Fraud and Security Pros to Meet at ThreatMetrix Cybercrime Prevention Summit 2015

Posted on April 30th, 2015 by Dan Rampe

Blog-Header

5th Annual Summit Has Experts from Around the World Discussing Collaborative Strategies to Fight Evolving Cybercrime

Themed “Connect and Collaborate,” the ThreatMetrix® Cybercrime Prevention Summit 2015, the largest of its kind, will bring together 250 cybersecurity experts from around the globe to exchange ideas on the latest trends in cybersecurity, shared intelligence, protection against mobile fraud and improvement of online trust and Internet security. The fifth annual Summit runs from October 7-9 at the Silverado Resort & Spa in Napa, the heart of California wine country.

2014: breaches happening at unprecedented rate

There were major breaches in almost every sector — healthcare, financial services, retail, government, military and other industries. The Identity Theft Resource Center tracked a record 780 plus breaches – a 27.5 percent increase over the number of breaches reported in 2013. Faced with this ongoing assault, the summit will focus on how businesses and consumers can leverage a collective approach to cybersecurity.

The ThreatMetrix Digital Identity Network: leading a collaborative approach to defeating fraud and data breaches

Processing more than one billion online transactions each month, the ThreatMetrix Digital Identity Network, the world’s largest, enables ThreatMetrix customers across industries to access the most comprehensive world-wide data and analysis available to combat cybercrime.

Bert Rankin, ThreatMetrix chief marketing officer, on the best way to combat fraud

“The fallout from a record high in data breaches last year has made it challenging for businesses to protect their employees and customers from fraud on various levels. The best way to combat fraud in the wake of these breaches is to bring together all aspects of customers’ and employees’ online devices and behaviors into one unique digital identity. By connecting with experts and peers, summit attendees will hear specific insights on the most recent cyber attacks identified through the ThreatMetrix Digital Identity Network and the best practices being used to deter them.”

For Summit attendees an opportunity to connect and collaborate with experts in fraud prevention and cybersecurity

Through a variety of activities, attendees will be able to get a clearer understanding of the most recent cyberthreats and take their respective companies’ best practices to the next level.

Summit subjects

Topics at the Summit include finding ways to reduce online payment fraud, account takeover, identity spoofing and other forms of cybercrime. And, attendees will include experts and senior fraud and cybercrime prevention professionals from the world’s leading online businesses, representing financial services, e-commerce, social networks, government, insurance and other industries.

Attending: key members of the ThreatMetrix executive and professional services team

Sharing insights and trends identified through the ThreatMetrix Digital Identity Network will be key members of the ThreatMetrix team. In addition, industry experts including Julie Conroy, research director for Aite Group’s Retail Banking practice, will speak at the Summit on ongoing research regarding fraud, data security and other market data.

Attendance at the Summit limited to 250

To foster personal interactions, attendance at the ThreatMetrix Cybercrime Prevention Summit 2015 will be limited to 250 attendees. To learn more or to register, please visit: http://cybercrimepreventionsummit.com/.

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions leveraging a global shared digital identity network and real-time customer driven-analytics platform.  These solutions help customers differentiate between trusted users and potential fraud resulting in reduced friction, incremental revenue and lower fraud and operational costs.

ThreatMetrix secures customers against account takeover, payment fraud, fraudulent account registrations resulting from malware, and data breaches. Underpinning the solution is the ThreatMetrix® Digital Identity Network, which analyzes more than one billion monthly transactions and protects more than 250 million active user accounts across 3,000 customers and 15,000 websites and mobile applications. ThreatMetrix is deployed by industry leaders across financial services, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

 

 

TIGTA Gives IRS an F

Posted on April 23rd, 2015 by Dan Rampe

Tax

TIGTA (Treasury Inspector General for Tax Administration) Gives the IRS Poor Marks for Handling ID Theft Victims

A recently released Treasury Inspector General for Tax Administration report says the IRS tells an ID theft victim that his/her case will be resolved in 180 days. While that’s what the IRS claims, the TIGTA report says it actually takes the IRS 278 days. Imagine what a victim of ID theft goes through having to wait those additional 98 days.

In his piece on theblaze.com, Fred Lucas describes what the TIGTA found while doing its audit, a follow-up to one done in 2013. The following has been excerpted from his article and edited to fit our format. You may find the full story by clicking on this link.

You will get an answer, but it may not be the right one

Based on a sampling of 100 identity theft tax accounts, the inspector general [projected] that 25,565 cases out of 267,692 were resolved incorrectly, or almost [1 in 10.]

Better maybe, but not what the IRS tells the public

In 2013, about 2.9 million tax identity theft incidents happened, an increase from 1.8 million in 2012, the Chicago Tribune reported. The average for resolving a case in 2013 [was] down from the average of 312 days in fiscal year 2012, but it [was] still well over what the IRS [instructed] employees to tell taxpayers who were victims of fraud.

“IRS guidance in FY 2013 instructed employees to inform taxpayers who [inquired] about the status of their identity theft case that cases are resolved within 180 days,” the IG report says.

IRS case processing data said resolutions took between 228 and 298 days

“[The IRS’s] own case processing data did not support the 180-day resolution time period. In fact, IRS data showed case resolutions were taking between 228 to 298 days.”

Misleading stakeholders

“When the IRS provides misleading identity theft case resolution time periods, it creates a false portrayal of improvement to stakeholders and makes it more difficult for the IRS to gage and improve its own operations.”

No change in procedure needed

“The IRS disagreed with the recommendation to develop processes and procedures to calculate the average time it takes to fully resolve taxpayer accounts.”

Victims deserve better

“While the IRS is making some progress in assisting victims of identity theft, those who have been affected by this devastating crime deserve better.”

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions leveraging a global shared digital identity network and real time customer driven analytics platform.  These solutions help customers differentiate between trusted users and potential fraud resulting in reduced friction, incremental revenue and lower fraud and operational costs.

ThreatMetrix secures customers against account takeover, payment fraud, fraudulent account registrations resulting from malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over one billion monthly transactions and protects more than 250 million active user accounts across 3,000 customers and 15,000 websites and mobile applications. ThreatMetrix is deployed by industry leaders across financial services, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

 

 

 

 

 

Grand Canyon-Sized Breach Hits Grand Canyon State

Posted on April 8th, 2015 by Dan Rampe

Grand Canyon

418,640 Arizonans Had Data Compromised in the Anthem Breach That Affected 80 Million. ThreatMetrix CEO Calls Breach the “Tipping Point.”

In his blog, The Anthem Tipping Point, Reed Taussig, President and CEO of ThreatMetrix® notes that the Anthem Breach might finally be the cataclysmic event, the tipping point, that gets “the attention of senior management and boards of directors to recognize that cybersecurity is just as important to the enterprise as the operations of their customer-facing Internet applications themselves.”

And Anthem was not the only healthcare company attacked. Approximately the same time Anthem was breached — and very possibly by the same cybercriminals — Premera Blue Cross, which operates in Arizona, Alaska and Washington State, was also breached, compromising sensitive personal, financial and medical claims information for about 11 million of its customers nationwide. Other Anthem companies affected by the breach include Amerigroup, Anthem and Empire Blue Cross Blue Shield, CareMore and UniCare.

In his story on azcentral.com, Ken Alltucker, reporter for The Republic, details the cyberattack that left many Arizonans and Americans in general at risk of becoming victims of identity theft and other crimes. The following has been excerpted from Alltucker’s piece and edited to fit our format. You may find his complete account by clicking on this link.

Unaffected by breach, Blue Cross Blue Shield customers still at risk

The computer hackers did not breach Blue Cross Blue Shield of Arizona’s computer systems, company officials said, but customers of the Arizona insurer could be affected if they used their insurance plans to access doctors, hospitals or other health services in states where Anthem and Premera operate.

Anthem’s 14 states include California, Colorado, Connecticut, Georgia, Indiana, Kentucky, Maine, Missouri, Nevada, New Hampshire, New York, Ohio, Virginia and Wisconsin.

Healthcare a hot, easy target

“Nowadays, it’s all about the money,” said Shaun Murphy, founder of PrivateGiant, an Orlando-based consulting firm. Murphy said there is a black market for such data, and cyberthieves who recover such detailed personal, financial and medical information on individuals can get lucrative payments.

Murphy said health-care insurers are a prime target because their security systems are typically not as robust as financial institutions. And if a hacker is able to piece together Social Security numbers, birth dates and medical-claims information about an individual, that creates the type of detailed profile about a person that black-market buyers covet. “When you start to aggregate this information, it can bring in a ton of money.”

Small comfort

The insurance companies have offered [breached] customers two years of credit monitoring and identity-theft protection services. Anthem consumers can get more information about these services at anthem.allclearid.com. Premera’s identify-theft protection will be offered through Experian. Visit premeraupdate.com for more information.

Still attempting to find all potential victims

Premera spokesman Eric Earling said the company still is attempting to pinpoint all customers who may have been affected by the data breach in Arizona and other states.

Compromised records may go back to 2002

The insurer said the sophisticated cyberattack may have accessed records dating to 2002. That means customers who once held Premera’s LifeWise plans, discontinued in Arizona last decade, may be affected.

26 healthcare data breaches in Arizona since 2010

In Arizona, there have been 26 health data breaches that have each affected 500 or more people [in each breach] since 2010, according to the U.S. Department of Health and Human Services.

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions leveraging a global shared digital identity network and real time customer driven analytics platform.  These solutions help customers differentiate between trusted users and potential fraud resulting in reduced friction, incremental revenue and lower fraud and operational costs.

ThreatMetrix secures customers against account takeover, payment fraud, fraudulent account registrations resulting from malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over one billion monthly transactions and protects more than 250 million active user accounts across 3,000 customers and 15,000 websites and mobile applications. ThreatMetrix is deployed by industry leaders across financial services, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

 

 

 

 

“Unsafe at Any Speed” — Even Standing Still

Posted on March 25th, 2015 by Dan Rampe

car on internet

Senator Proposes New Rules of the Road for Connected Cars That Leave Drivers Open to Invasions of Privacy and Cyberattack

When Ralph Nader’s Unsafe at Any Speed was published half a century ago accusing car manufacturers of resistance to spending money on safety, it caused a sea change in the auto industry. No. Not amphibious cars. But, it did lead to mandatory seat belt laws and the introduction of a host of other safety features.

Recently Sen. Ed Markey of Massachusetts released a report on the risks of cyberattack and loss of privacy posed by cars connected to the Internet. In a statement, he warned that “automakers haven’t done their part to protect us from cyber-attacks or privacy invasions [adding that even] as we are more connected than ever in our cars and trucks, our technology systems and data security remain largely unprotected.”

In her piece on washingtonpost.com, Andrea Peterson explores the many questions raised by the new Internet of Things smart cars and a few answers. The following has been excerpted from her piece and edited to fit our format. You may find the full article by clicking on this link.

Who’s foot is on the brake pedal?

Cybersecurity experts have long warned that cars’ electronic systems might be vulnerable to hackers, especially as auto-makers started building wireless connections to the outside world into vehicles. Researchers Charlie Miller and Chris Valasek demonstrated how to take over the steering and brakes of a Ford Escape and a Toyota Prius using a laptop connected to the vehicles with a cable in 2013.

Many attack surfaces

Last year, the pair released a report detailing the wireless “attack surfaces” of a wide variety of vehicles on the market — things like Wi-Fi, keyless entry systems, and Bluetooth that might be targeted by a malicious hacker.

Inconsistent and haphazard

Nearly all cars on the market “include wireless technologies that could pose vulnerabilities to hacking or privacy intrusions,” according to Markey’s report…. Security measures to prevent remote access to a car’s electronic systems are “inconsistent and haphazard across all automobiles” and many manufacturers “did not seem to understand” the questions the legislator was asking. However, most manufacturers were either unaware or unable to report on previous hacking incidents.

“Cavalry” involved

Other groups have raised concerns about the security practices of auto-makers. I am the Cavalry, a group focused on where computer security intersects with physical safety, has urged vehicle manufacturers to adopt a five-star-style rating system for security best practices, akin to the ratings for traditional vehicle safety.

Your car is listening

The report also found that modern cars collect a significant amount of information on driving history and that drivers often cannot opt out of data collection without disabling features such as navigation. “A majority of automakers offer technologies that collect and wirelessly transmit driving history data to data centers, including third-party data centers, and most do not describe effective means to secure the data,” it said.

Markey calls for new regulatory standards

[Markey] calls for the National Highway Traffic Safety Administration to set new regulatory standards with input from the Federal Trade Commission. The standards should ensure that car’s wireless and data-collection features protect against hacking and security breaches, require that carmakers test their systems with penetration testing, require drivers be explicitly told about how data is collected and used, and give drivers a way to opt out of such features, the report argues.

Rules of the road enforced

“We need to work with the industry and cyber-security experts to establish clear rules of the road – not voluntary agreements – to ensure the safety and privacy of 21st-century American drivers,” Markey said.

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 850 million monthly transactions and protects more than 210 million active user accounts across 3,000 customers and 15,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

 

 

 

 

 

Browser Beware

Posted on March 23rd, 2015 by Dan Rampe

Browsers

Ponemon Survey of 645 Information Tech Companies Says Half of All Malware Was the Result of Web Browsers That Weren’t Secure

Less than a third of respondents thought major browsers had “effective security tools for blocking web-borne malware.” And, close to 70 percent of IT professionals thought browser-borne malware was getting worse and was “a more significant threat today than [just] 12 months ago.” These were among the observations brought to light in the Ponemon study as reported by Cory Bennett on thehill.com. The following has been excerpted from Bennett’s article and edited to fit our format. You may find his full article by clicking on this link.

An unsettling thought

Over three quarters [of IT professionals] thought it was certain or very likely their organization had an undetected infiltration from browser-based malware.

Google hunting for bugs

[Google is taking …steps to root out more bugs in its Chrome browser, which recently became the second-most popular browser behind Microsoft’s Internet Explorer.

The [company] said it [would] start giving no-strings-attached grants to independent researchers to suss out flaws in its products, including Chrome. The company will post vulnerabilities they are looking to eradicate and will dole out up to $3,133.70 to researchers willing to take a shot at it.

The hunt gets harder

Since 2010, Google has rewarded researchers if they discovered flaws in Google products and services. The company said it’s adding the new grant program because these vulnerabilities are increasingly difficult to find, after years of independent researchers and Google’s in-house team working on the issue.

“Of course, that’s good news, but it can also be discouraging when researchers invest their time and struggle to find issues,” said Google security engineer Eduardo Vela Nava.

Chrome chief beneficiary

Chrome has benefited from these rewards as much, if not more, than any other product, Nava said. In 2014, more than half of the Chrome bugs discovered by outside researchers were found in beta versions of the browser.

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 850 million monthly transactions and protects more than 210 million active user accounts across 3,000 customers and 15,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

 

 

 

 

Have EMV Terminals? American Express Has a Hundred Simoleons for You.

Posted on March 9th, 2015 by Dan Rampe

American Express

American Express Rolls Out a “Small Merchant EMV Assistance Program” to Help Speed up Adoption of EMV Payments

Have to clear up something for anyone who’s not exactly sure what simoleons are. Okay they’re not a lost tribe of South Sea islanders discovered by Tim Cook using Google Earth who now do their tweeting on iPhones instead of conch shells. Also, they’re not anything you’d top with chipotle sauce – unless you wanted to put your money where your mouth is.

Simoleons are simply bucks, clams, ducats, greenbacks, smackers, i.e., dollars. And, as part of its Small Merchant EMV Assistance Program, American Express will give one hundred of those dollars to any U.S. merchant who’s already adopted EMV terminals. We should mention this is a one time only offer.

In her story on paymentweek.com, Melanie Macinas writes additional facets of American Express’s $10 million campaign to speed up the adoption of EMV payment terminals. The following has been excerpted from her article and edited to fit our format. You may find the full article by clicking on this link.

Educational resources

Small merchants will also receive educational resources on EMV via email, telephone hotline, and website.

EMV ambassadors

American Express Fraud Squad ambassadors will also visit Atlanta, Houston, Miami, and New York City to personally meet with small merchants and discuss with them the advantages of EMV.

Many small merchants still unaware of EMV

[Anré Williams, President, Global Merchant Services, American Express, notes,

“Unfortunately, many small merchants do not know about EMV or what they need to do to take advantage of it. We created the Small Merchant EMV Assistance Program to help them. By providing financial and educational assistance, we hope small merchants more quickly adopt EMV so they can ensure their customers feel safe when shopping at their stores.”

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions leveraging a global shared digital identity network and real time customer driven analytics platform.  These solutions help customers differentiate between trusted users and potential fraud resulting in reduced friction, incremental revenue and lower fraud and operational costs.

ThreatMetrix secures customers against account takeover, payment fraud, fraudulent account registrations resulting from malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over one billion monthly transactions and protects more than 250 million active user accounts across 3,000 customers and 15,000 websites and mobile applications. ThreatMetrix is deployed by industry leaders across financial services, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

 

 

 

What Uber Might’ve Done to Prevent Compromising the Personal Info of 50,000 Drivers

Posted on March 6th, 2015 by Dan Rampe

Uber

Andreas Baumhof, ThreatMetrix’s CTO, Explains How a Holistic Approach to Security Might Well Have Made All the Difference

Shoulda, coulda, woulda can’t help the 50,000 past and present Uber drivers whose personal information (names and driver’s license numbers) was compromised in the company’s recent breach. However, Andreas Baumhof offers a practical approach that could help prevent a future recurrence and help other companies avoid a similar lapse in security.

In his article on scmagazine.com, Adam Greenberg tapped Baumhof and Steve Hultquist, chief evangelist at RedSeal for answers. His article has been edited to fit our format. You may find Greenberg’s complete piece by clicking on this link.

Enough compromised information for ID theft

“Names and driver’s license numbers are two key elements of verification of personal identity,” Hultquist said. “Combined with other information that could be gained by social engineering or by existing breaches, theft of personal identities is possible.”

Very valuable information

Andreas Baumhof, CTO of ThreatMetrix, [noted] that personally identifiable information (PII) increases in worth when more pieces of data related to a single individual are obtained.

“[If] I know your name and your associated email and then the associated address and then the associated credit card number and now the license plate, the information gets more valuable.” He went on to explain, “One reason is the use of knowledge-based authentication is still quite heavy (even by banks) where they ask you some questions that only you should know (e.g. what’s your license plate number?) to do a 2nd factor authentication.”

What they knew and when they knew it

Uber stated that a single instance of unauthorized access to one of its databases occurred on May 13, 2014. The company explained that it discovered the potential access on Sept. 17, 2014, and immediately changed the access protocols for the database.

How the breach might have occurred

“Given the information that Uber has shared, it seems likely that the breach came from the unauthorized use of an existing database access account,” Hultquist said. “The other likely option is access via a database system vulnerability, but that doesn’t seem indicated by the report.”

Baumhof’s comprehensive approach to protecting data

To prevent these types of incidents from occurring in the future, Baumhof said that a holistic approach needs to be considered. He explained that internal systems need to be restricted and secured, and access to data needs to be protected using context-based and behavioral approaches.

Uber’s John Doe Suit

According to the statement, Uber has filed a “John Doe” lawsuit so it can “gather information that may lead to confirmation of the identity of the third party.” The Register reported…that Uber subpoenaed GitHub so the latter company would turn over the IP addresses of visitors to a particular gist, which is believed to have contained a login key used to access the Uber database.

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions leveraging a global shared digital identity network and real time customer driven analytics platform.  These solutions help customers differentiate between trusted users and potential fraud resulting in reduced friction, incremental revenue and lower fraud and operational costs.

ThreatMetrix secures customers against account takeover, payment fraud, fraudulent account registrations resulting from malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over one billion monthly transactions and protects more than 250 million active user accounts across 3,000 customers and 15,000 websites and mobile applications. ThreatMetrix is deployed by industry leaders across financial services, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

 

 

ThreatMetrix Labs Report Covers the Fish That Hooks People

Posted on March 5th, 2015 by Dan Rampe

Labs-Header

Superfish Adware Acting as “Man-In-The-Browser” Business and Banking Malware Is Outlined in the Latest ThreatMetrix Labs Report

Not familiar with Superfish? Ask any buyer of a Lenovo laptop purchased between October and December 2014 whose computer came preinstalled with the adware. But don’t think you’re going to hear kudos.

“Superfish Adware – A Closer Look”

Comparing Superfish and similar adware to “man-in-the-browser” (MitB) banking Trojans, the ThreatMetrix Labs report, “Superfish Adware – A Closer Look,” details the nature and behavior of this software. It also details Superfish’s HTML injection through browser add-ons and the type of sensitive information this injection allows the injected Javascript to access.

Komodia’s library vulnerable

The report also goes into issues associated with Superfish and other adware tools that use Komodia’s library for ad injection installing a Certificate Authority (CA) into users’ browsers. Protected only by easily-obtained, weak passwords, it’s no trouble at all for cybercriminals to create fake, legitimate-looking website certificates.

Andreas Baumhof, ThreatMetrix’s CTO, on the increasing adware threat

“Data from the ThreatMetrix Global Trust Intelligence Network shows that the Superfish Adware has been an increasing threat since October 2014. While this isn’t a new threat, its recent exposure has left many businesses and consumers questioning what they should know about its threats and how to protect against it. Since it has been around for some time and ThreatMetrix has long had capabilities to detect these kinds of threats, we provide technical details surrounding Superfish and its implications.”

A Javascript injection of Superfish

Depending on the page accessed, the Javascript injected by Superfish has full access to a wide range of sensitive information. For example, the ThreatMetrix Labs report outlines the information that can be accessed by this Javascript code when a user visits a website, including cookies, local storage information, any Document Object Model (DOM) element of the page, user input (such as form field data) and any events that are fired during the session (such as submission of a login form).

ThreatMetrix’s honeypot detects malware strains

ThreatMetrix provides a malware detection service (a “honeypot”) that allows its customers to detect the presence of malware strains like Superfish in real time without any interference in their customers’ journeys. This information is fully integrated into the analysis by the ThreatMetrix® Global Trust Intelligence Network (The Network).

Notes Baumhof about the honeypot

“Whenever a strain of malware like Superfish grows this rapidly, online businesses and banks struggle to protect their customers against its threats – such as compromised sensitive information – without adding friction to the user experience. ThreatMetrix’s honeypot detection techniques help businesses detect unauthorized webpage modification within a user’s browser as part of the user’s full risk assessment, all without any added steps to the customer journey.”

Authenticating customers in real-time

ThreatMetrix authenticates customer transactions using real-time identity and access analytics that leverage the power of the world’s largest shared intelligence network. The ThreatMetrix solution already protects leading online businesses and financial institutions against account takeover, payment fraud, and fraudulent account registrations as a result of stolen credentials obtained from malware, social engineering, phishing and data breaches.

The public ThreatMetrix Labs report can be downloaded here.

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions leveraging a global shared digital identity network and real time customer driven analytics platform.  These solutions help customers differentiate between trusted users and potential fraud resulting in reduced friction, incremental revenue and lower fraud and operational costs.

ThreatMetrix secures customers against account takeover, payment fraud, fraudulent account registrations resulting from malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over one billion monthly transactions and protects more than 250 million active user accounts across 3,000 customers and 15,000 websites and mobile applications. ThreatMetrix is deployed by industry leaders across financial services, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

 

Sandpiper: An Eagle When It Comes to Fighting Cybercrime

Posted on February 27th, 2015 by Dan Rampe

Europol

EC3 Supports 18-Month EU-Funded “Project Sandpiper” to Stop Payment Card Fraud in Its Tracks

The latest statistics published by the European Central Bank reveal that card-not-present (CNP) fraud is on the rise accounting for 60% of all fraud losses on cards issued in the European Union. To address the problem, Europol’s European Cybercrime Centre (EC3) has launched several investigations.

Project Sandpiper

Initiated by UK authorities and supported by Europol’s European Cybercrime Centre (EC3), Project Sandpiper took out after the bad guys. The score after eighteen months: 59 arrests; 32 prosecutions; 17 convictions; 52,812 compromised card numbers recovered; £23 million ($35 million) estimated savings to the banking industry; and the disruption of 5 organized crime groups misusing electronic payments mainly in overseas destinations.

Troels Oerting, head of EC3

An article on eurasiareview.com (link to article) quotes the former head of the European Cybercrime Centre, Troels Oerting, who said, “The criminal networks involved in this sophisticated electronic payment crime have been taken down as a result of many months of hard work by police officers and prosecutors in the European Union. Through the international cooperation of law enforcement authorities, the European Commission and Europol, as well as cooperation with the financial industry, European customers’ payment transactions are safer. We continue our fight against this crime. The criminals continue to develop new methods for stealing our identities, money and ideas online, and we have to continue and further develop operations like Sandpiper and Skynet. [Skynet is the codename of a new EU-funded project. Just launched, it focuses on international cooperation to combat online CNP fraud. Six EU Member States are involved.]”

A joint EU effort

According to the eurasiareview.com story, Europol’s information and analysis systems are used to exchange and cross-check the intelligence received from member states.

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 850 million monthly transactions and protects more than 210 million active user accounts across 3,000 customers and 15,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

 

 

 

 

What’s Happening with Mobile Device Payments Is Criminal

Posted on February 23rd, 2015 by Dan Rampe

Mobile Devices

Mobile Device Fraud Makes Up a Disproportionate Share of the $6 Billion Fraud Costs Merchants and Card Issuers in the U.S. Each Year

Forrester Research says mobile payments accounted for $52 billion worth of U.S. transactions in 2014, up from $32 billion in 2013. And this year that number is expected to hit $67 billion.

A LexisNexis survey of 1,100 companies found that while mobile payments account for 14 percent of transactions among merchants, they make up 21 percent of fraud cases. In her story on bloomberg.com, Olga Kharif details how cyberthieves have continued to shift their focus to mobile devices. The following has been excerpted from her piece and edited to fit our format. You may find her complete article by clicking on this link.

More mobile fraud than on PCs

“We certainly see a surge in mobile payment attacks,” says Tomer Barel, chief risk officer at PayPal, who says his company deals with more cases of fraud on mobile devices than on PCs. “There are many more avenues for fraudsters to try.”

Every dollar of mobile fraud costs merchants $3.34

Each dollar worth of misbegotten mobile payments winds up costing a fooled merchant $3.34. That’s slightly more than the cost of a fraudulent credit card swipe or mail order, 27 percent more than a similar payment made from a PC.

Merchants aren’t equipped to handle mobile fraud

Along with the cost of lost merchandise, the total includes investigation of the fraud. That’s tougher on phones than on PCs, because many businesses aren’t equipped to track mobile devices’ unique identifiers such as IP addresses. Stores often don’t catch when a card issued in Los Angeles is used for a mobile order from Mexico, says Aaron Press, director of e-commerce and payments at LexisNexis Risk Solutions. “It’s kind of a wake-up call,” he says.

Lower-tech fraud

Some mobile fraud remains low-tech. Last year, the Better Business Bureau warned consumers about a scam in which people posted absurdly cheap offers for used cars online, then tricked interested buyers into wiring funds through a phony version of Google Wallet.

Higher-tech fraud

Other frauds are more technical, such as the hackers who found a bug in a Chilean public transportation app that let them top off their travel credits for free.

The weak link

Like the brief flurry of duplicate charges that accompanied Apple Pay’s debut in October, such glitches highlight the vulnerability inherent in a system that requires banks, card networks, and software makers to keep pace with thieves. “If you don’t make the proper investment, they’ll be attracted to the weakest link,” says PayPal’s Barel.

Biometrics may stop some cybercriminals

Smartphone operating systems, at least, are tougher to infiltrate than those of PCs. Phones with biometric sensors can also make a person’s identity tougher to steal. Mobile payment service LoopPay says it’s adding support for biometric features such as Apple’s fingerprint reader, despite hackers’ claims that they can fool the iPhone’s sensor. Rival CurrentC says it’s considering similar measures….

“There’s no perfect system,” says Will Graylin, chief executive officer of LoopPay. “It’s always a game of cat and mouse.”

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 850 million monthly transactions and protects more than 210 million active user accounts across 3,000 customers and 15,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.