Pain at the Pump – Only This Time It’s the Guys Selling the Gas

Posted on October 1st, 2014 by Dan Rampe

Gas Pump

Gas Retailers Hit by Credit/Debit Card Fraudto Get Help from Visa’s Intelligent Analytics Program

For anybody who feels gas stations getting defrauded by hackers is karmic retribution for those sudden and unexplained (and usually unexplainable) gasoline price hikes, please be advised that the ones who end up paying in the end are usually…us.

Pilot program

So Visa testing a pilot intelligent analytics program to prevent credit and debit card fraud at the pump ultimately saves everybody money — except maybe the scammers. According to a piece on darkreading.com (link to article), Visa’s solution “enables merchants to use real-time authorization risk scores to identify transactions that could involve lost, stolen or counterfeit cards [without] infrastructure upgrades or disruption of the customer experience.”

How it works

“After a cardholder inserts the card at the pump, Visa analyzes multiple data sets such as past transactions, whether the account has been involved in a data compromise, and nearly 500 other pieces of data to create a risk score. This allows merchants to identify those transactions with a higher risk of fraud and perform further cardholder authentication before gas is pumped.”

Uses existing hardware and software

Visa uses existing message fields and formats as well as pump software or hardware. Several fuel merchants who piloted the technology over the last several months noticed a decrease in fraud, without negatively impacting their consumers’ experience. In the pilot program Visa reported the test stations’ fraud rate dropped more than 20 percent.

Mike Swillo, Shell’s U.S. Credit Card Operations Manager said, “We provide fuel to millions of customers each month through approximately 15,000 service stations in the United States. When we consider new solutions and technology it has to have a clear business benefit, be customer-centric, and easy to implement. With no infrastructure investment, we are testing [Visa’s solution] as part of our proactive fraud prevention tool-set to better identify fraudulent card activity earlier in the transaction cycle, without inconveniencing our customers.”

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 850 million monthly transactions and protects more than 210 million active user accounts across 3,000 customers and 15,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

 

 

 

 

 

 

ThreatMetrix Announces its ThreatMetrix Global Trust Intelligence Network Has Reached 850 Million Monthly Transactions

Posted on September 30th, 2014 by Dan Rampe

Data-Privacy-Day-Reed

In Conjunction with National Cyber Security Awareness Month, ThreatMetrix Announces the Network’s Growth, Exemplifying this Year’s Theme of Shared Responsibility

San Jose, CA – September 30, 2014 – ThreatMetrix®, the fastest-growing provider of context-based security and advanced fraud prevention solutions, today announced the growth of the ThreatMetrix® Global Trust Intelligence Network (The Network), which has recently surpassed 850 million monthly transactions. Additionally, The Network now protects more than 210 million active user accounts across 3,000 customers and 15,000 websites. This milestone validates ThreatMetrix’s commitment to this year’s National Cyber Security Awareness Month theme, “Our Shared Responsibility.”

National Cyber Security Awareness Month (NCSAM) is a program sponsored every October by the Department of Homeland Security in cooperation with the National Cyber Security Alliance and the Multi-State Information Sharing and Analysis Center. Now in its eleventh year, NCSAM has grown to include the participation of a multitude of industry leaders — reaching consumers, small and medium-size businesses, corporations, educational institutions and young people.

The theme of NCSAM’s first week is “Promoting Online Safety with the Stop.Think.Connect.™ Campaign.” The theory behind the campaign is that each individual that participates in online activities needs to take accountability for the safety of the Internet.

“As the ThreatMetrix Network continues to grow, so does our customers’ shared view of cybercrime enabling them to protect their businesses and valued customers by accurately identifying both good and bad online users,” said Reed Taussig, CEO at ThreatMetrix. “The Internet is a fundamental part of all of our everyday lives. We all have an interest and a responsibility to make sure we keep cyber markets and services safe and trusted by consumers. National Cyber Security Awareness Month is the perfect opportunity to educate individuals and businesses on the importance of collaborating for a more secure Internet.”

While businesses must do their part to collaborate on cybercrime prevention by leveraging a collective repository of data such as The Network, the federal government is also doing its part to encourage global information sharing. President Obama’s Executive Order 13636 stresses federal accountability for sharing information with the private sector to protect critical infrastructure such as power plants, communication networks and transportation networks.

Many individuals believe the websites they use are doing their part to protect their privacy while keeping those sites secure. However, for that to happen, businesses need to share a certain amount of customer data across business boundaries. Unfortunately, while information sharing for security purposes in some industries such as financial services is common practice, in industries like retail, businesses are wary of sharing customer information with competitors and others. To effectively collaborate, there needs to be a certain level of trust between businesses and competitors as well as businesses and their customers.

“At ThreatMetrix, we’re aiming to solve the dilemma of building trust on the Internet through information sharing when many businesses are reluctant to do so,” said Taussig. “Through The Network, businesses can securely share information about devices and personas connecting to their sites, without sharing any personally-identifiable information about customers or visitors. ThreatMetrix anonymizes and encrypts information in The Network, so personal identities are never revealed to other organizations.”

The approach ThreatMetrix is taking offers a model for cybersecurity collaboration in all industries. Through anonymization and collaboration, businesses remove the risk of exposing their customers’ sensitive information while protecting this information from cybercriminals.

In addition to the overall theme of “cybersecurity is a shared responsibility,” the U.S. Department of Homeland Security has outlined weekly themes to commemorate National Cyber Security Awareness Month throughout October. These themes include:

  • Week One – Promoting Online Safety with the Stop. Think. Connect.™ Campaign
  • Week Two – Secure Development of IT Products
  • Week Three – Critical Infrastructure and the Internet of Things
  • Week Four – Cyber Security for Small and Medium-Sized Businesses and Entrepreneurs
  • Week Five – Cyber Crime and Law Enforcement

ThreatMetrix plans to support each week’s theme throughout the month. To commemorate National Cyber Security Awareness Month, ThreatMetrix has also signed on as a “Champion” with the National Cyber Security Alliance.

ThreatMetrix Resources

About ThreatMetrix

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 850 million monthly transactions and protects more than 210 million active user accounts across 3,000 customers and 15,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

© 2014 ThreatMetrix. All rights reserved. ThreatMetrix, TrustDefender ID, TrustDefender Cloud, TrustDefender Mobile, TrustDefender Client, the TrustDefender Cybercrime Protection Platform, ThreatMetrix Labs, and the ThreatMetrix logo are trademarks or registered trademarks of ThreatMetrix in the United States and other countries. All other brand, service or product names are trademarks or registered trademarks of their respective companies or owners.

Media Contacts
Dan Rampe
ThreatMetrix
Tel: 408-200-5716
Email: drampe@threatmetrix.com

Beth Kempton
Walker Sands Communications
Tel: 312.241.1178
Email: beth.kempton@walkersands.com

 

ThreatMetrix Captures Gold and Silver Stevie® Awards in 2014 American Business Awards

Posted on September 28th, 2014 by Dan Rampe

American Business Awards Gold

Winners in ABA’s Tech and New Product Awards Ceremony Announced in San Francisco

San Jose, CA – September 29, 2014 – ThreatMetrix®, the fastest-growing provider of context-based security and advanced fraud prevention solutions, was presented with a Gold Stevie® Award in New Product or Service of the Year – Security Solution category and a Silver Award in the Most Innovative Tech Company of the Year – Computer Software category in the 12th Annual American Business Awards.

The American Business Awards are the nation’s premier business awards program. All organizations operating in the U.S. are eligible to submit nominations – public and private, for-profit and non-profit, large and small.

Nicknamed the Stevies for the Greek word for “crowned,” the trophies were presented to winners during a recent gala banquet at the Palace Hotel in San Francisco. More than 250 nominees and their guests attended for the presentation of new product awards, website awards, app awards, and more.

More than 3,300 nominations from organizations of all sizes and in virtually every industry were submitted this year for consideration in a wide range of categories, including Most Innovative Company of the Year, Management Team of the Year, Best New Product or Service of the Year, Corporate Social Responsibility Program of the Year, and Executive of the Year, among others.

“Recognition by the American Business Awards serves as validation of our continued innovation in the context-based security and advanced fraud prevention space,” said Bert Rankin, chief marketing officer, ThreatMetrix. “Given the sophistication of today’s cybercriminals, it’s pertinent to collaborate across business boundaries and fight fraud using an anonymized global network, such as the ThreatMetrix® Global Trust Intelligence Network.”

The Network – the largest trusted identity network of shared intelligence – analyzes more than 210 million active user accounts and processes more than 850 million login, payment and wire transactions each month. When a new activity is submitted, ThreatMetrix captures and analyzes the activity for fraud in real time – effectively differentiating between authentic and fraudulent transactions using anonymized information.

Stevie Award winners were selected by more than 240 executives nationwide who participated in the judging process.

“We’re delighted to recognize so many innovative companies, new products, technical achievements, and technology executives this year,” said Michael Gallagher, president and founder of the Stevie Awards. “We congratulate all of the Stevie Award winners, and thank them for the inspiration their achievements have stimulated.”

Details about The American Business Awards and the lists of Stevie Award winners are available at www.StevieAwards.com/ABA.

In addition to the American Business Awards, ThreatMetrix 2014 awards include:

  • Named Gold Winner as “Innovative Company of the Year” and “Integrated Security (Software) Innovation” in Golden Bridge Awards
  • Named “100 Most Promising Technology Companies in the U.S.” by CIOReview
  • Recognized as a Silver Winner in the “Enterprise Product of the Year – Software” Category by the Best in Biz Awards 2014 International
  • Named to the 2014 AlwaysOn Global 250 Top Private Companies List
  • Named to the 2014 Lead411 Hottest Companies in Silicon Valley list
  • Recognized by the Network Products Guide (NPG) 2014 Hot Companies and Best Product Awards for the “Best Products and Services – Information Security and Risk Management” category and also in the “Best Products and Services – Security Software” category.
  • Judges Choice for Best Overall Fraud/Security Solution at the 2014 CardNotPresent.com (CNP) Awards for the ThreatMetrix TrustDefender Cybercrime Protection Platform
  • A 2014 Info Security Products Guide Global Excellence Award for Most Innovative Company of the Year (Security)
  • 2014 Cyber Defense Magazine Award Winner in 2 Categories: Most Innovative Anti-Malware Appliances Solution & Best Product Network Access Control Solution

ThreatMetrix Resources

About the Stevie Awards
Stevie Awards are conferred in six programs: The American Business Awards, the German Stevie Awards, The International Business Awards, the Stevie Awards for Women in Business, the Stevie Awards for Sales & Customer Service, and the Asia-Pacific Stevie Awards. Honoring organizations of all types and sizes and the people behind them, the Stevies recognize outstanding performances in the workplace worldwide.  Learn more about the Stevie Awards at www.StevieAwards.com.

Sponsors and partners of The 2014 American Business Awards include Biz Talk Radio, CallidusCloud, Citrix Online, Cvent, Engility, John Hancock, LycaMobile, PetRays, and Softpro.

About ThreatMetrix

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 850 million monthly transactions and protects more than 210 million active user accounts across 3,000 customers and 15,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

© 2014 ThreatMetrix. All rights reserved. ThreatMetrix, TrustDefender ID, TrustDefender Cloud, TrustDefender Mobile, TrustDefender Client, the TrustDefender Cybercrime Protection Platform, ThreatMetrix Labs, and the ThreatMetrix logo are trademarks or registered trademarks of ThreatMetrix in the United States and other countries. All other brand, service or product names are trademarks or registered trademarks of their respective companies or owners.

Media Contacts
Dan Rampe
ThreatMetrix
Tel: 408-200-5716
Email: drampe@threatmetrix.com

Beth Kempton
Walker Sands Communications
Tel: 312.241.1178
Email: beth.kempton@walkersands.com

 

 

Oh Canada, Home Depot Breach Got You Too, Eh?

Posted on September 25th, 2014 by Dan Rampe

Canada

Following Home Depot Breach, Visa and MasterCard Canada Identify Accounts at Risk North of the Border

In conjunction with U.S. counterparts, Canadian branches of Visa and MasterCard opened separate investigations into the Home Depot breach and are working with forensic firms to identify accounts that might have been compromised.

Banks have option of canceling or reissuing

Jamie Sturgeon, writing on globalnews.ca (link to article), quoted Rick Rennie, head of security and risk for MasterCard Canada, who stated, “The point… is to get information on potentially compromised accounts to our [bank partners], so they can protect their customers, via closer monitoring or, when necessary, re-issue cards.” Rennie went on to say that it was up to individual banks whether to cancel or re-issue specific account numbers.

Cardholder protection in Canada

Unlike the U.S., most Canadian credit and debit card holders have had chip-and-pin cards since 2011. These require a cardholder to punch in a protected pin at the point of sale and would most likely void a fraudulent transaction without the four digit code.

Sturgeon’s sources could not confirm if any Canadian cardholders have had their cards cancelled or re-issued because of the breach, whose fraudulent charge total could top $3 billion according to credit protection service BillGuard.

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 850 million monthly transactions and protects more than 210 million active user accounts across 3,000 customers and 15,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

 

 

 

 

 

 

Mobile Attacks Listed as One of the Top Threats Facing E-Commerce Businesses

Posted on September 24th, 2014 by Dan Rampe

According to a Recent ThreatMetrix Survey, 25 Percent of E-Commerce Executives Indicate Mobile Attacks a Leading Business Threat

San Jose, CA – September 24, 2014 – ThreatMetrix®, the fastest-growing provider of context-based security and advanced fraud prevention solutions, today announced the results of a recent customer survey, which found that mobile attacks are a top concern for e-commerce executives. In the wake of recent mobile innovations, including the iPhone 6 release, ThreatMetrix urges businesses to evaluate and update their current mobile strategies.

“There has been a significant shift in consumer activity on mobile devices that is causing major security concerns among businesses across all industries,” said Alisdair Faulkner, chief products officer at ThreatMetrix. “Recent data from the ThreatMetrix® Global Trust Intelligence Network (The Network) shows top threats facing mobile apps and browsers include account creation, login and payment fraud. As mobile usage increases, specifically on enterprises’ mobile-based apps, businesses need to do everything in their power to protect customers from account takeover, fraudulent transaction and other related security risks.”

According to data from The Network, which is comprised of more than 210 million active user accounts, mobile represented one third of total traffic in 2013, and this number is projected to increase to 50 percent by the end of this year. In addition to the increase in mobile usage in general, consumer behavior on mobile is changing, as 86 percent of time on mobile devices is spent on mobile apps and only 14 percent on mobile Web browsers.

However, many businesses’ mobile apps are not secure enough to handle the increased usage. ThreatMetrix’s recent survey conducted with TechValidate indicates that 25 percent of executives using the ThreatMetrix TrustDefender™ Cybercrime Protection Platform believe mobile attacks are a leading threat they need to protect their business and customers against. Additional top threats include fraud losses, at 91 percent, and fraudulent account creation, at 49 percent.

“Fighting fake account creation is something we take seriously, always working on improving our strategies and trying new ideas,” said a chief technology officer at a medium-sized enterprise consumer products company. “ThreatMetrix has been most effective, and we see the impact directly in the metrics we monitor. The clearest gain was when we were able to launch ThreatMetrix directly in our mobile applications and saw the immediate drop off of fake account creation.”

In addition to increase mobile app usage, the recent release of the iPhone 6 and its new features should also be of concern to businesses, specifically in e-commerce and retail. The addition of near field communications (NFC) technology and Apple Pay will bring new security concerns via mobile for brick-and-mortar and online retailers alike.

“While the use of Apple Pay with NFC technology will cut down on opportunities to copy card data in-store, more data breaches are expected until the U.S. rolls out end-to-end encryption,” said Faulkner. “Additionally, the increase of secure in-store transactions will likely push even more fraud online, into the most vulnerable channel, where there is no card, person or physical device present.”

Using advanced fraud prevention and context-based authentication can help identify good users and protect customers without adding additional steps to the authentication process. The Network analyzes more than 850 million monthly transactions and combines device identification, threat assessments, identity and behavioral intelligence to accurately identify cybercriminals without creating friction for good users.

ThreatMetrix Resources

About ThreatMetrix

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 850 million monthly transactions and protects more than 210 million active user accounts across 3,000 customers and 15,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

© 2014 ThreatMetrix. All rights reserved. ThreatMetrix, TrustDefender ID, TrustDefender Cloud, TrustDefender Mobile, TrustDefender Client, the TrustDefender Cybercrime Protection Platform, ThreatMetrix Labs, and the ThreatMetrix logo are trademarks or registered trademarks of ThreatMetrix in the United States and other countries. All other brand, service or product names are trademarks or registered trademarks of their respective companies or owners.

Media Contacts
Dan Rampe
ThreatMetrix
Tel: 408-200-5716
Email: drampe@threatmetrix.com

Beth Kempton
Walker Sands Communications
Tel: 312.241.1178
Email: beth.kempton@walkersands.com

 

 

ThreatMetrix Survey: E-Commerce Execs See Mobile Attacks a Leading Business Threat

Posted on September 24th, 2014 by Dan Rampe

Quote

Fully 25 Percent of E-Commerce Executives Surveyed Put Mobile Attacks as One of Their Top Threats

Did you know Apple sold 10 million new iPhones the first weekend they were available? You did? We only bring it up because the buzz around iPhone is just the latest sign that mobile is growing at an unbelievable pace and that the bad guys are well aware that the money is now in mobile.

Alisdair Faulkner, chief products officer, ThreatMetrix

“There has been a significant shift in consumer activity on mobile devices that is causing major security concerns among businesses across all industries,” said Alisdair Faulkner, chief products officer at ThreatMetrix. “Recent data from the ThreatMetrix Global Trust Intelligence Network (The Network) shows top threats facing mobile apps and browsers include account creation, login and payment fraud. As mobile usage increases, specifically on enterprises’ mobile-based apps, businesses need to do everything in their power to protect customers from account takeover, fraudulent transaction and other related security risks.”

The Network is made up of more than 210 million active user accounts. In 2013, mobile represented one third of total traffic. By the end of 2014, it’s projected to increase to 50 percent.

A shift in consumer behavior

There’s been a shift in consumer behavior. Today 86 percent of users’ time on mobile devices is spent on apps with only 14 percent spent on Web browsers. The problem is many businesses’ mobile apps are not secure enough to handle the increased usage. Done in conjunction with TechValidate, ThreatMetrix’s recent survey shows that 25 percent of executives who use the ThreatMetrix TrustDefender Cybercrime Protection Platform believe mobile attacks are a leading threat to their businesses and customers.

Other priority threats

According to the survey, other threats mentioned by e-commerce executives were fraud losses (91 percent) and fraudulent account creation (49 percent).

“Fighting fake account creation is something we take seriously, always working on improving our strategies and trying new ideas,” said a chief technology officer at a medium-sized enterprise consumer products company. “ThreatMetrix has been most effective, and we see the impact directly in the metrics we monitor. The clearest gain was when we were able to launch ThreatMetrix directly in our mobile applications and saw the immediate drop off of fake account creation.”

New technology brings new concerns

The addition of near field communications (NFC) technology and Apple Pay brings new mobile security concerns to brick-and-mortar as well as online retailers.

“While the use of Apple Pay with NFC technology will cut down on opportunities to copy card data in-store, more data breaches are expected until the U.S. rolls out end-to-end encryption,” said Faulkner. “Additionally, the increase of secure in-store transactions will likely push even more fraud online, into the most vulnerable channel, where there is no card, person or physical device present.”

Using advanced fraud prevention and context-based authentication can help identify good users and protect customers without adding additional steps to the authentication process. The Network analyzes more than 850 million monthly transactions and combines device identification, threat assessments, identity and behavioral intelligence to accurately identify cybercriminals without creating friction for good users.

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 850 million monthly transactions and protects more than 210 million active user accounts across 3,000 customers and 15,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

 

 

Learning from the Home Depot and Target Breaches

Posted on September 23rd, 2014 by Dan Rampe

Home Depot

How Banks Are Reacting In the Wake of the Home Depot Disaster. How Breaches Affect Consumers. And What Was Learned from Target’s Response?

Natural disasters such as tornadoes, hurricanes and earthquakes or man-made disasters like major data breaches share one thing. When they’re over, somebody has to clean up the mess and attempt to put things right. In her thoughtful and far-ranging piece on forbes.com, Paula Rosenblum explores how it’s believed the Home Depot breach was carried out, what was learned from the Target breach experience that might be applied to this latest breach, how banks and consumers are reacting and much more. The following has been excerpted from Rosenblum’s article and edited to fit our format. You may find the complete story by clicking on this link.

Skimming

The technique [the cybercriminals] used to grab the data was similar to, but not identical to the one used at Target.  It’s called “skimming,” and can take several forms. In earlier days, thieves would place a hardware chip inside payment terminals and capture the keystrokes entered during every transaction. Now, they’ve written software to grab the data as it comes in. We know how the thieves got into Target’s main systems in the first place.  Thus far, the technique they used to get into Home Depot’s network has not been exposed, nor have the techniques they used to exfiltrate (remove) the data from Home Depot’s systems been revealed.

The bad guys got there first

Sadly, Home Depot had already started taking steps to mask (or encrypt) the data as it passed through these credit card terminals, but the crooks beat them to the punch.  This is a familiar story…institutions improve security methods, but criminals evolve faster.

Target — not a good role model

The question being asked now is What will consumer response be?”  By all accounts, Target handled its data breach badly. Rather than replace potentially compromised co-branded “Red” debit and credit cards, it opted to put dollar limits on suspect debit cards in the middle of the shopping season.  Shoppers often learned this as they were checking out of another store, preparing to pay for holiday gifts.

This was the worst possible response given the time of year. The enmity against Target can still be seen in the comments section of any piece that discusses data security, or even mentions the word “Target.” So what’s the right approach?

A better approach

I spoke with Jon Delano, a reporter for …CBS affiliate KDKA [who said] a small regional bank, Dollar Bank, acted quickly to replace all the potentially affected customer cards.  The [Wall Street Journal] reports that J.P. Morgan Chase and Capital One have already started replacing cards as well.

Pick your poison

In truth, in times like these, a consumer and a bank have to pick their poisons.  It costs banks money to replace cards.  And when you’re talking about 36 MILLION cards, you’re talking about a lot of money.  And it’s not all that much fun for consumers to replace their cards either.

Mr. Delano observed how inconvenient it is for consumers when their credit card numbers are changed. One of the ironies of today’s “omni-channel world” is that consumers have credit numbers on file at all kinds of institutions, for all kinds of payments.  From electric companies, to retailers like Amazon.com, consumers are exhorted to “go paperless,” “pay electronically,” anything that will insure payments come in on time and that they won’t have to look up credit card information every time they make a purchase.

While Dollar Bank has opted to pick the inconvenience, Mr. Delano reports the PNC Bank…is taking a “wait and see” approach….

This is the decision banks have to make now:  issue new cards which will be costly and create an inconvenience for customers, or wait and see, and risk serious consumer backlash.

Uh-oh, are we talking conspiracy theory?

Meanwhile, the timing of this breach is interesting, because it comes just after the introduction of Apple Pay. Suddenly, with this breach, the notion of not exposing credit card information to individual retailers, regardless how large, starts to seem appealing to shoppers.

Banks are certainly lining up behind the initiative.  Since roll-out, Chase, Bank of America, Citi and others have all thrown their full support behind Apple Pay. While banks may be ambivalent about their response to credit card theft, they’re very un-ambivalent about Apple Pay.  After all, just like the use of debit cards has eliminated a boatload of paper check processing, the use of mobile payment technologies has the potential to eliminate a lot of plastic. A cardless world seems more interesting by the day.

But that’s the future. Today, we’re dealing with a real data security problem. At the end of the day, the consumer will cast the final vote. Some banks are taking calculated risks.  Others are just paying the money, replacing cards and carrying on.

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 850 million monthly transactions and protects more than 210 million active user accounts across 3,000 customers and 15,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

 

 

KorBanker at Core of New Mobile Bank Attacks

Posted on September 23rd, 2014 by Dan Rampe

Malware

KorBanker Malware App Accesses SMS Text Messages, Steals Info and Sends It on to Remote Servers for Cybercriminals to Retrieve

First used in Korea, the KorBanker malware app proved to be effective at stealing passwords, two-factor authentication passcodes and other sensitive data.

KorBanker steals anything “not nailed down”

In his piece on crn.com (link to article), Robert Westervelt cites a researcher who’s been tracking KorBanker attacks over the last eleven months. Researcher Hitesh Dharmdasani said that in the latest round of attacks in August, KorBanker infected more than 1700 devices. In one fifty-five day period, Dharmdasani and his fellow researchers discovered 10,000 SMS messages from nearly 100 devices. The messages contained two-factor authentication codes from social networks and other services, passwords to VPN services and location sharing and mobile banking information.

Dharmadasani noted that, “Since such information can potentially be used to access corporate networks, mobile malware plays an important role in the newly evolving multivector threat landscape.”

Mobile threats growing fast at unprecedented rate

According to several recent reports, mobile threats, which are widespread in Eastern Europe and Asia, are growing around the world. One report stated that mobile malware and high-risk apps numbered 2 million in the first half of 2014 and are growing at a rate of 170,000 apps per month.

Watch what you download

Bob Coppedge, owner of Simplex-IT, an Ohio managed service provider, observes that people have to be more aware of the apps they’re downloading. “I don’t really know how a flashlight app works, but I know it doesn’t need to have access to who my contacts are or require a password to function. Millions of consumers are giving up their security and privacy by blindly installing applications, and it may have a future impact on data protection.”

Adware may be greatest threat

A report by San Francisco-based Lookout Mobile Security said the greatest threat to U.S. mobile device owners is adware that relies on device data, such as location for display ads.

So, which countries have the most malicious mobile app downloads? Israel is number one, followed by Vietnam, China and South Korea according to another security company report which attributes the number of malicious downloads to the pirating of apps.

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 850 million monthly transactions and protects more than 210 million active user accounts across 3,000 customers and 15,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

 

 

 

 

 

 

 

Apple’s Second Launch: User Privacy

Posted on September 22nd, 2014 by Dan Rampe

Tim Cook

CEO Tim Cook “Launches” into Rant on Companies That Collect and Sell Data on Their Customers. Points to Google and Facebook.

In an interview with Charlie Rose, Apple’s CEO may have been talking about how Apple is better at protecting customers’ privacy, but he sure wasn’t private about his feelings toward some competition.

Juxtaposing Apple, which he says only sells products, against internet companies that make their money “collecting [and selling] gobs of personal data” Cook suggested Apple would do a better job of protecting user privacy.

In his piece on venturebeat.com (link to article), Gregory Ferenstein says Cook may have been a bit prickly (our word not Ferenstein’s) about the subject of privacy because of last month’s iCloud hack resulting in nude pix of female celebs circulating all over the internet. And, Ferenstein notes a possible link between that event and Apple Pay, Apple’s new credit card transaction payment system. Ferenstein observed that, “Purchase data is perhaps the most personal data of all, and Cook was out to assure the public that the new system won’t actually keep any data, so it would be impossible for a government agency (or a hacker) to steal it from Apple’s servers.”

So why is Apple better at protecting customer data than, say Google? Maybe Rose and Cook will discuss that in a future interview. Till then, here is Cook’s riff on Apple vs. Google, Facebook, et al. when it comes to money and data:

Our business is not based on having information about you. You’re not our product. Our product are these [points to iPhone], and this watch, and Macs, and so forth. And so we run a very different company.

I think everyone has to ask, how do companies make their money? Follow the money. And if they’re making money mainly by collecting gobs of personal data, I think you have a right to be worried. And you should really understand what’s happening to that data, and the companies — I think — should be very transparent.

If you want to use an Apple product, you pay Apple from your own bank account and you’re the customer. But if you’re using products from Google, Facebook and much of the ad-supported information economy, advertisers are the customers — and you’re the product. The more valuable data they can extract from you, the more money their customers (advertisers) will pay.

“I’m offended by lots of it,” said Cook of the way the Information economy operates.

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 850 million monthly transactions and protects more than 210 million active user accounts across 3,000 customers and 15,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

 

 

ThreatMetrix Wins Two Gold Awards in the 6th Annual 2014 Golden Bridge Business Awards

Posted on September 19th, 2014 by Dan Rampe

Company Named Gold Winner in “Innovative Company of the Year” and “Integrated Security (Software) Innovation” Categories

San Jose, CA – September 19, 2014 – ThreatMetrix®, the fastest-growing provider of context-based security and advanced fraud prevention solutions, recently earned two Gold Awards at the 2014 Golden Bridge Awards for “Innovative Company of the Year” and “Integrated Security (Software) Innovation” for the ThreatMetrix TrustDefender™ Cybercrime Protection Platform.

The coveted annual Golden Bridge Awards program encompasses the world’s best in organizational performance, innovations, products and services, executives and management teams, women in business and the professions, innovations, case studies, product management, public relations and marketing campaigns, and customer satisfaction programs from every major industry in the world. Organizations from all over the world are eligible to submit nominations including public and private, for-profit and non-profit, largest to smallest and new start-ups.

More than 40 judges from a broad spectrum of industry voices from around the world participated and their average scores determined the 2014 Golden Bridge Business Awards winners. The winners were honored during the awards dinner and presentation in San Francisco attended by the finalists, industry leaders, and judges.

“We’re honored to have received this industry recognition and two Gold Awards,” said Bert Rankin, chief marketingofficer at ThreatMetrix. “Innovation is what drives our business and industry acceptance of our ThreatMetrix TrustDefender Cybercrime Protection Platform. Our focus is to help businesses fight cybercrime and build trust on the Internet by enabling them to not only keep out the bad players, but also to protect and streamline the online experience for trusted employees and customers.”

The TrustDefender Cybercrime Protection Platform leverages analytics from the ThreatMetrix™ Global Trust Intelligence Network, which profiles tens of millions of users and their devices every day to differentiate between authentic and suspicious transactions. This enables the platform to go beyond traditional measures of cybercrime protection, such as malware and device identification, creating a comprehensive persona of each user attempting an online transaction.

Additional ThreatMetrix 2014 awards include:

  • Named “100 Most Promising Technology Companies in the U.S.” by CIOReview
  • Recognized as a Silver Winner in the “Enterprise Product of the Year – Software” Category by the Best in Biz Awards 2014 International
  • Named to the 2014 AlwaysOn Global 250 Top Private Companies List
  • Named to the 2014 Lead411 Hottest Companies in Silicon Valley list
  • Products Guide (NPG) 2014 Hot Companies and Best Product Award Winner for the “Best Products and Services – Information Security and Risk Management” category and also in the “Best Products and Services – Security Software” category.
  • Judges Choice for Best Overall Fraud/Security Solution at the 2014 CardNotPresent.com (CNP) Awards for the ThreatMetrix TrustDefender Cybercrime Protection Platform
  • A 2014 Info Security Products Guide Global Excellence Award for Most Innovative Company of the Year (Security)
  • 2014 Cyber Defense Magazine Award Winner in 2 Categories: Most Innovative Anti-Malware Appliances Solution & Best Product Network Access Control Solution

ThreatMetrix Resources

About the Golden Bridge Awards

Golden Bridge Awards are an annual industry and peers recognition program honoring best companies in every major industry from large to small and new start-ups in North America, Europe, Middle-East, Africa, Asia-Pacific, and Latin-America, Best New Products and Services, Best Innovations, Management and Teams, Women in Business and the Professions, Case Studies, Customer Satisfaction, and PR and Marketing Campaigns from all over the world. Learn more about The Golden Bridge Awards at www.goldenbridgeawards.com

About ThreatMetrix

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 850 million monthly transactions and protects more than 210 million active user accounts across 3,000 customers and 15,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

© 2014 ThreatMetrix. All rights reserved. ThreatMetrix, TrustDefender ID, TrustDefender Cloud, TrustDefender Mobile, TrustDefender Client, the TrustDefender Cybercrime Protection Platform, ThreatMetrix Labs, and the ThreatMetrix logo are trademarks or registered trademarks of ThreatMetrix in the United States and other countries. All other brand, service or product names are trademarks or registered trademarks of their respective companies or owners.

Media Contacts
Dan Rampe
ThreatMetrix
Tel: 408-200-5716
Email: drampe@threatmetrix.com

Beth Kempton
Walker Sands Communications
Tel: 312.241.1178
Email: beth.kempton@walkersands.com