ThreatMetrix Predicts Mobile Will Represent More Than Half of Transactions in 2015 and Cybercrime Threats Will Continue to Evolve

Posted on December 18th, 2014 by Dan Rampe

2015-header

ThreatMetrix Outlines Cybercrime Predictions for the New Year to Help Companies Protect Against Growing Threats

San Jose, CA – December 18, 2014 – ThreatMetrix®, the fastest-growing provider of context-based security and advanced fraud prevention solutions, today announced its cybercrime predictions for the New Year. From the good, such as increased information sharing, to the bad including the difficulties protecting the Internet of Things (IoT), and the ugly – data breaches in 2015 will be larger and more sophisticated than ever before – ThreatMetrix predicts the coming year will see cybercrime evolving in new ways.

The breadth and depth of the data breaches seen by the world in 2014 was shocking – spanning major banks, e-commerce giants, healthcare giants, casinos and others, exposing hundreds of millions of usernames, passwords and credit card details. The coming year will be no different, and businesses and consumers need to be prepared for continued changes in the cybercrime landscape.

To help businesses avoid falling victim to 2015 data breaches and other attacks and to educate consumers about growing cybercrime threats, ThreatMetrix has outlined several predictions for the New Year:

Mobile Will Represent More Than Half of Transactions During the 2015 Holiday Season

During this year’s Cyber Week, from Thanksgiving Day through Cyber Monday, mobile accounted for 39 percent of all transactions across the ThreatMetrix Global Trust Intelligence Network (The Network). By next year, ThreatMetrix predicts this number will surpass 50 percent. Additionally, as retailers make the looming switch to Europay-Mastercard-Visa (EMV) payments systems by the October 2015 deadline, those systems also accept mobile capabilities such as Apple Pay, which will also contribute to increased mobile payments.

“Consumers are far more comfortable shopping on mobile devices than they were even a year ago, and that trust is going to continue to grow,” said Alisdair Faulkner, chief products officer at ThreatMetrix. “Unfortunately, many businesses face difficulties determining the authenticity of mobile transactions through hidden cookies and geo-location data. Leveraging a global network of trust intelligence enables businesses to differentiate between previously authenticated users and potential fraudsters and will be the best way to protect sensitive information and customers against cybercrime in 2015.”

Information Sharing Will Continue to Rise

While cybercrime threats will grow in sophistication during the coming year, information sharing about those threats within and across industries will also grow to combat those cybercriminals. For example, the financial services industry is already paving the way for growth of information sharing with the Financial Services Information Sharing and Analysis Center (FS-ISAC), and retailers are beginning to see the benefits of information sharing, establishing their own group this past year. The Network, which analyzes more than 850 million monthly transactions across 3,000 customers, also provides a shared view of cybercriminals’ activity, enabling companies within The Network to protect their business by accurately identifying fraudsters, as well as good customers.

“Businesses in many industries are seeing the benefit of information sharing, and that will continue to increase in the coming year,” said Andreas Baumhof, chief technology officer at ThreatMetrix. “Unfortunately, while information sharing is common practice in some industries, businesses in other industries, such as retail, are often wary of sharing too much information with competitors. However, with today’s highly organized cybercriminals, it takes a network to fight a network. The balance is between businesses sharing good data, not just big data, and maintaining a certain level of trust to stay competitive with one another.”

Cybercriminals Will Identify New Opportunities to Compromise Personal Information

In 2014, there were many high profile data breaches that were deemed “unprecedented.” Hundreds of millions of user accounts have been compromised, including the Home Depot breach and the Russian cybercrime ring exposing 1.2 billion passwords. Most recently, the Sony breach has been a sign of cybercriminals shifting their focus to cyber sabotage. In 2015, there will be more unprecedented attacks as cybercriminals continue to become more sophisticated.

“There is no end in sight,” said Reed Taussig, president and CEO at ThreatMetrix. “Last year, ThreatMetrix predicted the password apocalypse for 2014 – and the number of major data breaches over the past year targeting user login information shows that prediction was true. There are endless opportunities for hackers to steal personal information, and that’s not going to stop in the coming year – it’s going to get worse. I would venture to guess that in 2015, one of the world’s major stock exchanges may very well be compromised, which has the potential to result in severe economic damage on a global basis.”

The Internet of Things Will Continue to Be a Security Nightmare

One of the first major hacks to the Internet of Things came in early. It can be near impossible to know when one of the many connected devices used day-to-day is compromised – from smart phones to washing machines and refrigerators – and as more devices are added to the Internet of Things in the next year, protecting these devices will become even more difficult.

“We can’t even protect our most critical assets, so how can we be expected to protect a smart fridge?,” said Baumhof. “One of the biggest problems is that many of these tools have a long lifespan and current security systems rely heavily on the ability to patch systems on a regular basis. For most of the devices within the Internet of Things, that practice is not implemented, nor feasible.”

Health Systems Will Become a Major Target for Cybercriminals

This year, U.S. healthcare spending hit $3.8 trillion. Unfortunately, almost one-third of that is wasted to fraud. As more money is dedicated to the healthcare market, cybercriminals will follow the trail to cash in on the market.

“In major data breaches, cybercriminals target credit cards and login credentials, but there are other sources where money is flowing, and it’s only a matter of time before cybercriminals ramp up their attention toward those industries,” said Faulkner. “In the New Year, insurance, healthcare and pharmacies will be new focuses for fraudsters. As healthcare information makes the shift electronically via the Health Insurance Portability and Accountability Act (HIPAA), fraudsters will find ways through its security holes to commit healthcare fraud and steal personal information.”

ThreatMetrix enables businesses across a wide range of industries – including e-commerce, enterprise and financial services – to securely share information about devices and personas connecting to their sites without sharing any personally identifiable information about customers or visitors. The approach ThreatMetrix takes through anonymizing and encrypting information in The Network offers a model for cybersecurity collaboration that will be essential for companies to protect their businesses in 2015 and beyond.

ThreatMetrix Resources

About ThreatMetrix

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 850 million monthly transactions and protects more than 210 million active user accounts across 3,000 customers and 15,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

© 2014 ThreatMetrix. All rights reserved. ThreatMetrix, TrustDefender ID, TrustDefender Cloud, TrustDefender Mobile, TrustDefender Client, the TrustDefender Cybercrime Protection Platform, ThreatMetrix Labs, and the ThreatMetrix logo are trademarks or registered trademarks of ThreatMetrix in the United States and other countries. All other brand, service or product names are trademarks or registered trademarks of their respective companies or owners.

Media Contacts

Dan Rampe
ThreatMetrix
Tel: 408-200-5716
Email: drampe@threatmetrix.com

Beth Kempton
Walker Sands Communications
Tel: 312-241-1178
Email: beth.kempton@walkersands.com

ThreatMetrix: New Year Will See More Than Half of Transactions on Mobile and Evolving Cyberthreats

Posted on December 17th, 2014 by Dan Rampe

2015-header

ThreatMetrix Predicts Better Info Sharing, Major Internet of Things Security Issues and Bigger, Even More Sophisticated Data Breaches.

While 2015 looks to have more and better information sharing, the difficulty of protecting the Internet of Things (IoT) and the data breaches that plagued major banks, e-commerce giants, healthcare giants, casinos and others in 2014 will continue to grow. They can be expected to increase in sophistication and exposing hundreds of millions more usernames, passwords and credit card details.

So that businesses may be better prepared to meet the challenges and changes in the upcoming year, ThreatMetrix® offers these observations:

Mobile will represent more than half of transactions during the 2015 holiday season

During this year’s Cyber Week, from Thanksgiving Day through Cyber Monday, mobile accounted for 39 percent of all transactions across the ThreatMetrix® Global Trust Intelligence Network (The Network). By next year, ThreatMetrix predicts this number will surpass 50 percent.

Because of the October 2015 EMV deadline, retailers will be making the switch to the Europay-MasterCard-Visa (EMV) payments system. Likely the same retailers will also accept mobile payments such as Apple Pay. These two events will contribute to increasing consumer use of mobile payments.

“Consumers are far more comfortable shopping on mobile devices than they were even a year ago, and that trust is going to continue to grow,” said Alisdair Faulkner, chief products officer at ThreatMetrix. “Unfortunately, many businesses face difficulties determining the authenticity of mobile transactions through hidden cookies and geo-location data. Leveraging a global network of trust intelligence enables businesses to differentiate between previously authenticated users and potential fraudsters and will be the best way to protect sensitive information and customers against cybercrime in 2015.”

Information sharing will continue to rise

While cybercrime threats will grow in sophistication during the coming year, information sharing about those threats within and across industries will also grow. The financial services industry is already paving the way for growth of information sharing via the Financial Services Information Sharing and Analysis Center (FS-ISAC). Additionally, retailers are beginning to see the benefits of information sharing and have established their own group this past year. The Network, which analyzes more than 850 million monthly transactions across 3,000 customers, also provides a shared view of cybercriminals’ activity, enabling companies within The Network to protect their businesses by accurately identifying fraudsters, as well as good customers.

“Businesses in many industries are seeing the benefit of information sharing, and that will continue to increase in the coming year,” said Andreas Baumhof, chief technology officer at ThreatMetrix. “Unfortunately, while information sharing is common practice in some industries, businesses in other industries, such as retail, are often wary of sharing too much information with competitors. However, with today’s highly organized cybercriminals, it takes a network to fight a network. The balance is between businesses sharing good data, not just big data, and maintaining a certain level of trust to stay competitive with one another.”

Cybercriminals will identify new opportunities to compromise personal information

In 2014, there were many high profile data breaches that were deemed “unprecedented.” Hundreds of millions of user accounts have been compromised. The Russian cybercrime ring exposed 1.2 billion passwords in the Home Depot breach. Most recently, the Sony breach has been a sign of cybercriminals shifting their focus to cybersabotage. In 2015, there will be more unprecedented attacks as cybercriminals continue to become more sophisticated.

“There is no end in sight,” said Reed Taussig, president and CEO at ThreatMetrix. “Last year, ThreatMetrix predicted the password apocalypse for 2014 – and the number of major data breaches over the past year targeting user login information shows that prediction was true. There are endless opportunities for hackers to steal personal information, and that’s not going to stop in the coming year – it’s going to get worse. I would venture to guess that in 2015 one of the world’s major stock exchanges may very well be compromised, which has the potential to result in severe economic damage on a global basis.”

The Internet of Things will continue to be a security nightmare

One of the first major hacks to the Internet of Things came early on. It can be nearly impossible to know when one of the many connected devices that are used every day is compromised – from smart phones to washing machines and refrigerators. As more devices are added to the Internet of Things in the next year, protecting these devices will become even more difficult.

“We can’t even protect our most critical assets, so how can we be expected to protect a smart fridge?” said Baumhof. “One of the biggest problems is that many of these tools have a long lifespan and current security systems rely heavily on the ability to patch systems on a regular basis. For most of the devices within the Internet of Things, that practice is not implemented, nor feasible.”

Health systems will become a major target for cybercriminals

This year U.S. healthcare spending hit $3.8 trillion. Unfortunately, almost one-third of that is lost to fraud. As more money is dedicated to the healthcare market, cybercriminals will also be cashing in.

“In major data breaches, cybercriminals target credit cards and login credentials, but there are other sources where money is flowing, and it’s only a matter of time before cybercriminals ramp up their attention toward those industries,” said Faulkner. “In the New Year, insurance, healthcare and pharmacies will be new focuses for fraudsters. As healthcare information makes the shift electronically via the Health Insurance Portability and Accountability Act (HIPAA), fraudsters will find ways through its security holes to commit healthcare fraud and steal personal information.”

ThreatMetrix enables businesses across a wide range of industries – including e-commerce, enterprise and financial services – to securely share information about devices and personas connecting to their sites without sharing any personally identifiable information about customers or visitors. The approach ThreatMetrix takes through anonymizing and encrypting information in The Network offers a model for cybersecurity collaboration that will be essential for companies to protect their businesses in 2015 and beyond.

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 850 million monthly transactions and protects more than 210 million active user accounts across 3,000 customers and 15,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

 

More Markets, More Channels, More Payment Methods — More Fraud

Posted on December 17th, 2014 by Dan Rampe

Internet Retailers

New Study Shows 79 Percent of Online Merchants See Fraud as the Dark Cloud Hovering Over a Bright Sales Vista

Worldpay, a payment processing company that provides payment services for mail order and Internet retailers, as well as point of sale transactions, just released its Fragmentation of Fraud report. The report shows that fully half of all online merchants polled find it difficult to keep up with fraud trends with only 20 percent confident in their ability to handle those threats.

The following has been excerpted from the finextra.com article highlighting key points in the fraud report and edited to fit our format. You may find the full unedited article by clicking on this link.

More countries

International online merchants sell to an average of 14 countries, yet 70% admit they struggle to keep ahead of fraudulent activities within those different markets. With three quarters (76%) of online merchants stating that they expect international orders to make up a greater proportion of their customer orders in two years’ time, these issues are only set to intensify.

More payment methods more risk

[The] greater [the] variety of payment methods [the greater the risk of fraud]. 63% are struggling to keep ahead of fraudulent activities across different payment methods.

[For] merchants accepting [different] payment methods, [fraud concerns] are: credit cards (82%), virtual currencies (82%), e-wallets (78%) and mobile payments (75%).

Not enough resources

[Merchants] are concerned they do not have the resources to manage fraud effectively. The main barriers to being able to reduce fraudulent orders are not having a dedicated omni-channel fraud and loss prevention method (57%) and lack of time to investigate and implement methods that could better manage fraud (49%). 82% also feel that a partnership approach with a fraud expert is critical to keeping ahead of threats.

A little fraud costs a lot of money

Worldpay data shows that, on average merchants can reject up to 2.6% of transactions because of fraud. To a merchant with an annual turnover of $50 million that’s a loss of $1.3 million.

What is keeping online merchants up at night?

Merchants feel the key challenges when it comes to identifying and preventing fraud are:

  • The growth of mobile payments – 70%
  • Purchases from particular countries – 65%
  • The number of channels they use to sell – 60%
  • The number of countries operated in / sold to – 58%
  • The growth of ewallets – 54%

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 850 million monthly transactions and protects more than 210 million active user accounts across 3,000 customers and 15,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

Open Sesame

Posted on December 16th, 2014 by Dan Rampe

Alibaba

Alibaba Hacked. Millions of User and Seller Accounts Exposed.

If you’re not familiar with the folk tale Ali-Baba and the Forty Thieves, Ali-Baba, a poor woodcutter, says “Open Sesame” and the mouth of a cave where forty thieves have hidden their treasure is opened for him to take the treasure.

Evidently some hackers did their own “Open Sesame” on Alibaba, the shopping website, allowing, as Sheera Frenkel wrote on buzzfeed.com, “anyone with basic computing skills to access both private user information and the account details of thousands of suppliers who sell goods through the Chinese-owned site.”

In her piece on buzzfeed.com, Frenkel describes how Israeli security analysts discovered the breach and how information about it was kept under wraps until fixes could be put in place. The following has been excerpted from Frenkel’s piece and edited to fit our format. You may find the full article by clicking on this link.

Months for Alibaba to heed the warning

The Israeli security analysts who discovered the breach [said] that it took months for the site to respond to their report warning of a serious security lapse.

Not serious about security

“They aren’t serious about their online security. They have patched-up the problems we showed them, but there are other parts of the site that are still wide-open,” said Amitay Dan, an Israeli cyber-security analyst…“It’s obvious that they don’t take the security seriously enough. It shouldn’t take days to fix this.”

Not the only security lapse

Dan discovered the vulnerability, which would allow anyone to steal the personal information [of] AliExpress or Alibaba users without knowing their account passwords, while Barak Tawily, an application security expert…discovered a separate issue that allowed hackers to easily access the accounts of tens of thousands of merchandisers who sold through Alibaba.

“By sending the merchandiser a message with a basic script you can easily get into their account. When the merchandiser opens the message, it runs the script and the user can easily go in and control the account,” said Tawily. He said everything from company data to financial information was easily viewed. A person could easily go in, find a $1,000 item, change the price to $1 and purchase it for themselves.

Bigger doesn’t always mean safer

“Everyone makes mistakes and has lapses, but in something [as] big as Alibaba you don’t expect these kinds of easily fixed security lapses to exist,” said Tawily. “I told them almost two months ago, and it was only today that it got fixed.”

Unknown if hackers stole data

It was unclear if and when any hackers took advantage of the security lapses. Tawily and Dan said it would have been easy for hackers to trove the millions of accounts unnoticed.

Companies selling through site exposed

Dan discovered a separate flaw which exposes the companies selling through the site. The Chinese e-commerce site boasts that it has more than 300 million active users from 200 countries for its too-good-to-believe prices on bulk and wholesale goods.

[A] user could go into the section of the site that allowed them to change or edit their shipping address and contact information. At the end of the URL was a stream of numbers, indicating that individual’s specific account; by simply going up or down a few numbers, he could view the accounts of any individual who had used the site.

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 850 million monthly transactions and protects more than 210 million active user accounts across 3,000 customers and 15,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

 

 

 

 

 

 

File This Under “You Gotta Be Kidding”

Posted on December 15th, 2014 by Dan Rampe

Sony

Recently Hacked Sony’s IT Department Hid Company Passwords in a File Named…”Password.”

At first sight, hiding passwords in a file titled “Password” sounds, for want of a better description, “you’e gotta be kidding.”  To quote no less an authority than the world’s greatest consulting detective, Sherlock Holmes, on the subject of hiding something in plain sight, “It’s so overt, it’s covert.”

What Sony IT didn’t take into account was that the hackers could be so literal. When they i.e., the hackers, saw a file folder named “Password,” they assumed it contained passwords. Thereby the stupidity of the hackers defeated the brilliant security ploy by Sony IT.

In her piece on gizmodo.com (link to article), Ashley Feinberg writes, “Facebook, MySpace (an ancient form of Facebook), YouTube, and Twitter [were filed under] ‘usernames and passwords for major motion picture social accounts’ [within] a huge file called ‘Password’ [containing] even more passwords called things like ‘Facebook login password.’”

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 850 million monthly transactions and protects more than 210 million active user accounts across 3,000 customers and 15,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

 

 

 

 

How to Avoid a £225 Million Fraud Hit This Festive Period

Posted on December 12th, 2014 by Dan Rampe

Standard-Header-Tony

UK retailers usually look forward to the busy Christmas shopping period with a curious mixture of excitement and apprehension. Why? Because they know that while the coming few weeks represent their biggest opportunity of the year to drive revenue, such efforts can also be undermined by online fraudsters. What they might not be aware of, however, is that by failing to choose the right kind of tools to combat the bad guys they might be doing more to harm the bottom line than the fraudsters ever could.

Real and present danger

We all know that cyber criminals always follow the money, and when market watcher Mintel is predicting there’s going to be £4.7 billion spent this December, you can be sure they’re ready and waiting to take a cut. There are several ways to do this, of course. Many of the biggest cyber security stories this year have focused on large scale retail data breaches – where online attackers have managed to lift personal and financial information through point of sale or other systems in huge quantities.

There’s no doubt this has been very damaging, although the majority of cases have been in the U.S. as retailers there still use magstripe data, which is easier to steal and use fraudulently. It could be even more damaging for them early next year, when card data stolen over the past few months seeps onto the black market to be traded and then actively used.

However, cyber criminals are increasingly turning to account takeover fraud, using details covertly obtained from individual victims, because this has a better chance of success than using a known stolen card. Online shoppers aren’t doing themselves any favours here by failing to keep a close eye on bank and credit card accounts, and by using the same log-ins for multiple online accounts. They should be more careful online, avoiding clicking on links in unsolicited email or social media messages, and be more savvy about where they download apps from.

But that’s only half the story.

A lost opportunity

Retailers are reacting to this menace by implementing fraud prevention solutions which either present usability problems so acute as to cause shopping card abandonment, or which generate false positives which block legitimate sales. The ThreatMetrix Global Trust Intelligence Network analyses over 850 million transactions each month generated by 3,000 customers across the globe and we can see that cart abandonment due to user friction is 10 times more costly than online fraud itself.

Factoring in the potential value of retail sales this Christmas and IMRG figures on basket abandonment, we believe that UK retailers could lose up to £225 million as a result of poor investments in fraud prevention tools.

A better way

This really doesn’t need to happen. Retailers – and in fact all organisations from banks to social media sites – need to take a step back and understand what’s at stake here. By investing in intelligent, contextual fraud prevention which crunches anonymised device, identity and behavioural analytics to provide a real-time decision on whether a user is who they say they are, they can have their cake and eat it.

This is multi-layered fraud prevention that works and that is completely transparent to the user, slashing retailers’ losses from online crime and card abandonment. It could be the best early Christmas present you could give to your organisation.

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 850 million monthly transactions and protects more than 210 million active user accounts across 3,000 customers and 15,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

 

 

Banks Didn’t Stop “Tor”-rent of Account Takeovers

Posted on December 10th, 2014 by Dan Rampe

US Treasury

Treasury Says Banks Failure to Block Tor Transactions Caused Most Account Takeovers by Cyberthieves This Past Decade

Tor is the global communications net that hides users’ true online locations and makes it possible for them to maintain their anonymity. Now a new report from the U.S. Treasury Department that KrebsOnSecurity characterizes as “non-public” has been obtained by Brian Krebs.

The report was produced by the Financial Crimes Enforcement Network (FinCEN), the Treasury Department bureau charged with collecting and analyzing data about financial transactions. FinCEN’s work is aimed at combating domestic and international money laundering, the financing of terrorism and other financial crimes. The following has been excerpted from the KrebsOnSecurity article and edited to fit our format. You may find the complete, unexpurgated piece by clicking on this link.

Based on SARs reports

FinCEN said it examined some 6,048 suspicious activity reports (SARs) filed by banks between August 2001 and July 2014, searching the reports for those involving one of more than 6,000 known Tor network nodes. Investigators found 975 hits corresponding to reports totaling nearly $24 million in likely fraudulent activity.

Banks unaware of fraud

FinCEN said it was clear from the SAR filings that most financial institutions were unaware that the IP address where the suspected fraudulent activity occurred was in fact a Tor node.

Rising number of account takeovers

The government also notes that there has been a fairly recent and rapid rise in the number of SAR filings over the last year involving bank fraud tied to Tor nodes.

“From October 2007 to March 2013, filings increased by 50 percent,” the report observed. “During the most recent period — March 1, 2013 to July 11, 2014 — filings rose 100 percent.”

No-win situation

[Nicholas Weaver, a researcher at the International Computer Science Institute (ICSI) and at the University of California, Berkeley noted] the problem of high volumes of fraudulent activity coming through the Tor Network presents something of a no-win situation for any website dealing with Tor users. “If you treat Tor as hostile, you cause collateral damage to real users, while the scum use many easy workarounds.  If you treat Tor as benign, the scum come flowing through,” Weaver said. “For some sites, such as Wikipedia, there is perhaps a middle ground. But for banks? That’s another story.”

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 850 million monthly transactions and protects more than 210 million active user accounts across 3,000 customers and 15,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

Video: iTWire Talks to ThreatMetrix President and CEO, Reed Taussig, on Building Trust on the Net

Posted on December 8th, 2014 by Dan Rampe

iTWire, December 8, 2014

The “i”s Don’t Have It

Posted on December 8th, 2014 by Dan Rampe

Apple Pay

What are the Odds of an iPhone 6 User Using Apple Pay? 10 to 1 AGAINST. They Don’t “Get” the Tech or Know Which Stores Accept It

InfoScout, a shopper-research firm, tracked the behavior and opinions of 170,000 U.S. households, basing its findings on consumers who both own an iPhone 6 or 6 Plus and shopped at a retail store that accepts Apple Pay over the Thanksgiving weekend from Black Friday to Cyber Monday.

An article on thepaypers.com reports on InfoScout’s findings. The following has been excerpted from thepaypers.com piece and edited to fit our format. You may find the article in its entirety by clicking on this link.

A shade over 9 percent used Apple Pay

The report finds that just under 1 in 10 (9.1%) of the sample have ever used the service to make an NFC [Near Field Communication] payment and just under 5% made an Apple Pay purchase during the annual discount shopping bonanza.

Those that tried it liked it

The study also points out that 73% of those surveyed answered that Apple Pay had better ease of use, 67% said it had greater speed at checkout, 67% said it had better security and 67% said it offered more convenience.

Reasons for not using Apple Pay

To the question “why did only half of [consumers] use Apple Pay when given the chance on Black Friday”, the survey [reveals] that 31% answered they didn’t use Apple Pay that weekend because they didn’t know whether or not the store accepted it.

Moreover, 25% said they forgot to use it, 19% said they didn’t have their phone handy, 6% said they get rewards for using a different payment method, 6% were worried it might not work and a further 6% said it takes too long.

Many didn’t understand how the technology works

[Ninety percent] of iPhone 6 and 6 Plus users who have yet to try Apple Pay [say] the main reason for not choosing to do so was because they weren’t familiar with how it worked (32%).

Other reasons for not using Apple Pay

[Thirty percent] said they were satisfied with their current payment methods, while 19% said they were concerned about security, 11% said they hadn’t heard of Apple Pay before the survey and 5% said they tried to register a card with Apple Pay but it didn’t work.

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 850 million monthly transactions and protects more than 210 million active user accounts across 3,000 customers and 15,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

 

 

 

 

 

 

It Takes a Thief…

Posted on December 8th, 2014 by Dan Rampe

Identity theft

…to Catch a Thief. Sabrina Balkman-Bradwellaka Nellie Bell aka “Queen of ID Theft” Gets Time Off for Helping Feds

Sabrina Balkman-Bradwell made off with more than $3 million in three months using stolen identities to file fraudulent income tax returns and cash refund checks. To be precise, between January 15 and March 23, 2011, she filed false returns and received 948 income tax refund checks and electronic deposits worth more than $3,057,914. Hers, however, was a short-lived success. Balkman-Bradwell was busted and sentenced in January of last year to two-and-a-half years in federal prison. In addition, she was ordered to pay back the money she’d stolen.

Cooperating with the law

Her term was reduced when she began cooperating with federal authorities by contacting other criminals committing fraud and ID theft and helping agents build cases against them. Balkman-Bradwell provided so much assistance that prosecutors went to bat for her and asked the judge to shave time off her sentence.

Helping bust other frauds

Paula McMahon, writing on sun-sentinel.com, explained just how valuable Balkman-Bradwell has become to the government. The following has been excerpted from McMahon’s piece and edited to fit our format: You may find her full story on this link.

[Balkman-Bradwell] continuing cooperation helped prosecutors to file criminal charges against more than 15 other defendants, records show.

One of the biggest catches was Henry Dorvil, 36, of Hollywood, who ran a tax-preparation business and is now serving 4 1/2 years in federal prison. He was ordered to pay more than $2.5 million in restitution for his role in a stolen identity ring, authorities said.

Balkman-Bradwell was expected to testify against Dorvil and his former office manager, Ruth Cartwright, but both pleaded guilty to related charges before trial. Cartwright is scheduled to be sentenced next month.

Another woman, Natasha Munnings, 42…was sentenced to 8 months in prison after Balkman-Bradwell helped agents track her down and arrest her with more than $75,000 worth of fraudulent tax refund checks,12 fake driver licenses and 14 pre-paid debit cards in other people’s names.

Balkman-Bradwell is also working on another case with federal authorities in Palm Beach County and arrests are expected to be made in that case in the next few months, officials said.

“The information provided by the defendant Balkman-Bradwell has been helpful in identifying weaknesses in the system that have allowed stolen identity tax refund fraud to flourish in South Florida and elsewhere,” prosecutors wrote in their request to reduce her punishment.

The judge agreed and ordered…that Balkman-Bradwell should get an additional five months taken off her prison term — for a total sentence of two years and one month in prison.

She has already served about one year and eight months in prison and — with the standard 15 percent reduction that all well-behaved inmates qualify for — she could be released in about six weeks and would begin serving three years of probation.

Her lawyer said he didn’t want to comment outside court because he didn’t want to jeopardize any of the investigations. But in court, he told the judge that his client is continuing to cooperate all over South Florida and had earned what he called the “generous” sentence reductions. “She’s continued to be a font of information at her own personal risk.”

Balkman-Bradwell, dressed in bright blue jail scrubs, thanked the prosecutor in court for making her “believe again” and thanked her mother for “always praying for me and loving me through the shame and disgrace that I put on her name.”

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 850 million monthly transactions and protects more than 210 million active user accounts across 3,000 customers and 15,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.