Aladdin Had a Genie. Alibaba Has Mobile Genius.

Posted on May 21st, 2015 by Dan Rampe

Alibaba

Since Going Public, Alibaba Has Been Taking Off Like a Rocket, Climbing from 91 Million Active Users Each Month to 217 Million

If you’re anything like us you may have on occasion confused Aladdin with Ali Baba. After all, they both begin with “A.” So here’s an easy device for telling them apart. Aladdin is the dude with the lamp who became a huge success when he rubbed it and the genie inside fulfilled all his wishes. Ali Baba? He’s the guy who outwitted forty thieves and became a huge success with two words, “open” and “sesame.” Also, he had a company named after him.

Now, how do you tell apart Alibaba, the company, from competitors like Amazon and eBay? That’s one of the points of an article about Alibaba on pymnts.com. The following has been excerpted from the pymnts.com piece and edited to fit our format. You may find the complete story by clicking on this link.

Leading in a global, mobile market

“Alibaba is very much a mobile company,” Joseph Tsai, Alibaba executive vice chairman said in the company’s third-quarter earnings call, confirming Alibaba’s position in the mobile commerce space. Of course, Alibaba has one huge advantage at their side: China’s population is more likely to have a smartphone than a computer to shop from – smartphone penetration in China is estimated to be around 45 percent.

Alipay the 21st century version of “Open sesame?”

Alibaba also has another tool in their mobile commerce book — and that’s Alipay, the mobile payment option that has north of 300 million users. Last quarter, Alibaba executives wouldn’t break out how many Alipay transactions are made, but they did reveal that Alipay accounts for 78 percent of transactions made on its eCommerce platforms.

Mobile apps has mobile sales trending up

“We believe that the continued trend towards mobile provides us with a unique advantage to deliver a better consumer experience, as well as more value to merchants, because mobile users shop more frequently and we can serve them more targeted search results. We believe the increasing use of our mobile apps will field significant future growth in our China commerce retail business,” Tsai said in the company’s Q3 earnings call.

Exceeding expectations

In Alibaba’s Q4 earnings call last week (April 7), CFO Maggie Wu also gave some indication of how Alibaba’s mobile commerce statistics have grown and how they expect it to be a major part of the company’s mobile strategy. While computers used to be the dominant force for online commerce (and very much is for most eCommerce companies still), Alibaba is seeing a rapid shift toward mobile.

“It already accounts for more than half of our total GMV. So that growth on mobile business pretty much exceeds everybody’s expectations, and that trend is continuing,” she said, later noting that the “mobile take rate should approach PC or even higher than PC.”

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions leveraging a global shared digital identity network and real time customer driven analytics platform.  These solutions help customers differentiate between trusted users and potential fraud resulting in reduced friction, incremental revenue and lower fraud and operational costs.

ThreatMetrix secures customers against account takeover, payment fraud, fraudulent account registrations resulting from malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over one billion monthly transactions and protects more than 250 million active user accounts across 3,000 customers and 15,000 websites and mobile applications. ThreatMetrix is deployed by industry leaders across financial services, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

 

 

“Privacy” Had IRS Protecting Criminal at Expense of ID Theft Victim

Posted on May 20th, 2015 by Dan Rampe

IRS

Bills Introduced in Both Houses Require IRS to Notify Victims When Their Social Security Number Has been Compromised

There’s a word that perfectly describes the situation that Wisconsin residents Robert and Debi Guenterberg found themselves in — Kafkaesque. The situation was so incredibly weird it’s even getting the Senate and House to act — albeit not exactly promptly.

In a story on fox6now.com, Bryan Polcyn reports on the case of the Internal Revenue Service (Not to be confused with the Federal Witness Protection program) protecting an ID thief’s privacy. The following has been excerpted from Polcyn’s piece and edited to fit our format. You may find the full story by clicking on this link.

In her own words

“Our federal agencies have known for years that this was going on,” Debi Guenterberg of Princeton, Wisconsin said. Ever since identity thieves ruined her husband’s credit, Guenterberg has been on a mission to change federal law. For years, the IRS knew a man was using her husband’s social security number to file his taxes. The government never told Robert Guenterberg his identity had been stolen because tax records are private — even the tax records of an identity thief.

“I can`t think of another crime. I can`t. I tried. I laid in bed last night, tossing and turning, thinking of any other criminal activity where you would get such privacy and protection. No, you don’t,” Debi Guenterberg said.

New bill introduced Co-sponsored by Sen. Johnson (R-Wisconsin) and Sen. Mark Warner (D-Virginia)

The Social Security Identity Defense Act of 2015 would require the IRS to notify individuals if the agency has reason to believe their social security number has been used to commit fraud. It would also require the IRS to notify law enforcement officials.

Companion bill to be introduced in House

Congressman Glenn Grothman (R-Wisconsin) is working on a companion bill that is expected to be introduced in the House in the next couple of weeks.

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions leveraging a global shared digital identity network and real time customer driven analytics platform.  These solutions help customers differentiate between trusted users and potential fraud resulting in reduced friction, incremental revenue and lower fraud and operational costs.

ThreatMetrix secures customers against account takeover, payment fraud, fraudulent account registrations resulting from malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over one billion monthly transactions and protects more than 250 million active user accounts across 3,000 customers and 15,000 websites and mobile applications. ThreatMetrix is deployed by industry leaders across financial services, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

 

 

 

 

 

High Court Suit Could Impact Data Breach Damages

Posted on May 19th, 2015 by Dan Rampe

Supreme Court

Supreme Court to Review Spokeo, Inc. v. Thomas Robins for Possible FCRA Violation. Result Could Apply to Data Breaches

If you’re not familiar with it, FCRA stands for the Fair Credit Reporting Act. FCRA regulates the collection, dissemination, and use of consumer information and expressly includes consumer credit information.

In his article on newsbreaks.infotoday.com, George H. Pike discusses the far-reaching implications of a Supreme Court decision on Spokeo, Inc. v. Thomas Robins for consumers suing for damages as the result of data breaches. The following has been excerpted from Pike’s piece and edited to fit our format. You may find the full article by clicking on this link.

The case

The case that the Supreme Court will review is Spokeo, Inc. v. Thomas Robins. Robins complained in a class-action lawsuit that Spokeo, a provider of personal information online, willfully violated the FCRA by posting inaccurate information about him. Also, Spokeo allegedly failed to follow “reasonable procedures” to ensure that its information was accurate, failed to provide proper notices about the use of its information, and failed to post toll-free telephone numbers that sources can use to address inaccurate information. Robins claimed that the inaccurate information impacted his ability to find a job, but in filing his lawsuit as a class-action lawsuit—representing not only himself but all others “similarly situated”—he focused more on the violations of the law rather than the injuries he suffered.

Was Robins damaged by possible misinformation

In the Robins case, the question of standing was based not on Spokeo’s alleged posting of inaccurate information, but on whether Robins had suffered an actual injury-in-fact as a result of the inaccurate information. Robins claimed that the information—which indicated he had greater wealth and a more advanced college degree than he actually had—contributed to his inability to find a job.

FRCA penalties

[The] FCRA includes a monetary penalty for a violation of at least $100 and as much as $1,000 to be paid to the consumer. The FCRA states, “Any person who willfully fails to comply with any requirement … is liable to that consumer in an amount equal to … damages of not less than $100 and not more than $1,000. …” The appellate court found that the availability of these damages met the injury-in-fact requirement for standing.

Potential law suits against Facebook, Google, Yahoo, eBay et al.

Spokeo’s appeal of this case to the Supreme Court was supported by the U.S. Chamber of Commerce; businesses such as Facebook, Google, Yahoo, and eBay; and the financial industry. Spokeo’s concern was that if a person can file a lawsuit—particularly a class-action lawsuit—by showing only that some legal violation occurred without being required to show that the violation actually caused harm, then businesses could be subject to potentially massive lawsuits for incidents that caused no or little actual harm.

“Supreme” ruling affect on data breaches

A similar outcome could apply to data breaches and other privacy violations. If a data breach takes place, but there is no resulting impact on consumers, those consumers might still have standing to pursue a personal or class-action lawsuit because the breach violated their privacy rights or violated a right created by a state or federal statute.

Under current law, most consumers have limited rights in the case of data breaches—mainly the right to be notified of the breach, to have consumer reporting services notified of the breach, and/or to get compensated for credit protection services.

Only actual victims of identity theft can file a lawsuit (under some but not all circumstances, depending on the specific law covering the breach), and then only to recover the costs associated with the breach.

Consumers’ right to sue

Consumer advocates argue that consumers must have the right to pursue litigation for data breaches or violations of privacy laws—not only to protect their rights, but also so the threat of lawsuits or liability serves as a balance against corporate excess or neglect in managing their data. A more stringent requirement for standing, they argue, would upset that balance.

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions leveraging a global shared digital identity network and real time customer driven analytics platform.  These solutions help customers differentiate between trusted users and potential fraud resulting in reduced friction, incremental revenue and lower fraud and operational costs.

ThreatMetrix secures customers against account takeover, payment fraud, fraudulent account registrations resulting from malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over one billion monthly transactions and protects more than 250 million active user accounts across 3,000 customers and 15,000 websites and mobile applications. ThreatMetrix is deployed by industry leaders across financial services, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

 

 

ThreatMetrix’s VP Services and Support to Speak at 2015 CNP Expo on Evolution of Fraud

Posted on May 18th, 2015 by Dan Rampe

Standard-Header-Steve

ThreatMetrix to Exhibit and Dr. Stephen Topliss to Take Part in Panel of eCommerce and Fraud-Prevention Experts

Addressing the challenges of card-not-present (CNP) payments, the 2015 CNP Expo is scheduled to take place May 18-21 at the Caribe Royale in Orlando, Florida. At the Expo, merchants, bankers, processors, anti-fraud software providers, legal experts, alternative payment providers, card networking professionals et al. will be able to discuss and discover how best to leverage CNP payments in a multi-channel retail sales environment.

“Constant Evolution of Fraud” panel discussion: May 19 (2:15 p.m.)

Along with executives from Backcountry.com, Tommy Bahama and Vesta, ThreatMetrix vice president services and support, Dr. Stephen Topliss will be a panelist on the “Constant Evolution of Fraud,” which addresses how fraud attack methods are continuously changing and evolving. Additionally, the panel will take up current challenges merchants face and the best ways to learn from those challenges to address advanced fraud and cybercrime threats.

Dr. Stephen Topliss on sharing threat intelligence

“Given today’s advanced cybercrime threats, the most effective way for merchants and other businesses across industries to protect themselves and their customers is by sharing threat intelligence. To enable information sharing that stays one step ahead of constantly evolving fraud, we developed the ThreatMetrix Digital Identity Network, which protects more than one billion transactions per month by leveraging global shared intelligence to safeguard online identities.”

See ThreatMetrix’s Solution Showcase. Win a GoPro HERO4 Camera

ThreatMetrix will be exhibiting at booth 415 and have a featured Solution Showcase on Wednesday, May 20 at 1:20 p.m. Attendees who stop by will have the opportunity to win a GoPro HERO4 Camera.

“ThreatMetrix Cybercrime Report: Q1 2015” points up security challenges

Recently the “ThreatMetrix Cybercrime Report: Q1 2015” revealed that the ThreatMetrix Digital Identity Network caught cybercriminals attempting approximately 25 million fraudulent transactions each month.

In the wake of high profile data breaches that put stolen credentials in the hands of cybercriminals, retailers and others who process CNP transactions face an avalanche of payment and account takeover fraud. Because many consumers use the same login credentials across websites, once one site is breached, the door is wide open for fraud attempts against multiple retailers.

Other trends detailed in the report are new in-store technologies (examples being Apple Pay and Europay-MasterCard-Visa (EMV) cards) that create new and different security challenges.

For more info on the 2015 CNP Expo

Visit: https://cardnotpresent.com/cnpexpo/default.aspx

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions leveraging a global shared digital identity network and real-time, customer-driven analytics platform. These solutions help customers differentiate between trusted users and potential fraud resulting in reduced friction, incremental revenue and lower fraud and operational costs.

ThreatMetrix secures customers against account takeover, payment fraud, fraudulent account registrations resulting from malware, and data breaches. Underpinning the solution is the ThreatMetrix Digital Identity Network, which analyzes more than one billion monthly transactions and protects more than 250 million active user accounts across 3,000 customers and 15,000 websites and mobile applications. ThreatMetrix is deployed by industry leaders across financial services, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

 

 

ThreatMetrix to Exhibit and Present on the Evolution of Fraud at the 2015 CNP Expo

Posted on May 18th, 2015 by Dan Rampe

Standard-Header-Steve

Dr. Stephen Topliss, Vice President Services and Support, will Participate in a Panel of E-Commerce and Fraud Prevention Experts

San Jose, CA – May 18, 2015 – ThreatMetrix®, the fastest-growing provider of context-based security and advanced fraud prevention solutions, is exhibiting and presenting at the 2015 CNP Expo, today through this Thursday, May 21, at the Caribe Royale in Orlando.

The CNP Expo is at the crossroads of e-commerce, software, mobile, retail and payments and was created to address the challenges of card not present (CNP) payments. It provides a meeting place for merchants, banks, processors, anti-fraud software providers, legal experts, alternative payment providers, card networks and others to learn how to leverage CNP payments in an increasingly multi-channel retail sales environment

Dr. Stephen Topliss, vice president services and support at ThreatMetrix, will participate in a panel titled, “Constant Evolution of Fraud,” on Tuesday, May 19 at 2:15 p.m. The panel will address how fraud attack methods are continuously changing and evolving based on several factors. Panelists will also discuss current challenges merchants face and the best ways to learn from these challenges in order to address advanced fraud and cybercrime threats. Other participants in the panel include executives from Backcountry.com, Tommy Bahama and Vesta.

“Given today’s advanced cybercrime threats, the most effective way for merchants and other businesses across industries to protect themselves and their customers is by sharing threat intelligence,” said Topliss. “To enable information sharing that stays one step ahead of constantly evolving fraud, we developed the ThreatMetrix Digital Identity Network, which protects more than one billion transactions per month by leveraging global shared intelligence to safeguard online identities.”

At the CNP Expo, ThreatMetrix will have a featured Solution Showcase on Wednesday, May 20 at 1:20 p.m., where attendees will have the opportunity to win a GoPro HERO4 Camera. ThreatMetrix will also exhibit at booth 415 during the expo.

According to the recent “ThreatMetrix Cybercrime Report: Q1 2015,” cybercriminals attempt approximately 25 million fraudulent transactions each month on the ThreatMetrix Digital Identity Network. Following recent high profile data breaches, retailers and other processing CNP transactions face payment and account takeover fraud as a result of cybercriminals using stolen credentials. This is particularly risky because many consumers use the same login credentials across websites so once one site is breached, this opens the door for fraud attempts against multiple retailers. Other trends leading to increased online risks outlined in the report include the shift toward new in-store technologies such as Apple Pay and Europay-MasterCard-Visa (EMV) cards.

For more info on the 2015 CNP Expo, visit: https://cardnotpresent.com/cnpexpo/default.aspx

ThreatMetrix Resources

About ThreatMetrix

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions leveraging a global shared digital identity network and real-time, customer-driven analytics platform. These solutions help customers differentiate between trusted users and potential fraud resulting in reduced friction, incremental revenue and lower fraud and operational costs.

ThreatMetrix secures customers against account takeover, payment fraud, fraudulent account registrations resulting from malware, and data breaches. Underpinning the solution is the ThreatMetrix Digital Identity Network, which analyzes more than one billion monthly transactions and protects more than 250 million active user accounts across 3,000 customers and 15,000 websites and mobile applications. ThreatMetrix is deployed by industry leaders across financial services, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

© 2015 ThreatMetrix. All rights reserved. ThreatMetrix, TrustDefender ID, TrustDefender Cloud, TrustDefender Mobile, TrustDefender Client, the TrustDefender Cybercrime Protection Platform, ThreatMetrix Labs, and the ThreatMetrix logo are trademarks or registered trademarks of ThreatMetrix in the United States and other countries. All other brand, service or product names are trademarks or registered trademarks of their respective companies or owners.

Media Contacts

Dan Rampe
ThreatMetrix
Tel: 408-200-5716
Email: drampe@threatmetrix.com

Beth Kempton
Walker Sands Communications
Tel: 312-241-1178
Email: beth.kempton@walkersands.com

Data Breaches Are Just “Fines” with California Department of Public Health

Posted on May 15th, 2015 by Dan Rampe

California DPH

California Department of Public Health Has Levied over $1.1 Million in Fines So Far This Year

Not halfway through 2015, the California Department of Public Health (DPH) has hit six hospitals and two healthcare providers with $1.1 million in fines for putting patients’ data at risk in incidents that occurred as far back as 2010. Considering that the online healthcare publication Payers & Providers says that DPH caps the fines it assesses at $250,000, the amount of the fines might have been considerably higher.

A piece on californiahealthline.org details the amounts each healthcare organization was fined for lost or stolen patient data that was inadequately secured or for inappropriate access to records by employees. The following has been excerpted from the californiahealthline.org story and edited to fit our format. You may find the full article by clicking on this link.

Reason for fines and amount assessed according to Payers & Providers:

  • $250,000 fine against San Francisco General Hospital for a 2011 incident in which an employee accessed 98 patients’ records without prior authorization
  • $250,000 fine against Huntington Memorial Hospital for a 2012 incident in which an employee accessed the records of 17 patients
  • $244,500 fine against Vale Healthcare Center for a 2013 incident in which a patient’s family member stole the records of 219 patients
  • $150,000 fine against Accent Home Healthcare for a 2013 incident in which the data of six patients was stolen from an employee’s car
  • $95,000 fine against Arrowhead Regional Medical Center for a 2011 incident in which a clerk accessed her husband’s medical records
  • $92,500 fine against Redlands Community Hospital for a 2010 incident in which three employees accessed the data of three separate employees who were being treated at the hospital
  • $25,000 fine against Torrance Memorial Medical Center for a 2011 breach of privacy incident in which two employees played a prank on another employee who had undergone surgery at the hospital
  • $6,000 fine against Colusa Regional Medical Center for a 2011 incident in which two nurses accessed a patient’s records

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions leveraging a global shared digital identity network and real time customer driven analytics platform.  These solutions help customers differentiate between trusted users and potential fraud resulting in reduced friction, incremental revenue and lower fraud and operational costs.

ThreatMetrix secures customers against account takeover, payment fraud, fraudulent account registrations resulting from malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over one billion monthly transactions and protects more than 250 million active user accounts across 3,000 customers and 15,000 websites and mobile applications. ThreatMetrix is deployed by industry leaders across financial services, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

 

 

 

Fed Report Sheds Light on Mobile Bank Usage

Posted on May 14th, 2015 by Dan Rampe

Federal Reserve Board

Federal Reserve Board Report Details How Consumers Use Their Mobile Phones for Mobile Banking and Mobile Payments

The fourth report by the Federal Reserve Board, “Consumers and Mobile Financial Services 2015, is the most recent to survey how consumers access banking and payment services using their mobile phones. The survey of 2,900 people was conducted from December 5 – 21, 2014 by GfK, an online consumer research firm.

Key findings

Following are key findings from the 76-page report. They’ve been extracted from the report itself and from an article on mobilepaymentmagazine.com (link to article) and edited to fit our format.

How consumers access financial services via mobile

  • 39 percent of mobile phone owners with a bank account used mobile banking in the 12 months prior to the survey, up from 33 percent in 2013 and 29 percent in 2012
  • 51 percent of smartphone owners with a bank account used mobile banking in the 12 months prior to the survey, up from 51 percent a year earlier
  • Among mobile phone users with bank accounts who do not currently use mobile banking, 11 percent think they will probably or definitely use it within the next 12 months, down from 12 percent a year earlier.
  • 94 percent of mobile banking is done to check account balances or recent transactions
  • Among mobile banking users, transferring money between an individual’s own accounts (61 percent) and receiving an alert (e.g., a text message, push notification, or e-mail) from their bank (57 percent) are the second and third-most common uses
  • 51 percent of mobile banking users have deposited a check using their mobile phone in the 12 months prior to the survey, up from 38 percent in 2013
  • 22 percent of mobile phone owners reported making a mobile payment in the 12 months prior to the survey, up from 17 percent in 2013 and 15 percent in 2012
  • Among mobile payment users with smartphones, the most common type was paying bills through an online system or mobile app (68 percent, up from 66 percent in 2013).
  • 39 percent of all mobile payment users with smartphones have made a point-of-sale payment using their mobile phone in the 12 months prior to the survey, in line with the 39 percent reporting such payments in 2013

Why some don’t do mobile banking

  • 86 percent of those who did NOT bank using mobile said their banking needs were being met without it
  • 75 percent said they believed it was easier to pay with cash or debit/credit cards
  • Concern about the security of the technology was a common reason given for not using mobile banking or mobile payments (62 percent and 59 percent, respectively)

Mobile phone use among unbanked and underbanked consumers

Note: Unbanked are, of course, people who do not use banks. Underbanked are those individuals or businesses that have poor access to mainstream financial services normally offered by banks

  • 13 percent of consumers are unbanked with 14 percent underbanked
  • Sixty-seven percent of the unbanked have access to a mobile phone, 65 percent of which are smartphones.
  • 90 percent of the underbanked have access to a mobile phone, 73 percent of which are smartphones
  • Forty-eight percent of underbanked consumers had used mobile banking in the 12 months prior to the survey.

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions leveraging a global shared digital identity network and real time customer driven analytics platform.  These solutions help customers differentiate between trusted users and potential fraud resulting in reduced friction, incremental revenue and lower fraud and operational costs.

ThreatMetrix secures customers against account takeover, payment fraud, fraudulent account registrations resulting from malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over one billion monthly transactions and protects more than 250 million active user accounts across 3,000 customers and 15,000 websites and mobile applications. ThreatMetrix is deployed by industry leaders across financial services, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

 

 

 

 

 

Fraudsters Go Local and Undercover in Q1 … But We Still Spot Them

Posted on May 13th, 2015 by Dan Rampe

Standard-Header-Tony

The Internet has brought us all closer together. It has enriched our lives, made us more productive at work and allowed businesses to expand with greater agility into previously untapped markets. But we often hear that the Internet also provides a dangerous mask of anonymity to criminals, who launch cyber attacks across borders with impunity, knowing they can’t be caught because they’re sat in a different jurisdiction. That’s why it’s interesting to see that more and more online fraudsters have actually been focusing their scams on local users recently.

The latest ThreatMetrix® Cybercrime Report: Q1 2015 has found that the majority of fraud attacks from October 2014 to March 2015 originated from and targeted the same country. It’s intelligence like this and many other insights in the report which will help us better protect our customers and further the fight against fraud globally.

Staying local

The top 5 attack origination and target countries were Canada, the U.S., France, UK and Germany. In the UK nearly three-quarters (72%) of fraudsters came from within the same country, and the figure was even higher in Germany (81%), Russia (85%), France (87%), and Italy (94%).

We know this because our technology specifically looks for fraudsters’ attempts to hide their true location through proxy servers and VPNs – something they’re doing with increasing regularity to escape detection. We can also say that most attacks originated in countries with a high volume of online and mobile transactions.

This isn’t to say, of course, that cyber crime isn’t still a global affair. In the case of the UK, for example, the second biggest concentration of scammers defrauding British consumers was in Mexico, followed by Nigeria, Germany and the U.S. Cross-border cyber crime remains a very real threat requiring greater co-operation between governments and law enforcement to stamp out.

At this point, it’s worth mentioning that these ThreatMetrix® stats are among the most comprehensive you’re likely to find in the industry, anywhere in the world. We source them from our Global Trust Intelligence Network, which analyses one billion transactions every month on behalf of more than 3,000 customers and 15,000 websites worldwide.

Key themes

So what else can we say about the ever-evolving nature of fraud over the past two quarters? Here are a few more insights from the report:

  • ThreatMetrix spotted 11.4 million fraud attempts during the peak holiday shopping season (Nov-Dec 2014)
  • Cloaking/spoofing attacks rose, driven by an increase in the use of sophisticated crimeware tools, readily available for fraudsters to buy on underground forums
  • Device spoofing remains the top attack vector, accounting for 6.1% of transactions
  • Account log-ins (80%) and payments (18%) were the most popular transaction types during the period but…
  • …Account creation fraud was the highest risk – with a 4% share of fraudulent transactions, rising to 6.7% in the e-commerce sector. Fraudsters are making use of the vast quantity of breached identities available on the underground markets plus crimeware tools than can cloak traffic to trick first generation fraud prevention tools.
  • Mobile commerce represents around one third of the total. But, whilst growing, mobile fraud remains significantly below that on desktops.

Better together

We’ve seen how resourceful, determined and agile the bad guys are. As increasing numbers look to tap new vectors, using crimeware tools to hide their identities and ever-available troves of breached ID data to carry out successful scams, businesses are struggling to differentiate fraudster from legitimate customer. Some react by installing overly aggressive anti-fraud tools that cause basket abandonment and end up costing more than fraud losses themselves. So how should we respond?

The answer is a joined-up, global, networked approach. With the power of our huge network of shared anonymous transactional data we can spot patterns others miss. This underpins a context-based authentication approach, which sees through typical cloaking tools and obfuscation methods used by fraudsters. It checks against a series of unique attributes associated with a user (think log-in habits, typical locations, shipping info etc) to spot whether a transaction is authentic or not.

It’s fast, simple, friction-free and highly reliable. That’s how we beat the fraudsters.

Check out the ThreatMetrix® Cybercrime : 2015 to find out more about the latest fraud trends.

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions leveraging a global shared digital identity network and real time customer driven analytics platform.  These solutions help customers differentiate between trusted users and potential fraud resulting in reduced friction, incremental revenue and lower fraud and operational costs.

ThreatMetrix secures customers against account takeover, payment fraud, fraudulent account registrations resulting from malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over one billion monthly transactions and protects more than 250 million active user accounts across 3,000 customers and 15,000 websites and mobile applications. ThreatMetrix is deployed by industry leaders across financial services, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

ThreatMetrix CPO Speaks on “Enabling Customer Channel Innovation through Rapid Security Intelligence and Response” at FS-ISAC Summit

Posted on May 13th, 2015 by Dan Rampe

Standard-Header-AF

ThreatMetrix Chief Products Officer, Alisdair Faulkner, to Address Attendees during Summit in Miami Beach Florida (May 17-20)

Officially titled the FS-ISAC & Bits Annual Summit 2015, this 3-day event is held by the Financial Services Information Sharing and Analysis Center (FS-ISAC), a non-profit association of financial institutions. By disseminating trusted and timely information, the association’s aim is to protect the financial services sector from physical and cyberthreats and attacks.

To draw hundreds of financial industry professionals

Financial industry executives will have an opportunity to discuss the latest information about cybersecurity threats, trends and technology in the financial services sector. In addition, the summit will include presentations from more than three dozen senior executive FS-ISAC members.

Alisdair Faulkner, ThreatMetrix’s Chief Products Officer, to present on Wednesday May 20 (9:30-10:30 a.m. EDT)

Faulkner, who will be joined by Bryan Strong, a Senior VP and director of information security at Zions Bancorporation, will speak on “Enabling Customer Channel Innovation through Rapid Security Intelligence and Response.” The talk offers an opportunity for attendees to learn about the benefits of rapid security controls to detect cyberthreats in real time to be able to take action against those threats as soon as possible.

Alisdair Faulkner on rapid, accurate authentication

“Financial institutions currently face challenges in meeting the growing number of authentication guidelines in the wake of major data breaches, which have exposed many customers’ credentials. In the current cybercrime environment, financial institutions must assume identities and devices are compromised before authenticating transactions. With static controls, by the time a threat is identified, it takes financial institutions far too long to take action against it. At the summit, I’ll be discussing tactics for financial institutions to leverage a digital identity network to quickly and accurately authenticate good users and keep out cybercriminals.”

The ThreatMetrix Digital Identity Network for real-time authentication

In order for financial institutions to assume digital identities and to identify cybercriminals in real time, the ThreatMetrix Digital Identity Network offers a layered approach to stop criminals in their tracks. Faulkner will be discussing several ways for financial institutions to mitigate a core risk of compromised credentials by using a layered approach. The ThreatMetrix Digital Identity Network brings together all aspects of a person’s online devices and behavior into one unique digital identity – including email addresses, geo-locations, devices and both personal and business personas. This network enables financial institutions to meet authentication guidelines and to protect accounts against bots using stolen credentials by leveraging a global view of devices and persona behavior to detect anomalies.

ThreatMetrix will be exhibiting at booth 14. Please stop by.

For more info on the FS-ISAC & Bits Summit:

Visit http://www.fsisac-summit.com/2015-fs-isac-bits-annual-summit/.

About ThreatMetrix

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions leveraging a global shared digital identity network and real time customer driven analytics platform.  These solutions help customers differentiate between trusted users and potential fraud resulting in reduced friction, incremental revenue and lower fraud and operational costs.

ThreatMetrix secures customers against account takeover, payment fraud, fraudulent account registrations resulting from malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over one billion monthly transactions and protects more than 250 million active user accounts across 3,000 customers and 15,000 websites and mobile applications. ThreatMetrix is deployed by industry leaders across financial services, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

ThreatMetrix to Present on “Enabling Customer Channel Innovation through Rapid Security Intelligence and Response” at FS-ISAC & BITS Annual Summit

Posted on May 13th, 2015 by Dan Rampe

Standard-Header-AF

Alisdair Faulkner, Chief Products Officer, Will Educate Attendees on Helping Financial Institutions Avoid Cyber Threats by Using Rapid Security Intelligence

San Jose, CA – May 13, 2015 – ThreatMetrix®, the fastest-growing provider of context-based security and advanced fraud prevention solutions, ThreatMetrix®, the fastest-growing provider of context-based security and advanced fraud prevention solutions, today announced that Alisdair Faulkner, chief products officer, will present at the FS-ISAC & Bits Annual Summit 2015, May 17-20, Loews Miami Beach Hotel, Miami Beach, Fla.

FS-ISAC – the Financial Services Information Sharing and Analysis Center – is a non-profit association comprised of financial institution members. The organization is dedicated to protecting the financial services sector from physical and cyber threats, attacks and incidents through the dissemination of trusted and timely information. The 2015 Annual Summit will draw in hundreds of industry executives and practitioners to discuss the latest information on cybersecurity threats, trends and technology in the financial services industry. The summit will include presentations from more than three dozen senior executive FS-ISAC members.

Faulkner’s presentation, titled “Enabling Customer Channel Innovation through Rapid Security Intelligence and Response” will take place on Wednesday, May 20 from 9:30-10:30 a.m. EDT. Presenting alongside Faulkner will be Bryan Strong, senior vice president, director of information security at Zions Bancorporation. During Faulkner and Strong’s presentation, attendees will learn about the benefits of using rapid security controls for financial institutions to detect cyber threats in real time and act quickly to protect against them. Additionally, ThreatMetrix will exhibit at booth 14 during the summit.

“Financial institutions currently face challenges in meeting the growing number of authentication guidelines in the wake of major data breaches, which have exposed many customers’ credentials,” said Faulkner. “In the current cybercrime environment, financial institutions must assume identities and devices are compromised before authenticating transactions. With static controls, by the time a threat is identified, it takes financial institutions far too long to take action against it. At the summit, I’ll be discussing tactics for financial institutions to leverage a digital identity network to quickly and accurately authenticate good users and keep out cybercriminals.”

In order for financial institutions to assume digital identities and to identify cybercriminals in real time, the ThreatMetrix Digital Identity Network offers a layered approach to stop criminals in their tracks. Faulkner will be discussing several ways for financial institutions to mitigate a core risk of compromised credentials by using a layered approach. The ThreatMetrix Digital Identity Network brings together all aspects of a person’s online devices and behavior into one unique digital identity – including email addresses, geo-locations, devices and both personal and business personas. This network enables financial institutions meet authentication guidelines and to protect accounts against bots using stolen credentials by leveraging a global view of devices and persona behavior to detect anomalies.

For more info on the FS-ISAC & Bits Summit, visit http://www.fsisac-summit.com/2015-fs-isac-bits-annual-summit/.

ThreatMetrix Resources

About ThreatMetrix

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions leveraging a global shared digital identity network and real time customer driven analytics platform.  These solutions help customers differentiate between trusted users and potential fraud resulting in reduced friction, incremental revenue and lower fraud and operational costs.

ThreatMetrix secures customers against account takeover, payment fraud, fraudulent account registrations resulting from malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over one billion monthly transactions and protects more than 250 million active user accounts across 3,000 customers and 15,000 websites and mobile applications. ThreatMetrix is deployed by industry leaders across financial services, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

© 2015 ThreatMetrix. All rights reserved. ThreatMetrix, TrustDefender ID, TrustDefender Cloud, TrustDefender Mobile, TrustDefender Client, the TrustDefender Cybercrime Protection Platform, ThreatMetrix Labs, and the ThreatMetrix logo are trademarks or registered trademarks of ThreatMetrix in the United States and other countries. All other brand, service or product names are trademarks or registered trademarks of their respective companies or owners.

Media Contacts

Dan Rampe
ThreatMetrix
Tel: 408-200-5716
Email: drampe@threatmetrix.com

Beth Kempton
Walker Sands Communications
Tel: 312-241-1178
Email: beth.kempton@walkersands.com