MasterCard and Visa to Drop Pop-up Window Passwords

Posted on November 21st, 2014 by Dan Rampe

MC and Visa

Taking a Page from the ThreatMetrix Playbook, the Credit Card Giants Are Moving to Non-Intrusive, Effective Authentication Systems

More than a year ago, ThreatMetrix was warning that the day of the password had passed (See the ThreatMetrix news release titled “2013: The Year of the Password Apocalypse” ) and advised:

  • Integrating Login and Payment Screening for a single view of the customer whether he/she does a guest checkout on a friend’s iPad or uses a registered credit card on a mobile device.
  • Leveraging Shared Intelligence Networks to passively recognize both valuable customers and cyberthreats based on anonymized shared intelligence of device and persona reputation and behavior.
  • Implementing Trust Tags to associate user accounts and devices with additional context by tagging to see, for example, if a registered user’s email and password was compromised on another sit

Now MasterCard and Visa are transitioning out of their present systems, MasterCard SecureCode and Verified by Visa, which are based on the 3D protocol. Under the 3D protocol, a user had to enter a password in a pop-up window so the card issuer could confirm the user’s identity before the transaction was completed.

In her piece on independent.ie, Sophie Curtis points out that systems using the 3D protocol are “unpopular with online shoppers, because [shoppers are required] to use complex passwords that are easy to forget, and can be difficult to tell whether the pop-ups are legitimate or fraudulent [in other words whether somebody is attempting to capture the shopper’s password].”

Curtis goes on to discuss the new systems Visa and MasterCard are introducing. The following has been excerpted from her piece and edited to fit our format. You may find the full article by clicking on this link.

Invisible authentication

A new invisible authentication [reduces] the reliance on passwords as a means of verifying identity.

In the event that authentication is needed, cardholders will be able to identify themselves with the likes of one-time passwords or fingerprint biometrics, rather than committing static passwords to memory.

Facial and voice recognition apps

MasterCard is also piloting commercial tests for facial and voice recognition apps to authenticate cardholders, and conducting trials of a wristband which authenticates a cardholder through their unique cardiac rhythm.

“All of us want a payment experience that is safe as well as simple, not one or the other,” said Ajay Bhalla, president of enterprise security solutions at MasterCard.

“We want to identify people for who they are, not what they remember. We have too many passwords to remember and this creates extra problems for consumers and businesses.”

Adoption expected in 2015

The new protocol could be adopted in 2015 and will gradually replace the current 3D Secure protocol.

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 850 million monthly transactions and protects more than 210 million active user accounts across 3,000 customers and 15,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

 

 

ThreatMetrix Cybercrime Report: Q4 2014 Examines Cyberattacks Detected by “The Network”

Posted on November 20th, 2014 by Dan Rampe

Standard-Header-AF

Report Marks Trends Leading up to Holiday Shopping and Identifies Top Concerns such as Account Takeover and Customer Friction

Hot off the presses, or more accurately, straight out of cyberspace, comes the “ThreatMetrix Cybercrime Report: Q4 2014” detailing Q3 cyberattacks discovered by the ThreatMetrix Global Trust Intelligence Network (The Network) which analyzes more than 850 million monthly transactions, and protects more than 210 million active user accounts across 3,000 customers and 15,000 websites.

Now leveraging real-time, anonymized data from The Network across industries, the Report, having samples from close to a billion transactions offers a representative summary of activity that includes account creation, payment and login fraud.

E-commerce holiday season shopping threats

With emphasis on the e-commerce industry and based on current attack trends, card-not-present, account takeover and fraudulent account registration attacks were in no small way associated with countless high profile data breaches in the past year. This trend will likely accelerate during the upcoming $600 billion holiday shopping season.

While many reports discuss cyberthreat trends such as malware, massive data breaches or the total economic impact of cybercrime, the ThreatMetrix Cybercrime Report: Q4 2014 is the first of its kind to analyze how often stolen and compromised identities are used in the commission of additional cybercrimes.

Alisdair Faulkner, chief products officer, ThreatMetrix

“In addition to payment fraud this holiday shopping season, our biggest concern is the spike in the number of account takeovers we are seeing on retail websites. ThreatMetrix data shows an upswing in account takeover activity in the wake of recent massive data breaches – and most retailers will be caught unprepared.

“Previously, guest checkouts represented the highest risk, but due to the prevalence of data breaches and the convenience of storing credit cards to make mobile purchases easier, fraudsters have found it just as easy to use a stolen username and password as it is to use compromised credit card information that has a shorter life span before being shut down. Even strong PCI compliance and encryption means little when cybercriminals utilize stolen password and email combinations to compromise customer accounts. Retailers need to leverage a shared global network of trust intelligence to differentiate between trusted and suspicious transactions.”

e-Commerce high-risk transactions

In comparison to other industries, e-commerce falls in the middle when it comes to high-risk transactions with 4 percent of all transactions labeled as high-risk. Overall, high-risk transactions and logins are typically rejected outright by ThreatMetrix customers.

e-Commerce transactions by percentage and risk:

  • 7 percent account creation, with 5.2 percent high risk
  • 14 percent account login, with 5.5 percent high risk
  • 79 percent payment, with 3.4 percent high risk

Financial Services Industry Cybercrime and Customer Friction

The Report examines financial services transactions and authentication attempts. While only 1 percent of transactions and logins are labeled as high-risk, financial services tolerate a higher threshold of risk at point of login and instead intercept attempted money transfers or rely on intrusive step-up authentication solutions to provide extra assurances.

Financial services transactions by percentage and risk:

  • 2 percent account creation, with 1.7 percent high risk
  • 83 percent account login, with 0.7 percent high risk
  • 15 percent payment, with 0.5 percent high risk

Faulkner notes

“Attacks aimed at financial services are more targeted and result in much higher losses and possible brand damage than e-commerce ‘spray-and-pay’ attacks – meaning randomly targeting as many victims as possible.

“Financial services businesses are dominated by higher authentication requirements, making it more difficult for fraudsters to attack. As a result, attacks leveraging malware are much more common and the challenge for most financial institutions has shifted from the detection of anomalous account access to stopping valid customers from being caught in the fraud net.”

EMV and Apple Pay move threat online

While EMV, Apple et al. will cut down on point-of-sale fraud such as that caused by recent data breaches, more secure in-store payments will increasingly push fraud online and e-commerce and financial services executives must be prepared to protect against such risks.

Media industry faces highest percentage of high-risk transactions

Consisting of social media, content streaming and online dating websites, the media industry is subject to 9 percent of high-risk transactions, the highest percentage of all industries examined.

Media transaction by percentage and risk:

  • 6 percent account creation, with 4.6 percent high risk
  • 66 percent account login, with 6.2 percent high risk
  • 28 percent payment, with 3.7 percent high risk

Adds Faulkner

“The media industry has the highest incidence rate of high-risk transactions due to the low authentication threshold – often only consisting of a username and password combination. Such identities can easily be compromised due to using the same login credentials across websites and a significant number of data breaches exposing these login combinations.”

Mobile represents one-quarter of all activity in The Network

For the Report, total mobile activity was also examined for the prevalence and breakdown of cyberthreats. According to ThreatMetrix data, mobile represents nearly one-third of all activity on The Network. However, while cybercriminals target mobile, this channel still has much lower risk rates than desktop.

“As iPhone, Android and tablet usage continues to increase among consumers, mobile will represent an equal opportunity channel for cybercrime activity,” said Faulkner. “Cybercriminals always go where the money is and as more transactions turn to mobile, they will create new, sophisticated strategies to target this channel.”

Android versus iOS as targets

The report found that while Android represents a much higher percentage in terms of market and browser share, iOS (iPhone and iPad) generates nearly twice the number of payments, logins and authentications of all mobile operating systems combined. Specifically, 64 percent of mobile transactions are either iPhone or iPad transactions. Additionally, 48 percent of mobile attacks target iOS devices.

Top attacks by transaction type

Leveraging activity across industries for both mobile and desktop, the Report identified top attacks by transaction type and found spoofing (IP address, geolocation, identity and device spoofing) is the most common type of attack across payments, account login and account creation.

Cybercrime in all its guises

As a whole, cybercrime is a multi-billion dollar industry, which consists of organized cybercrime, nation states and many types of hackers. Given the widespread prevalence of cybercrime and no signs of its slowing down, businesses need to place an emphasis on understanding the types of attacks that occur once identities are compromised. In addition, no business – no matter the industry or size – can afford to stand alone in the fight against cybercrime. Rather, businesses must leverage a global network of trust intelligence to assure they have the best resources available to differentiate between authentic and fraudulent transactions without disrupting the customer experience with added friction.

To learn more, download the “ThreatMetrix Cybercrime Report: Q4 2014” eBook: http://goo.gl/6wUWrV

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 850 million monthly transactions and protects more than 210 million active user accounts across 3,000 customers and 15,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

 

 

 

 

What Good Can Come from a Data Breach? Experience.

Posted on November 13th, 2014 by Dan Rampe

Data Breach

An Expert Reporter Interviewed Security Experts to Come Up with 6 Lessons Learned from Past Data Breaches That Could Help Stop Future Ones

Einstein said “The only source of knowledge is experience.” While Oscar Wilde observed that “Experience is simply the name we give our mistakes.”

When it comes to data breaches, both Einstein and Wilde are right on target (The reference to Target in this instance was purely coincidental…maybe) . Anyway, without mistakes, there wouldn’t be breaches. But from those breaches comes the experience to avoid mistakes in the future.

In her piece on csoonline.com, Maria Korolov, a veteran tech reporter, interviewed a number of security professionals to pass along what they learned from studying the score of high-profile breaches that retailers, banks, consumers, government agencies et al. have suffered. The following has been excerpted from her piece and edited to fit our format. You may find the full article by clicking on this link.

Six lessons

1. It’s time to take staffing seriously

The biggest security hole in information security might not be technical at all.

“Roughly 40 percent of security roles are vacant in 2014,” said Jacob West, CTO of Hewlett Packard’s Enterprise Security Products. “And when you look at senior security roles, that vacancy rate is nearly 49 percent. No matter what technology we use, no matter how we try to secure our systems, if we’re going into this war with almost half of our army unstaffed, we’re going to see our adversaries be successful.”

West was referring to a study published this spring by the Ponemon Institute and sponsored by HP, which also showed that 70 percent of respondents said that their security organizations were understaffed. The chief reason? According to 43 percent of respondents, the organizations weren’t offering competitive salaries.

Companies might want to reconsider their security staffing budgets in the wake of another Ponemon study, sponsored by IBM and published in May, which showed that the average total cost of a data breach increased 15 percent to $3.5 million, and the average cost paid for each lost or stolen record containing sensitive and confidential information increased more than 9 percent from $136 in 2013 to $145 in this year’s study.

2. Know your code

Over the past 10 years, many organizations have adopted software security best practices, building in security at a fundamental level. However, that only applies to code they write themselves.

“One of the big points that was really brought to light this year …is that enterprises don’t write the majority of software themselves,” said HP’s West. “Software is in fact composed rather than written. We take commercial components and open source components and build a little bit of proprietary on top of that.”

As a result, some organizations spent weeks – even months – trying to inventory their systems and figure out where they’d used the vulnerable version of SSL.

Organizations need to start with a thorough understanding of what applications they’re using, where and how they’re using them, and their relative importance. Automated scanning systems might help with some of this, but at the end of the day, “the rubber has to hit the road,” West said. “It takes human effort.”

3. Pen tests are lies

Penetration tests are a common part of security audits. In fact, they’re required under the Payment Card Industry Data Security Standard.

“Every single company that’s been breached has had a penetration test report that says that people can’t get in – or if they can get it, it’s not important,” said J.J. Thompson, CEO of Rook Security, a penetration testing company in Indianapolis.

So why aren’t penetration tests exposing potential security holes so that companies can fix them?

“It’s very simple,” said Thompson. “Penetration test reports are generally lies.”

Or, to be less blunt, penetration testers are more constrained in what they can and cannot do, compared to actual hackers. “You can’t impersonate someone because that’s not how we do things here,” Thompson said. “You can’t set up a phishing site associated with a Facebook profile because that’s going too far.”

Actual hackers – who are already breaking the law anyway, by hacking into a company – might not be averse to breaking other laws, as well. A white hat security firm might be less willing to, say, get into a company by going after the systems of its customers or vendors. Or impersonate government officials, or damage equipment, or hijack actual social media accounts owned by friends or family members of company employees.

4. Physical security, meet cybersecurity

Agents of a foreign group recently went after an organization on the East Coast, circumventing firewalls, extracting data on its leadership, and getting information about upcoming events – and the facilities where those events would be taking place.

“Authorities believed it was part of the pre-operational planning of the group,” said John Cohen, who until recently was the anti-terrorism coordinator and acting undersecretary for intelligence and analysis at the Department of Homeland Security.

“There’s a blending together of physical security and cybersecurity,” said Cohen, who is now the chief strategy adviser at Frisco, Texas-based security vendor Encryptics LLC.

It can go the other way, too, with a physical break-in opening the way to digital theft via compromised equipment.

Enterprise security must become more holistic. The thieves who broke into a field office could have been looking for easy-to-fence electronics, or they could have been planting keyloggers.

5. Plan for failure, Part 1

If you knew with certainly that hackers were going to get into your systems, what would you do differently? After this year’s high-profile breaches, a lot of people are asking themselves that question, and starting to look at security differently.

“The way that I look at it, and the people I talk to on a day to day basis look at it, there’s a switch in mentality,” said Scott Barlow, the chair of the CompTIA’s IT Security Community and vice president of product management at Boston’s Reflexion Networks, Inc. “Businesses are assuming that their data will be exposed, or is already exposed, and they’re taking steps.” Those steps include encrypting data on employee desktops, in file servers, even email.

And a process called tokenization replaces bank card numbers with randomly generated codes, or tokens, even before they leave point of sale devices. Only the payment processor knows the real numbers – the retailers get tokens, which are completely worthless to any hackers who break into their systems.

That turns the payment processors into targets – but then, they always have been.

“Guys are already going after us,” said Paul Kleinschnitz, senior vice president and general manager of Cyber-security Solutions for FirstData, which accounts for about 40 percent of the payment processing in the U.S.

Meanwhile, the Targets and the Home Depots will be insulated from the risk of losing the payment data.

“We are pulling that burden away form the merchants and managing it,” Kleinschnitz said.

6. Plan for failure, Part 2

If JP Morgan can be breached, every company is vulnerable. “Even if you have the best security in place, there’s still a chance that you may be breached,” said Peter Toren, an attorney specializing in computer crimes at Washington D.C. law firm Weisbrod Matteis & Copley. Toren was also a federal prosecutor for eight years, in the Justice Department’s computer crimes division.

How a company reacts to that breach can make a big difference.

Both Target’s CEO and CIO lost their jobs this spring as a result of the problems the company had in dealing with the consequences of its $40 million payment card accounts breach late last year.

“It came out in drips,” said Toren. “It was the death of a thousand cuts.”

Companies need to be prepared to deal with a breach transparently and promptly – and preparations have to start long before a breach ever happens.

“They need to have a plan in place and work with a public relations firm beforehand,” he said. “Not just bring one in after the horse is out of the barn.”

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 850 million monthly transactions and protects more than 210 million active user accounts across 3,000 customers and 15,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

The IRS Might Just Have Your Number…

Posted on November 7th, 2014 by Dan Rampe

IRS

…But Won’t Give It to You. Internal Revenue Service Not Providing PINs to All Taxpayers Who’ve Been ID Theft Victims.

The Treasury Inspector General for Tax Administration (TIGTA) issued a report saying the IRS is not providing personal identity numbers to all eligible taxpayers who have been victims of tax-related identity theft.

First issued in 2011, the Identity Protection Personal Identification Numbers (IP PINs) allowed the IRS to quickly process returns to prevent the misuse of taxpayers’ Social Security Numbers on fraudulent tax returns. While the program has been expanded, the IRS has still not provided enough PINs to meet the demand. In his article on accountingtoday.com, Michael Cohn reports on the TIGTA report and details how and whether the IRS will make changes to ensure all taxpayers are covered. The following has been excerpted from Cohn’s piece and edited to fit our format. You may find his complete article by clicking on this link.

Hundreds of thousands of taxpayers out of luck

[The] IRS did not provide an IP PIN to 532,637 taxpayers who had an identity theft indicator on their tax account indicating that the IRS resolved their case. The IRS also did not provide an IP PIN to 24,628 taxpayers who were potential victims because their personally identifiable information had been lost, breached or stolen by or from the IRS. In addition, IRS programming errors resulted in 32,274 taxpayers not receiving an IP PIN on a timely basis and the issuance of 13,220 IP PIN notices to deceased taxpayers.

How’s this supposed to work?

TIGTA also found that the IP PIN notices issued to 759,446 taxpayers for processing year 2013 did not provide taxpayers adequate instructions on the use of the number and its importance on a tax return.

The program continues to expand

TIGTA found that the IRS issued 1.2 million IP PINs to taxpayers to use in filing tax returns in 2014, up from 770,000 in 2013. In addition, taxpayers who used their IP PIN to file their tax returns claiming a refund in processing year 2013 had their returns processed in a time frame similar to the general population of return filers claiming a refund.

TIGTA recommendations

[TIGTA recommended that the] IRS should…revise its IP PIN issuance criteria to make eligible those taxpayers who have had their Personally Identifiable Information lost, breached, disclosed, or stolen and have authenticated themselves…. The report also recommended that the IRS ensure that the finalized IP PIN criteria are provided to the Applications Development function before each filing season; ensure that IP PIN criteria are accurately programmed; and revise the IP PIN issuance notice to explain the effect on processing a recipient’s tax return and refund when the number is not included on the filed tax return.

Are concerns adequately addressed?

The IRS indicated that individuals whose personally identifiable information was compromised are eligible to receive an IP PIN. However, the IRS’s Web site for its online IP PIN application still has not been updated to inform these individuals of this option….

Less than one percent victimized a second time

“The use of the IP PIN by taxpayers has been a major success, and as is noted in the audit report, protects taxpayers from being victims of identity theft while allowing their tax return to be processed in a time period similar to returns submitted without an IP PIN,” wrote Debra Holland, commissioner of the IRS’s Wage and Investment Division, in response to the report. “Our records indicate that less than one percent of taxpayers issued an IP PIN are a victim of identity theft again.”

Strict parameters for issuing PINs

The pin number is part of a larger strategic effort by the IRS to combat identity theft impacting the tax administration. [The IRS applies] a strict set of parameters to accounts that are determined eligible for a pin number, resulting in an extremely low recurrence of identity theft. For the 2013 filing season, [the IRS] enhanced…programming to increase efficiency and expanded the pin program to more than 770,000 taxpayers. For the 2014 filing season, [it] issued over 1.2 million pin numbers.

Why 530,000 taxpayers were not “PINned”

[The IRS said the] 530,000 taxpayers [who] did not receive IP PINS… were taxpayers identified by the IRS as having potentially suspicious activity on their accounts, rather than taxpayers [who] self-reported to the IRS….The IRS recognized these accounts as possibly being victimized and notified the taxpayers of [its] concerns.

However, [the agency] set very strict parameters to…accounts before an IP PIN [could be] issued in order to protect the integrity of the system. In this coming year, taxpayers identified by the IRS as having possible suspicious activity on their accounts will receive a letter inviting them to take part in [the] IP PIN program through an e-authentication process on [the IRS] website.

Pilot program notifying taxpayers

Beginning in January 2014, the IRS began a pilot program that allowed some taxpayers to voluntarily receive a pin number via an online application. Next year, [the agency plans] on mailing notices to let taxpayers know that they may be eligible for a pin number.

The IRS also pointed to the impact of budget cuts on its ability to help taxpayers with these problems….Since 2010, the IRS budget has been reduced nearly $850 million. At the same time, [the IRS has] 13,000 fewer employees today than [it] did in 2010.

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 850 million monthly transactions and protects more than 210 million active user accounts across 3,000 customers and 15,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

 

 

 

 

Speakers in Place for Sold-Out ThreatMetrix Cybercrime Prevention Summit 2014

Posted on November 6th, 2014 by Dan Rampe

Summit-Header

With Theme of “Building Trust on the Internet,” ThreatMetrix Kicks Off Fourth Annual Summit of Industry Leaders

The largest event of its kind with more than 250 cybersecurity experts from around the world, ThreatMetrix’s Fourth Annual Cybercrime Prevention Summit 2014 currently runs through November 7th at La Quinta Resort and Club in Palm Springs, California.

Building Trust

To meet this ever-growing threat, the Summit will focus on building trust on the Internet for businesses and consumers through a collective, network approach to cybersecurity. ThreatMetrix’s Global Trust Intelligence Network, the world’s largest trusted identity network, enables such an approach by sharing anonymized threat intelligence from 850 million monthly transactions across more than 3,000 customers.

Bert Rankin, ThreatMetrix CMO

“This year’s summit comes on the heels of October’s National Cyber Security Awareness Month, which focused on increasing online safety through the shared responsibility of businesses, government entities and consumers,” said Bert Rankin, chief marketing officer, ThreatMetrix. “No business can stand alone in the fight against cybercriminals and global shared intelligence is a necessity to combat today’s sophisticated fraudsters. The summit comes at an ideal time for experts and peers to come together and discuss best practices for a collective approach cybersecurity. We’ve gathered some of the industry’s brightest minds for this event and can’t wait to get the conversation started.”

Prominent speakers. Top companies.

Speakers include the best and brightest cybersecurity minds from around the globe:

  • Matthew Durdel, risk manager, Walmart.com payments and risk, manager, Walmart
  • Byron Acohido, Pulitzer Prize-winning journalist and editor-in-chief, ThirdCertainty
  • Julie Conroy, research director, Aite Group
  • Scott Boding, senior director of fraud solutions product management, CyberSource
  • Garrett Goff, manager of global payments analytics and fraud, Netflix, Inc.
  • Michael Braatz, senior vice president of payments risk management, ACI Worldwide
  • Mark Nelsen, vice president risk products and business intelligence, Visa
  • Kelly White, vice president and information security manager, Zions Bancorporation
  • Shiva Nathan, director of platform and services, Intuit
  • John Green, director of fraud, eBay
  • Reed Taussig, CEO, ThreatMetrix
  • Alisdair Faulkner, chief products officer, ThreatMetrix
  • Andreas Baumhof, chief technology officer, ThreatMetrix

Meet professionals. Share experiences.

The conference puts together these and other industry experts, technologists and fraud prevention and cybersecurity professionals across a wide range of verticals providing attendees the opportunity to make direct, meaningful connections through various activities, ranging from speaking sessions to golfing and hiking activities.

Bert Rankin adds

“The cybersecurity landscape is changing rapidly, and businesses need to consider a new, strategic approach to keep themselves and their customers safe,” said Rankin. “Summit attendees will hear new strategies from innovative speakers and have the opportunity to discuss their own ideas in a relaxed setting. We are confident all attendees will return with a fresh perspective on how to combat evolving cybercrime threats.”

Panels of experts discuss topics that include:

  • What’s Next: Staying Ahead of Cybercrime
  • Building Alliances to Make Cybersecurity a Shared Responsibility
  • Advancing Consumer Authentication
  • The Quest to be One Step Ahead: Emerging Options for Authentication
  • Fraud Fighting Techniques from the World’s Largest Retailer
  • Layered Security and the Evolving Account Takeover Threat
  • Preventing and Detecting Fraud in a Massive Global Marketplace
  • Information Security as Counterinsurgency

To learn more, please visit http://www.cybercrimepreventionsummit.com/.

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 850 million monthly transactions and protects more than 210 million active user accounts across 3,000 customers and 15,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

 

ThreatMetrix Announces Speaker Lineup for the ThreatMetrix Cybercrime Prevention Summit 2014: “Building Trust on the Internet”

Posted on November 6th, 2014 by Dan Rampe

Summit-Header

Fourth Annual Summit Brings Together Industry Leaders to Discuss Future Cybercrime Prevention Strategies

San Jose, CA – November 6, 2014 – ThreatMetrix®, the fastest-growing provider of context-based security and advanced fraud prevention solutions, today announced the speaker lineup for the ThreatMetrix® Cybercrime Prevention Summit 2014, themed “Building Trust on the Internet.” The fourth annual summit is currently being held at the La Quinta Resort and Club, Palm Springs, Calif. and runs through November 7.

The 2014 ThreatMetrix Cybercrime Prevention Summit is the largest of its kind, selling out this year’s event with more than 250 cybersecurity experts from around the globe in attendance to share strategies for making the Internet safer for business.

The summit will focus on building trust on the Internet for businesses and consumers through a collective, network approach to cybersecurity. The ThreatMetrix® Global Trust Intelligence Network, the world’s largest trusted identity network, enables such an approach by sharing anonymized threat intelligence of 850 million monthly transactions across more than 3,000 customers.

“This year’s summit comes on the heels of October’s National Cyber Security Awareness Month, which focused on increasing online safety through the shared responsibility of businesses, government entities and consumers,” said Bert Rankin, chief marketing officer, ThreatMetrix. “No business can stand alone in the fight against cybercriminals and global shared intelligence is a necessity to combat today’s sophisticated fraudsters. The summit comes at an ideal time for experts and peers to come together and discuss best practices for a collective approach cybersecurity. We’ve gathered some of the industry’s brightest minds for this event and can’t wait to get the conversation started.”

The ThreatMetrix Cybercrime Prevention Summit 2014 features a multitude of prominent speakers from top U.S. companies, including:

  • Matthew Durdel, risk manager, Walmart.com payments and risk, risk manager, Walmart
  • Byron Acohido, Pulitzer Prize-winning journalist and editor-in-chief, ThirdCertainty
  • Julie Conroy, research director, Aite Group
  • Scott Boding, senior director of fraud solutions product management, CyberSource
  • Garrett Goff, manager of global payments analytics and fraud, Netflix, Inc.
  • Michael Braatz, senior vice president of payments risk management, ACI Worldwide
  • Mark Nelsen, vice president risk products and business intelligence, Visa
  • Kelly White, vice president and information security manager, Zions Bancorporation
  • Shiva Nathan, director of platform and services, Intuit
  • John Green, director of fraud, eBay
  • Reed Taussig, CEO, ThreatMetrix
  • Alisdair Faulkner, chief products officer, ThreatMetrix
  • Andreas Baumhof, chief technology officer, ThreatMetrix

The conference will connect these and other industry experts, technologists and fraud prevention and cybersecurity practitioners across a wide range of verticals in the scenic desert setting of Palm Springs. The summit offers attendees the chance to make direct, meaningful connections through various activities, ranging from speaking sessions to golfing and hiking activities.

“The cybersecurity landscape is changing rapidly, and businesses need to consider a new, strategic approach to keep themselves and their customers safe,” said Rankin. “Summit attendees will hear new strategies from innovative speakers and have the opportunity to discuss their own ideas in a relaxed setting. We are confident all attendees will return with a fresh perspective on how to combat evolving cybercrime threats.”

The ThreatMetrix Cybercrime Prevention Summit 2014 features extensive speaking sessions with expert panels, including:

  • What’s Next: Staying Ahead of Cybercrime
  • Building Alliances to Make Cybersecurity a Shared Responsibility
  • Advancing Consumer Authentication
  • The Quest to be One Step Ahead: Emerging Options for Authentication
  • Fraud Fighting Techniques from the World’s Largest Retailer
  • Layered Security and the Evolving Account Takeover Threat
  • Preventing and Detecting Fraud in a Massive Global Marketplace
  • Information Security as Counterinsurgency

To learn more, please visit http://www.cybercrimepreventionsummit.com/.

ThreatMetrix Resources

About ThreatMetrix

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 850 million monthly transactions and protects more than 210 million active user accounts across 3,000 customers and 15,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

© 2014 ThreatMetrix. All rights reserved. ThreatMetrix, TrustDefender ID, TrustDefender Cloud, TrustDefender Mobile, TrustDefender Client, the TrustDefender Cybercrime Protection Platform, ThreatMetrix Labs, and the ThreatMetrix logo are trademarks or registered trademarks of ThreatMetrix in the United States and other countries. All other brand, service or product names are trademarks or registered trademarks of their respective companies or owners.

Media Contacts

Dan Rampe
ThreatMetrix
Tel: 408-200-5716
Email: drampe@threatmetrix.com

Beth Kempton
Walker Sands Communications
Tel: 312.241.1178
Email: beth.kempton@walkersands.com

 

 

Fall 2014 Release Incorporates New Data Sources to Enrich ThreatMetrix Context-Based Authentication

Posted on November 5th, 2014 by Dan Rampe

Fall Release

Customers Can Integrate Information from Any Source to Enhance the ThreatMetrix Global Trust Intelligence Network’s Real-Time Analysis

ThreatMetrix’s Fall 2014 Release offers a whole host of new and improved features. Now customers can privately store and analyze organizational-supplied data to determine trust and risk levels and other attributes specific to their businesses. And, through its partnership with Webroot, a leader in cloud-based, real-time Internet threat detection, ThreatMetrix provides new capabilities for analyzing and determining risk factors for applications running on Android-based devices.

Enhancing and advancing ThreatMetrix’s context-based security and fraud prevention solutions, the Fall 2014 Release has:

  • Persona DB – Enabling organizations to privately store user or customer-identifying attributes, characteristics, and behaviors. Any data relevant to authorizing visitor access may be stored. This includes information such as normal usage locations, mobile phone numbers for step-up authentication, compromised IP or email addresses, banned country lists for compliance and countless other data elements. Persona DB lets ThreatMetrix customers perform a customizable, comprehensive user, device, and behavior analysis for each access or transaction attempt in real time.

“The new Persona DB enables ThreatMetrix customers to provide their own data sources to improve their ability to distinguish between trusted users and fraudulent activity,” said Ken Jochims, director of product marketing at ThreatMetrix. “For example, banks and financial institutions can include banned country lists to ensure they are compliant with governmental trade restrictions. In addition to blocking suspicious activity, Persona DB data can also be used to enhance good customer access by identifying trusted high-value customers through frequent flier status data, streamlining access or by applying other specialized actions.”

  • Mobile Application Analysis – Security risks inherent in mobile devices are more prevalent than ever, as 42 percent of Android applications have been classified as malicious, unwanted or suspicious. The Fall 2014 Release provides an integrity check of the mobile application it’s protecting to ensure it has not been compromised or contains malware. To detect the presence of malicious or unwanted apps it also scans all installed mobile applications to verify their reputation through The Network via integration with the Webroot BrightCloud Mobile App Reputation Service. These new data collection and analysis features, together with existing mobile detection and analysis capabilities, such as root detection, deliver a complete security-risk profile of each user’s device.

“We’re excited to partner with ThreatMetrix to extend our market-leading mobile classification services to determine trust levels for Android applications,” said Scott Merkle, vice president of enterprise and OEM sales at Webroot. “Together, we can empower organizations to identify threats lurking in mobile applications while maintaining compliance by protecting access and transactions for a multitude of mobile devices.”

“As cybercriminals continue to advance their capabilities, ThreatMetrix will ensure it is providing customers with the most in-depth data available for analysis,” said Jochims. “Together, Persona DB and Mobile Application Analysis enrich and expand the data available to The Network. These capabilities enable businesses to identify cybercriminals in real time while creating enhanced experiences for trusted customers or users.”

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 850 million monthly transactions and protects more than 210 million active user accounts across 3,000 customers and 15,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

 

ThreatMetrix Incorporates New Data Sources to Enrich Context-Based Authentication Solutions

Posted on November 4th, 2014 by Dan Rampe

Fall Release

Additions to the ThreatMetrix Global Trust Intelligence Network Enable Real-Time Analysis of Customer Provided Data and Android Application Data

San Jose, CA – November 4, 2014 – ThreatMetrix®, the fastest-growing provider of context-based security and advanced fraud prevention solutions, today announced the availability of the ThreatMetrix Fall 2014 Release. This latest release delivers improvements in how ThreatMetrix customers can integrate information from any source to enhance the depth and breadth of data available for real-time analysis by the ThreatMetrix® Global Trust Intelligence Network (The Network). The Fall 2014 Release also includes new capabilities to analyze and determine risk factors associated with applications running on Android-based devices.

This release provides ThreatMetrix customers with the ability to privately store and analyze organizational-supplied data relevant to determining trust and risk levels or other attributes specific to their business. Additionally, the Fall 2014 Release delivers mobile risk and trust analysis improvements to better determine the trustworthiness of applications running on Android devices through a partnership with Webroot, the market leader in cloud-based, real-time Internet threat detection.

The Fall 2014 Release enhances ThreatMetrix’s context-based security and advanced fraud prevention solutions through:

  • Persona DB – This new capability enables organizations to privately store user or customer-identifying attributes, characteristics, and behaviors. Any data relevant to authorizing visitor access can be stored, including information such as normal usage locations, mobile phone numbers for step-up authentication, compromised IP or email addresses, banned country lists for compliance and countless other data elements. This feature enables ThreatMetrix customers to perform a customizable, comprehensive user, device, and behavior analysis for each access or transaction attempt in real time.

“The new Persona DB enables ThreatMetrix customers to provide their own data sources to improve their ability to distinguish between trusted users and fraudulent activity,” said Ken Jochims, director of product marketing at ThreatMetrix. “For example, banks and financial institutions can include banned country lists to ensure they are compliant with governmental trade restrictions. In addition to blocking suspicious activity, Persona DB data can also be used to enhance good customer access by identifying trusted high-value customers through frequent flier status data, streamlining access or by applying other specialized actions.”

  • Mobile Application Analysis – Security risks inherent in mobile devices are more prevalent than ever, as 42 percent of Android applications have been classified as malicious, unwanted or suspicious. This new capability provides an integrity check of the mobile application it’s protecting to ensure it has not been compromised or contains malware. It also scans all installed mobile applications to verify their reputation though The Network via integration with the Webroot BrightCloud® Mobile App Reputation Service to detect the presence of malicious or unwanted apps in order to reduce the risk of personal information theft. These new data collection and analysis features, together with existing mobile detection and analysis capabilities, such as root detection, deliver a complete security risk profile of each user’s device.

“We’re excited to partner with ThreatMetrix to extend our market-leading mobile classification services to determine trust levels for Android applications,” said Scott Merkle, vice president of enterprise and OEM sales at Webroot. “Together, we can empower organizations to identify threats lurking in mobile applications while maintaining compliance by protecting access and transactions for a multitude of mobile devices.”

“As cybercriminals continue to advance their capabilities, ThreatMetrix will ensure it is providing customers with the most in-depth data available for analysis,” said Jochims. “Together, Persona DB and Mobile Application Analysis enrich and expand the data available to The Network. These capabilities enable businesses to identify cybercriminals in real time while creating enhanced experiences for trusted customers or users.”

ThreatMetrix Resources

About Webroot

Webroot is the market leader in cloud-based, real-time internet threat detection for consumers, businesses and enterprises. We have revolutionized internet security to protect all the ways users connect online. Webroot delivers real-time advanced internet threat protection to customers through its BrightCloud® security intelligence platform, and its SecureAnywhere™ suite of cloud-based security products for endpoints, mobile devices and corporate networks. Over 7 million consumers, 1.5 million business users and 1.3 million mobile users are protected by Webroot. Market-leading security companies, including Cisco, F5 Networks, GateProtect, HP, Microsoft, Palo Alto Networks, Proofpoint, RSA and others choose Webroot to provide advanced Internet threat protection for their products and services. Founded in 1997 and headquartered in Colorado, Webroot is the largest privately held internet Security Company in the United States – operating globally across North America, Europe and the Asia Pacific region. For more information on our products and services, visit www.webroot.com.

About ThreatMetrix

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 850 million monthly transactions and protects more than 210 million active user accounts across 3,000 customers and 15,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

© 2014 ThreatMetrix. All rights reserved. ThreatMetrix, TrustDefender ID, TrustDefender Cloud, TrustDefender Mobile, TrustDefender Client, the TrustDefender Cybercrime Protection Platform, ThreatMetrix Labs, and the ThreatMetrix logo are trademarks or registered trademarks of ThreatMetrix in the United States and other countries. All other brand, service or product names are trademarks or registered trademarks of their respective companies or owners.

Media Contacts

Dan Rampe
ThreatMetrix
Tel: 408-200-5716
Email: drampe@threatmetrix.com

Beth Kempton
Walker Sands Communications
Tel: 312.241.1178
Email: beth.kempton@walkersands.com

 

 

Is Security in a CMO’s Job Description?

Posted on October 31st, 2014 by Dan Rampe

CMO

Director of Information Security Forum Says Chief Marketing Officer Should Have Major Role in Security along with CIO, CEO and Board

The Information Security Forum describes itself as a not-for-profit organization that supplies “authoritative opinion and guidance on all aspects of information security.” In a piece on adage.com, Steve Durbin, managing director of ISF, offers his opinion on a CMO’s role in security and when there is a breakdown in security, i.e., a breach. The following has been excerpted from his story and edited to fit our format. You may find the full article by clicking on this link.

Better communication

CMOs are key drivers of digital-based growth for most organizations, yet many are not accustomed to working with the CIO and certainly not in the habit of collaborating with the security department. So how can the CMO improve in these areas? It starts with increased communication with the CEO, CIO and the board.

Culture of security

One of the most important defenses any company has against cyberthreats is a widespread and deeply rooted culture of security, shared by all employees, that is bolstered by exemplary leadership, regular training, strong policies and enforcement.

If there’s a breach

The most evolved enterprises know that a solid security posture includes careful incident response planning. CMOs … should map out a detailed strategy for how brand, customer, and product concerns will be addressed….

Learning from the past

There are many lessons to be learned from recent high-profile breaches; financial and reputational damage will be amplified or mitigated, depending on the effectiveness of the response. A thorough and data-driven exploration of post-breach scenarios will help convince resistant CEOs and boards of the importance of CMO involvement in security and incident response planning.

Dealing with a data breach

In the wake of a headline-grabbing data breach…[many say] a CMO should [pull] back planned traditional ads and [let] outreach about the breach speak for the brand for a bit. This would be followed by new ads that address the breach and try to pivot the brand forward…..

[The] CMO [should] review any planned publicity or external communication in the wake of a breach and be intimately involved in how the brand is managed…. The follow-up steps are then to provide information about how the breach is being handled, how it has been managed and how the company has dealt with the issue. It is all about creating transparency and being seen to be communicating in an ethical and trustworthy manner — rather than using it as either a PR opportunity or attempting to pull the wool over people’s eyes, nor pulling down a veil of silence.

Be prepared

The time is right for CMOs to step up to the plate and work with the CEO and board of directors to ensure that their organizations are better prepared and engaged to deal with these challenges. By rising to the marketing and security challenges inherent to the digital enterprise, CMOs can successfully raise their profile in the C-suite and increase their level of engagement across the organization — two of the main objectives of many ambitious CMOs.

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 850 million monthly transactions and protects more than 210 million active user accounts across 3,000 customers and 15,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

 

 

 

 

The EMV Cards That Never Were

Posted on October 29th, 2014 by Dan Rampe

EMV

U.S. Banks Received Tens of Thousands of Dollars Charged on EMV Cards — Despite Not Having Sent Customers Chip-Enabled Cards!

During World War II, British intelligence used a real dead body to create a fictitious Royal Marine Major William Martin. The body was dropped in the sea by a submarine and washed ashore on a Spanish beach where it was hoped it would fall into the hands of German intelligence. Attached to the body was a briefcase containing letters falsely stating that an Allied attack would be launched against Sardinia and Greece rather than Sicily, where the invasion took place.

Operation Mincemeat, the macabre name given to the highly successful ruse which may have saved thousands of Allied lives, was turned into a book and movie titled, The Man Who Never Was. Now, Brian Krebs on his blog, KrebsonSecurity.com, relates the story of the EMV Cards that never were and the very real fraudulent credit and debit card transactions that could cost financial institutions in the USA and Canada tens of thousands of dollars. The following has been excerpted from Krebs blog and edited to fit our format. You may find the complete, unedited article by clicking on this link.

Card data compromised as part of Home Depot breach

[At] least three U.S. financial institutions reported receiving tens of thousands of dollars in fraudulent credit and debit card transactions coming from Brazil and hitting card accounts stolen in recent retail heists, principally cards compromised as part of the breach at Home Depot.

[All the charges were] submitted through Visa and MasterCard‘s networks as chip-enabled transactions, even though the banks that issued the cards [hadn’t] begun sending customers chip-enabled cards.

Charges difficult to dispute

Banks usually end up eating the cost of fraud from unauthorized transactions when scammers counterfeit and use stolen credit cards. Even so, a bank may be able to recover some of that loss through dispute mechanisms set up by Visa and MasterCard, as long as the bank can show that the fraud was the result of a breach at a specific merchant (in this case Home Depot).

However, banks are responsible for all of the fraud costs that occur from any fraudulent use of their customers’ chip-enabled credit/debit cards — even fraudulent charges disguised as these pseudo-chip transactions.

Replay attacks

According to [one bank Krebs spoke with], MasterCard officials explained that the thieves were probably in control of a payment terminal and had the ability to manipulate data fields for transactions put through that terminal. After capturing traffic from a real EMV-based chip card transaction, the thieves could insert stolen card data into the transaction stream, while modifying the merchant and acquirer bank account on the fly.

Bad EMV implementation at Canadian bank

Avivah Litan, a fraud analyst with Gartner Inc., said banks in Canada saw the same EMV-spoofing attacks emanating from Brazil several months ago. One of the banks there suffered a fairly large loss, she said, because the bank wasn’t checking the cryptograms or counters on the EMV transactions.

“The [Canadian] bank in this case would take any old cryptogram and they weren’t checking that one-time code because they didn’t have it implemented correctly,” Litan said. “If they saw an EMV transaction and didn’t see the code, they would just authorize the transaction.”

Litan said the fraudsters likely knew that the Canadian bank wasn’t checking the cryptogram and that it wasn’t looking for the dynamic counter code.

It appears with these attacks that the crooks aren’t breaking the EMV protocol, but taking advantage of bad implementations of it.

Cybercriminals kept doubling down

[It] appears that the largest share of those phony transactions were put through using a payment system called Payleven, a mobile payment service popular in Europe and Brazil that is similar in operation to Square. Most of the transactions were for escalating amounts — nearly doubling with each transaction — indicating the fraudsters were putting through debit charges to see how much money they could drain from the compromised accounts.

Important to set up EMV properly

[Litan observes] “A lot of banks will loosen other fraud controls right away, even before they verify that they’ve got EMV implemented correctly. They won’t expect the point-of-sale codes to be manipulated by fraudsters.

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 850 million monthly transactions and protects more than 210 million active user accounts across 3,000 customers and 15,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.