Visa, MasterCard: Different Paths. Same Destination.

Posted on February 26th, 2015 by Dan Rampe

Visa and Mastercard

Beyond EMV, Industry Giants Look to Upgrade Security Measures to Improve Protection for Shoppers and Merchants

Coming this spring to a store near you – better protection from fraud and theft. At least that’s what Visa and MasterCard are hoping to accomplish with two new programs.

In her story on consumerist.com, Kate Cox describes the technology each company is planning to introduce. The following has been excerpted from Cox’s piece and edited to fit our format. You may find the full article by clicking on this link.

MasterCard’s two-pronged approach

One element is a program called MasterCard Safety Net. The company claims … that Safety Net “provides an independent layer of security on top of the tools and policies of financial institutions, by monitoring and blocking specific transactions based on selected criteria.”

The company promises, “Safety Net is designed to intervene only in extreme cases to block fraudulent activity.”

Biometrics

The other half of MasterCard’s strategy is biometrics. The company is pairing with First Tech Federal Credit Union to work on a pilot program that will allow customers to use unique identifiers — including face, fingerprint, and voice matching — to authenticate and verify transactions.

EMV transition going well

MasterCard reports that the transition is “well underway”, with half of all cards and just under half (47%) of all point-of-sale terminals projected to be chip-enabled by the end of 2015.

Visa takes a different approach that works like Apple Pay

Where MasterCard is focusing on making the customer prove a charge is authorized, Visa is working on scrambling information that might be stolen, so [that thieves can’t use it.].

[Called] the Visa Token Service, [it] works in basically the same way Apple Pay does (in fact, it’s part of Apple Pay): instead of transmitting your 16-digit card number, expiration date, and security code, Visa instead shares a unique number — your token — with the merchant getting paid.

If someone intercepts the transmission or the system and manages to yank that token, all they have is a string of numbers. It’s not a thing that can be cloned onto a new payment card or used in any meaningful way.

Beyond mobile

What’s new about it is that Visa is trying to expand the Token Service out of just mobile payments, and into traditional online retailers as well. When your credit card is stored on the site of a merchant you regularly shop with, that’s a weakness: anyone who breaches that database has…everything they need to commit fraud on your card. But if the merchant stores a random token in your account information, instead of your credit card number, that data once again becomes meaningless to thieves even while it remains convenient to consumers.

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 850 million monthly transactions and protects more than 210 million active user accounts across 3,000 customers and 15,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

 

 

 

 

 

ThreatMetrix to Speak and Exhibit Context-Based Security Solutions at 2015 BAI Payments Connect Conference

Posted on February 25th, 2015 by Dan Rampe

BAI Payments

 

Alisdair Faulkner, Chief Products Officer, to Participate in a Panel on Strategies for Combatting Payment Fraud Using Enhanced Tools and Technology

San Jose, CA – February 25, 2015 – ThreatMetrix®, the fastest-growing provider of context-based security and advanced fraud prevention solutions, today announced it is speaking and exhibiting at the BAI Payments Connect Conference, March 2-4 at Phoenix Convention Center West Building in Phoenix, Ariz.

BAI Payments Connect Conference is a one-of-a-kind event that focuses on helping companies keep pace with and adapt to today’s fast-track complex payments space. More than 700 innovative payments professionals and solution providers will converge to focus on current issues, challenges and opportunities in the payments space. Participants can attend expos, demo sessions and the second-annual digital day, which will focus on how to take a business into the digital world. This year, attendees will have the opportunity to vote for their favorite, most innovative demo presentation, and the organization with the most votes will be the BAI Payments Innovation Track Award winner.

ThreatMetrix will exhibit its context-based security solutions at booth 301, giving attendees an opportunity to view its alternatives to outdated legacy-based customer authentication solutions. Additionally, Faulkner will participate in a panel discussion on Tuesday, March 3 from 9:45 a.m. – 10:45 a.m. MST in room 106A, focusing on “Combatting Payment Fraud through Enhanced Tools and Technology,” alongside several noted payments industry security experts.

”Payments professionals work solely in the transfer of money, meaning their business is one of the biggest targets for cybercriminals,” said Faulkner. “Unfortunately, many businesses within the industry rely on security solutions that create friction by authenticating returning customers and failing to recognize them based on minor changes in their environment – such clearing their cookies or changing browsers, for example. At the BAI Conference, attendees will learn about ThreatMetrix’s context-based authentication capabilities, which offer secure, cost effective and frictionless user access for the payments industry through real-time behavior and contextual analytics derived from analyzing billions of global transactions.”

ThreatMetrix recently began an initiative to offer alternatives to outdated authentication solutions for banks and financial institutions that includes solutions for financial services institutions to provide frictionless customer logins that decrease operational costs and improve cybercrime detection. The goal of many online and mobile banking institutions is to ensure a top-notch customer experience and increase revenue. ThreatMetrix’s growing shared global intelligence network delivers secure, accurate authentication in real time to reduce user friction and ensure a high-level of customer satisfaction.

“The payments industry is booming right now, mobile transactions are doubling year over year and our focus is to support this growth with transparent fraud solutions that don’t interfere with business,” said Faulkner. “ThreatMetrix is committed to rapid evolution in order to keep pace with the industry by leveraging a collective approach to cybersecurity to combat payment fraud. I am very excited to discuss the growth and success of our global shared network with BAI attendees at this year’s conference.”

ThreatMetrix authenticates customer payments using real-time identity and access analytics that leverage the power of the ThreatMetrix® Global Trust Intelligence Network (The Network), the world’s largest shared intelligence network. The solution protects financial Web and mobile applications against account takeover, payment fraud, and fraudulent account registrations as a result of stolen credentials obtained from malware, social engineering, phishing and data breaches.

For more information on the BAI Payments Connect Conference, click here.

ThreatMetrix Resources

About ThreatMetrix

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations resulting from malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 850 million monthly web and mobile transactions protecting more than 210 million active user accounts across 3,000 customers and 15,000 websites and mobile applications.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

© 2015 ThreatMetrix. All rights reserved. ThreatMetrix, TrustDefender ID, TrustDefender Cloud, TrustDefender Mobile, TrustDefender Client, the TrustDefender Cybercrime Protection Platform, ThreatMetrix Labs, and the ThreatMetrix logo are trademarks or registered trademarks of ThreatMetrix in the United States and other countries. All other brand, service or product names are trademarks or registered trademarks of their respective companies or owners.

Media Contacts
Dan Rampe
ThreatMetrix
Tel: 408-200-5716
Email: drampe@threatmetrix.com

Beth Kempton
WalkerSands Communications
Tel: 312.241.1178
Email: beth.kempton@walkersands.com

ThreatMetrix Demos Alternatives to Outdated Legacy Authentication Solutions at BAI Payments Connect 2015

Posted on February 25th, 2015 by Dan Rampe

 

BAI Payments

 

Plus Security Experts Join ThreatMetrix’s Alisdair Faulkner for a Panel on “Combatting Payment Fraud through Enhanced Tools and Technology”

More than 700 payments professionals and solution providers will attend BAI Payments Connect 2015 from March 2-4 at Phoenix Convention Center West Building in Phoenix, Arizona. A one-of-a-kind event concentrating on current issues in the payments space, BAI Payments Connect provides the opportunity to attend expos, panel discussions and demo sessions. In addition attendees can take part in the second-annual digital day, focusing on how to take a business into the digital world.

The most innovative demo

This year, attendees can cast their vote for their favorite, most innovative demo presentation. And the organization with the most votes will be the BAI Payments Innovation Track Award winner.

ThreatMetrix will exhibit at booth 301

ThreatMetrix recently began an initiative offering alternatives to outdated authentication solutions for banks and financial institutions (including financial services institutions). These solutions provide frictionless customer logins that lower operational costs and improve cybercrime detection.

ThreatMetrix will be exhibiting its context-based security solutions at booth 301 offering an opportunity for attendees to view the company’s alternatives to outdated legacy-based customer authentication solutions.

Alisdair Faulkner, Chief Products Officer, ThreatMetrix in panel discussion

Joined by other noted security experts, Alisdair Faulkner will participate in a panel discussion on Tuesday, March 3 from 9:45 a.m. – 10:45 a.m. MST in room 106A. As noted in the headline, the discussion is about “Combatting Payment Fraud through Enhanced Tools and Technology.”

”Payments professionals work solely in the transfer of money, meaning their business is one of the biggest targets for cybercriminals,” said Faulkner. “Unfortunately, many businesses within the industry rely on security solutions that create friction by authenticating returning customers and failing to recognize them based on minor changes in their environment – such clearing their cookies or changing browsers, for example. At the BAI Conference, attendees will learn about ThreatMetrix’s context-based authentication capabilities, which offer secure, cost effective and frictionless user access for the payments industry through real-time behavior and contextual analytics derived from analyzing billions of global transactions.”

Shared global intelligence

ThreatMetrix’s growing shared global intelligence network delivers secure, accurate authentication in real time to reduce user friction and ensure a high-level of customer satisfaction. ThreatMetrix is able to authenticate customer payments using real-time identity and access analytics that leverage the power of the ThreatMetrix Global Trust Intelligence Network (The Network), the world’s largest shared intelligence network. The solution protects financial Web and mobile applications against account takeover, payment fraud, and fraudulent account registrations as a result of stolen credentials obtained from malware, social engineering, phishing and data breaches.

Faulkner on ThreatMetrix solutions for the payments industry

“The payments industry is booming right now, mobile transactions are doubling year over year and our focus is to support this growth with transparent fraud solutions that don’t interfere business,” said Faulkner. “ThreatMetrix is committed to rapid evolution in order to keep pace with the industry by leveraging a collective approach to cybersecurity to combat payment fraud. I am very excited to discuss the growth and success of our global shared network with BAI attendees at this year’s conference.”

For more information on the BAI Payments Connect Conference, click here.

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations resulting from malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 850 million monthly web and mobile transactions protecting more than 210 million active user accounts across 3,000 customers and 15,000 websites and mobile applications.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

 

Score: mCommerce 42 – eCommerce 13

Posted on February 24th, 2015 by Dan Rampe

Mobile Commerce

CAGR (Compound Annual Growth Rate) Has Mobile Commerce Growing at 3X the Rate of eCommerce 42 Percent to 13 Percent

Research conducted by PayPal in conjunction with market research firm, Ipsos, found that from 2013 to 2016, the multi-country average CAGR for mCommerce is projected to be 42 percent as opposed to 13 percent for eCommerce (including mobile commerce).

ThreatMetrix’s Alisdair Faulkner predicted mCommerce’s rapid growth and warned of possible dangers

The growth in mCommerce was hardly a surprise to Alisdair Faulkner, chief products officer at ThreatMetrix. In a news release titled, Mobile Will Represent More Than Half of Transactions During the 2015 Holiday Season: ThreatMetrix Outlines Cybercrime Predictions for the New Year to Help Companies Protect Against Growing Threats, Faulkner wrote, “Consumers are far more comfortable shopping on mobile devices than they were even a year ago, and that trust is going to continue to grow.” He warned however that “many businesses face difficulties determining the authenticity of mobile transactions through hidden cookies and geo-location data. Leveraging a global network of trust intelligence enables businesses to differentiate between previously authenticated users and potential fraudsters and will be the best way to protect sensitive information and customers against cybercrime in 2015.”

The PayPal-Ipsos study

An article on thepaypers.com reports on the PayPal-Ipsos study which examined the mobile commerce habits of 17,600 consumers in 22 countries. The following has been excerpted from thepaypers.com piece and edited to fit our format. You may find the full article by clicking on this link.

From 1 percent in 2011 to 20 percent in 2015

Mobile payment volume has grown significantly from 2011. Currently, mobile accounts for 20% of its overall purchase volume worldwide, from 1% in 2011. In the US, mobile commerce is anticipated to grow from USD 54.6 million in 2014 to USD 96.3 million in 2016. Compared to the roughly 9% – 11% y-o-y increase in ecommerce, m-commerce in the US has a projected growth rate of 26% to 32% each year through 2016. Globally, mobile commerce is estimated to grow from roughly USD 102 billion in 2013 to roughly USD 291 billion in 2016.

mCommerce: rapidly growing in popularity around the globe

In the UAE, mobile shopping makes up for 24% of overall online spending. In China, that number is 21% and Turkey is in the third place, at 19%. In terms of smartphone-shopping density, more than 68% of Chinese online consumers said they have used their mobile devices to make purchases on a smartphone in 2014. The number is only slightly lower for UAE shoppers, at 57%, and 53% for Turkish consumers. In the US, 31% of consumers report that they have used their smartphones to shop in the past 12 months.

18-34 demographic

Overall, a third of online shoppers surveyed said they have used their smartphone for making an online purchase in the past 12 months. The increase in mobile shopping is being driven by smartphone shoppers between the ages of 18-34 (59% of smartphone shoppers in that age bracket reported using mobile to shop online). When comparing individual companies to the overall global average of 33%, the US figures report 31%, placing the US behind the UK (33%), France (36%), Spain (34%), Switzerland (32%), Russia (34%), Israel (37%), Turkey (53%), Ukraine (57%), Brazil (34%), Mexico (46%), Australia (33%) and China (68%).

Apps vs. browsers

Globally, 64% of smartphone users reported using an app for purchases as opposed to the 52% who used mobile browsers. The reasons cited for that are convenience and speed. Convenience was cited by 35% of users and speed by 30%. Instant payment confirmation and having a reminder in the app to use discounts or coupons were two other major reasons cited by those surveyed.

In terms of actual mobile shopping behaviors today, 36% of consumers say they use mobile to get info on a product, 27% use mobile to find a business and 25% use devices to read reviews on particular stores or products. But consumers revealed that, in the future, they are interested in using their smartphones for more mobile-centric tasks. For example, consumers said that they would be interested in using tap and pay at the register with their smartphone (16%), mobile ordering through app or browser (15%), and to compare prices while shopping in stores (14%).

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 850 million monthly transactions and protects more than 210 million active user accounts across 3,000 customers and 15,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

 

 

What’s Happening with Mobile Device Payments Is Criminal

Posted on February 23rd, 2015 by Dan Rampe

Mobile Devices

Mobile Device Fraud Makes Up a Disproportionate Share of the $6 Billion Fraud Costs Merchants and Card Issuers in the U.S. Each Year

Forrester Research says mobile payments accounted for $52 billion worth of U.S. transactions in 2014, up from $32 billion in 2013. And this year that number is expected to hit $67 billion.

A LexisNexis survey of 1,100 companies found that while mobile payments account for 14 percent of transactions among merchants, they make up 21 percent of fraud cases. In her story on bloomberg.com, Olga Kharif details how cyberthieves have continued to shift their focus to mobile devices. The following has been excerpted from her piece and edited to fit our format. You may find her complete article by clicking on this link.

More mobile fraud than on PCs

“We certainly see a surge in mobile payment attacks,” says Tomer Barel, chief risk officer at PayPal, who says his company deals with more cases of fraud on mobile devices than on PCs. “There are many more avenues for fraudsters to try.”

Every dollar of mobile fraud costs merchants $3.34

Each dollar worth of misbegotten mobile payments winds up costing a fooled merchant $3.34. That’s slightly more than the cost of a fraudulent credit card swipe or mail order, 27 percent more than a similar payment made from a PC.

Merchants aren’t equipped to handle mobile fraud

Along with the cost of lost merchandise, the total includes investigation of the fraud. That’s tougher on phones than on PCs, because many businesses aren’t equipped to track mobile devices’ unique identifiers such as IP addresses. Stores often don’t catch when a card issued in Los Angeles is used for a mobile order from Mexico, says Aaron Press, director of e-commerce and payments at LexisNexis Risk Solutions. “It’s kind of a wake-up call,” he says.

Lower-tech fraud

Some mobile fraud remains low-tech. Last year, the Better Business Bureau warned consumers about a scam in which people posted absurdly cheap offers for used cars online, then tricked interested buyers into wiring funds through a phony version of Google Wallet.

Higher-tech fraud

Other frauds are more technical, such as the hackers who found a bug in a Chilean public transportation app that let them top off their travel credits for free.

The weak link

Like the brief flurry of duplicate charges that accompanied Apple Pay’s debut in October, such glitches highlight the vulnerability inherent in a system that requires banks, card networks, and software makers to keep pace with thieves. “If you don’t make the proper investment, they’ll be attracted to the weakest link,” says PayPal’s Barel.

Biometrics may stop some cybercriminals

Smartphone operating systems, at least, are tougher to infiltrate than those of PCs. Phones with biometric sensors can also make a person’s identity tougher to steal. Mobile payment service LoopPay says it’s adding support for biometric features such as Apple’s fingerprint reader, despite hackers’ claims that they can fool the iPhone’s sensor. Rival CurrentC says it’s considering similar measures….

“There’s no perfect system,” says Will Graylin, chief executive officer of LoopPay. “It’s always a game of cat and mouse.”

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 850 million monthly transactions and protects more than 210 million active user accounts across 3,000 customers and 15,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

 

 

A Billion Records Compromised in a Record-Breaking Year

Posted on February 19th, 2015 by Dan Rampe

Data Breach

Security Experts Discuss What Lessons Were Learned from 2014’s Data Breach Deluge

To be exact, there were 904 million records compromised in 2014, a record-breaking year in every sense of the word “record.” While a great deal was lost monetarily and even psychologically, i.e., a feeling of security, a great deal was learned as well. In a far-ranging piece on cio.com, Steve Ragan has security experts offer up their observations on what organizations can take away from a very tough learning experience. The following has been excerpted from his article and edited to fit our format. You may find the complete, unedited article by clicking on this link.

Like candy from a baby

Thus, this year’s security problems have taught organizations a valuable lesson when it comes to protecting the supply chain and offering awareness training to staff and vendors. From phishing to weak third-party access, criminals walked in through the backdoor, and out the front, with relative ease.

Difficult to defend

“Businesses today have a maze of complex dependencies on outside service providers and suppliers. This makes a complex attack surface, and that in turn makes defenses weak. The more complex our infrastructure, the harder it is for defenders to see it all and understand its weaknesses,” commented Dr. Mike Lloyd, CTO at RedSeal.

Multiple baskets

Another lesson learned this year centers on keeping all of one’s eggs in a single basket. As mentioned, twenty incidents reported in 2014 exposed one million records or more in each instance, but three of them resulted in the compromise of a combined 489 million records.

Adam Kujawa, head of Malware Intelligence at Malwarebytes Labs, said that the JPMorgan Chase breach was a perfect example of how the damage from an incident can be reduced by segmentation. “Attackers were able to steal millions of customer’s personal information such as names, emails, addresses, etc. However, they were unable to steal the actual financial data. That kind of data was hidden away behind another layer of security and one that was apparently impossible for attackers to get to,” Kujawa said.

“If all organizations used practices similar to that, then regardless of a breach, there would be a lot less damage in the aftermath.”

No longer a luxury

“Today, [security is] rapidly shifting to an imperative – auditors look for it, regulators demand it, and customers expect it. Cost is no longer the limiting factor – boards are willing to spend money to steer clear of the wrong kind of news coverage. The limiting factor is complexity – you can’t segment what you can’t map, and too many organizations have effectively lost the blueprints of the infrastructure they run their businesses on,” he explained.

Criminals prefer personal information

Criminals are starting to favor PII over financial information, because it’s easier to sell and leverage. To put it simply, the banks are making it harder to use stolen credit card details due to anti-fraud advancements.

Michele Borovac, VP at HyTrust, pointed out that while it’s relatively easy to cancel a credit card, it’s much harder to track down and recover your identity if it’s stolen. “Attackers with a few pieces of personal information can parlay that data into new credit card applications, online account access and many other nefarious – but lucrative – activities,” Borovac said.

Big data big breach

“Big Data leads to Big Theft,” said Dr. Lloyd. “Cyber criminals are savvy about risk vs. reward – if we make big piles of data, they are willing to put in more effort to get in to take it.”

HyTrust’s Borovac agrees:

“The primary reason that we’re seeing breaches of this magnitude is that data and applications are becoming more concentrated. As organizations consolidate and virtualize data centers, it becomes easier for someone who gets in to get everything.”

Lessons are lost on some

Despite the fact that 2014 was a record setting year for data breaches, for most organizations security is still an after-the-fact, bolted-on additive.

“Security professionals at heart have known for over a decade now that security, like all business practices, is ultimately dictated by ROI. Until companies feel that they will lose customers due to security concerns, there is no good business reason to address them with the same attention that they do sales or any other income-generating business infrastructure piece,” said Carl Vincent, security consultant at Neohapsis.

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 850 million monthly transactions and protects more than 210 million active user accounts across 3,000 customers and 15,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

 

 

 

 

ThreatMetrix Named to OnCloud’s “Top 100” and CEO Tapped as Keynote for OnCloud 2015 Summit

Posted on February 17th, 2015 by Dan Rampe

Standard-Header-Reed

A Panelist at the Annual AlwaysOn Summit, ThreatMetrix CEO Reed Taussig Will Deliver His Keynote Speech on Security in the Cloud

AlwaysOn’s OnCloud 2015 Summit will take place at the College of San Mateo (San Mateo, CA) on February 26, 2015. The Summit brings together “the best and the brightest” including top entrepreneurs, investors, and corporate players in the business-to-business application and cloud infrastructure space to discuss and debate the future of cloud technology.

Reed Taussig’s keynote

Titled “Global Shared Intelligence: The Best Solution to Combat Cybercrime,” Taussig’s keynote presentation will take place at 11:30 a.m. PST. Over the course of his speech, he’ll be providing an overview of the current cybercrime landscape.

Using examples from ThreatMetrix’s TrustDefender Cybercrime Protection Platform, Taussig will show how ThreatMetrix discovered and defeated organized crime rings by leveraging the power of the ThreatMetrix Global Trust Intelligence Network (The Network).

A distinguished panel

Taussig will also be participating in a panel alongside host Aditya Singh, partner at Foundation Capital and co-panelist Barmak Meftah, president and CEO at AlienVault. The subject of the discussion will be “The New Frontier in Cloud Infrastructure” and will take place at 11:45 a.m. PST.

ThreatMetrix’s CEO on global shared intelligence

“The global cybercrime landscape is constantly evolving to include new, more sophisticated threats and the only way to combat these threats is through collective intelligence,” said Taussig. “This isn’t a threat any business or consumer can fight alone. It requires a collective network that leverages data from across a global information base. I’m honored to share what ThreatMetrix has accomplished in the fight against cybercrime by leveraging global shared intelligence with this year’s OnCloud attendees. The OnCloud summit hosts key industry players who can help to make shared intelligence an industry standard.”

ThreatMetrix on OnCloud’s Top 100 private companies list

The annual list honors companies in the B2B applications, management tools, security and infrastructure sectors that are rising to the challenge of bringing the world’s businesses and enterprises into the cloud. This year’s OnCloud 100 companies were selected based on a set of five criteria: innovation, market potential, commercialization, stakeholder value and media buzz. A full list of the OnCloud Top 100 winners is available here.

Validation of our continued innovation

“The OnCloud Top 100 honors companies that take big data and create useful, actionable intelligence from it to make high-powered decisions,” said Taussig. “In the case of ThreatMetrix and The Network, such decisions have the power to stop cybercriminals in real time. ThreatMetrix leverages data from the largest shared intelligence network available to make an immediate and educated decision to differentiate between authentic and fraudulent transactions. Being named to OnCloud’s Top 100 private companies list serves as validation of our continued innovation in advanced fraud prevention and context-based authentication.”

For more information on the OnCloud 2015 summit, click here.

ThreatMetrix has garnered a host of awards. Following are some of the most recent:

  • The Channel Company’s CRN 100 Coolest Cloud Computing Vendors of 2015
  • Gold Stevie in New Product or Service of the Year – Security Solution category and a Silver in the Most Innovative Tech Company of the Year – Computer Software category.
  • Gold for “Innovative Company of the Year” and for “Integrated Security (Software) Innovation” at the 2014 Golden Bridge Business Awards
  • CIOReview100 for the “100 Most Promising Technology Companies in the U.S.”
  • Best in Biz Awards 2014 International Silver for “Enterprise Product of the Year – Software”
  • The AlwaysOn Global 250 Top Private Companies in the “B2B Cloud and Infrastructure” category
  • Lead411’s 2014 “Hottest Companies in Silicon Valley” list
  • Products Guide (NPG) Hot Companies and Best Product Award Winner for the “Best Products and Services – Information Security and Risk Management” category and also in the “Best Products and Services – Security Software” category.
  • Judges Choice for Best Overall Fraud/Security Solution at the 2014 CardNotPresent.com (CNP) Awards for the ThreatMetrix TrustDefender Cybercrime Protection Platform
  • A 2014 Global Excellence Award for Most Innovative Company of the Year (Security)
  • 2014 Cyber Defense Magazine Award Winner in 2 Categories: Most Innovative Anti-Malware Appliances Solution & Best Product Network Access Control Solution

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations resulting from malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 850 million monthly transactions and protects more than 210 million active user accounts across 3,000 customers and 15,000 websites and mobile applications.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

ThreatMetrix Named to OnCloud Top 100 Private Companies and CEO to Speak at OnCloud 2015 Summit

Posted on February 17th, 2015 by Dan Rampe

Standard-Header-Reed

CEO Reed Taussig to Provide Keynote on Security in the Cloud and Participate as a Panelist at Annual AlwaysOn Summit

San Jose, CA – February 17, 2015 – ThreatMetrix®, the fastest-growing provider of context-based security and advanced fraud prevention solutions, today announced its CEO, Reed Taussig, will serve as a keynote speaker and participate in a panel at AlwaysOn’s OnCloud 2015 Summit in San Mateo, Calif. on Feb. 26.

Hosted annually in the heart of Silicon Valley at the College of San Mateo, OnCloud brings together the brightest minds and top entrepreneurs, investors, and corporate players in the business-to-business application and cloud infrastructure space to discuss and debate the future of cloud technology.

Taussig’s keynote presentation on security in the cloud, entitled, “Global Shared Intelligence: The Best Solution to Combat Cybercrime,” will take place at 11:30 a.m. PST. During this presentation, he will provide an overview of the current cybercrime landscape, citing examples from ThreatMetrix’s comprehensive solution, the ThreatMetrix TrustDefender™ Cybercrime Protection Platform, which has been successful in discovering and defeating organized crime rings by leveraging the power of the ThreatMetrix® Global Trust Intelligence Network (The Network). Taussig will also participate in a panel alongside host Aditya Singh, partner at Foundation Capital and co-panelist Barmak Meftah, president and CEO at AlienVault, entitled, “The New Frontier in Cloud Infrastructure,” at 11:45 a.m. PST.

“The global cybercrime landscape is constantly evolving to include new, more sophisticated threats and the only way to combat these threats is through collective intelligence,” said Taussig. “This isn’t a threat any business or consumer can fight alone. It requires a collective network that leverages data from across a global information base. I’m honored to share what ThreatMetrix has accomplished in the fight against cybercrime by leveraging global shared intelligence with this year’s OnCloud attendees. The OnCloud summit hosts key industry players who can help to make shared intelligence an industry standard.”

ThreatMetrix was also recently included in the 2015 OnCloud Top 100 private companies list. The annual list honors companies in the B2B applications, management tools, security and infrastructure sectors that are rising to the challenge of bringing the world’s businesses and enterprises into the cloud. This year’s OnCloud 100 companies were selected based on a set of five criteria: innovation, market potential, commercialization, stakeholder value and media buzz. A full list of the OnCloud Top 100 winners is available here.

“The OnCloud Top 100 honors companies that take big data and create useful, actionable intelligence from it to make high-powered decisions,” said Taussig. “In the case of ThreatMetrix and The Network, such decisions have the power to stop cybercriminals in real time. ThreatMetrix leverages data from the largest shared intelligence network available to make immediate and educated decisions to differentiate between authentic and fraudulent transactions. Being named to OnCloud’s Top 100 private companies list serves as validation of our continued innovation in advanced fraud prevention and context-based authentication.”

For more information on the OnCloud 2015 summit, click here.

ThreatMetrix Resources

About ThreatMetrix

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations resulting from malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 850 million monthly transactions and protects more than 210 million active user accounts across 3,000 customers and 15,000 websites and mobile applications.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

© 2015 ThreatMetrix. All rights reserved. ThreatMetrix, TrustDefender ID, TrustDefender Cloud, TrustDefender Mobile, TrustDefender Client, the TrustDefender Cybercrime Protection Platform, ThreatMetrix Labs, and the ThreatMetrix logo are trademarks or registered trademarks of ThreatMetrix in the United States and other countries. All other brand, service or product names are trademarks or registered trademarks of their respective companies or owners.

Media Contacts
Dan Rampe
ThreatMetrix
Tel: 408-200-5716
Email: drampe@threatmetrix.com

Beth Kempton
WalkerSands Communications
Tel: 312.241.1178
Email: beth.kempton@walkersands.com

 

If Imitation Is the Sincerest Form of Flattery, Facebook Sure Did Flatter Us.

Posted on February 13th, 2015 by Dan Rampe

ThreatExchange

Facebook Launches ThreatExchange for Security Pros to Exchange Info about Cyberthreats

Does the concept of exchanging information about cyberthreats to make everyone safer sound somehow vaguely familiar? You know, like you’ve heard it somewhere before?

Well, how about the name “ThreatExchange?” That remind you of another company name? Like ThreatMetrix® perhaps?

Okay, it’s possible to chalk up Facebook’s latest “idea” to coincidence. Something that looks like a duck, waddles like a duck and quacks like a duck could turn out to be an ugly swan with a sprained ankle and deviated septum. Then, of course, there’s another explanation. It could be Facebook is validating the extremely successful concept pioneered years ago by ThreatMetrix.

In a recent article that appeared in Infosecurity, ThreatMetrix Chief Products Officer Alisdair Faulkner issued this cautionary note: “Shared threat intelligence is essential for stopping the bad guys, you just need to be careful you don’t stop customers as well. Reputation around shared identifiers like IP addresses can be a double edged sword.”

In his piece on mashable.com Rex Santus discusses Facebook’s launch. The following has been excerpted from his piece and edited to fit our format. You may find the full article by clicking on this link.

What a concept!

Doing what it does best, Facebook has created a platform — or a mini-social network, if you will — but this time for cybersecurity specialists. The concept is that researchers and professionals can learn from each other, and help keep everyone’s systems safer.

Been there. Done that.

“Our goal is that organizations anywhere will be able to use ThreatExchange to share threat information more easily, learn from each other’s discoveries, and make their own systems safer,” Mark Hammell, Facebook’s manager of threat infrastructure, wrote in a blog post announcing the project.

Déjà vu “all over again”

Security threats aren’t typically relegated to just one target, and the lack of communication between malware targets ends badly for everyone, according to ThreatExchange. So far, some pretty big-name Internet players have joined Facebook on ThreatExchange, including Bitly, Dropbox, Pinterest, Tumblr, Twitter and Yahoo. The platform expects to attract more partners as time goes on.

The new platform builds on Facebook’s ThreatData, a framework that stores cyberthreat information (such as bad URLs) for analysis by security pros.

A year ago you say?

The idea for ThreatExchange came about a year ago, when Facebook and others were facing a malware spam attack. The social network’s security specialists “quickly learned that sharing with one another was key to beating” the problem, Hammell wrote.

Share and share alike. Not exactly

To quell any fears that potential partners may have about sharing too much information publicly, Facebook said participants can tweak settings to pick and choose with whom they share their information. For example, a company may only want to share sensitive data with another partner that is experiencing the same attack.

An original thought that’s been heard before

“That’s the beauty of working together on security,” Hammell wrote. “When one company gets stronger, so do the rest of us.”

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 850 million monthly transactions and protects more than 210 million active user accounts across 3,000 customers and 15,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

 

 

 

 

 

Healthcare: the Champagne of Hacks

Posted on February 12th, 2015 by Dan Rampe

Anthem

An Anthem Healthcare Breach Could Pay Hackers Ten Times What They Could Hope to Make from a Home Depot Breach

Say you’re a cyberthief — hypothetically speaking. Anyway, you have a choice. You can hack a retailer and steal millions of credit and debit card numbers or you can hack a healthcare company and make off with millions of pieces of personal information — names, birthdates, Social Security numbers, street and email addresses.

Stolen healthcare information pays off better on the black market than credit and debit cards and healthcare companies are, as a rule, not as well protected as retailers. That’s Tim Greene’s contention in his article on cio.com. The following has been excerpted from Greene’s piece and edited to fit our format. You may find the full article by clicking on this link.

Worth more

“Compared to credit card information, personally identifiable information and Social Security numbers are worth more than 10x in price on the black market,” says Martin Walter, senior director at RedSeal. That could be a conservative estimate, according to a report by PwC called “Managing cyber risk in an interconnected world: Key findings from The Global State of Information Security® Survey 2015.”

Complete ID-theft kit could go for a grand

“A complete identity-theft kit containing comprehensive health insurance credentials can be worth hundreds of dollars or even $1,000 each on the black market, and health insurance credentials alone can fetch $20 each; stolen payment cards, by comparison, typically are sold for $1 each,” the report says.

The price differential is due to the ability to use identity information – birth dates, Social Security numbers, addresses, employment information, income, etc. – to open new credit accounts on an ongoing basis rather than exploiting just one account until it’s canceled.

Can be used to access financial records

But that’s not all. “The information attackers were able to access from Anthem are key pieces of data that can be used to access someone’s financial records,” says Eric Chiu, president & co-founder of Hytrust, making it possible to find and drain individuals’ personal cash reserves.

Just a matter of time

[PwC] says this type of massive theft from a health provider should have been expected. “It was only a matter of time until hackers found out that it’s much easier to go after Social Security numbers and personally identifiable information with healthcare providers, which in comparison spend significantly less on security, making them tentatively easier targets.”

Financial losses up

Last year, healthcare providers and payers reported a 60% increase in detected incidents resulting in financial losses jumping 282% over 2013. The possible explanation: attackers are targeting healthcare entities for their patient health data.

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 850 million monthly transactions and protects more than 210 million active user accounts across 3,000 customers and 15,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.