Biting off More Than You Can Chew: Why Biometrics Aren’t the Future

Posted on April 28th, 2015 by Dan Rampe

Standard-Header-Tony

Recently a senior PayPal evangelist gave a rather controversial interview to the Wall Street Journal. In it, he appeared to suggest a radical alternative to password-based authentication systems: biometrics generated by devices ingested or embedded under the user’s skin. Now, it’s true that passwords should no longer be used by any online provider serious about security. And it’s always interesting to hear new approaches to user authentication.

But organisations need an answer today to the mounting problem of online fraud. It needs to be fast, affordable, frictionless and accurate. And in those respects, biometrics just don’t deliver.

So why isn’t biometric technology the answer?

The problem with biometrics

On paper, the prospect of biometrics like embedded wireless chips monitoring ECG readings, or ingestible capsules that can detect glucose levels, sounds like a decent idea. After all, the readings they then transmit should be unique to that person – surmounting problems of false positives and false negatives. LeBlanc even suggested that batteries for such systems could be powered by stomach acid. At last, a fully internalised, unhackable “natural body identification” system to put “users in charge of their own security”. Right?

Well, not really.

The main issue many people have with biometrics is that they rely on something that should be unhackable – impossible to simulate or crack. But if cyber criminals do find a way of doing so – and they’ve proven themselves to be a pretty resourceful bunch thus far – then what? You might be able to reset your password pretty easily after a phishing attack, but what about your heart rate? Or your glucose levels?

The next major barrier is the users themselves. Security versus usability is a tough balance at the best of times. How much tougher will it be to sell such invasive authentication systems if the user is basically happy with the level of security they get with a regular fingerprint scan or a phone based one-time passcode system?

Why context-based wins

I’m not dismissing the work of PayPal and others to improve on password-based verification. But too many question marks remain over biometrics – even the systems that are closer to reality than the hypothetical scenarios painted by LeBlanc. Whether your business is in e-commerce, social media, banking, insurance or another sector – you need fast, reliable, friction-free two factor authentication that works … today.

The key for organisations going forward is to seek out systems which can work in the background, completely invisible to the user, checking things like device identity, malware, and use of ToR or other obfuscation methods favoured by cybercriminals. They’ll be able to check against a series of unique attributes associated with that user comprised of log-in habits, typical locations, user IDs, email addresses, phone numbers, shipping information etc, and flag a suspect transaction even if the person is using valid (but stolen) credentials.

Futuristic biometrics will always grab the headlines. But context-based authentication is where the smart money’s already being spent, to cut fraud and keep customers happy.

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions leveraging a global shared digital identity network and real-time customer-driven analytics platform. These solutions help customers differentiate between trusted users and potential fraud resulting in reduced friction, incremental revenue and lower fraud and operational costs.

ThreatMetrix secures customers against account takeover, payment fraud, fraudulent account registrations resulting from malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes more than one billion monthly transactions and protects more than 250 million active user accounts across 3,000 customers and 15,000 websites and mobile applications. ThreatMetrix is deployed by industry leaders across financial services, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

 

 

 

ThreatMetrix a Winner in 3 Info Security Products Guide 2015 Global Excellence Awards’ Categories

Posted on April 27th, 2015 by Dan Rampe

Awards

ThreatMetrix Takes Home More Awards! Wins 3 Bronzes and Is Honored by the Info Security Products Guide at RSA

During RSA, the security industry honored some of the best companies, executives and products in the world with Info Security Products Guide 2015 Global Excellence Awards.

Winner in 3 Info Security Products Guide 2015 Global Excellence Awards’ categories

ThreatMetrix took Bronzes for the Most Innovative Security Software (Product) of the Year, Most Innovative Company of the Year (Security), and Innovation in Enterprise Security.

Other honors ThreatMetrix received in 2015

  • Winner of the 2015 Cyber Defense Magazine Awards for Best Anti-Malware and Hot Company in Multi-Factor Authentication
  • Named to the 2015 OnCloud Top 100 private companies list
  • The Channel Company’s CRN 100 Coolest Cloud Computing Vendors of 2015

Bert Rankin, ThreatMetrix chief marketing officer, on the company’s pioneering efforts

“Recognition by the Info Security Products Guide serves as validation of our continued efforts to stay one step ahead of cybercriminals by leveraging global shared intelligence,” said Bert Rankin, chief marketing officer at ThreatMetrix. “Given the sophistication of today’s cybercriminals, no business or individual can stand alone in the fight against cybercrime and ThreatMetrix is pioneering efforts to securely and anonymously share threat intelligence across business boundaries.”

During RSA ThreatMetrix announced its Digital Identity Network

The ThreatMetrix Digital Identity Network, the largest network of its kind in the world, creates an anonymized digital identity of consumers based on device, persona and behavior from every transaction, account creation and account login.

Analyzing more than a billion transactions each month to stop cybercrime

Leveraging the ThreatMetrix Digital Identity Network, ThreatMetrix analyzes more than one billion transactions each month to differentiate between fraudulent and authentic account creations, logins and transactions.

Less friction for a better customer experience

ThreatMetrix offers the only frictionless cybersecurity solution that combines enhanced mobile identification, location-based authentication, endpoint intelligence, behavior intelligence and real-time trust analytics into a powerful, context-based authentication and fraud prevention solution.

For a full list of 2014 Global Excellence Awards winners, go to: http://www.infosecurityproductsguide.com/world/

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions leveraging a global shared digital identity network and real-time customer-driven analytics platform. These solutions help customers differentiate between trusted users and potential fraud resulting in reduced friction, incremental revenue and lower fraud and operational costs.

ThreatMetrix secures customers against account takeover, payment fraud, fraudulent account registrations resulting from malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes more than one billion monthly transactions and protects more than 250 million active user accounts across 3,000 customers and 15,000 websites and mobile applications. ThreatMetrix is deployed by industry leaders across financial services, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

 

 

ThreatMetrix Wins Three Bronze Awards in the Info Security Products Guide 2015 Global Excellence Awards

Posted on April 27th, 2015 by Dan Rampe

Awards

Award Winners and Finalists Were Honored by Info Security Products Guide in San Francisco during the RSA Conference 2015

San Jose, CA – April 27, 2015 – ThreatMetrix®, the fastest-growing provider of context-based security and advanced fraud prevention solutions, today announces it has won Bronze in three categories of the Info Security Products Guide 2015 Global Excellence Awards. The security industry celebrated the annual Global Excellence Awards during RSA Conference 2015 in San Francisco by honoring excellence in every facet of the industry, including companies, executives and products.

ThreatMetrix is a Bronze winner in the Most Innovative Security Software (Product) of the Year, Most Innovative Company of the Year (Security) and Innovation in Enterprise Security categories of the Global Excellence Awards. ThreatMetrix continues its cybersecurity innovation following its recent announcement of the ThreatMetrix Digital Identity Network during the RSA Conference. The world’s largest network of its kind, it creates an anonymized digital identity of consumers based on device, persona and behavior from every transaction, account creation and account login.

“Recognition by the Info Security Products Guide serves as validation of our continued efforts to stay one step ahead of cybercriminals by leveraging global shared intelligence,” said Bert Rankin, chief marketing officer at ThreatMetrix. “Given the sophistication of today’s cybercriminals, no business or individual can stand alone in the fight against cybercrime and ThreatMetrix is pioneering efforts to securely and anonymously share threat intelligence across business boundaries.”

By leveraging the ThreatMetrix Digital Identity Network, ThreatMetrix analyzes more than one billion transactions each month to differentiate between fraudulent and authentic account creations, logins and transactions. ThreatMetrix offers the only frictionless cybersecurity solution that combines enhanced mobile identification, location-based authentication, endpoint intelligence, behavior intelligence and real-time trust analytics into a powerful, context-based authentication and fraud prevention solution.

For a full list of 2014 Global Excellence Awards winners, visit: http://www.infosecurityproductsguide.com/world/

ThreatMetrix Resources

About Info Security Products Guide Awards

SVUS Awards organized by Silicon Valley Communications are conferred in 10 annual award programs: The Info Security’s Global Excellence Awards, The IT Industry’s Hot Companies and Best Products Awards, The Golden Bridge Business and Innovation Awards, and Consumer World Awards, CEO World Awards, Customer Sales and Service World Awards, The Globee Fastest Growing Private Companies Awards, Women World Awards, PR World Awards, and Pillar Employee Recognitions World Awards. These premier awards honor organizations of all types and sizes from all over the world including the people, products, performance, PR and marketing. To learn more, visit www.svusawards.com

About ThreatMetrix

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions leveraging a global shared digital identity network and real-time customer-driven analytics platform. These solutions help customers differentiate between trusted users and potential fraud resulting in reduced friction, incremental revenue and lower fraud and operational costs.

ThreatMetrix secures customers against account takeover, payment fraud, fraudulent account registrations resulting from malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes more than one billion monthly transactions and protects more than 250 million active user accounts across 3,000 customers and 15,000 websites and mobile applications. ThreatMetrix is deployed by industry leaders across financial services, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

© 2015 ThreatMetrix. All rights reserved. ThreatMetrix, TrustDefender ID, TrustDefender Cloud, TrustDefender Mobile, TrustDefender Client, the TrustDefender Cybercrime Protection Platform, ThreatMetrix Labs, and the ThreatMetrix logo are trademarks or registered trademarks of ThreatMetrix in the United States and other countries. All other brand, service or product names are trademarks or registered trademarks of their respective companies or owners.

Media Contacts

Dan Rampe
ThreatMetrix
Tel: 408-200-5716
Email: drampe@threatmetrix.com

Beth Kempton
Walker Sands Communications
Tel: 312-241-1178
Email: beth.kempton@walkersands.com

 

iGad!

Posted on April 24th, 2015 by Dan Rampe

ThreatMetrix-CafeThreats

iOS Vulnerability Discovered by Researchers Could Let an Attacker Crash Any iPad or iPhone within Range of WiFi Hotspot

Researchers discovered an iOS vulnerability that turns WiFi into Why Me!!! Now imagine you’re strolling past a WiFi hotspot without a care in the world except how to pay your monthly iPhone bill. Well no worries. The mere act of walking past the WiFi hotspot could solve that problem because, say researchers, that’s all it’ll take to turn your iPhone into a doorstop.

In his piece on gizmodo.com Chris Mills explains what the researchers discovered. The following has been excerpted from his article and edited to fit our format. You may find the complete article by clicking on this link.

A bug in iOS.8

The vulnerability takes advantage of a bug in iOS 8: namely, that by manipulating SSL certificates sent to iOS devices over a network — certificates used in virtually every app, and in iOS itself — the researchers could make iOS devices crash, in the worst-case scenario putting them into a constant boot-loop.

Not connecting doesn’t help

At first glance, the vulnerability doesn’t seem too bad: after all, in order to have those bad SSL certificates sent to you, the attacker needs control of the Wi-Fi network. So just don’t connect to random Wi-Fi hotspots, and you should be fine — or you’d think.

Have to turn off WiFi completely

The researchers combined the SSL certificate flaw with an older exploit, one they’d named WiFiGate. In short, they found that iOS devices are pre-programmed by the carrier to automatically connect to certain networks. For example, AT&T customers will auto-connect to any network called ‘attwifi’. There’s no way to prevent your phone from doing this, short of turning Wi-Fi off altogether.

No way out

[The] Skycure team [i.e., the researchers who found the flaw] could create a tainted Wi-Fi hotspot, which any nearby iOS device would connect to, and then constantly crash, rendering the device useless. And, because the device is stuck in a bootloop, there’s no easy way to disable Wi-Fi, and escape the hacker’s network. [The] vulnerability can be used to render any iOS device in a certain location completely useless….

Apple working on a fix

The team is working with Apple on a fix; in the meantime, they haven’t disclosed the full details of their attack, but anyone with an iPhone is theoretically vulnerable for now.

Advice from ThreatMetrix on how to avoid the bad guys at WiFi hotspots:

In Avoid a Very Expensive Cup of Coffee: ThreatMetrix Has Tips to Stop Cybertheft When Using WiFi at Coffee Shops, Eateries and Other Public Places, Dean Weinert, ThreatMetrix product manager, cautions, “Consumers can easily access public Wi-Fi networks from just about anywhere – and so can cybercriminals. Cyberthreats are certainly a reality at local coffee shops and other wireless hotspots. If consumers don’t take extra precaution to protect their personal devices, they can unwittingly share sensitive information with cybercriminals interfering on the network.”

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions leveraging a global shared digital identity network and real time customer driven analytics platform.  These solutions help customers differentiate between trusted users and potential fraud resulting in reduced friction, incremental revenue and lower fraud and operational costs.

ThreatMetrix secures customers against account takeover, payment fraud, fraudulent account registrations resulting from malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over one billion monthly transactions and protects more than 250 million active user accounts across 3,000 customers and 15,000 websites and mobile applications. ThreatMetrix is deployed by industry leaders across financial services, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

TIGTA Gives IRS an F

Posted on April 23rd, 2015 by Dan Rampe

Tax

TIGTA (Treasury Inspector General for Tax Administration) Gives the IRS Poor Marks for Handling ID Theft Victims

A recently released Treasury Inspector General for Tax Administration report says the IRS tells an ID theft victim that his/her case will be resolved in 180 days. While that’s what the IRS claims, the TIGTA report says it actually takes the IRS 278 days. Imagine what a victim of ID theft goes through having to wait those additional 98 days.

In his piece on theblaze.com, Fred Lucas describes what the TIGTA found while doing its audit, a follow-up to one done in 2013. The following has been excerpted from his article and edited to fit our format. You may find the full story by clicking on this link.

You will get an answer, but it may not be the right one

Based on a sampling of 100 identity theft tax accounts, the inspector general [projected] that 25,565 cases out of 267,692 were resolved incorrectly, or almost [1 in 10.]

Better maybe, but not what the IRS tells the public

In 2013, about 2.9 million tax identity theft incidents happened, an increase from 1.8 million in 2012, the Chicago Tribune reported. The average for resolving a case in 2013 [was] down from the average of 312 days in fiscal year 2012, but it [was] still well over what the IRS [instructed] employees to tell taxpayers who were victims of fraud.

“IRS guidance in FY 2013 instructed employees to inform taxpayers who [inquired] about the status of their identity theft case that cases are resolved within 180 days,” the IG report says.

IRS case processing data said resolutions took between 228 and 298 days

“[The IRS’s] own case processing data did not support the 180-day resolution time period. In fact, IRS data showed case resolutions were taking between 228 to 298 days.”

Misleading stakeholders

“When the IRS provides misleading identity theft case resolution time periods, it creates a false portrayal of improvement to stakeholders and makes it more difficult for the IRS to gage and improve its own operations.”

No change in procedure needed

“The IRS disagreed with the recommendation to develop processes and procedures to calculate the average time it takes to fully resolve taxpayer accounts.”

Victims deserve better

“While the IRS is making some progress in assisting victims of identity theft, those who have been affected by this devastating crime deserve better.”

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions leveraging a global shared digital identity network and real time customer driven analytics platform.  These solutions help customers differentiate between trusted users and potential fraud resulting in reduced friction, incremental revenue and lower fraud and operational costs.

ThreatMetrix secures customers against account takeover, payment fraud, fraudulent account registrations resulting from malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over one billion monthly transactions and protects more than 250 million active user accounts across 3,000 customers and 15,000 websites and mobile applications. ThreatMetrix is deployed by industry leaders across financial services, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

 

 

 

 

 

ThreatMetrix Cyber Defense Magazine Award Winner in Two Categories

Posted on April 22nd, 2015 by Dan Rampe

awards

ThreatMetrix Wins 2015 Cyber Defense Magazine Awards for Best Anti-Malware Product and Hot Company in Multi-Factor Authentication

The awards, which Cyber Defense Magazine confers on companies for the best ideas, products and services in the information technology industry, are being announced at the RSA Conference 2015 in San Francisco.

Unveiled at RSA: the ThreatMetrix Digital Identity Network, world’s largest

Leveraging global shared intelligence to safeguard online customer identities, the ThreatMetrix Digital Identity Network creates an anonymized digital identity of consumers based on device, persona and behavior from every transaction, account creation and account login.

Bert Rankin, ThreatMetrix chief marketing officer, on ThreatMetrix solutions

“The landscape of fraud is changing as cybercriminals’ networks grow in breadth and sophistication, capitalizing on the digital debris of data breach fallouts. Our team continuously enhances our solutions to stay one step ahead of cybercriminals by providing businesses with an anonymized view of their customers based on devices, personas and behaviors. Being recognized by Cyber Defense Magazine as a leader in both anti-malware and multi-factor authentication is a ringing endorsement for ThreatMetrix.”

Recognized for the TrustDefender Cybercrime Protection Platform

The Best Anti-Malware award recognizes ThreatMetrix for its success offering high-level malware detection for businesses through the TrustDefender Cybercrime Protection Platform.

TrustDefender Cybercrime Protection Platform combines comprehensive data collection, behavioral analytics and the ThreatMetrix Digital Identity Network into a powerful, risk-based security and fraud prevention solution. Integrating malware and device identification, this solution enables ThreatMetrix customers to proceed with legitimate transactions while screening out cybercriminals and criminal activity without added user friction.

Supporting financial institution authentication requirements

The Hot Company in Multi-Factor Authentication award identifies ThreatMetrix as a leader in offering multi-factor authentication (MFA) solutions for financial institutions. These provide frictionless customer logins, decrease operational costs and improve cybercrime detection. In contrast to the design of many legacy MFA solutions, ThreatMetrix can easily support financial institution authentication requirements and provide trusted customers access without excessive step-up authentication.

Visit ThreatMetrix at Booth #4235

To learn more about ThreatMetrix’s unique anti-malware and multi-factor authentication services, visit ThreatMetrix this week in Booth #4235, located in the North Hall at RSA Conference 2015.

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions leveraging a global shared digital identity network and real-time customer-driven analytics platform. These solutions help customers differentiate between trusted users and potential fraud resulting in reduced friction, incremental revenue and lower fraud and operational costs.

ThreatMetrix secures customers against account takeover, payment fraud, fraudulent account registrations resulting from malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes more than one billion monthly transactions and protects more than 250 million active user accounts across 3,000 customers and 15,000 websites and mobile applications. ThreatMetrix is deployed by industry leaders across financial services, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

ThreatMetrix Wins Best Anti-Malware Product and Hot Company in Multi-Factor Authentication at 2015 Cyber Defense Magazine Awards

Posted on April 22nd, 2015 by Dan Rampe

awards

Top Context-Based Security and Fraud Prevention Leader Recognized for Continuous Efforts to Safeguard Online Identities using Global Shared Intelligence

San Jose, CA – April 22, 2015 – ThreatMetrix®, the fastest-growing provider of context-based security and advanced fraud prevention solutions, today announces it has won in two categories in the 2015 Cyber Defense Magazine Awards, including Best Anti-Malware Product and Hot Company in Multi-Factor Authentication.

The Cyber Defense Magazine Awards recognize leading companies in the cybersecurity space that strive to curate cutting-edge knowledge on cybercrime and create advanced solutions to solve the online security issues facing businesses today. The awards were announced during the RSA Conference 2015, held this week in San Francisco.

In conjunction with the conference, ThreatMetrix announced the ThreatMetrix Digital Identity Network, the world’s largest digital identity network, leveraging global shared intelligence to safeguard online customer identities. This offering creates an anonymized digital identity of consumers based on device, persona and behavior from every transaction, account creation and account login.

“The landscape of fraud is changing as cybercriminals’ networks grow in breadth and sophistication, capitalizing on the digital debris of data breach fallouts,” said Bert Rankin, chief marketing officer at ThreatMetrix. “Our team continuously enhances our solutions to stay one step ahead of cybercriminals by providing businesses with an anonymized view of their customers based on devices, personas and behaviors. Being recognized by Cyber Defense Magazine as a leader in both anti-malware and multi-factor authentication is a ringing endorsement for ThreatMetrix.”

The Best Anti-Malware award recognizes ThreatMetrix for its success offering high-level malware detection for businesses through the TrustDefender™ Cybercrime Protection Platform which combines comprehensive data collection, behavioral analytics and the ThreatMetrix Digital Identity Network into a powerful, risk-based security and fraud prevention solution. This solution uses integrated malware and device identification, enabling ThreatMetrix customers to proceed with legitimate transactions while screening out fraudsters and criminal activity without added user friction.

The Hot Company in Multi-Factor Authentication award identifies ThreatMetrix as a leader in offering multi-factor authentication (MFA) solutions for financial institutions to provide frictionless customer logins, decrease operational costs and improve cybercrime detection. In contrast to the design of many legacy MFA solutions, ThreatMetrix can easily support financial institution authentication requirements and provide trusted customers access without excessive step-up authentication. ThreatMetrix delivers this by leveraging the ThreatMetrix Digital Identity Network, providing real-time risk analysis based on billions of Web and mobile transactions.

To learn more about ThreatMetrix’s unique anti-malware and multi-factor authentication services, visit ThreatMetrix this week in Booth #4235, located in the North Hall at RSA Conference 2015

ThreatMetrix Resources

About Cyber Defense Magazine

Cyber Defense Magazine is the premier source of IT Security information. We are managed and published by and for ethical, honest, passionate information security professionals. Our mission is to share cutting edge knowledge, real world stories and awards on the best ideas, products and services in the information technology industry. We deliver electronic magazines every month online for free and limited print editions exclusively for the RSA Conferences and our paid subscribers. Learn more about us at http://www.cyberdefensemagazine.com.

About ThreatMetrix

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions leveraging a global shared digital identity network and real-time customer-driven analytics platform. These solutions help customers differentiate between trusted users and potential fraud resulting in reduced friction, incremental revenue and lower fraud and operational costs.

ThreatMetrix secures customers against account takeover, payment fraud, fraudulent account registrations resulting from malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes more than one billion monthly transactions and protects more than 250 million active user accounts across 3,000 customers and 15,000 websites and mobile applications. ThreatMetrix is deployed by industry leaders across financial services, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

© 2015 ThreatMetrix. All rights reserved. ThreatMetrix, TrustDefender ID, TrustDefender Cloud, TrustDefender Mobile, TrustDefender Client, the TrustDefender Cybercrime Protection Platform, ThreatMetrix Labs, and the ThreatMetrix logo are trademarks or registered trademarks of ThreatMetrix in the United States and other countries. All other brand, service or product names are trademarks or registered trademarks of their respective companies or owners.

Media Contacts

Dan Rampe
ThreatMetrix
Tel: 408-200-5716
Email: drampe@threatmetrix.com

Beth Kempton
Walker Sands Communications
Tel: 312-241-1178
Email: beth.kempton@walkersands.com

 

Watch Out!

Posted on April 21st, 2015 by Dan Rampe

Apple Watch

5 Apple Watch Security Questions That are Causing Enterprise Security Pros to be Concerned

Apple Watch is hot. Not hot as in stolen, but hot as in hot.

The Watch word is that it’s been sold out in preorders. Umm. You don’t think Tim Cook went out and ordered a couple of thousand? That’s what some book publishers did back in the day (after dinosaurs but before the Internet) when they wanted to get a book on The New York Times bestseller list. They’d find out which book outlets The Times was using as a barometer of sales, go to those outlets and buy tons of copies of their own books. And no. We don’t really think Tim is doing that.

With the popularity of the Apple Watch it looks like these watches and other wearables could become targets of cybercriminals. In her piece on csoonline.com, Maria Korolov asks experts about possible problems an Apple Watch could pose to an enterprise. The following has been excerpted from Korolov’s piece and edited to fit our format. You may find her complete article by clicking on this link.

Apple Watch a spying device?

We’ve already seen examples of iPhone spy apps that can listen to near-by conversations. Companies with particular security concerns, such as those in the defense sector, may already be asking their employees to leave their phones before entering sensitive areas. Those policies will now have to be expanded to include all smart wearable devices.

Could attackers eavesdrop on watch-to-phone communications?

According to Apple, the Apple Watch will communicate with the iPhone via WiFi and Bluetooth. That creates a potential opportunity for attackers to spoof one device or another.

What about third-party apps?

“The fact the Apple Watch also integrates third-party apps could also increase security and privacy concerns,” said [Ken Westin, senior security analyst at Tripwire.]

One novel feature of the Apple Watch is that it allows developers to split the functionality of their apps into two parts. Graphical components, for example, could be provided via the watch’s screen, said Jamie Boote, security consultant at Cigital. “This may expose communications and [functions] that were previously handled internally.”

A badly-designed application could potentially offer a wireless gateway to an iPhone’s contents. This could be especially convenient for crooks who, right now, typically need physical access to [a] phone…to do serious damage.

Will corporate apps create privacy issues?

If the Apple Watch gains widespread adoption, it may become convenient to use it to unlock computers, cars, and office doors. But the same apps that can make life more convenient for employees, can also create opportunities for employers to keep an eye on them. For example, the device can be used to track people’s physical locations, said Tripwire’s Westin.

Will the Apple Watch make the iPhone more vulnerable?

Some security-conscious users will routinely turn off their phone’s WiFi or Bluetooth services when in insecure locations or traveling. But if the Apple Watch functionality relies on those services…, they may be tempted to leave them on.

“Connecting to untrusted WiFi points can lead to man-in-the-middle attacks,” said [Jamie Boote, security consultant at Cigital]. “And Bluetooth seems to get a vulnerability or exploit every other year.”

The real issue, said [Steve Hultquist, chief evangelist at RedSeal] is complexity. “All of the comments about potential security issues are conjecture at this point, and more than anything point to the challenges of understanding the security of complex, interconnected systems.” Those challenges include understanding what communication access is possible, what access might be possible under unexpected situations, and what the implications are of unanticipated access. “These are the same questions every enterprise must answer about their enterprise network and its security architecture,” he said.

About ThreatMetrix

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions leveraging a global shared digital identity network and real time customer driven analytics platform.  These solutions help customers differentiate between trusted users and potential fraud resulting in reduced friction, incremental revenue and lower fraud and operational costs.

ThreatMetrix secures customers against account takeover, payment fraud, fraudulent account registrations resulting from malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over one billion monthly transactions and protects more than 250 million active user accounts across 3,000 customers and 15,000 websites and mobile applications. ThreatMetrix is deployed by industry leaders across financial services, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

 

 

 

 

ThreatMetrix Digital Identity Network — World’s Largest — Unveiled at RSA

Posted on April 20th, 2015 by Dan Rampe

Standard-Header-AF

Leveraging Global Shared Intelligence, the ThreatMetrix Digital Network Protects Customer IDs Online

Now being showcased at the RSA Conference in San Francisco (April 20-24) is the ThreatMetrix Digital Identity Network. As the world’s largest, the ThreatMetrix Digital Identity Network advances identity protection through a persona-based profile that safeguards consumers’ information, protects businesses against fraud and creates a strong digital assessment on a truly global basis.

All aspects of a person’s online devices and behavior in one unique digital identity

Including email addresses, geo-locations, devices and both personal and business personas, the ThreatMetrix Digital Identity Network combines the specific device and persona each individual is using at any given time and at any given place to accurately authenticate the user in real time.

Alisdair Faulkner, ThreatMetrix chief products officer, on the ThreatMetrix Digital Identity Network’s unique cybercrime-fighting strengths

“The ThreatMetrix Digital Identity Network acts as a personal digital guardian that works on business and consumers’ behalf to keep accounts, money and identity from being used in excess illegally. ThreatMetrix has built the largest digital identity network that can determine when an individual’s credentials are being used by cybercriminals in real time, which enables businesses to better understand the global footprint of stolen identities.”

Value added

Last month, ThreatMetrix announced that it now analyzes more than one billion transactions per month. The ThreatMetrix Digital Identity Network further enhances its value by creating an anonymized digital identity of consumers based on device, persona and behavior from every transaction, account creation and account login.

Faulkner on defeating sophisticated networks of cybercriminals

“Businesses need a digital identity network to fight the sophisticated network of cybercriminals. Specifically, such a network can immunize the digital debris that comes from data breach fallouts. The ThreatMetrix Digital Identity Network locks down identities by providing businesses with an anonymized view of their devices, personas and behaviors so identities cannot be easily spoofed by cybercriminals.”

Extending cybercrime protection by:

  • Enabling banking institutions to meet authentication guidelines— Because digital identities are the new currency powering cybercrime and cyberterrorism, banks and financial institutions in general are especially susceptible to attack. The ThreatMetrix Digital Identity Network enables financial institutions to protect accounts against bots using stolen credentials. It detects anomalies by leveraging a global view of devices and persona behavior.
  • Extending the online identity perimeters for businesses—ThreatMetrix allows for advanced protection by leveraging the largest network of analyzed online transactions in the world. On the fraud prevention side, businesses have always looked at identities but not how these identities are used online across channels and sites. The ThreatMetrix Digital Identity Network ensures identities are looked at as a whole. They are protected across channels without any perimeters.
  • Providing effective customer identity protection —Following data breaches and other cyberattacks, many retailers and banks offer consumers free credit monitoring. However, this is not an effective means of guarding against account takeover attacks, or transaction fraud resulting from those breaches. In the event millions of stolen identities are in use following high profile data breaches (Anthem, Home Depot and Sony for example.), the ThreatMetrix Digital Identity Network analyzes consumers’ digital information – including devices and behavior – in one place and flags anomalies in real time when compromised credentials are not being used by their legitimate owners.

The annual RSA conference

Executives across the security industry come together to discuss current and future concerns, and gain access to the people, content and ideas that enable them to better protect against cybercrime.

Visit ThreatMetrix at Booth #4235

ThreatMetrix will exhibit in Booth #4235, located in the North Hall, where attendees can visit to view demos and learn more from ThreatMetrix executives. Additionally, ThreatMetrix will participate in the following events during RSA Conference:

eFraud Global ForumMonday, April 20

  • Time: 8 a.m.
  • Speaker: Reed Taussig, President and CEO at ThreatMetrix
  • Topic: Global Fraud Intelligence Drives Next Generation Customer Authentication
  • Location: Intercontinental Hotel

Briefing Center Solution DemoTuesday, April 21

  • Time: 3:00 p.m.
  • Speaker: Andreas Baumhof, chief technology officer at ThreatMetrix
  • Topic: Protecting Enterprise Data & Critical Applications Using Context Based Authentication
  • Location: South Hall

Executive Women’s Forum Cocktail Party – Wednesday, April 22

  • Time: 7 p.m.
  • ThreatMetrix is co-sponsoring this event with Alta Associates
  • Location: W Hotel – Work Room 1 & 2

For more information on the RSA Conference, visit http://www.rsaconference.com/.

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions leveraging a global shared digital identity network and real-time, customer driven-analytics platform. These solutions help customers differentiate between trusted users and potential fraud resulting in reduced friction, incremental revenue and lower fraud and operational costs.

ThreatMetrix secures customers against account takeover, payment fraud, fraudulent account registrations resulting from malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes more than one billion monthly transactions and protects more than 250 million active user accounts across 3,000 customers and 15,000 websites and mobile applications. ThreatMetrix is deployed by industry leaders across financial services, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

 

ThreatMetrix Announces World’s Largest Digital Identity Network at RSA Conference

Posted on April 20th, 2015 by Dan Rampe

Standard-Header-AF

The ThreatMetrix Digital Identity Network Leverages Global Shared Intelligence to Safeguard Online Customer Identities

San Jose, CA – April 20, 2015 – ThreatMetrix®, the fastest-growing provider of context-based security and advanced fraud prevention solutions, announces the ThreatMetrix Digital Identity Network at RSA Conference in San Francisco, which takes place today through this Friday, April 24. This advancement in identity protection through a persona-based profile will safeguard consumers’ information, protect businesses against fraudulent activity and create a strong digital assessment on a global network.

The ThreatMetrix Digital Identity Network brings together all aspects of a person’s online devices and behavior into one unique digital identity – including email addresses, geo-locations, devices and both personal and business personas. The unique identity combines the specific device and persona each individual is using at any given time, at any place to accurately authenticate users in real time.

“The ThreatMetrix Digital Identity Network acts as a personal digital guardian that works on business and consumers’ behalf to keep accounts, money and identities from being used in excess illegally,” said Alisdair Faulkner, chief products officer at ThreatMetrix. “ThreatMetrix has built the largest digital identity network that can determine when an individual’s credentials are being used by cybercriminals in real time, which enables businesses to better understand the global footprint of stolen identities.

Last month, ThreatMetrix announced that it now analyzes more than one billion transactions each month. The ThreatMetrix Digital Identity Network further enhances its value by creating an anonymized digital identity of consumers based on device, persona and behavior from every transaction, account creation and account login.

“Businesses need a digital identity network to fight the sophisticated network of cybercriminals,” said Faulkner. “Specifically, such a network can immunize the digital debris that comes from data breach fallouts. The ThreatMetrix Digital Identity Network locks down identities by providing businesses with an anonymized view of their devices, personas and behaviors so identities cannot be easily spoofed by cybercriminals.”

The ThreatMetrix Digital Identity Network extends cybercrime protection in the following ways:

  • Enables Banking Institutions to Meet Authentication Guidelines—Banks and financial institutions are especially susceptible to cybercrime, as digital identities are the new currency powering cybercrime and cyber terrorism. The ThreatMetrix Digital Identity Network enables these institutions to protect accounts against bots using stolen credentials by leveraging a global view of devices and persona behavior to detect anomalies.
  • Extends the Online Identity Perimeters for Businesses—ThreatMetrix allows for advanced protection by leveraging the largest network of analyzed online transactions. On the fraud prevention side, businesses have always looked at identities but not how these identities are used online across channels or websites. The ThreatMetrix Digital Identity Network ensures identities are looked at as a whole and are protected across channels, eliminating any perimeters.
  • Provide Effective Customer Identity Protection —Following data breaches and other cyberattacks, many retailers and banks offer consumers free credit monitoring, but this is not an effective means of guarding against account takeover attacks, or transaction fraud that result from data breaches. Rather, as millions of stolen identities are in use following high profile data breaches such as Anthem, Home Depot and Sony, the Digital Identity Network analyzes consumers’ digital information – including devices and behavior – in one place and flags if compromised credentials are not being used by their legitimate owner, in real time.

ThreatMetrix will showcase the ThreatMetrix Digital Identity Network at the RSA Conference in San Francisco, today through this Friday, April 24. At the annual RSA Conference, executives across the security industry converge to discuss current and future concerns, and gain access to the people, content and ideas that enable individuals and companies to protect against cybercrime.

ThreatMetrix will exhibit in Booth #4235, located in the North Hall, where attendees can visit to view demos and learn more from ThreatMetrix executives. Additionally, ThreatMetrix will participate in the following events during RSA Conference:

eFraud Global ForumMonday, April 20

  • Time: 8 a.m.
  • Speaker: Reed Taussig, President and CEO at ThreatMetrix
  • Topic: Global Fraud Intelligence Drives Next Generation Customer Authentication
  • Location: Intercontinental Hotel

Briefing Center Solution DemoTuesday, April 21

  • Time: 3:00 p.m.
  • Speaker: Andreas Baumhof, chief technology officer at ThreatMetrix
  • Topic: Protecting Enterprise Data & Critical Applications Using Context Based Authentication
  • Location: South Hall

Executive Women’s Forum Cocktail Party – Wednesday, April 22

  • Time: 7 p.m.
  • ThreatMetrix is co-sponsoring this event with Alta Associates
  • Location: W Hotel – Work Room 1 & 2

For more information on the RSA Conference, visit http://www.rsaconference.com/.

ThreatMetrix Resources

About ThreatMetrix

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions leveraging a global shared digital identity network and real-time, customer driven-analytics platform. These solutions help customers differentiate between trusted users and potential fraud resulting in reduced friction, incremental revenue and lower fraud and operational costs.

ThreatMetrix secures customers against account takeover, payment fraud, fraudulent account registrations resulting from malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes more than one billion monthly transactions and protects more than 250 million active user accounts across 3,000 customers and 15,000 websites and mobile applications. ThreatMetrix is deployed by industry leaders across financial services, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

© 2015 ThreatMetrix. All rights reserved. ThreatMetrix, TrustDefender ID, TrustDefender Cloud, TrustDefender Mobile, TrustDefender Client, the TrustDefender Cybercrime Protection Platform, ThreatMetrix Labs, and the ThreatMetrix logo are trademarks or registered trademarks of ThreatMetrix in the United States and other countries. All other brand, service or product names are trademarks or registered trademarks of their respective companies or owners.

Media Contacts

Dan Rampe
ThreatMetrix
Tel: 408-200-5716
Email: drampe@threatmetrix.com

Beth Kempton
Walker Sands Communications
Tel: 312-241-1178
Email: beth.kempton@walkersands.com