Pain at the Pump – Only This Time It’s the Guys Selling the Gas

Posted on October 1st, 2014 by Dan Rampe

Gas Pump

Gas Retailers Hit by Credit/Debit Card Fraudto Get Help from Visa’s Intelligent Analytics Program

For anybody who feels gas stations getting defrauded by hackers is karmic retribution for those sudden and unexplained (and usually unexplainable) gasoline price hikes, please be advised that the ones who end up paying in the end are usually…us.

Pilot program

So Visa testing a pilot intelligent analytics program to prevent credit and debit card fraud at the pump ultimately saves everybody money — except maybe the scammers. According to a piece on darkreading.com (link to article), Visa’s solution “enables merchants to use real-time authorization risk scores to identify transactions that could involve lost, stolen or counterfeit cards [without] infrastructure upgrades or disruption of the customer experience.”

How it works

“After a cardholder inserts the card at the pump, Visa analyzes multiple data sets such as past transactions, whether the account has been involved in a data compromise, and nearly 500 other pieces of data to create a risk score. This allows merchants to identify those transactions with a higher risk of fraud and perform further cardholder authentication before gas is pumped.”

Uses existing hardware and software

Visa uses existing message fields and formats as well as pump software or hardware. Several fuel merchants who piloted the technology over the last several months noticed a decrease in fraud, without negatively impacting their consumers’ experience. In the pilot program Visa reported the test stations’ fraud rate dropped more than 20 percent.

Mike Swillo, Shell’s U.S. Credit Card Operations Manager said, “We provide fuel to millions of customers each month through approximately 15,000 service stations in the United States. When we consider new solutions and technology it has to have a clear business benefit, be customer-centric, and easy to implement. With no infrastructure investment, we are testing [Visa’s solution] as part of our proactive fraud prevention tool-set to better identify fraudulent card activity earlier in the transaction cycle, without inconveniencing our customers.”

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 850 million monthly transactions and protects more than 210 million active user accounts across 3,000 customers and 15,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

 

 

 

 

 

 

ThreatMetrix Announces its ThreatMetrix Global Trust Intelligence Network Has Reached 850 Million Monthly Transactions

Posted on September 30th, 2014 by Dan Rampe

Data-Privacy-Day-Reed

In Conjunction with National Cyber Security Awareness Month, ThreatMetrix Announces the Network’s Growth, Exemplifying this Year’s Theme of Shared Responsibility

San Jose, CA – September 30, 2014 – ThreatMetrix®, the fastest-growing provider of context-based security and advanced fraud prevention solutions, today announced the growth of the ThreatMetrix® Global Trust Intelligence Network (The Network), which has recently surpassed 850 million monthly transactions. Additionally, The Network now protects more than 210 million active user accounts across 3,000 customers and 15,000 websites. This milestone validates ThreatMetrix’s commitment to this year’s National Cyber Security Awareness Month theme, “Our Shared Responsibility.”

National Cyber Security Awareness Month (NCSAM) is a program sponsored every October by the Department of Homeland Security in cooperation with the National Cyber Security Alliance and the Multi-State Information Sharing and Analysis Center. Now in its eleventh year, NCSAM has grown to include the participation of a multitude of industry leaders — reaching consumers, small and medium-size businesses, corporations, educational institutions and young people.

The theme of NCSAM’s first week is “Promoting Online Safety with the Stop.Think.Connect.™ Campaign.” The theory behind the campaign is that each individual that participates in online activities needs to take accountability for the safety of the Internet.

“As the ThreatMetrix Network continues to grow, so does our customers’ shared view of cybercrime enabling them to protect their businesses and valued customers by accurately identifying both good and bad online users,” said Reed Taussig, CEO at ThreatMetrix. “The Internet is a fundamental part of all of our everyday lives. We all have an interest and a responsibility to make sure we keep cyber markets and services safe and trusted by consumers. National Cyber Security Awareness Month is the perfect opportunity to educate individuals and businesses on the importance of collaborating for a more secure Internet.”

While businesses must do their part to collaborate on cybercrime prevention by leveraging a collective repository of data such as The Network, the federal government is also doing its part to encourage global information sharing. President Obama’s Executive Order 13636 stresses federal accountability for sharing information with the private sector to protect critical infrastructure such as power plants, communication networks and transportation networks.

Many individuals believe the websites they use are doing their part to protect their privacy while keeping those sites secure. However, for that to happen, businesses need to share a certain amount of customer data across business boundaries. Unfortunately, while information sharing for security purposes in some industries such as financial services is common practice, in industries like retail, businesses are wary of sharing customer information with competitors and others. To effectively collaborate, there needs to be a certain level of trust between businesses and competitors as well as businesses and their customers.

“At ThreatMetrix, we’re aiming to solve the dilemma of building trust on the Internet through information sharing when many businesses are reluctant to do so,” said Taussig. “Through The Network, businesses can securely share information about devices and personas connecting to their sites, without sharing any personally-identifiable information about customers or visitors. ThreatMetrix anonymizes and encrypts information in The Network, so personal identities are never revealed to other organizations.”

The approach ThreatMetrix is taking offers a model for cybersecurity collaboration in all industries. Through anonymization and collaboration, businesses remove the risk of exposing their customers’ sensitive information while protecting this information from cybercriminals.

In addition to the overall theme of “cybersecurity is a shared responsibility,” the U.S. Department of Homeland Security has outlined weekly themes to commemorate National Cyber Security Awareness Month throughout October. These themes include:

  • Week One – Promoting Online Safety with the Stop. Think. Connect.™ Campaign
  • Week Two – Secure Development of IT Products
  • Week Three – Critical Infrastructure and the Internet of Things
  • Week Four – Cyber Security for Small and Medium-Sized Businesses and Entrepreneurs
  • Week Five – Cyber Crime and Law Enforcement

ThreatMetrix plans to support each week’s theme throughout the month. To commemorate National Cyber Security Awareness Month, ThreatMetrix has also signed on as a “Champion” with the National Cyber Security Alliance.

ThreatMetrix Resources

About ThreatMetrix

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 850 million monthly transactions and protects more than 210 million active user accounts across 3,000 customers and 15,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

© 2014 ThreatMetrix. All rights reserved. ThreatMetrix, TrustDefender ID, TrustDefender Cloud, TrustDefender Mobile, TrustDefender Client, the TrustDefender Cybercrime Protection Platform, ThreatMetrix Labs, and the ThreatMetrix logo are trademarks or registered trademarks of ThreatMetrix in the United States and other countries. All other brand, service or product names are trademarks or registered trademarks of their respective companies or owners.

Media Contacts
Dan Rampe
ThreatMetrix
Tel: 408-200-5716
Email: drampe@threatmetrix.com

Beth Kempton
Walker Sands Communications
Tel: 312.241.1178
Email: beth.kempton@walkersands.com

 

ThreatMetrix Kicks off National Cyber Security Awareness Month by Announcing “The Network” Has Reached 850 Million Monthly Transactions

Posted on September 30th, 2014 by Dan Rampe

Data-Privacy-Day-Reed

To make significant progress against cybercrime, we’re all going to have to work together – individuals, businesses and government agencies alike. Security in this connected world requires collaboration, and collaboration requires trust.

Shared responsibility is the theme of this year’s National Cyber Security Awareness Month, a program sponsored every October by the Department of Homeland Security. To commemorate the start of National Cyber Security Awareness Month, we are thrilled to share that the ThreatMetrix® Global Trust Intelligence Network (The Network) has reached 850 million monthly transactions and now protects more than 210 million active user accounts across 3,000 customers and 15,000 websites.

While businesses must do their part to collaborate on cybercrime prevention by leveraging a collective repository of data such as The Network, the federal government is also doing its part to encourage global information sharing. President Obama’s Executive Order 13636 stresses federal accountability for sharing information with the private sector to protect critical infrastructure such as power plants, communication networks and transportation networks.

Why aren’t we doing more already?

Each of us needs to take accountability for what we do online – that’s the theme of the Stop.Think.Connect.™ campaign. But as individuals, we are greatly outmatched by size, volume and sophisticated of the cybercrime forces arrayed against us. We also trust that the websites we use are doing the right things to protect our privacy.

In a networked world, businesses need up-to-date, global information about online threats and identities to keep customer data secure. For that to happen, legitimate businesses must share data across business boundaries. But collaborating with your competitors, even for the public good, is a difficult idea in many industries.

In the financial services industry, information sharing for security purposes is an accepted practice. But in the retail environment, businesses are wary about sharing customer information with competitors and others. And of course they need to protect customer privacy.

Effective collaboration requires a degree of trust – and that’s the sticking point.

It all comes down to trust

Doing business online requires a level of trust.

  • Customers trust that businesses will protect their information and use it responsibly.
  • Businesses must trust that customers are legitimate.

Cybercrime eats away at this trust. And, sadly, lack of trust has been the Achilles’ heel of industry collaboration.

Building trust through anonymization and collaboration

Without a broad global context for the people, devices and personas creating accounts, making transactions, or logging into sensitive systems in your network, you cannot trust they are who they claim to be. To get that context, businesses have to share information with many other sites around the world.

Trust requires information sharing, yet information sharing requires trust.

At ThreatMetrix, we’re working to solve this essential dilemma. Through The Network, businesses can securely share information about devices and personas connecting to their sites, without sharing any personally-identifiable information about customers or visitors. ThreatMetrix anonymizes and encrypts information in the network, so personal identities are never revealed to other organizations.

This approach offers a pattern for other cybersecurity collaboration efforts. We need to find ways to increase information sharing around online security and global identities, and the best way to do this is to remove the risk of exposing information we need to keep private.

The more we share information about global threats, the better we can protect legitimate business and build online communities that are truly worthy of trust.

In addition to the overall theme of “cybersecurity is a shared responsibility,” the U.S. Department of Homeland Security has outlined weekly themes to commemorate National Cyber Security Awareness Month throughout October. These themes include:

  • Week One – Promoting Online Safety with the Stop. Think. Connect.™ Campaign
  • Week Two – Secure Development of IT Products
  • Week Three – Critical Infrastructure and the Internet of Things
  • Week Four – Cyber Security for Small and Medium-Sized Businesses and Entrepreneurs
  • Week Five – Cyber Crime and Law Enforcement

ThreatMetrix plans to support each week’s theme throughout the month. And, to commemorate National Cyber Security Awareness Month, ThreatMetrix has also signed on as a “Champion” with the National Cyber Security Alliance.

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 850 million monthly transactions and protects more than 210 million active user accounts across 3,000 customers and 15,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

 

 

 

ThreatMetrix Takes Home Gold and Silver Stevies

Posted on September 29th, 2014 by Dan Rampe

American Business Awards Gold

ThreatMetrix Wins 2014 American Business Awards in 2 Categories

The American Business Awards, the nation’s premier business awards program, honored ThreatMetrix with two prestigious Stevies, a Gold Stevie in New Product or Service of the Year – Security Solution category and a Silver in the Most Innovative Tech Company of the Year – Computer Software category.

For organizations operating in the U.S.

Open to all organizations that operate in the USA — public and private, for-profit and non-profit, large and small — the 2014 American Business Awards, nicknamed Stevies for the Greek word for “crowned,” drew more than 3,300 nominations from organizations in virtually every industry in categories ranging from Most Innovative Company of the Year to Corporate Social Responsibility Program of the Year.

240 executives selected winners

Winners were selected by more than 240 executives nationwide and trophies were presented at a gala banquet at the Palace Hotel in San Francisco where more than 250 nominees and their guests were in attendance for new product awards, website awards, app awards, and more.

Six programs

To honor organizations of every stripe, Stevies are conferred in six programs: the American Business Awards, the German Stevie Awards, the International Business Awards, the Stevie Awards for Women in Business, the Stevie Awards for Sales & Customer Service, and the Asia-Pacific Stevie Awards. For more information about the awards and lists of award winners, go to www.StevieAwards.com/ABA.

Sponsors

This year’s sponsors and partners included Biz Talk Radio, CallidusCloud, Citrix Online, Cvent, Engility, John Hancock, LycaMobile, PetRays, and Softpro.

Bert Rankin, chief marketing officer, ThreatMetrix

“Recognition by the American Business Awards serves as validation of our continued innovation in the context-based security and advanced fraud prevention space,” said Bert Rankin, chief marketing officer, ThreatMetrix. “Given the sophistication of today’s cybercriminals, it’s pertinent to collaborate across business boundaries and fight fraud using an anonymized global network, such as the ThreatMetrix Global Trust Intelligence Network.”

The Network

The ThreatMetrix Global Trust Intelligence Network or, as it’s known familiarly, The Network is the largest trusted identity network of shared intelligence, analyzing more than 210 million active user accounts and processing more than 850 million login, payment and wire transactions each month. When a new activity is submitted, ThreatMetrix captures and analyzes the activity for fraud in real time – effectively differentiating between authentic and fraudulent transactions using anonymized information.

2014 ThreatMetrix award list

In addition to the American Business Awards, ThreatMetrix 2014 awards include:

  • Named Gold Winner as “Innovative Company of the Year” and “Integrated Security (Software) Innovation” in Golden Bridge Awards
  • Named “100 Most Promising Technology Companies in the U.S.” by CIOReview
  • Recognized as a Silver Winner in the “Enterprise Product of the Year – Software” Category by the Best in Biz Awards 2014 International
  • Named to the 2014 AlwaysOn Global 250 Top Private Companies List
  • Named to the 2014 Lead411 Hottest Companies in Silicon Valley list
  • Recognized by the Network Products Guide (NPG) 2014 Hot Companies and Best Product Awards for the “Best Products and Services – Information Security and Risk Management” category and also in the “Best Products and Services – Security Software” category.
  • Judges Choice for Best Overall Fraud/Security Solution at the 2014 CardNotPresent.com (CNP) Awards for the ThreatMetrix TrustDefender Cybercrime Protection Platform
  • 2014 Info Security Products Guide Global Excellence Award for Most Innovative Company of the Year (Security)
  • 2014 Cyber Defense Magazine Award Winner in 2 Categories: Most Innovative Anti-Malware Appliances Solution & Best Product Network Access Control Solution

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 850 million monthly transactions and protects more than 210 million active user accounts across 3,000 customers and 15,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

 

 

ThreatMetrix Captures Gold and Silver Stevie® Awards in 2014 American Business Awards

Posted on September 28th, 2014 by Dan Rampe

American Business Awards Gold

Winners in ABA’s Tech and New Product Awards Ceremony Announced in San Francisco

San Jose, CA – September 29, 2014 – ThreatMetrix®, the fastest-growing provider of context-based security and advanced fraud prevention solutions, was presented with a Gold Stevie® Award in New Product or Service of the Year – Security Solution category and a Silver Award in the Most Innovative Tech Company of the Year – Computer Software category in the 12th Annual American Business Awards.

The American Business Awards are the nation’s premier business awards program. All organizations operating in the U.S. are eligible to submit nominations – public and private, for-profit and non-profit, large and small.

Nicknamed the Stevies for the Greek word for “crowned,” the trophies were presented to winners during a recent gala banquet at the Palace Hotel in San Francisco. More than 250 nominees and their guests attended for the presentation of new product awards, website awards, app awards, and more.

More than 3,300 nominations from organizations of all sizes and in virtually every industry were submitted this year for consideration in a wide range of categories, including Most Innovative Company of the Year, Management Team of the Year, Best New Product or Service of the Year, Corporate Social Responsibility Program of the Year, and Executive of the Year, among others.

“Recognition by the American Business Awards serves as validation of our continued innovation in the context-based security and advanced fraud prevention space,” said Bert Rankin, chief marketing officer, ThreatMetrix. “Given the sophistication of today’s cybercriminals, it’s pertinent to collaborate across business boundaries and fight fraud using an anonymized global network, such as the ThreatMetrix® Global Trust Intelligence Network.”

The Network – the largest trusted identity network of shared intelligence – analyzes more than 210 million active user accounts and processes more than 850 million login, payment and wire transactions each month. When a new activity is submitted, ThreatMetrix captures and analyzes the activity for fraud in real time – effectively differentiating between authentic and fraudulent transactions using anonymized information.

Stevie Award winners were selected by more than 240 executives nationwide who participated in the judging process.

“We’re delighted to recognize so many innovative companies, new products, technical achievements, and technology executives this year,” said Michael Gallagher, president and founder of the Stevie Awards. “We congratulate all of the Stevie Award winners, and thank them for the inspiration their achievements have stimulated.”

Details about The American Business Awards and the lists of Stevie Award winners are available at www.StevieAwards.com/ABA.

In addition to the American Business Awards, ThreatMetrix 2014 awards include:

  • Named Gold Winner as “Innovative Company of the Year” and “Integrated Security (Software) Innovation” in Golden Bridge Awards
  • Named “100 Most Promising Technology Companies in the U.S.” by CIOReview
  • Recognized as a Silver Winner in the “Enterprise Product of the Year – Software” Category by the Best in Biz Awards 2014 International
  • Named to the 2014 AlwaysOn Global 250 Top Private Companies List
  • Named to the 2014 Lead411 Hottest Companies in Silicon Valley list
  • Recognized by the Network Products Guide (NPG) 2014 Hot Companies and Best Product Awards for the “Best Products and Services – Information Security and Risk Management” category and also in the “Best Products and Services – Security Software” category.
  • Judges Choice for Best Overall Fraud/Security Solution at the 2014 CardNotPresent.com (CNP) Awards for the ThreatMetrix TrustDefender Cybercrime Protection Platform
  • A 2014 Info Security Products Guide Global Excellence Award for Most Innovative Company of the Year (Security)
  • 2014 Cyber Defense Magazine Award Winner in 2 Categories: Most Innovative Anti-Malware Appliances Solution & Best Product Network Access Control Solution

ThreatMetrix Resources

About the Stevie Awards
Stevie Awards are conferred in six programs: The American Business Awards, the German Stevie Awards, The International Business Awards, the Stevie Awards for Women in Business, the Stevie Awards for Sales & Customer Service, and the Asia-Pacific Stevie Awards. Honoring organizations of all types and sizes and the people behind them, the Stevies recognize outstanding performances in the workplace worldwide.  Learn more about the Stevie Awards at www.StevieAwards.com.

Sponsors and partners of The 2014 American Business Awards include Biz Talk Radio, CallidusCloud, Citrix Online, Cvent, Engility, John Hancock, LycaMobile, PetRays, and Softpro.

About ThreatMetrix

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 850 million monthly transactions and protects more than 210 million active user accounts across 3,000 customers and 15,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

© 2014 ThreatMetrix. All rights reserved. ThreatMetrix, TrustDefender ID, TrustDefender Cloud, TrustDefender Mobile, TrustDefender Client, the TrustDefender Cybercrime Protection Platform, ThreatMetrix Labs, and the ThreatMetrix logo are trademarks or registered trademarks of ThreatMetrix in the United States and other countries. All other brand, service or product names are trademarks or registered trademarks of their respective companies or owners.

Media Contacts
Dan Rampe
ThreatMetrix
Tel: 408-200-5716
Email: drampe@threatmetrix.com

Beth Kempton
Walker Sands Communications
Tel: 312.241.1178
Email: beth.kempton@walkersands.com

 

 

Hacker Feeding Frenzy

Posted on September 26th, 2014 by Dan Rampe

LexisNexis

Before the EMV Standard Goes into Effect in 2015, Hackers Are Going All Out to Cash in on U.S. Legacy Mag-Stripe Plastic

For fraud and fraud-related losses, this past year could turn out to be the worst ever recorded. In his article on paymentweek.com (link to article), Kevin Xu cites the LexisNexis True Cost of Fraud study and finds that the numbers bear out that projection.

Fraud numbers up

According to the study, merchants suffered 133 successful fraudulent transactions per month this year, which is up a whopping 46 percent over last year. And, in 2014, merchants are losing a higher percentage of revenue to fraud — 0.68 percent compared to 0.51 percent in 2013. Plus, they’re paying more per dollar of fraud. In 2013, it was $2.79. That increased to $3.08 in 2014. The study attributed the increase in mobile-channel fraud to the fact that more physical-goods retailers have begun accepting mobile payments.

Mobile, online, mail and phone losses

Mobile-channel frauds cost retailers $3.34 per dollar of fraud losses. Online channel losses are $2.69 per dollar of fraud while other channels, which include mail and telephone, cost $3.29 per dollar of fraud losses.

Hackers gettin’ while the gettin’s good

Aaron Press, LexisNexis Director of ecommerce and payments, says that while EMV may cut down on fraud at the point of sale, “EMV may actually increase fraud.  Because fraudulent card credentials will no longer be useful at POS, fraudsters are likely to turn to the online channel.”

And Xu writes, “It appears that 2015′s upcoming EMV upgrade has stirred up hackers into a feeding frenzy, hoping to take advantage of the U.S.’s legacy mag-stripe vulnerabilities before [they’re] gone for good.”

Press calls for tokenization to make EMV work

“If tokenization [the process of breaking a stream of text up into words, phrases, symbols] is widely adopted, it can help alleviate both POS and ecommerce payment fraud by reducing the volume of payment credentials available to fraudsters. “

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 850 million monthly transactions and protects more than 210 million active user accounts across 3,000 customers and 15,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

Oh Canada, Home Depot Breach Got You Too, Eh?

Posted on September 25th, 2014 by Dan Rampe

Canada

Following Home Depot Breach, Visa and MasterCard Canada Identify Accounts at Risk North of the Border

In conjunction with U.S. counterparts, Canadian branches of Visa and MasterCard opened separate investigations into the Home Depot breach and are working with forensic firms to identify accounts that might have been compromised.

Banks have option of canceling or reissuing

Jamie Sturgeon, writing on globalnews.ca (link to article), quoted Rick Rennie, head of security and risk for MasterCard Canada, who stated, “The point… is to get information on potentially compromised accounts to our [bank partners], so they can protect their customers, via closer monitoring or, when necessary, re-issue cards.” Rennie went on to say that it was up to individual banks whether to cancel or re-issue specific account numbers.

Cardholder protection in Canada

Unlike the U.S., most Canadian credit and debit card holders have had chip-and-pin cards since 2011. These require a cardholder to punch in a protected pin at the point of sale and would most likely void a fraudulent transaction without the four digit code.

Sturgeon’s sources could not confirm if any Canadian cardholders have had their cards cancelled or re-issued because of the breach, whose fraudulent charge total could top $3 billion according to credit protection service BillGuard.

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 850 million monthly transactions and protects more than 210 million active user accounts across 3,000 customers and 15,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

 

 

 

 

 

 

Mobile Attacks Listed as One of the Top Threats Facing E-Commerce Businesses

Posted on September 24th, 2014 by Dan Rampe

According to a Recent ThreatMetrix Survey, 25 Percent of E-Commerce Executives Indicate Mobile Attacks a Leading Business Threat

San Jose, CA – September 24, 2014 – ThreatMetrix®, the fastest-growing provider of context-based security and advanced fraud prevention solutions, today announced the results of a recent customer survey, which found that mobile attacks are a top concern for e-commerce executives. In the wake of recent mobile innovations, including the iPhone 6 release, ThreatMetrix urges businesses to evaluate and update their current mobile strategies.

“There has been a significant shift in consumer activity on mobile devices that is causing major security concerns among businesses across all industries,” said Alisdair Faulkner, chief products officer at ThreatMetrix. “Recent data from the ThreatMetrix® Global Trust Intelligence Network (The Network) shows top threats facing mobile apps and browsers include account creation, login and payment fraud. As mobile usage increases, specifically on enterprises’ mobile-based apps, businesses need to do everything in their power to protect customers from account takeover, fraudulent transaction and other related security risks.”

According to data from The Network, which is comprised of more than 210 million active user accounts, mobile represented one third of total traffic in 2013, and this number is projected to increase to 50 percent by the end of this year. In addition to the increase in mobile usage in general, consumer behavior on mobile is changing, as 86 percent of time on mobile devices is spent on mobile apps and only 14 percent on mobile Web browsers.

However, many businesses’ mobile apps are not secure enough to handle the increased usage. ThreatMetrix’s recent survey conducted with TechValidate indicates that 25 percent of executives using the ThreatMetrix TrustDefender™ Cybercrime Protection Platform believe mobile attacks are a leading threat they need to protect their business and customers against. Additional top threats include fraud losses, at 91 percent, and fraudulent account creation, at 49 percent.

“Fighting fake account creation is something we take seriously, always working on improving our strategies and trying new ideas,” said a chief technology officer at a medium-sized enterprise consumer products company. “ThreatMetrix has been most effective, and we see the impact directly in the metrics we monitor. The clearest gain was when we were able to launch ThreatMetrix directly in our mobile applications and saw the immediate drop off of fake account creation.”

In addition to increase mobile app usage, the recent release of the iPhone 6 and its new features should also be of concern to businesses, specifically in e-commerce and retail. The addition of near field communications (NFC) technology and Apple Pay will bring new security concerns via mobile for brick-and-mortar and online retailers alike.

“While the use of Apple Pay with NFC technology will cut down on opportunities to copy card data in-store, more data breaches are expected until the U.S. rolls out end-to-end encryption,” said Faulkner. “Additionally, the increase of secure in-store transactions will likely push even more fraud online, into the most vulnerable channel, where there is no card, person or physical device present.”

Using advanced fraud prevention and context-based authentication can help identify good users and protect customers without adding additional steps to the authentication process. The Network analyzes more than 850 million monthly transactions and combines device identification, threat assessments, identity and behavioral intelligence to accurately identify cybercriminals without creating friction for good users.

ThreatMetrix Resources

About ThreatMetrix

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 850 million monthly transactions and protects more than 210 million active user accounts across 3,000 customers and 15,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

© 2014 ThreatMetrix. All rights reserved. ThreatMetrix, TrustDefender ID, TrustDefender Cloud, TrustDefender Mobile, TrustDefender Client, the TrustDefender Cybercrime Protection Platform, ThreatMetrix Labs, and the ThreatMetrix logo are trademarks or registered trademarks of ThreatMetrix in the United States and other countries. All other brand, service or product names are trademarks or registered trademarks of their respective companies or owners.

Media Contacts
Dan Rampe
ThreatMetrix
Tel: 408-200-5716
Email: drampe@threatmetrix.com

Beth Kempton
Walker Sands Communications
Tel: 312.241.1178
Email: beth.kempton@walkersands.com

 

 

ThreatMetrix Survey: E-Commerce Execs See Mobile Attacks a Leading Business Threat

Posted on September 24th, 2014 by Dan Rampe

Quote

Fully 25 Percent of E-Commerce Executives Surveyed Put Mobile Attacks as One of Their Top Threats

Did you know Apple sold 10 million new iPhones the first weekend they were available? You did? We only bring it up because the buzz around iPhone is just the latest sign that mobile is growing at an unbelievable pace and that the bad guys are well aware that the money is now in mobile.

Alisdair Faulkner, chief products officer, ThreatMetrix

“There has been a significant shift in consumer activity on mobile devices that is causing major security concerns among businesses across all industries,” said Alisdair Faulkner, chief products officer at ThreatMetrix. “Recent data from the ThreatMetrix Global Trust Intelligence Network (The Network) shows top threats facing mobile apps and browsers include account creation, login and payment fraud. As mobile usage increases, specifically on enterprises’ mobile-based apps, businesses need to do everything in their power to protect customers from account takeover, fraudulent transaction and other related security risks.”

The Network is made up of more than 210 million active user accounts. In 2013, mobile represented one third of total traffic. By the end of 2014, it’s projected to increase to 50 percent.

A shift in consumer behavior

There’s been a shift in consumer behavior. Today 86 percent of users’ time on mobile devices is spent on apps with only 14 percent spent on Web browsers. The problem is many businesses’ mobile apps are not secure enough to handle the increased usage. Done in conjunction with TechValidate, ThreatMetrix’s recent survey shows that 25 percent of executives who use the ThreatMetrix TrustDefender Cybercrime Protection Platform believe mobile attacks are a leading threat to their businesses and customers.

Other priority threats

According to the survey, other threats mentioned by e-commerce executives were fraud losses (91 percent) and fraudulent account creation (49 percent).

“Fighting fake account creation is something we take seriously, always working on improving our strategies and trying new ideas,” said a chief technology officer at a medium-sized enterprise consumer products company. “ThreatMetrix has been most effective, and we see the impact directly in the metrics we monitor. The clearest gain was when we were able to launch ThreatMetrix directly in our mobile applications and saw the immediate drop off of fake account creation.”

New technology brings new concerns

The addition of near field communications (NFC) technology and Apple Pay brings new mobile security concerns to brick-and-mortar as well as online retailers.

“While the use of Apple Pay with NFC technology will cut down on opportunities to copy card data in-store, more data breaches are expected until the U.S. rolls out end-to-end encryption,” said Faulkner. “Additionally, the increase of secure in-store transactions will likely push even more fraud online, into the most vulnerable channel, where there is no card, person or physical device present.”

Using advanced fraud prevention and context-based authentication can help identify good users and protect customers without adding additional steps to the authentication process. The Network analyzes more than 850 million monthly transactions and combines device identification, threat assessments, identity and behavioral intelligence to accurately identify cybercriminals without creating friction for good users.

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 850 million monthly transactions and protects more than 210 million active user accounts across 3,000 customers and 15,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

 

 

Learning from the Home Depot and Target Breaches

Posted on September 23rd, 2014 by Dan Rampe

Home Depot

How Banks Are Reacting In the Wake of the Home Depot Disaster. How Breaches Affect Consumers. And What Was Learned from Target’s Response?

Natural disasters such as tornadoes, hurricanes and earthquakes or man-made disasters like major data breaches share one thing. When they’re over, somebody has to clean up the mess and attempt to put things right. In her thoughtful and far-ranging piece on forbes.com, Paula Rosenblum explores how it’s believed the Home Depot breach was carried out, what was learned from the Target breach experience that might be applied to this latest breach, how banks and consumers are reacting and much more. The following has been excerpted from Rosenblum’s article and edited to fit our format. You may find the complete story by clicking on this link.

Skimming

The technique [the cybercriminals] used to grab the data was similar to, but not identical to the one used at Target.  It’s called “skimming,” and can take several forms. In earlier days, thieves would place a hardware chip inside payment terminals and capture the keystrokes entered during every transaction. Now, they’ve written software to grab the data as it comes in. We know how the thieves got into Target’s main systems in the first place.  Thus far, the technique they used to get into Home Depot’s network has not been exposed, nor have the techniques they used to exfiltrate (remove) the data from Home Depot’s systems been revealed.

The bad guys got there first

Sadly, Home Depot had already started taking steps to mask (or encrypt) the data as it passed through these credit card terminals, but the crooks beat them to the punch.  This is a familiar story…institutions improve security methods, but criminals evolve faster.

Target — not a good role model

The question being asked now is What will consumer response be?”  By all accounts, Target handled its data breach badly. Rather than replace potentially compromised co-branded “Red” debit and credit cards, it opted to put dollar limits on suspect debit cards in the middle of the shopping season.  Shoppers often learned this as they were checking out of another store, preparing to pay for holiday gifts.

This was the worst possible response given the time of year. The enmity against Target can still be seen in the comments section of any piece that discusses data security, or even mentions the word “Target.” So what’s the right approach?

A better approach

I spoke with Jon Delano, a reporter for …CBS affiliate KDKA [who said] a small regional bank, Dollar Bank, acted quickly to replace all the potentially affected customer cards.  The [Wall Street Journal] reports that J.P. Morgan Chase and Capital One have already started replacing cards as well.

Pick your poison

In truth, in times like these, a consumer and a bank have to pick their poisons.  It costs banks money to replace cards.  And when you’re talking about 36 MILLION cards, you’re talking about a lot of money.  And it’s not all that much fun for consumers to replace their cards either.

Mr. Delano observed how inconvenient it is for consumers when their credit card numbers are changed. One of the ironies of today’s “omni-channel world” is that consumers have credit numbers on file at all kinds of institutions, for all kinds of payments.  From electric companies, to retailers like Amazon.com, consumers are exhorted to “go paperless,” “pay electronically,” anything that will insure payments come in on time and that they won’t have to look up credit card information every time they make a purchase.

While Dollar Bank has opted to pick the inconvenience, Mr. Delano reports the PNC Bank…is taking a “wait and see” approach….

This is the decision banks have to make now:  issue new cards which will be costly and create an inconvenience for customers, or wait and see, and risk serious consumer backlash.

Uh-oh, are we talking conspiracy theory?

Meanwhile, the timing of this breach is interesting, because it comes just after the introduction of Apple Pay. Suddenly, with this breach, the notion of not exposing credit card information to individual retailers, regardless how large, starts to seem appealing to shoppers.

Banks are certainly lining up behind the initiative.  Since roll-out, Chase, Bank of America, Citi and others have all thrown their full support behind Apple Pay. While banks may be ambivalent about their response to credit card theft, they’re very un-ambivalent about Apple Pay.  After all, just like the use of debit cards has eliminated a boatload of paper check processing, the use of mobile payment technologies has the potential to eliminate a lot of plastic. A cardless world seems more interesting by the day.

But that’s the future. Today, we’re dealing with a real data security problem. At the end of the day, the consumer will cast the final vote. Some banks are taking calculated risks.  Others are just paying the money, replacing cards and carrying on.

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 850 million monthly transactions and protects more than 210 million active user accounts across 3,000 customers and 15,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.