ThreatMetrix Enters 2015 Protecting Online Transactions Against Cybercrime with the Largest Shared Intelligence Network Available

Posted on January 27th, 2015 by Dan Rampe

Standard-Header-Reed

Significant Growth of The ThreatMetrix® Global Trust Intelligence Network, Global Expansion and Strategic Hires Positions ThreatMetrix for Continued Success in 2015

San Jose, CA – January 27, 2015 – ThreatMetrix®, the fastest-growing provider of context-based security and advanced fraud prevention solutions, today announced several of its 2014 milestones and its expectations for the company in the coming year.

Through analysis of the collective intelligence provided by the ThreatMetrix™ Global Trust Intelligence Network (The Network), the company protects 210 million active user accounts creating more than 850 million transactions each month. The Network provides the most comprehensive anonymized information available to determine context-based risk authentication – without compromising consumer privacy. By the end of Q1 2015, ThreatMetrix anticipates The Network will process more than one billion transactions each month, with up to 40 percent of those transactions initiating from mobile devices.

“Many of the world’s largest brands and companies trust ThreatMetrix to help protect their business operations from cybercriminals in real time,” said Reed Taussig, president and CEO at ThreatMetrix. “The global cybercrime landscape is continuously evolving, with new bad actors, technology and organization, and the only way to prevail against these threats is with a collective network that leverages data from across a global information base.”

Throughout 2014, ThreatMetrix made significant advances in cybercrime prevention and company growth, including:

  • Global expansion – ThreatMetrix greatly expanded its presence globally, spearheaded by the growth of its European data center to provide faster and more accurate fraud screenings for its international customers, enabling its business to double year-over-year in Europe. Additionally, the company opened a new office in Tokyo, doubled its staff in Asia and signed a number of key accounts in the Asia-Pacific (APAC) region.

“As a company, we anticipate significantly increasing investment in our Asian business in 2015,” said Taussig. “In the past year, we signed several major Asian e-commerce companies. We’ve hired seasoned regional management for the APAC region, as well as other international markets, and expect to see continued growth in the coming year.”

  • The Network – In September, ThreatMetrix announced that The Network – the largest independent, federated intelligence network of anonymized, privatized data – surpassed 850 million monthly transactions. The expansion of The Network enables ThreatMetrix to analyze and protect even more online transactions and activity, especially surrounding mobile-based transactions. By analyzing device, identity and behavioral data in real time, ThreatMetrix can quickly identify cybercriminals attempting to create fraudulent new accounts, takeover existing accounts or execute card-not-present (CNP) fraud. Additionally, this analysis provides a competitive advantage by allowing trusted customers frictionless account and transaction access while keeping costs low by greatly reducing the use of step-up or out-of-band authentication.

“United we stand, divided we fall” said Taussig. “The only way to combat highly organized, well-funded cybercriminals is by sharing cybercrime intelligence within and across industries. That is exactly what we’re trying to accomplish through The Network.”

  • New products and technologies – Significant investments in The Network and the ThreatMetrix TrustDefender™ Cybercrime Protection Platform contributed to the company’s success in 2014. With its Spring and Fall Releases, ThreatMetrix combined sophisticated trust analytics with improved behavior intelligence and enriched its context-based authentication through additions such as PersonaID, Trust Tags, PersonaDB and Smart ID 2. Additionally, the company received a patent for its ability to accurately differentiate between trusted customers and cybercriminals across mobile and web interactions.
  • Company evolution – In 2014, ThreatMetrix completed its transition as the leading provider of advanced fraud prevention and frictionless context-based security solutions. The company has made advancements in its field by leveraging the power of The Network to enable frictionless, context-based authentication, which prevents unauthorized access to enterprise applications without damaging the user experience for good customers.
  • Funding – In March, ThreatMetrix announced that it closed a Series E round of financing led by Adams Street Partners. The investment round brought in $20 million in capital, with all existing ThreatMetrix institutional investors participating in the investment.
  • Rise of mobile – From Thanksgiving Day through Cyber Monday, mobile accounted for 39 percentof all transactions across The Network. By the 2015 holiday shopping season, ThreatMetrix predicts this number will surpass 50 percent.
  • Record transaction volume – Year-over-year from 2013 to 2014, transaction volumes in The Network increased by more than 80 percent, from 3.8 billion to 6.9 billion. Currently, ThreatMetrix experiences transaction volumes of more than 1,000 transactions per second and expects that number to double in 2015.
  • Billings and Customer Growth – ThreatMetrix continues to experience double-digit annual billings growth and more than doubled its customer base in 2014 through its direct sales effort and in conjunction with its extensive global partner channel.
  • SaaS recurring revenue model – ThreatMetrix’s outstanding financial performance is driven largely by its high customer retention. Through recurring revenue, ThreatMetrix is able to sustain and grow its global shared intelligence to provide the highest level of context-based authentication and fraud prevention possible.
  • Ping Identity Integration – In June, ThreatMetrix announced its integration with Ping Identity’s PingFederate® identity bridge. The combined solution provides context-based authentication for enterprises with secure, transparent and frictionless access for mobile and online users.

“At ThreatMetrix, we are continuously aggressive in terms of adding partnerships that can provide our customers with enhanced services and capabilities,” said Taussig.

  • OFAC Regulations – To ensure companies can easily stay compliant with the Office of Foreign Assets Control (OFAC) regulations, ThreatMetrix began an initiative to allow businesses to stop transactions originating from embargoed or restricted countries by accurately identify user locations, even if advanced location cloaking technology is being used.
  • ThreatMetrix Cybercrime Report – In 2014, ThreatMetrix began the release of its quarterly report outlining the landscape of cybercrime through data from The Network. The report offers a representative summary of activity across industries identifying the types of attack methods used to perpetrate account creation, payment and login fraud.
  • New and existing markets – While continuing its success in the global financial services market, global e-commerce market and media industries, among others, ThreatMetrix also entered the online gaming market in 2014. It plans to expand its presence in the insurance and healthcare markets in 2015.
  • Strategic management hires – ThreatMetrix increased its staffing by 61 percent in 2014, which was reflected in its strategic hiring of key management, including Pascal Podvin as General Manager for U.S. and EMEA and Gene Kuo as vice president and General Manager of Asia Pacific.
  • ThreatMetrix 2014 Cybercrime Prevention Summit – Themed “Building Trust on the Internet,” the ThreatMetrix 2014 Cybercrime Prevention Summit saw a record number of attendees, bringing together more than 250 industry and cybersecurity experts from around the globe to discuss strategies to make the Internet safer for businesses and consumers alike.
  • Awards – ThreatMetrix won almost one dozen industry awards, including a Gold Stevie® Award in “New Product or Service of the Year – Security Solution” category and a Silver Award in the “Most Innovative Tech Company of the Year – Computer Software” category in the 12th Annual American Business Awards; Gold Awards as “Innovative Company of the Year” and “Integrated Security (Software) Innovation” in the Golden Bridge Awards; Named to the “100 Most Promising Technology Companies in the U.S.” by CIOReview; Recognized as a Silver Winner in the “Enterprise Product of the Year – Software” Category by the Best in Biz Awards 2014 International; Judges’ Choice for “Best Overall Fraud/Security Solution” at the 2014 CardNotPresent.com (CNP) Awards for the ThreatMetrix TrustDefender Cybercrime Protection Platform, among others.

“ThreatMetrix’s accomplishments in 2014 are helping us pave the way to a truly collective approach to cybercrime through the power of The Network,” said Taussig. “We have ambitious goals to continue our growth in many of the major industries affected by cybercrime – including financial services, e-commerce and media – and we anticipate tremendous strides in combatting cybercrime in those industries as well as new industries throughout 2015.”

ThreatMetrix Resources

About ThreatMetrix

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations resulting from malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 850 million monthly transactions and protects more than 210 million active user accounts across 3,000 customers and 15,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

© 2015 ThreatMetrix. All rights reserved. ThreatMetrix, TrustDefender ID, TrustDefender Cloud, TrustDefender Mobile, TrustDefender Client, the TrustDefender Cybercrime Protection Platform, ThreatMetrix Labs, and the ThreatMetrix logo are trademarks or registered trademarks of ThreatMetrix in the United States and other countries. All other brand, service or product names are trademarks or registered trademarks of their respective companies or owners.

Media Contacts

Dan Rampe
ThreatMetrix
Tel: 408-200-5716
Email: drampe@threatmetrix.com

Beth Kempton
Walker Sands Communications
Tel: 312-241-1178
Email: beth.kempton@walkersands.com

 

ThreatMetrix Shares Strategies for Businesses to Protect Privacy, Safeguard Data and Build Trust on the Internet in Alignment with Data Privacy Day

Posted on January 26th, 2015 by Dan Rampe

Standard-Header---Logo-Faulkner

Following President Obama’s State of the Union Address, Businesses Must Increase Data Sharing to Protect Consumer Privacy While Combatting Fraud

San Jose, CA – January 26, 2015 – ThreatMetrix®, the fastest-growing provider of context-based security and advanced fraud prevention solutions, today announced its alignment with Data Privacy Day by outlining strategies for businesses to build trust on the Internet through better cybersecurity measures without compromising consumer privacy.

Coordinated and led by the National Cyber Security Alliance (NCSA), Data Privacy Day is held each year on January 28 to raise international awareness and empower individuals and businesses to better protect their privacy, centered on the theme of “Respecting Privacy, Safeguarding Data and Enabling Trust.” For its third consecutive year, ThreatMetrix has signed on as a Data Privacy Day Champion, supporting the ideal that individuals, organizations, business and government all share the responsibility to be aware of data privacy challenges.

During President Obama’s State of the Union address last week, it was clear that cybersecurity is an urgent and growing concern among the U.S. government and its citizens. The proposed Privacy Bill of Rights would allow consumers to decide what pieces of their personal data are collected by companies and decide how that data is used. The legislation would also enable consumers to prohibit companies that collect their data for one purpose to use it for another. These changes have the potential to significantly impact the way businesses process customer data.

“The only way we can build trust on the Internet is through better control of the consumer data processed online,” said Alisdair Faulkner, chief products officer at ThreatMetrix. “Obama’s proposed Privacy Bill of Rights will raise the bar for privacy protection, keeping all companies no matter where they reside to the same standards. It may seem backwards, but to build trust, businesses and government entities need to increase data sharing while ensuring privacy. This means implementing security solutions that share data in real time, but preserve customer privacy through encryption and tokenization.”

Many businesses lack the resources or knowledge to fulfill their responsibility of protecting customers’ privacy and data. Cybercriminals are often virtually impossible to locate due to the use of stolen identities, compromised devices, and masked IP addresses and many businesses simply don’t know how to stop those networks of fraudsters.

“All businesses, regardless of industry, need efficient, automated processes for fraud detection and customer notification,” said Faulkner. “Any company that uses some form of online user authentication is now going to be held accountable for at least a minimal level of protecting customer privacy. The proposed Privacy Bill of Rights requires customers be notified by businesses about a data breach within 30 days, but cybercriminals can take data in the blink of an eye. Thirty days gives cybercriminals an eternity to monetize that information. Ideally, businesses need to be able to measure unauthorized access in real time, address the problem and notify customers immediately.”

To help combat cybercrime while maintaining customer privacy to build trust online, ThreatMetrix has outlined several strategies for businesses to implement:

  • Digital Identity Proofing–Traditional identity verification technologies such as challenge questions rely on personal information that has already been breached and is in the hands of the cybercriminals. Businesses need to take a different approach and analyze global patterns of identity usage, including locations, devices, accounts, transactions and associations over time to consider all aspects of a user’s behavior without putting artificial speed bumps in the way of the customer.
  • Secure Anonymized Shared Intelligence– Businesses need a network to fight a network, but they also need “privacy by design.” Intelligence networks need to anonymize and secure data not only against outside attacks but also internal theft and social engineering attacks. Legal restrictions such as those proposed by Obama will fail to protect consumer data if not backed by advanced technology and processes.
  • Endpoint Threat Intelligence – To differentiate between trusted users and cybercriminals, businesses need to consider the context of every access attempt and transaction from each user. Whether initiated by a customer or an employee, businesses need to establish the credibility of the transaction in real time based on the full context of the user’s identity, behavior over time and device threats. These threats include man-in-the-middle and man-in-the-browser attacks, account compromise, bots, proxies, and location and transaction anomaly screening to determine the level of authentication and authorization required to process the request.

The most effective way for businesses to protect against cybercrime is through information sharing, leveraging an anonymized global data repository, such as the ThreatMetrix® Global Trust Intelligence Network (The Network), which analyzes over 850 million monthly transactions and protects more than 210 million active user accounts across 3,000 customers and 15,000 websites and mobile applications.

ThreatMetrix Resources

About ThreatMetrix

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations resulting from malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 850 million monthly transactions and protects more than 210 million active user accounts across 3,000 customers and 15,000 websites and mobile applications.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

© 2015 ThreatMetrix. All rights reserved. ThreatMetrix, TrustDefender ID, TrustDefender Cloud, TrustDefender Mobile, TrustDefender Client, the TrustDefender Cybercrime Protection Platform, ThreatMetrix Labs, and the ThreatMetrix logo are trademarks or registered trademarks of ThreatMetrix in the United States and other countries. All other brand, service or product names are trademarks or registered trademarks of their respective companies or owners.

Media Contacts

Dan Rampe
ThreatMetrix
Tel: 408-200-5716
Email: drampe@threatmetrix.com

Beth Kempton
Walker Sands Communications
Tel: 312-241-1178
Email: beth.kempton@walkersands.com

Is Anywhere in the World Free from Payment Fraud?

Posted on January 22nd, 2015 by Dan Rampe

Taiwan

…NO. Taiwan’s Payment Fraud Is Four Times from What It Was in 2009. Lax Password Security Appears to Be a Major Factor

When it comes to cybersecurity, passwords have proven anything but effective. Alisdair Faulkner, ThreatMetrix’s Chief Products Officer, has been warning about their inherent weaknesses for years and dubbed the fallout from the many breaches they failed to prevent the “Password Apocalypse.”

So what’s worse than password protection? How about no protection at all?

Tsai Chin-lung, a legislator in Taiwan’s ruling Kuomintang (KMT) party observed that of the ten major web merchants based in Taiwan, only one, books.com.tw, asked consumers for password authentication when making a purchase. The other nine others, including PChome, Yahoo and Momo, requested only a credit card number and its three-digit security code.

Tsai added that of 37 major financial institutions surveyed, only seven required users’ credit card information and none required authentication before web transactions.

In her article on chinapost.com, Enru Lin discusses the alarming rise in online payment fraud and how Taiwan is facing the challenge. The following has been excerpted from her piece on chinapost.com and edited to fit our format. You may find the complete article by clicking on this link.

Fraud growing faster than online transactions

Kuomintang [Taiwan’s ruling party] Legislator Tsai Chin-lung said fraudulent web payments in Taiwan have been growing at a faster rate than total online transactions.

Citing data from the Ministry of Economic Affairs’ (MOEA) Institute for Information Industry, Tsai said web transactions rose from NT$295 billion in 2009 [9,366,250.00 USD] to NT$746.5 billion [23,701,375.00 USD] in 2013, a 2.5-fold increase.

Over the same period, web payment fraud rose from NT$54.77 million [1,738,947.50] to NT$268.94 million [8,538,845.00 USD or a] four-fold increase.

A call for standardized authentication

[Tsai] called on the central government to standardize authentication measures for both banks and online vendors — “a dual line of defense” — before rolling out third-party payment and other platforms for web commerce.

“The Financial Supervisory Commission has an obligation to create a safe environment for consumers,” he said.

The Executive Yuan’s (Cabinet’s) response

Chen Hsiang-yin, a section chief at the [Financial Supervisory Commission] FSC’s banking bureau, responded that the FSC already works closely with banks to maintain security [, adding that] fraud is not always due to banking vulnerabilities….

Banking security mechanisms already in place

Chen said many local banks have adopted security mechanisms that are exemplary, such as telephone confirmations for transactions and virtual accounts. “Based on my understanding, all banks have measures that secure transactions and the difference is only in form and degree,” she said.

Chen said the FSC will work with the Bankers Association of the Republic of China to publish a list of banks and the protection measures and security technologies they offer for online consumers.

Retailers base security on cost and compliance

Similarly, the MOEA’s Department of Commerce responded that while web merchants adopt different security mechanisms based on cost considerations, all merchants must comply with the standards of the Regulations Governing Institutions Engaging in Credit Card Business

The law stipulates that a merchant must ensure the accuracy of payment request data and maintain the confidentiality of the cardholder’s personal information, said Deputy Chief Chen Mi-shun

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 850 million monthly transactions and protects more than 210 million active user accounts across 3,000 customers and 15,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

 

 

 

 

 

 

 

“Pigs Fly” at State of the Union

Posted on January 21st, 2015 by Dan Rampe

State of the Union

In a Speech Full of Proposals Most Pundits Say Can’t Pass Congress, President’s Historic Cybersecurity Push Clear Exception

After the State of the Union, analysts of every stripe concluded that most of the President’s agenda would pass the Republican-controlled Congress “when pigs fly.” However, on one issue, pigs have grown wings and are soaring. And that’s cybersecurity, where the President’s call had both Republicans and Democrats standing and applauding.

In his wide-ranging article on thehill.com, Cory Bennett describes the President’s measures for increasing cybersecurity, which Bennett noted, “easily surpassed any previous cyber mention in specificity, breadth and urgency.” The following has been excerpted from Bennett’s story and edited to fit our format. You may find the complete piece by clicking on this link.

High on national security priorities

[Cybersecurity] was the third issue Obama mentioned while discussing national security during the speech. The president also hit nearly every aspect of the new White House cyber agenda, which was rolled out last week.

Bipartisan standing ovation

“No foreign nation, no hacker, should be able to shut down our networks, steal our trade secrets, or invade the privacy of American families, especially our kids,” Obama said to a bipartisan standing ovation.

Information sharing

The administration’s legislative cyber proposals include measures intended to facilitate cyber threat information-sharing between the public and private sectors; to protect student data; to raise the punishments for cyber crime; and to create a federal breach notification standard and nationwide cyber defense standards.

“We are making sure our government integrates intelligence to combat cyber threats, just as we have done to combat terrorism,” Obama said.

Bully pulpit promotion

The security industry and privacy advocates alike appreciated the president using one of the country’s biggest bully pulpits to promote national awareness of cybersecurity, even if they quibble with the administration’s policy specifics.

Roughly 33 million viewers watch the State of the Union each year….

Republicans join in

“I welcome him to the conversation,” said Rep. Michael McCaul (R-Texas), chairman of the House Homeland Security Committee. “Confronting the cyber threat has been a priority of mine for the past 10 years.”

Attention now turns to those same lawmakers, as the White House looks for allies to introduce its legislative offerings.

“Tonight, I urge this Congress to finally pass the legislation we need to better meet the evolving threat of cyber-attacks, combat identity theft, and protect our children’s information,” Obama said.

“That should be a bipartisan effort,” he added, going off script briefly.

Sen. Bill Nelson (D-Fla.), the ranking member on the Senate Commerce Committee, has already said he will introduce a data breach notification bill that closely resembles the White House proposal.

National breach notification proposed

It would require companies to notify consumers within 30 days that their information had been breached. Companies would also have to notify the government of certain breaches and adhere to cybersecurity standards set by the Federal Trade Commission.

Rep. Jim Langevin (D-R.I.), co-chair of the Congressional Cybersecurity Caucus, said after the speech that he will soon introduce a House version of the president’s data breach proposal.

“I am particularly excited to see cybersecurity come center stage in the State of the Union and in the public dialogue,” he added.

A bone of contention

The most contentious issue will be Obama’s proposal to enhance cybersecurity information-sharing between the government and private sector. The offering would provide limited liability protections for companies sharing cyber threat indicators with the Department of Homeland Security.

The measure has been at the top of industry group’s cyber wish list for years. But cybersecurity firms caution that a rushed, non-specific bill could prove ineffective. “How are you going to implement limited liability?” Cole wondered. “What does that mean?”

Privacy advocates worry those same vagaries could give the government another way to collect personal information on U.S. citizens. They’ve pushed for National Security Agency (NSA) reform to come before any cyber information sharing bill.

Increased transparency, but privacy advocates wary

Obama insisted he would not let NSA reform fall to the wayside. “While some have moved on from the debates over our surveillance programs, I haven’t,” he said. “As promised, our intelligence agencies have worked hard, with the recommendations of privacy advocates, to increase transparency and build more safeguards against potential abuse.”

Privacy advocates remained wary after hearing Obama’s remarks.

“It’s heartening that President Obama’s address focused on Americans’ privacy, but the only way to fulfill that promise is to pass surveillance reform before taking up cyber [info sharing] legislation,” said Robyn Greene, policy counsel for the Open Technology Institute.

Not all sunshine

Different committees have pushed their own sharing proposals, creating intra-party squabbles and jurisdictional turf wars. Key Democrats on cyber issues have also broken with the White House on their own cyber threat sharing bills.

Rep. Dutch Ruppersberger (D-Md.) recently reintroduced the Cyber Intelligence Sharing and Protection Act (CISPA), which would enable sharing between the private sector and the NSA, not the DHS.

Senate Intelligence Committee ranking member Dianne Feinstein (D-Calif.) was also a big proponent of a Senate version of CISPA last Congress.

Well some sunshine

The two recently installed chairmen on the Senate Intelligence Committee and Senate Homeland Security and Governmental Affairs Committee will play a big role in setting the legislative agenda. Both Intelligence Chairman Richard Burr (R-N.C.) and Homeland Security Chairman Ron Johnson (R-Wis.) have indicated they’re willing to work with the White House on a joint cyber proposal.

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 850 million monthly transactions and protects more than 210 million active user accounts across 3,000 customers and 15,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

 

 

 

 

 

 

Banks Didn’t Stop “Tor”-rent of Account Takeovers

Posted on December 10th, 2014 by Dan Rampe

US Treasury

Treasury Says Banks Failure to Block Tor Transactions Caused Most Account Takeovers by Cyberthieves This Past Decade

Tor is the global communications net that hides users’ true online locations and makes it possible for them to maintain their anonymity. Now a new report from the U.S. Treasury Department that KrebsOnSecurity characterizes as “non-public” has been obtained by Brian Krebs.

The report was produced by the Financial Crimes Enforcement Network (FinCEN), the Treasury Department bureau charged with collecting and analyzing data about financial transactions. FinCEN’s work is aimed at combating domestic and international money laundering, the financing of terrorism and other financial crimes. The following has been excerpted from the KrebsOnSecurity article and edited to fit our format. You may find the complete, unexpurgated piece by clicking on this link.

Based on SARs reports

FinCEN said it examined some 6,048 suspicious activity reports (SARs) filed by banks between August 2001 and July 2014, searching the reports for those involving one of more than 6,000 known Tor network nodes. Investigators found 975 hits corresponding to reports totaling nearly $24 million in likely fraudulent activity.

Banks unaware of fraud

FinCEN said it was clear from the SAR filings that most financial institutions were unaware that the IP address where the suspected fraudulent activity occurred was in fact a Tor node.

Rising number of account takeovers

The government also notes that there has been a fairly recent and rapid rise in the number of SAR filings over the last year involving bank fraud tied to Tor nodes.

“From October 2007 to March 2013, filings increased by 50 percent,” the report observed. “During the most recent period — March 1, 2013 to July 11, 2014 — filings rose 100 percent.”

No-win situation

[Nicholas Weaver, a researcher at the International Computer Science Institute (ICSI) and at the University of California, Berkeley noted] the problem of high volumes of fraudulent activity coming through the Tor Network presents something of a no-win situation for any website dealing with Tor users. “If you treat Tor as hostile, you cause collateral damage to real users, while the scum use many easy workarounds.  If you treat Tor as benign, the scum come flowing through,” Weaver said. “For some sites, such as Wikipedia, there is perhaps a middle ground. But for banks? That’s another story.”

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 850 million monthly transactions and protects more than 210 million active user accounts across 3,000 customers and 15,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

ThreatMetrix to Provide Location Detecting Solution to Businesses in Accordance with Office of Foreign Assets Control (OFAC) Regulations

Posted on September 3rd, 2014 by Dan Rampe

The ThreatMetrix TrustDefender™ Cybercrime Protection Platform Will Help Institutions Meet the Treasury Office’s International Business Regulations

San Jose, CA – September 3, 2014 – ThreatMetrix®, the fastest-growing provider of context-based security and advanced fraud prevention solutions, today announced it will work with businesses to ensure they are compliant with the Office of Foreign Assets Control (OFAC) regulations that prohibit business transactions with embargoed or restricted countries or entities.

To be compliant with OFAC regulations, businesses must know the true location of their business clientele and customers, which becomes increasingly challenging for businesses such as banks, as customers frequently disguise their locations in an effort to maintain privacy and protect personal data, among other reasons. Unfortunately, cybercriminals frequently use proxy servers, TOR networks and other methods to hide their locations. Most companies use outdated technologies such as IP addresses to determine the customer’s location, but cybercriminals have sophisticated techniques to alter their IP addresses and make it appear like they are located in a friendly country by OFAC standards. Businesses can face fines up to $250,000 per incident or twice the value of the offending transactions, whichever is greater, for violating OFAC regulations.

“We’re addressing a major gap and solving a growing problem in the way business is conducted,” said Bert Rankin, chief marketing officer, ThreatMetrix. “Banks and institutions are significantly impacted when OFAC regulations are violated. France’s largest bank, BNP Paribas, for instance, was recently fined $8.9 billion. This doesn’t have to happen. Our SaaS-based fraud prevention solution is easy to implement and can provide measurable financial benefits to the businesses, in addition to protecting their reputations.”

The ThreatMetrix solution is built on the ThreatMetrix TrustDefender™ Cybercrime Protection Platform will help banks and other organizations significantly enhance their ability to comply with OFAC regulations by detecting location spoofing and identifying users’ true locations. The platform’s real-time trust analytics enable context-aware security, and combine device, identity, and behavioral analytics with collaborative feedback from millions of users across thousands of sites to accurately identify good users and block out cybercriminals, stopping organizations from unwittingly violating OFAC regulations.

The TrustDefender platform provides organizations with an accurate assessment of suspicious account registrations and transactions, and the ability to instantly determine if a request or transaction should be blocked, prohibited, accepted or held for manual review. Leveraging global intelligence from the world’s most comprehensive database, the ThreatMetrix® Global Trust Intelligence Network (The Network), the platform is able to detect hidden proxies, Virtual Private Networks (VPNs) and other methods used to conceal customers’ true locations.

ThreatMetrix utilizes real-time advanced device profiling and data from The Network to detect proxy use and evaluate the entire context surrounding each transaction. This includes:

  • Device analytics: Composed of uniquely identifying each device, determining its location, association with the user, and ties to criminal activity or hacker rings; detecting the presence of proxies, anonymizers, bots or malware; and exposing other anomalies that may indicate fraudulent locations, hacking or a compromised device.
  • Identity analytics: Pinpointing the end user’s association(s) with trusted entities, or any history or affiliation with crime, fraud, or hacking activities.
  • Behavior analytics: Analyzes normal login patterns such as login frequencies, locations, typical access times, login names, and devices used.

ThreatMetrix Resources

About ThreatMetrix

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 500 million monthly transactions and protects more than 160 million active user accounts across 2,500 customers and 10,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

© 2014 ThreatMetrix. All rights reserved. ThreatMetrix, TrustDefender ID, TrustDefender Cloud, TrustDefender Mobile, TrustDefender Client, the TrustDefender Cybercrime Protection Platform, ThreatMetrix Labs, and the ThreatMetrix logo are trademarks or registered trademarks of ThreatMetrix in the United States and other countries. All other brand, service or product names are trademarks or registered trademarks of their respective companies or owners.

Media Contacts
Dan Rampe
ThreatMetrix
Tel: 408-200-5716
Email: drampe@threatmetrix.com

Beth Kempton
WalkerSands Communications
Tel: 312.241.11178
Email: beth.kempton@walkersands.com

 

Did Your Fridge Have Its ID Stolen? Is Your Toaster’s Data Toast? Has Your Thermostat Become a Bot?

Posted on August 25th, 2014 by Dan Rampe

Internet of Things

The Internet of Things Brings Huge Promise and Monster-Size Security Headaches

Proponents of the Internet of Things talk about its great promise. Kenneth Corbin, in his piece (link to article) on itworld.com writes, “Household appliances could modulate their power consumption to avoid peak load times. Sensors placed along railroad lines could relay temperature data that could help preempt track failures. The same could be done for bridges, tunnels and other pieces of the nation’s fraying infrastructure.”

Corbin notes a pilot project in Maryland where 14 sensors in an apartment building monitor for smoke, heat, carbon monoxide and other potential danger signs, “relaying them to a cloud service that dispatches emergency responders if a problem is observed.”

The brave, new world of the Internet of Things comes with many of the problems of the old world – only magnified by the negatives possibilities. Corbin cites Randy Garrett, a program manager at the Defense Advanced Research Projects Agency (DARPA) who “worries that, in the exuberance to embed sensors in a galaxy of devices and bring them onto the network, backers of the Internet of Things will unwittingly create a virtually limitless set of new threat vectors.”

Garrett observes that despite computer users’ tendencies to not pay as much attention to security as they should, “many people are at least aware that the threats are out there and will often exercise some restraint in not clicking on spam links or avoid setting their password to “password.” (editorial comment: Can you say the same thing about the average waffle iron? Okay, there are instances where a waffle iron might be more security savvy than some computer users.)

Garrett points out that the infamous Target breach resulted from Target’s heating and air conditioning systems being connected to the internet to make servicing more accessible for a contractor. Of course, as history demonstrates, it also made the enterprise more accessible to hackers.

On the Internet of Things’ plus side is what can be done in healthcare where patients would be able to monitor such things as glucose levels and blood pressure and instantly send the data to their healthcare provider. Michael Chui, a partner and senior fellow at the McKinsey Global Institute observes, “That’s a much better set of data in which to diagnose and manage diseases.”

And Chui suggests solutions to issues facing the Internet of Things might be found in “rethinking” organizations and their traditional roles and processes. In a current retail environment, Corbin writes, “the CIO’s involvement in store operations might be limited to the cash registers, point-of-sale systems and back-office operations. In [an Internet of Things] world where mobile payments are a reality and items on the shelf are expected to interact with shoppers’ devices, though, the tech team must take a more hands-on role.”

“It’s a tremendous number of organizational challenges when you start integrating the physical world with the virtual world.” Chui adds, “You have to change the way you make decisions if you’re going to use the Internet of Things effectively.”

For another read on The Internet of Things, please take a moment to read  a previous blog from Andreas Baumhof, ThreatMetrix chief technology officer: “Have You Remembered to Friend Your Refrigerator? The Internet of Things is Here and Growing Fast. But One Exopert Warms It May Be ‘Patch as Patch Can’t.'”

ThreatMetrix® builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 500 million monthly transactions and protects more than 160 million active user accounts across 2,500 customers and 10,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

 

You Know the EMV Chip That’s Supposed to Make It Nearly Impossible to Fraudulently Use Credit/Debit Cards — Guess What? There Are Flaws.

Posted on June 11th, 2014 by Dan Rampe

EMV

If you like movies, you likely already heard the classic movie tagline for the sequel to Jaws,Just when you thought it was safe to go back in the water…” (Incidentally a great tagline for a lousy movie)

In any case, with a little massaging, the line works for flaws discovered in the EMV chip protocol for credit and debit cards, i.e., “Just when you thought the EMV chip was the solution to most credit and debit card fraud…”

In his piece on darkreading.com, Matthew Schwartz, InformationWeek information security reporter, writes about the flaws that Cambridge University computer security researchers warned about at the IEEE Symposium on Privacy and Security in San Jose, California. The following has been edited to fit our format. You will find the complete article by clicking this link.

[The Cambridge researchers] detailed two major problems with the EuroPay, MasterCard, and Visa (EMV) standard now used to secure more than 1.6 billion cards worldwide.

[The problems came to light after a] British bank, HSBC, refused to refund a series of transactions to a customer [Mr. Gambin] based in Malta…. During related disputed-transaction negotiations, HSBC shared detailed ATM log data with Gambin, which included the date, time, as well as an “unpredictable number” (UN), or “nonce,” generated by the ATM to validate the transactions.

Reviewing the unpredictable number, however, the researchers found that it was, in fact, often predictable. “Some EMV implementers have merely used counters, timestamps or home-grown algorithms to supply this nonce [which] exposes them to a ‘pre-play’ attack. [This] is indistinguishable from card cloning from the standpoint of the logs available to the card-issuing bank, and…can be carried out even if it is impossible to clone a card physically.”

In some cases, obtaining a legitimate ATM nonce on which to base an attack would also be easy. According to the researchers, for example, the UN is printed on all receipts generated in Italy.

Digging further, the researchers also spotted a deeper flaw in the protocol that attackers could use to compromise transactions, even when an ATM generated a cryptographically strong random number. That flaw is due to the ability of attackers to intercept the unpredictable number via a man-in-the-middle attack and replace it with a different pre-computed one, which would likely pass muster with the authorizing bank. Such an attack could be executed via malware installed on POS devices, even if those devices include tamper-resistant EMV modules.

To date, some of the random-number-generator flaws spotted by the researchers have now been patched. But the EMV alliance has yet to address the deeper flaw in the protocol itself. [Researchers said, “The banks appear to have ignored this, perhaps reasoning that it is difficult to scale up an attack that involves access to specific physical cards and also the installation of malware or wiretaps on specific terminals. We disagree. The Target compromise shows that criminals can deploy malware on merchant terminals widely and exploit it to earn serious money.”

The researchers added that they know of at least one “likely case” of a related skimming attack in the wild, and warned that “the spread of ATM and POS malware is making it ever more of a threat.”

[A] liability shift — scheduled to begin in October 2015, although not until October 2017 for gas station terminals — by Visa seeks to drive more EMV uptake. “The liability shift encourages chip transactions because any chip-on-chip transaction — i.e., a chip card read by a chip terminal — provides dynamic authentication data, which helps to better protect all parties,” Visa explained.

According to the new research, however, that dynamic authentication system is vulnerable to spoofing. Any related liability, however, would rest with the consumer, unless he or she can prove that attackers subverted the EMV security system.

In their paper, the researchers expressed frustration at the EMV alliance failing to address the flaws they exposed more than one year after receiving related security disclosures. “We are now publishing the results of our research so that customers whose claims for refund have been wrongly denied have the evidence to pursue them, and so that the crypto, security, and bank regulation communities can learn [related] lessons.” [The researchers have] also called on banking regulators in the United States and abroad to use their muscle to force merchants, banks, and vendors to put related fixes in place.

[The] researchers called on the payment card industry to take responsibility for keeping the EMV system secure. “Again and again, customers have complained of fraud and been told by the banks that as EMV is secure; they must be mistaken or lying when they dispute card transactions. Again and again, the banks have turned out to be wrong.”

ThreatMetrix® builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 500 million monthly transactions and protects more than 160 million active user accounts across 2,500 customers and 10,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

 

All Eyes on the Spies. U.S. Calls Out 5 Chinese Army Officers by Name. Charges Them with Stealing Trade Secrets.

Posted on May 23rd, 2014 by Dan Rampe

China

The Department of Justice charged Wang Dong, Sun Kailiang, Wen Xinyu, Huang Zhenyu, and Gu Chunhui, five members of China’s People’s Liberation Army, with economic espionage. The five are accused of hacking American companies including Westinghouse, United States Steel and Alcoa.

The five reportedly worked as members of the “Comment Crew” or “Shanghai Group” at a 12-story white office tower on a Chinese Army base in the outskirts of Shanghai. Last year, the building was identified as the source of multiple attacks on the U.S. government and American corporations.

Since there’s a better chance of the Cubs winning the 2014 World Series, Kim Jong-un becoming a world class sprinter and the Tea Party endorsing Hillary Clinton for president than these Chinese soldiers coming to the United states and standing trial, what’s the point? To get somebody’s attention or maybe to get everybody’s attention both here and in China.

In Michael S. Schmidt’s New York Times piece, John Carlin, an assistant Attorney general for national security, talked about the damage done by Chinese hackers. ”He said that while SolarWorld was rapidly losing its market share to Chinese competitors that were pricing exports well below costs, the hackers were stealing cost, pricing and strategy information from SolarWorld’s computers. And while Westinghouse was negotiating with a Chinese state-owned enterprise over the construction of nuclear power plants…hackers stole trade secret designs for components of those plants.”

This link will take you to Michael Schmidt’s complete New York Times article.

ThreatMetrix® builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 500 million monthly transactions and protects more than 160 million active user accounts across 2,500 customers and 10,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

 

 

Let’s Put Our Cards on the Table. U.S. Briefs China on Cyberwarfare Plans.

Posted on April 10th, 2014 by Dan Rampe

China

The U.S. is briefing China’s military how it plans to defend against cyberattacks and use cybertechnology against adversaries. China, for its part, is saying nothing about its plans. Does this sound like playing poker with just your hold card showing? Anyway, you gotta hope somebody’s playing with a full deck.

In his piece in The New York Times, David E. Sanger explains the idea behind the American strategy and what the U.S. hopes to accomplish with the new cyber openness. (The story has been edited to fit our format.)

The idea was to allay Chinese concerns about plans to more than triple the number of American cyberwarriors to 6,000 by the end of 2016, a force that will include new teams the Pentagon plans to deploy to each military combatant command around the world. But the hope was to prompt the Chinese to give Washington a similar briefing about the many People’s Liberation Army units that are believed to be behind the escalating attacks on American corporations and government networks.

So far, the Chinese have not reciprocated.

The effort, senior Pentagon officials say, is to head off what Mr. Hagel and his advisers fear is the growing possibility of a fast-escalating series of cyberattacks and counterattacks between the United States and China. This is a concern especially at a time of mounting tensions over China’s expanding claims of control over what it argues are exclusive territories in the East and South China Seas, and over a new air defense zone. In interviews, American officials say their latest initiatives were inspired by Cold-War-era exchanges held with the Soviets so that each side understood the “red lines” for employing nuclear weapons against each other.

“Think of this in terms of the Cuban missile crisis,” one senior Pentagon official said. While the United States “suffers attacks every day,” he said, “the last thing we would want to do is misinterpret an attack and escalate to a real conflict.”

Mr. Hagel’s concern is spurred by the fact that in the year since President Obama explicitly brought up the barrage of Chinese-origin attacks on the United States with his newly installed counterpart, President Xi Jinping, the pace of those attacks has increased. Most continue to be aimed at stealing technology and other intellectual property from Silicon Valley, military contractors and energy firms. Many are believed to be linked to cyberwarfare units of the People’s Liberation Army acting on behalf of state-owned, or state-affiliated, Chinese companies.

“To the Chinese, this isn’t first and foremost a military weapon, it’s an economic weapon,” said Laura Galante, a former Defense Intelligence Agency cyberspecialist.

Administration officials acknowledge that Mr. Hagel, on his first trip to China as defense secretary, has a very difficult case to make, far more complicated than last year. The Pentagon plans to spend $26 billion on cybertechnology over the next five years — much of it for defense of the military’s networks, but billions for developing offensive weapons — and that sum does not include budgets for the intelligence community’s efforts in more covert operations. It is one of the few areas, along with drones and Special Operations forces, that are getting more investment at a time of overall Pentagon cutbacks.

Moreover, disclosures about America’s own focus on cyberweaponry — including American-led attacks on Iran’s nuclear infrastructure and National Security Agency documents revealed in the trove taken by Edward J. Snowden, the former agency contractor — detail the degree to which the United States has engaged in what the intelligence world calls “cyberexploitation” of targets in China.

The revelation by The New York Times and the German magazine Der Spiegel that the United States has pierced the networks of Huawei, China’s giant networking and telecommunications company, prompted Mr. Xi to raise the issue with Mr. Obama at a meeting in The Hague two weeks ago. The attack on Huawei, called Operation Shotgiant, was intended to determine whether the company was a front for the army, but also focused on learning how to get inside Huawei’s networks to conduct surveillance or cyberattacks against countries — Iran, Cuba, Pakistan and beyond — that buy the Chinese-made equipment. Other cyberattacks revealed in the documents focused on piercing China’s major telecommunications companies and wireless networks, particularly those used by the Chinese leadership and its most sensitive military units.

Mr. Obama told the Chinese president that the United States, unlike China, did not use its technological powers to steal corporate data and give it to its own companies; its spying, one of Mr. Obama’s aides later told reporters, is solely for “national security priorities.” But to the Chinese, for whom national and economic security are one, that argument carries little weight.

“We clearly don’t occupy the moral high ground that we once thought we did,” said one senior administration official.

For that reason, the disclosures changed the discussion between the top officials at the Pentagon and the State Department and their Chinese counterparts in quiet meetings intended to work out what one official called “an understanding of rules of the road, norms of behavior,” for China and the United States.

The decision to conduct a briefing for the Chinese on American military doctrine for the use of cyberweapons was a controversial one, not least because the Obama administration has almost never done that for the American public, though elements of the doctrine can be pieced together from statements by senior officials and a dense “Presidential Decision Directive” on such activities signed by Mr. Obama in 2012. (The White House released declassified excerpts at the time; Mr. Snowden released the whole document.)

Mr. Hagel alluded to the doctrine a week ago when he went to the retirement ceremony for Gen. Keith B. Alexander, the first military officer to jointly command the N.S.A. and the military’s Cyber Command. General Alexander was succeeded last week by Adm. Michael S. Rogers, who as the head of the Navy’s Fleet Cyber Command was a central player in developing a corps of experts who could conduct cyberwarfare alongside more traditional Navy forces.

“The United States does not seek to militarize cyberspace,” Mr. Hagel said at the ceremony, held at the N.S.A.’s headquarters at Fort Meade, Md. He went on to describe a doctrine of “minimal use” of cyberweaponry against other states. The statement was meant to assure other nations — not just China — that the United States would not routinely use its growing arsenal against them.

In Beijing, the defense secretary “is going to stress to the Chinese that we in the military are going to be as transparent as possible,” said Rear Adm. John Kirby, the Pentagon press secretary, “and we want the same openness and transparency and restraint from them.”

Experts here and in China point out that a lot was left out of Mr. Hagel’s statement last week. The United States separates offensive operations of the kind that disabled roughly 1,000 centrifuges in Iran’s nuclear program, America’s best-known (and still unacknowledged) cyberattack against another state, from the far more common computer-enabled espionage of the kind carried out against the Chinese to gather information about a potential adversary.

“It’s clear that cyberspace is already militarized, because we’ve seen countries using cyber for military purposes for 15 years,” said James Lewis, an expert at the Center for Strategic and International Studies. “The Chinese have had offensive capabilities for years as well,” he said, along with “more than a dozen countries that admit they are developing them.”

ThreatMetrix® builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix™ Global Trust Intelligence Network, which analyzes over 500 million monthly transactions and protects more than 160 million active user accounts across 2,500 customers and 10,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.