New York Times said the European Commission is proposing a regulation that compels “Web sites to tell consumers why their data is being collected and retain it for only as long as necessary. If data is stolen, sites would have to notify regulators within 24 hours. It also offer[ed] consumers the right to transport their data from one service to another — to deactivate a Facebook account, for example, and take one’s trove of pictures and posts and contacts to Google Plus.”

Legal systems in every part of the world are working to come to grips with who owns online personal data, what happens to it after it’s posted, and what’s fair game to use for marketing.

Viviane Reding, the European Commission’s vice president for justice, told The Times, “Companies must be transparent about what they are doing, clear about which data is being used for what.”

If the European Parliament passes the new law, it would still not go into effect before 2014 and would not directly affect American consumers. As to American companies…well, they would only have to deal with one privacy law for the European Continent instead of the current twenty-seven different ones; Germany, a special case, has different data protection laws for each of its sixteen federal states. On the other hand, penalties for breaking the law could be as high as two percent of a company’s annual global revenue.

Plus, it’s not always easy to adhere to the letter of newly proposed law. Microsoft’s Ronald Zink, chief operating officer for European affairs, brought up concerns in discussing Microsoft’s Xbox Kinect system, which stores body measurements so it can visually recognize repeat players. He questioned whether the law would require players to provide consent every time they played a game, even if the information never left the game console. “We have designed the product to be private. We put a lot of thought into how this controls our work in terms of privacy by design.”

One of the law’s most controversial provisions is an Internet user’s right to demand that his or her accumulated data on a particular site be deleted forever. Viviane Reding states, “When a citizen has asked to get [personal data] back, then the data has to be given back. When an individual no longer wants his data to be processed, it will be deleted.”

In her New York Times article, Somini Sengupta cites critics who say deleting an individual’s personal data is not that simple and clear cut. “Data does not always stay in one place; if it is transferred to another company it cannot easily be withdrawn. A company might license some of the data it collects to a third party to analyze market sentiments or social trends: reviews of kebab joints in Amsterdam or public opinion about burqas. Moreover, it may be less feasible to erase someone’s credit history, for instance, or employment record than to, say, do away with her shopping history on Amazon.”

German Green Party member, Malte Spitz, said the proposed law should restrict how companies hold onto personal information. “Lots of companies are collecting as much information as possible, and lots of this information isn’t really necessary.”

According to Reuters, Facebook, which has been investigated by European regulators for the way it retains data, warned against rules that might not keep up with the pace of change on the Internet, saying, “There is a risk that an excessively litigious environment would impede the development of innovative services that can bring real benefit to European citizens.”

Europe, the U.S., or anywhere in the world, you can count on ThreatMetrix™ to provide both online security and custom data privacy.

Without relying on passwords, user names and cookies to protect its clients, the ThreatMetrix™ Cybercrime Defender Platform uses anonymous data from the computer, its connection to the Internet and contextual data from a transaction to sniff out cybercriminals. The ThreatMetrix Cybercrime Defender Platform is the first industry solution that integrates sophisticated malware detection and advanced device identification technologies in a single, unified platform. This unified approach to cybersecurity is a game changer. By integrating malware detection and device identification with shared, centralized intelligence, ThreatMetrix delivers the unique ability to protect the integrity of entire online transactions.

It may be big news, but it’s not exactly news. Likely the only people who didn’t know it was coming are two Bushmen in Tanzania and some San Quentin cons stuck in solitary. Yes, it has arrived. Facebook has filed to go public.

The IPO, or Initial Public Offering, is for $5 billion. And, according to CNBC “[t]he company is currently looking at a valuation of $75 billion to $100 billion, which would be one of the largest initial public offerings in U.S. history.” Oh and one more thing. Again according to CNBC, “[t]he current winner in the race for Facebook equity, with nearly $500 million, is Russian entrepreneur Yuri Milner, head of investment group DST.”

This is the kind of nuts and bolts you can read about anywhere.

Now, here’s something that’s really news. As Facebook goes public, the public’s privacy just goes.

Of Facebook’s latest move, ThreatMetrix’s Chief Products Officer, a highly-respected industry security expert, Alisdair Faulkner, says, “You can’t put a value on your privacy, but with Facebook filing for an IPO you can now put a price on your friends. That may just become the rallying cry that privacy advocates need to force greater government intervention.”

“Unfortunately, Facebook and its advertisers aren’t the only ones making money from this social network,” continued Faulkner. “Users have come to feel Facebook is secure and they can trust it to protect both their personal data and that of their friends. Hackers are taking advantage of that misplaced trust.”

“In January alone, 45,000 usernames and passwords were stolen by Ramnit malware and the traditionally banking-focused Trojan, Carberp, started targeting Facebook users to trick them into handing over e-cash,” said Faulkner.

A BBC story on the cybertheft reported security researchers saying, “We suspect that the attackers behind Ramnit are using the stolen credentials to login into victims’ Facebook accounts and to transmit malicious links to their friends, thereby magnifying the malware’s spread. They added that “cybercriminals are taking advantage of the fact that users tend to use the same password in various web-based services to gain remote access to corporate networks.”

Faulkner notes that “Twitter’s recent acquisition of Dasient, the anti-malware company, is an acknowledgement that social networks are not only a goldmine of personal data for hackers, but the best malware distribution platform ever invented.”

So if Facebook users can’t trust Facebook to protect their assets, who can they trust? They can trust any social network that uses the type of security ThreatMetrix™ provides.

Without relying on passwords, user names and cookies to protect its clients, the ThreatMetrix™ Cybercrime Defender Platform uses anonymous data from the computer, its connection to the Internet and contextual data from a transaction to sniff out cybercriminals. The ThreatMetrix Cybercrime Defender Platform is the first industry solution that integrates sophisticated malware detection and advanced device identification technologies in a single, unified platform. This unified approach to cybersecurity is a game changer. By integrating malware detection and device identification with shared, centralized intelligence, ThreatMetrix delivers the unique ability to protect the integrity of entire online transactions.

Casus belli is polite diplomatic Latin for an act of war. Except for maybe the Greeks getting a bit annoyed over losing Helen and attacking Troy, acts of war have pretty much been confined to blockades (naval and otherwise) and direct military strikes.

Now the Pentagon is in the process of officially redefining acts of war to include hacking that poses a significant threat to U.S. nuclear reactors, subways, pipelines, etc. In poker terms, what it comes down to is we’ll see your virus and raise you the U.S.S. Enterprise – and we ain’t talkin’ Star Trek.

Recently, the Wall Street Journal obtained unclassified portions of the Pentagon’s formal cyber strategy. In Siobhan Gorman and Julian E. Barnes’ WSJ article, they said attacks on Pentagon systems including military contractor, Lockheed Martin, and sabotage against Iran’s nuclear program using the Stuxnet computer worm spurred the U.S. military to action.

One nagging problem is determining where an attack originated. Another is, how strongly to retaliate once the source of the attack is determined. For example, if a cyberattack produces death, damage, destruction or high-level disruption, the offending party could get a visit from Seal Team Six, Predator Drones or the entire Fourth Infantry Division.

The Wall Street Journal story notes attacks that impacted nations since 2007:

• June 2009: First version of Stuxnet virus starts spreading, eventually sabotaging Iran’s nuclear program. Some experts suspect it was an Israeli attempt, possibly with American help.
• November 2008: A computer virus believed to have originated in Russia succeeds in penetrating at least one classified U.S. military computer network.
• August 2008: Online attack on websites of Georgian government agencies and financial institutions at start of brief war between Russia and Georgia.
• May 2007: Attack on Estonian banking and government websites occurs that is similar to the later one in Georgia but has greater impact because Estonia is more dependent on online banking.

The article notes that the “Pentagon itself was rattled by the 2008 attack, a breach significant enough that the Chairman of the Joint Chiefs briefed then-President George W. Bush. At the time, Pentagon officials said they believed the attack originated in Russia, although didn’t say whether they believed the attacks were connected to the government. Russia has denied involvement.”

Cyberwarfare isn’t governed by the traditional rules of armed conflict based on international treaties, i.e., the Geneva Conventions and customary international law.

“Act of war” according to retired Air Force Major General and Duke University law school professor Charles Dunlap is a political phrase rather than a legal term. He also argued that cyber attacks that have a violent effect are the legal equivalent of armed attacks, or what’s called in military parlance, “use of force” and should be governed by basically the same rules as any other kind of attack. In other words, the U.S. “would need to show that the cyber weapon used had an effect that was the equivalent of a conventional attack.”

Center for Strategic and International Studies’ computer security specialist James Lewis says many military planners believe retaliation should be judged by the amount of real or attempted damage the attack caused. Therefore, if a hack attack shut down as much commerce as a naval blockade, it would be considered an act of war the same way a naval blockade is.

The Gorman and Barnes WSJ story says the origin of the Stuxnet virus, meant to sabotage Iran’s nuclear centrifuges, could not be positively identified. “While some experts suspect it was an Israeli attack, because of coding characteristics, possibly with American assistance, that hasn’t been proven. Iran was the location of only 60% of the infections, according to a study by the computer security firm Symantec. Other locations included Indonesia, India, Pakistan and the U.S.” Cyberattacks on American online assets have often been attributed to China or Russia. The difficulty proving exactly where attacks originate have some Pentagon planners seeking to deter attacks by holding the countries that build cyberweapons, themselves, responsible for their use.

Whatever international law comes to recognize as a cyberspace act of war, a growing number of companies have already come to recognize that ThreatMetrix™ offers the best protection available. Without relying on passwords, user names and cookies to protect its clients, the ThreatMetrix™ Cybercrime Defender Platform uses anonymous data from the computer, its connection to the Internet and contextual data from a transaction to sniff out cybercriminals. The ThreatMetrix Cybercrime Defender Platform is the first industry solution that integrates sophisticated malware detection and advanced device identification technologies in a single, unified platform. This unified approach to cybersecurity is a game changer. By integrating malware detection and device identification with shared, centralized intelligence, ThreatMetrix delivers the unique ability to protect the integrity of entire online transactions.

Child identity theft is exactly like stealing candy from babies. Easy. It’s easy because the crime is often not detected until the baby is an adult and has his/her credit and reputation ruined.

The Huffington Post relates the story of Jennifer Andrushko.   

When Jennifer Andrushko applied for public aid two years ago, a state employee entered her son Carter’s Social Security number into a computer and discovered something strange: The boy appeared to have been earning wages for the past eight years.

“I thought, ‘How could this be happening? He’s only three years old,’” Andrushko said.

It turned out an undocumented immigrant had been using Carter’s number to acquire jobs since before [Carter] was born. But Carter proved relatively fortunate. Unlike many child identity theft victims who do not realize their credit is ruined until they reach adulthood, his case was caught while he was young, giving him time to recover his good name.

Carter was lucky. He was living in Utah, one of the few states that cross-references its employment database with a list of children receiving public assistance. Well he wasn’t all that lucky. His mother was applying for public assistance.  Anyway, according to the Huffington Post, Utah found thousands of instances of child identity theft, including one where nine people used one nine-year-old’s Social Security number to get employment.

Parents hand over children’s Social Security numbers to schools and health care providers, and other institutions that often don’t have sufficient safeguards in place. It’s been suggested that a solution, or at least a partial one, would be if the Social Security Administration could do something with the numbers to make it possible for credit agencies to know that the holder is a minor.

Last year, more than 18,000 cases of child identity theft were reported to the Federal Trade Commission. The Huffington Post suggests even 18,000 doesn’t come close. “The real figure…is probably much higher because the crime often goes undetected….. ID Analytics estimates that more than 140,000 children are victims of identity theft each year, based on a one-year study of those enrolled in the firm’s identity protection service.

“In the largest study on child identity theft to date, researchers at Carnegie Mellon University found that 10 percent of children were victims of identity theft, compared with less than 1 percent of adults. The study, which was published this spring, analyzed more than 800,000 records — including 40,000 belonging to minors — compromised by data breaches in 2009 and 2010. The data was provided by the credit monitoring service Debix.”

The Huffington Post story says, “Thieves now exploit a gap in the system used by the three major credit bureaus to check consumer credit. When the bureaus pull reports, they look for matching names, birthdates and Social Security numbers. But identity thieves escape detection by pairing a child’s number with a different name and birth date, creating the appearance of a consumer who is applying for credit for the first time. Debix says it recently ran credit reports on 381 cases of confirmed child identity theft and found that credit reports only turned up fraudulent activity in four cases, or 1 percent.”

Companies are able to cross check names, birthdates and SSNs with the Social Security Administration, but the agency charges a $5,000 fee upfront, plus $1 for each check – a tab many companies don’t care to pay.

Stuart Pratt, president of the Consumer Data Industry Association, the trade association for the three credit reporting agencies, asked, “How can somebody open up any kind of account with just a name and Social on its own? Authentication should be much more than that. It has to be robust.”

In the late 1980s, the Social Security Administration started requiring parents to list their children’s SSNs to claim them as dependents. Newborns got spanking new credit histories that remained that way till they turned eighteen. It was an open invitation to crooks.

So what happens when thieves have a multi-year head start?  The Huffington Post relates the story of Jaleesa Suell of Oakland, California.  When Jaleesa was 17, a thief stole her identity to open a credit card. She didn’t find out until she turned 21 and was denied her first credit card. The reason?  She had a $300 unpaid credit-card debt, which had been sent to a collection agency.

Now 22, Suell has spent the last six months disputing the fraud with Plains Commerce Bank, based in South Dakota, where the account was opened. Before accepting the charges were fraudulent, the bank insisted that Suell provide a full police report. But the Oakland Police Department has refused to provide such a report because $300 does not meet the department’s threshold.

Identity Theft 911, which is working pro-bono to help Suell, plans to write letters to the FDIC, FTC and the Better Business Bureau to pressure the bank to “do the right thing,” according to Kelly Colgan, a spokeswoman for Identity Theft 911.

If her case is not resolved, Suell fears she will graduate college in May and be unable to rent an apartment or acquire student loans for graduate school due to her damaged credit.

“I’m at an impasse,” she said. “It’s extremely frustrating.”

Story after story follows the same pattern. Even when victims are able to clear their names, they have still been forced to devote big chunks of time and energy to that end. And that’s time and energy that could be put to better use like improving their grades, finding jobs, etc.

Amending agency regulations and federal and state laws could help stop ID theft.  Another thing that could help the cause is for online businesses to use ThreatMetrix™ solutions.

ThreatMetrix doesn’t rely on passwords, user names and cookies to protect its clients.  Instead the ThreatMetrix™ Cybercrime Defender Platform uses anonymous data from the computer, its connection to the Internet and contextual data from a transaction to sniff out cybercriminals. The ThreatMetrix Cybercrime Defender Platform is the first industry solution that integrates sophisticated malware detection and advanced device identification technologies in a single, unified platform. This unified approach to cybersecurity is a game changer. By integrating malware detection and device identification with shared, centralized intelligence, ThreatMetrix delivers the unique ability to protect the integrity of entire online transactions.

Use Google?  Incidentally, does anybody out there know if Yahoo still does searches? Bing? Okay — some serious questions: Do you have a YouTube account? Use Gmail? Do you know what Google’s up to?

Everybody with an account on Gmail and YouTube already has an idea something’s in the works. That’s because they have to use the same name and password to logon to Gmail and YouTube. In fact, that’s the way it is across all Google platforms except for Google Wallet, Chrome and Google Books. So, what if you don’t feel like changing your user name or password?  Well, Google took a page from Mike C’s book.  Mike was a guy we used to play touch football with in college.  If he couldn’t play quarterback, he’d take his regulation professional ball and go home.

Mike played quarterback — a lot.  And, if you want to maintain both YouTube and Gmail accounts, you’ll have to play along, too.

So what’s this all about? Google says the move will help the company to better tailor its ads to users’ tastes, benefitting consumers. Notes Cecilia Kang in the Washington Post, “When someone is searching for the word “jaguar,” Google would have a better idea of whether the person was interested in the animal or the car. Or, the firm might suggest e-mailing contacts in New York when it learns you are planning a trip there.”

Common Sense Media chief executive James Steyer observes, “Google’s new privacy announcement is frustrating and a little frightening. Even if the company believes that tracking users across all platforms improves their services, consumers should still have the option to opt out — especially the kids and teens who are avid users of YouTube, Gmail and Google Search.”

Jeffrey Chester, executive director of the privacy advocacy group, the Center for Digital Democracy, says, “There is no way a user can comprehend the implication of Google collecting across platforms for information about your health, political opinions and financial concerns.”

Added Rep. Ed Markey (D-Mass): “It is imperative that users will be able to decide whether they want their information shared across the spectrum of Google’s offerings.”

In a touch of irony…okay, a red-hot branding iron of irony…Google is a partner in sponsoring Data Privacy Day, an annual international celebration designed to promote awareness about privacy and education about best privacy practices.

So, why would Google support Data Privacy Day and in the same calendar quarter change policy to gather even more consumer information?

“The change to its privacy policies,” says Kang in the Post article, “comes as Google is facing stiff competition for the fickle attention of Web surfers. It recently disappointed investors for the first time in several quarters, failing … to meet earnings predictions. Apple, in contrast, reported record earnings …that blew past even the most optimistic expectations.

“Some analysts said Google’s move is aimed squarely at Apple and Facebook — which have been successful in building a unified ecosystem of products that capture people’s attention. Google, in contrast, has adopted a more scattered approach, but an executive explained in interviews that the company wants to create a much more seamless environment across its variety of offerings.”

In addition to consumer privacy advocates, Google’s actions aren’t sitting too well with regulators in Washington. The Washington Post reports, “The company recently settled a privacy complaint by the Federal Trade Commission after it allowed users of its now defunct social network, Google Buzz, to see contacts’ lists from its e-mail program. And a previous decision to use its social network data in search results has been included in a broad Federal Trade Commission investigation, according to a person familiar with the matter who spoke on the condition of anonymity because the investigation is private.”  Well at least some things are still private…more irony…okay a hint of sarcasm.

To keep your company’s and its customers’ online private information private, select ThreatMetrix™. Without relying on passwords, user names and cookies to protect its clients, the ThreatMetrix™ Cybercrime Defender Platform uses anonymous data from the computer, its connection to the Internet and contextual data from a transaction to sniff out cybercriminals. The ThreatMetrix Cybercrime Defender Platform is the first industry solution that integrates sophisticated malware detection and advanced device identification technologies in a single, unified platform. This unified approach to cybersecurity is a game changer. By integrating malware detection and device identification with shared, centralized intelligence, ThreatMetrix delivers the unique ability to protect the integrity of entire online transactions.

Okay, the Chinese probably didn’t say “Je suis innocent.” (I am innocent). French Army Captain Alfred Dreyfus famously did upon being convicted of spying for the Germans in 1894 and sent to Devil’s Island.  Ultimately, Dreyfus was proven innocent.  However, the same may not be said of the Chinese about the attacks on the Chamber of Commerce — though they claimed they didn’t do it.

Reports the Wall Street Journal, “A spokesman for the Chinese Embassy in Washington, Geng Shuang, said [presumably not in French] cyberattacks are prohibited by Chinese law and China itself is a victim of attacks. He said the allegation that the attack against the Chamber originated in China ‘lacks proof and evidence and is irresponsible, adding that the hacking issue shouldn’t be ‘politicized.’”

However, somebody did hack the Chamber and people who should know from Richard Clarke, former White House counter-terrorism adviser, to congressional leaders to the FBI either hint or come right out and state the attacks came from China.

Clarke told ABC News, “The Chinese have attacked every major U.S. company, every government agency, and NGOs [non-governmental organizations]. Their attacking the Chamber of Commerce is part of a pattern of their attacking everything in the US. If you’re working on U.S.-China relations with an NGO [or] government agency, you can be sure the Chinese are reading your emails on your computer.” He went on to say, “I don’t think the Chamber of Commerce has anything worth stealing, but it’s part of a pattern of the Chinese stealing everything they can, and that’s worrying.”

The Wall Street Journal characterized the attack as “one of the boldest known infiltrations in what has become a regular confrontation between U.S. companies and Chinese hackers. The complex operation, which involved at least 300 Internet addresses, was discovered and quietly shut down in May 2010.”

It isn’t clear how much of the compromised data was viewed by the hackers. Chamber officials say internal investigators found evidence that hackers had focused on four Chamber employees who worked on Asia policy, and that six weeks of their email had been stolen.

Another report had it that the penetration into the Chamber of Commerce was so complete that a Chamber thermostat was communicating with a computer in China. Another time, Chamber employees were surprised to see one of their printers printing in Chinese.  Of course it might not have been Chinese. Ever see an inkjet suddenly go haywire?  Sure looks like Chinese.

Anyway…

The Chamber’s Chief Operating Officer David Chavern observed, “What was unusual about it was that this was clearly somebody very sophisticated, who knew exactly who we are and who targeted specific people and used sophisticated tools to try to gather intelligence.”

A Bloomberg report stated that “two people familiar with the Chamber investigation said certain technical aspects of the attack suggested it was carried out by a known group operating out of China. It isn’t clear exactly how the hackers broke in to the Chamber’s systems. Evidence suggests they were in the network at least from November 2009 to May 2010.”

Learning of the break-in, Chamber security experts didn’t tip their hands.  According to Bloomberg, “They first watched the hackers in action to assess the operation. The intruders, in what appeared to be an effort to ensure continued access to the Chamber’s systems, had built at least a half-dozen so-called back doors that allowed them to come and go as they pleased….They also built in mechanisms that would quietly communicate with computers in China every week or two.

“The hackers used tools that allowed them to search for key words across a range of documents on the Chamber’s network, including searches for financial and budget information.”

Cyberspies, who have access to a network for many months, often take measures to cover their tracks and to conceal what they’ve stolen.

According to Bloomberg, “To beef up security, the Chamber installed more sophisticated detection equipment and barred employees from taking the portable devices they use every day to certain countries, including China, where the risk of infiltration is considered high. Instead, Chamber employees are issued different equipment before their trips — equipment that is checked thoroughly upon their return.

Chamber officials say they haven’t been able to keep intruders completely out of their system, but now can detect and isolate attacks quickly.”

The Chamber eventually shut down the hackers by unplugging and destroying some computers and overhauling the security system, which was timed for a 36-hour period over one weekend when the hackers, who kept regular working hours were expected to be off duty. (Not a good idea to mess with hackers about overtime — tough union.)

The Bloomberg story went on to say “U.S. intelligence officials and lawmakers have become alarmed by the growing number of cyber break-ins with roots in China. Last month, the U.S. counterintelligence chief issued a blunt critique of China’s theft of American corporate intellectual property and economic data, calling China “the world’s most active and persistent perpetrators of economic espionage” and warning that large-scale industrial espionage threatens U.S. competitiveness and national security.”

About ongoing hacking of American corporations, Senator Sheldon Whitehouse of Rhode Island observed, “I think there’s a case to be made that this may be the greatest transfer of wealth through theft and piracy in the history of the world and we are on the losing end of it.”

Before your intellectual property or business plans become a casualty of cyberspies, get the best protection available.  Get ThreatMetrix™.

ThreatMetrix doesn’t rely on passwords, user names and cookies to protect its clients.  Instead the ThreatMetrix™ Cybercrime Defender Platform uses anonymous data from the computer, its connection to the Internet and contextual data from a transaction to sniff out cybercriminals. The ThreatMetrix Cybercrime Defender Platform is the first industry solution that integrates sophisticated malware detection and advanced device identification technologies in a single, unified platform. This unified approach to cybersecurity is a game changer. By integrating malware detection and device identification with shared, centralized intelligence, ThreatMetrix delivers the unique ability to protect the integrity of entire online transactions.

Zappos, the online shoe outlet owned by Amazon, was hacked putting some 24-million customers’ personal information at risk. PCWorld.com reported that Zappos CEO, Tony Hsieh, told customers that, “names, email addresses, billing and shipping addresses, phone numbers, the last four digits of credit card numbers, and encrypted passwords may have been exposed.”  He added that the good news was that the database storing actual credit card and payment data had not been breached.

Nevertheless, the New York Daily News reported that the company had put out a statement informing customers of the incident and asking them to change their passwords. Customers, who attempted to phone Zappos for information, were met with the sounds of silence. Zappos’ CEO said in a memo, “We have made the hard decision to turn off our phones and direct customers to contact us by email because our phone systems simply aren’t capable of handling so much volume. (If 5% of our customers call, that would be over 1 million phone calls, most of which would not even make it into our phone system in the first place.).”

In an email to employees, which was posted to the Zappos blog, the company said the cyberattack came from a criminal who had gained access to parts of the company’s internal network and systems through a server in Kentucky.

Andrew Storms, director of security operations at nCircle, told PCWorld.com that Zappos’ response to the incident seemed to be appropriate in so far as it had notified customers, and reset all passwords to force customers to create new ones to replace those that may be exposed or cracked as a result of the breach.

Security expert, Neil Roiter, research director for Corero Network Security, observed, “Companies such as Zappos should have technology in place that monitors activity on their networks and reports in real time on suspicious activity or activity that does not conform to security policy. The sooner an organization detects a breach, the more quickly it can contain it.”

ThreatMetrix, the fastest-growing provider of integrated cybercrime prevention solutions, offers superior solutions that can’t be compromised by break-ins. The ThreatMetrix™ Cybercrime Defender Platform helps companies protect customer data and secure transactions against fraud, malware, data breaches, as well as man-in-the browser (MitB) and Trojan attacks. The Platform consists of advanced cybersecurity technologies, including TrustDefender™ ID, which is cloud-based, real-time device identification, as well as malware protection with TrustDefender™ Cloud and TrustDefender™ Client. The company serves a rapidly growing global customer base across a variety of industries, including financial services, e-commerce, payments,social networks, government, and healthcare.

PrECISE (Promoting and Enhancing Cybersecurity and Information Sharing Effectiveness) is the cybersecurity bill introduced by members of the House Homeland Security Committee.  PrECISE establishes a quasi-governmental entity to oversee information-sharing with the private sector.

Wouldn’t you like to have sat in on the meeting where they decided on the acronym, PrECISE?  (Probably more like multiple meetings with emails flying back and forth for months):

Staffers: “How about Cybersecurity Information Sharing (CIS)?”

Committee: “CIS?  Too close to CIA, which is supposed to gather information, not spread it. Leaves the wrong impression.”

Staffers: “How about Promoting and Enhancing Cybersecurity and Information Sharing Effectiveness (PECISE)?”

Committee:  “That’d be pronounced Pea-size. Does Pea-size sound like the taxpayers are getting any bang for their buck?”

Staffers:  “How about we put in an “R” for Research? “Promoting Research and Enhancing Cybersecurity and Information Sharing Effectiveness.” Then we’ve got PRECISE. “

Committee: “PRECISE.  Like it.  But we’re not doing Research. That makes PRECISE imprecise.”

Staffers:  “Okay, we can take the “R” from “Promoting” to make it “PRECISE.” And to differentiate it from the rest of the acronym, we can make the “R” an “r”.

Committee:  “But what do we do about the “a”s in the “ands” in “Promoting Research and Enhancing Cybersecurity and Information Sharing Effectiveness?”

Staffers:  “Lower case ands are always silent.” 

Committee:  “Precisely.”

However the PrECISE Act got its name, The Hill’s “Hillicon Valley Technology Blog” reports that it’s designed to encourage “private firms to share information on cyber threats [stopping] short of mandating new security standards for sectors deemed critical to national security” following other cybersecurity bills offered by House Republicans.

The bill lays out the Department of Homeland Security’s cybersecurity functions which would require DHS to evaluate cybersecurity risks for critical infrastructure firms and determine the best way to mitigate the risks.

“Cybersecurity is truly a team sport, and this bill gives DHS needed authorities to play its part in the federal government’s cybersecurity mission and enables the private sector to play its part by giving them the information and access to technical support they need to protect critical infrastructure,” said House Cybersecurity subcommittee Chairman Dan Lungren (R-Calif.).

Hillicon Valley Technology Blog observes, “By authorizing DHS to oversee civilian cybersecurity, the legislation aligns with proposals from both the Senate and the White House, but it is unclear how much authority DHS would have to enforce its security standards. Democrats have argued DHS needs some enforcement authority to ensure firms beef up their network protections.”

While there hasn’t been a whole lot of bi-partisan support for any measure recently, this bill appears to come close. Bennie Thompson (D-Miss.) said, “Introduction of this legislation represents a solid and significant step forward in the effort to secure our nation’s cyber infrastructure. While I am not prepared to give my full support to the bill at this time, there’s a lot to like in this bill. I am pleased that it gives DHS the authority and resources it needs to fulfill its cybersecurity mission instead of creating a whole new bureaucracy or complicated regulatory framework.”

Offers Cybersecurity sub-panel ranking member Yvette Clarke (D-N.Y.), “While we continue to review this legislation, I look forward to working with my colleagues in a more collaborative way to strengthen this bill.”

You may have to wait for Congress to work out the precise language of PrECISE before it’s enacted.  But, you don’t have to wait to achieve the most effective protection for your online assets.  That protection is available today from ThreatMetrix™.

The first perimeter and the most effective element in a multi-layered defense against cybercriminals is device identification.  Offering transaction security from hidden proxies, scripted attacks and cookie and browser manipulation, the ThreatMetrix™ Cloud-Based Fraud Prevention Platform  lets companies authenticate payments, new accounts and returning customers in real time. And it doesn’t matter what device is being used from smartphones to PCs to tablets. Combined with aggregated fraud intelligence in the cloud, ThreatMetrix device identification offers companies maximum protection without the need to collect Social Security numbers, email addresses or bank account information.

At the request of the U.S. Secret Service, ThreatMetrix’s Chief Products Officer, Alisdair Faulkner and other leading industry security experts met at the San Francisco ECTF (Electronic Crimes Task Force) Quarterly Conference for an open and wide-ranging discussion covering:

• Fraud patterns specific to the mobile channel and potential defenses
• Mobile/non-mobile combined fraud patterns and defenses
• Mechanisms that can be reused to augment security and prevent mobile-related fraud
• New and upcoming technologies that are specific to mobile and could help detect or prevent mobile fraud

The program was comprised of two presentations, a panel discussion and an audience Q & A. Derrick Donnelly of Blackbag Technologies delivered a presentation titled “iOS Forensics: A Comprehensive Approach” and Mark Schaeffer of Granite Key delivered another presentation on “Applying Security Technologies and Best Practices to Achieve Measurable Business Objectives.”

Taking part in the panel discussion titled, “Fundamental Differences in Mobile vs. Non-Mobile Fraud” were, in addition to Alisdair Faulkner of ThreatMetrix, Lee Freedman, Apple’s Senior Manager of Cyber Investigations for its Global Security Team; Mitch Zollinger of Netflix; Bob Morris of ARM Holdings; and Hadi Nahari (formerly of PayPal).

The only stipulation the Secret Service imposed on conference participants was that there would be “no product pitching.”  Fortunately, we do not suffer under the same constraints. So, here’s why your company should choose ThreatMetrix solutions.

ThreatMetrix’s flexible and powerful rules-based engine and scoring stops fraud the first time, providing added visibility into a user’s account information and online behavior – without relying on personally identifiable information (PII) such as birth dates, maiden names and Social Security numbers. The ThreatMetrix™ Cloud-Based Fraud Prevention Platform lets companies authenticate payments, new accounts and returning customers in real time. And it doesn’t matter what device is being used from PCs, to tablets to smartphones.

For more information, visit “Top 5+ Reasons” you should use ThreatMetrix now.

The world is a big place with close to seven billion people. And, according to professional researcher Moya K. Mason, something like 50-million new firms are started each year. So when you think about ThreatMetrix making Red Herring’s top 100 leading private companies in all of North America, Europe, and Asia, it’s quite an honor – especially when put in the context of other companies that have made the Top 100 in past years: Google, Skype, Baidu, Salesforce.com, YouTube and eBay. (The full list of winners in 2011 can be found here: http://www.herring100.com/RHG/2011/top100.html)

Red Herring’s editorial staff evaluated the companies on both quantitative and qualitative criteria, such as financial performance, technology innovation, management quality, strategy, and market penetration. This assessment of potential was complemented by a review of the track record and standing of start-ups relative to their sector peers.

Alex Vieux, Chairman of Red Herring, observed, “Choosing the best [companies from] the previous two years was by no means a small feat. After rigorous contemplation and discussion, we narrowed down our list from 1,100 potential companies to 100 winners.  It was an extremely difficult process [and the] competition for the Top 100 was fierce.  [The] Top 100 Global are truly the best of the best.”

“We’re extremely proud to be recognized by Red Herring as among the best technology companies globally,” said Reed Taussig, president and CEO, ThreatMetrix. “Winning the Red Herring Global award further validates ThreatMetrix’s value proposition in the marketplace as a leading provider of online fraud prevention and cybersecurity solutions.”

Many companies have already come to the conclusion that ThreatMetrix is the “right decision” when it comes to protecting their online assets. Offering transaction security from hidden proxies, scripted attacks and cookie and browser manipulation, the ThreatMetrix™ Cloud-Based Fraud Prevention Platform lets companies authenticate payments, new accounts and returning customers in real time. And it doesn’t matter what device is being used from smartphones to PCs to tablets. Combined with aggregated fraud intelligence in the cloud, ThreatMetrix device identification offers companies maximum protection without the need to collect Social Security numbers, email addresses or bank account information.