TIGTA Gives IRS an F

Posted on April 23rd, 2015 by Dan Rampe

Tax

TIGTA (Treasury Inspector General for Tax Administration) Gives the IRS Poor Marks for Handling ID Theft Victims

A recently released Treasury Inspector General for Tax Administration report says the IRS tells an ID theft victim that his/her case will be resolved in 180 days. While that’s what the IRS claims, the TIGTA report says it actually takes the IRS 278 days. Imagine what a victim of ID theft goes through having to wait those additional 98 days.

In his piece on theblaze.com, Fred Lucas describes what the TIGTA found while doing its audit, a follow-up to one done in 2013. The following has been excerpted from his article and edited to fit our format. You may find the full story by clicking on this link.

You will get an answer, but it may not be the right one

Based on a sampling of 100 identity theft tax accounts, the inspector general [projected] that 25,565 cases out of 267,692 were resolved incorrectly, or almost [1 in 10.]

Better maybe, but not what the IRS tells the public

In 2013, about 2.9 million tax identity theft incidents happened, an increase from 1.8 million in 2012, the Chicago Tribune reported. The average for resolving a case in 2013 [was] down from the average of 312 days in fiscal year 2012, but it [was] still well over what the IRS [instructed] employees to tell taxpayers who were victims of fraud.

“IRS guidance in FY 2013 instructed employees to inform taxpayers who [inquired] about the status of their identity theft case that cases are resolved within 180 days,” the IG report says.

IRS case processing data said resolutions took between 228 and 298 days

“[The IRS’s] own case processing data did not support the 180-day resolution time period. In fact, IRS data showed case resolutions were taking between 228 to 298 days.”

Misleading stakeholders

“When the IRS provides misleading identity theft case resolution time periods, it creates a false portrayal of improvement to stakeholders and makes it more difficult for the IRS to gage and improve its own operations.”

No change in procedure needed

“The IRS disagreed with the recommendation to develop processes and procedures to calculate the average time it takes to fully resolve taxpayer accounts.”

Victims deserve better

“While the IRS is making some progress in assisting victims of identity theft, those who have been affected by this devastating crime deserve better.”

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions leveraging a global shared digital identity network and real time customer driven analytics platform.  These solutions help customers differentiate between trusted users and potential fraud resulting in reduced friction, incremental revenue and lower fraud and operational costs.

ThreatMetrix secures customers against account takeover, payment fraud, fraudulent account registrations resulting from malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over one billion monthly transactions and protects more than 250 million active user accounts across 3,000 customers and 15,000 websites and mobile applications. ThreatMetrix is deployed by industry leaders across financial services, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

 

 

 

 

 

ThreatMetrix Wins Best Anti-Malware Product and Hot Company in Multi-Factor Authentication at 2015 Cyber Defense Magazine Awards

Posted on April 22nd, 2015 by Dan Rampe

awards

Top Context-Based Security and Fraud Prevention Leader Recognized for Continuous Efforts to Safeguard Online Identities using Global Shared Intelligence

San Jose, CA – April 22, 2015 – ThreatMetrix®, the fastest-growing provider of context-based security and advanced fraud prevention solutions, today announces it has won in two categories in the 2015 Cyber Defense Magazine Awards, including Best Anti-Malware Product and Hot Company in Multi-Factor Authentication.

The Cyber Defense Magazine Awards recognize leading companies in the cybersecurity space that strive to curate cutting-edge knowledge on cybercrime and create advanced solutions to solve the online security issues facing businesses today. The awards were announced during the RSA Conference 2015, held this week in San Francisco.

In conjunction with the conference, ThreatMetrix announced the ThreatMetrix Digital Identity Network, the world’s largest digital identity network, leveraging global shared intelligence to safeguard online customer identities. This offering creates an anonymized digital identity of consumers based on device, persona and behavior from every transaction, account creation and account login.

“The landscape of fraud is changing as cybercriminals’ networks grow in breadth and sophistication, capitalizing on the digital debris of data breach fallouts,” said Bert Rankin, chief marketing officer at ThreatMetrix. “Our team continuously enhances our solutions to stay one step ahead of cybercriminals by providing businesses with an anonymized view of their customers based on devices, personas and behaviors. Being recognized by Cyber Defense Magazine as a leader in both anti-malware and multi-factor authentication is a ringing endorsement for ThreatMetrix.”

The Best Anti-Malware award recognizes ThreatMetrix for its success offering high-level malware detection for businesses through the TrustDefender™ Cybercrime Protection Platform which combines comprehensive data collection, behavioral analytics and the ThreatMetrix Digital Identity Network into a powerful, risk-based security and fraud prevention solution. This solution uses integrated malware and device identification, enabling ThreatMetrix customers to proceed with legitimate transactions while screening out fraudsters and criminal activity without added user friction.

The Hot Company in Multi-Factor Authentication award identifies ThreatMetrix as a leader in offering multi-factor authentication (MFA) solutions for financial institutions to provide frictionless customer logins, decrease operational costs and improve cybercrime detection. In contrast to the design of many legacy MFA solutions, ThreatMetrix can easily support financial institution authentication requirements and provide trusted customers access without excessive step-up authentication. ThreatMetrix delivers this by leveraging the ThreatMetrix Digital Identity Network, providing real-time risk analysis based on billions of Web and mobile transactions.

To learn more about ThreatMetrix’s unique anti-malware and multi-factor authentication services, visit ThreatMetrix this week in Booth #4235, located in the North Hall at RSA Conference 2015

ThreatMetrix Resources

About Cyber Defense Magazine

Cyber Defense Magazine is the premier source of IT Security information. We are managed and published by and for ethical, honest, passionate information security professionals. Our mission is to share cutting edge knowledge, real world stories and awards on the best ideas, products and services in the information technology industry. We deliver electronic magazines every month online for free and limited print editions exclusively for the RSA Conferences and our paid subscribers. Learn more about us at http://www.cyberdefensemagazine.com.

About ThreatMetrix

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions leveraging a global shared digital identity network and real-time customer-driven analytics platform. These solutions help customers differentiate between trusted users and potential fraud resulting in reduced friction, incremental revenue and lower fraud and operational costs.

ThreatMetrix secures customers against account takeover, payment fraud, fraudulent account registrations resulting from malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes more than one billion monthly transactions and protects more than 250 million active user accounts across 3,000 customers and 15,000 websites and mobile applications. ThreatMetrix is deployed by industry leaders across financial services, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

© 2015 ThreatMetrix. All rights reserved. ThreatMetrix, TrustDefender ID, TrustDefender Cloud, TrustDefender Mobile, TrustDefender Client, the TrustDefender Cybercrime Protection Platform, ThreatMetrix Labs, and the ThreatMetrix logo are trademarks or registered trademarks of ThreatMetrix in the United States and other countries. All other brand, service or product names are trademarks or registered trademarks of their respective companies or owners.

Media Contacts

Dan Rampe
ThreatMetrix
Tel: 408-200-5716
Email: drampe@threatmetrix.com

Beth Kempton
Walker Sands Communications
Tel: 312-241-1178
Email: beth.kempton@walkersands.com

 

ThreatMetrix Financial Institution Authentication Strategies for Stopping Malware and Compromised IDs

Posted on April 9th, 2015 by Dan Rampe

 

Standard-Header-AF

ThreatMetrix Outlines a New Approach in Line with FFIEC’s Joint Statements on Authenticating Customers and Employees

The Federal Financial Institutions Examination Council (FFIEC) has released joint statements dealing with stolen identities and malware that, combined, represent a threat not only to business, but to the entire financial system.

Alisdair Faulkner, ThreatMetrix chief products officer, on a new approach to authentication

“We’re not even halfway through the year and we’ve already seen data breaches of two major healthcare providers, Anthem and Premera, compromise the information of more than 90 million people. As the prevalence of personal data being breached continues to grow, financial institutions need a new approach to authentication and digital identity assessment.”

A summary of key FFIEC joint statements

  • Compromised Credentials – Whether an employee or administrator (and this is especially true for customers), banks can no longer trust the static identity of a user login or transaction. Even if a bank’s internal systems can’t be compromised, a bank’s customers and employees can be.
  • Destructive Malware – Banks have to continuously evaluate the health and risk of devices being used to access data or perform transactions. The same holds true for an employee accessing services remotely from his or her tablet, or for a sanctioned locked-down PC.
  • Shared Intelligence – To defeat malware and compromised credential threats, financial institutions have to look beyond their firewalls and share actionable threat intelligence about unauthorized account access attempts and attack patterns.

Faulkner notes that digital identities power the underworld

“Forget Bitcoin, our digital identities are the cybercurrency that powers the underworld. Unlike credit cards that can be replaced, stolen identities and compromised devices are the gift that keeps on giving – pieces of a user’s digital identity can be used over and over again, with each attack increasing in sophistication on a daily basis. Combining stolen identities, compromised devices and newer device spoofing tools like Anti Detect and Fraud Fox, hackers can routinely bypass first generation authentication technologies still installed at banks. Financial institutions need new ways of assessing digital identities by leveraging global shared intelligence to detect when personal information and devices are being used illegitimately. When one financial institution’s network is breached, every financial institution becomes the target of the digital debris.”

The ThreatMetrix Global Trust Intelligence Network (The Network) offers features to help financial institutions protect themselves from compromised credentials and malware

  • Persona ID – Persona ID enables financial institutions to connect users with their related attributes and activities. Included in these attributes and activities are email addresses, payment details, past transactions, accounts, devices, location, proxies etc. These details are tied to digital “personas.” And, incoming transactions are evaluated against the corresponding digital identities in real-time and enables ThreatMetrix to distinguish legitimate users and cybercriminals.
  • Layered Approach – Rather than providing “Bigger Data,” which creates too many alerts to act on quickly, The Network uses pin-point decision analytics to assess devices, threats, personas and behavior across its anonymized digital identity network. This makes it possible to accurately identify cybercriminals in real time without added customer friction.

The Network: real-time intelligence

In an environment where financial institutions must assume digital identities and devices are compromised before authenticating logins or transactions, The Network delivers real-time intelligence, providing businesses with consistent risk assessments of data and creating unique digital identities for users by mapping their online behaviors and devices to protect customers from fraudulent transactions.

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions leveraging a global shared digital identity network and real-time customer-driven analytics platform. These solutions help customers differentiate between trusted users and potential fraud resulting in reduced friction, incremental revenue and lower fraud and operational costs.
ThreatMetrix secures customers against account takeover, payment fraud, fraudulent account registrations resulting from malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes more than one billion monthly transactions and protects more than 250 million active user accounts across 3,000 customers and 15,000 websites and mobile applications. ThreatMetrix is deployed by industry leaders across financial services, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.
Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

 

What’s Happening with Mobile Device Payments Is Criminal

Posted on February 23rd, 2015 by Dan Rampe

Mobile Devices

Mobile Device Fraud Makes Up a Disproportionate Share of the $6 Billion Fraud Costs Merchants and Card Issuers in the U.S. Each Year

Forrester Research says mobile payments accounted for $52 billion worth of U.S. transactions in 2014, up from $32 billion in 2013. And this year that number is expected to hit $67 billion.

A LexisNexis survey of 1,100 companies found that while mobile payments account for 14 percent of transactions among merchants, they make up 21 percent of fraud cases. In her story on bloomberg.com, Olga Kharif details how cyberthieves have continued to shift their focus to mobile devices. The following has been excerpted from her piece and edited to fit our format. You may find her complete article by clicking on this link.

More mobile fraud than on PCs

“We certainly see a surge in mobile payment attacks,” says Tomer Barel, chief risk officer at PayPal, who says his company deals with more cases of fraud on mobile devices than on PCs. “There are many more avenues for fraudsters to try.”

Every dollar of mobile fraud costs merchants $3.34

Each dollar worth of misbegotten mobile payments winds up costing a fooled merchant $3.34. That’s slightly more than the cost of a fraudulent credit card swipe or mail order, 27 percent more than a similar payment made from a PC.

Merchants aren’t equipped to handle mobile fraud

Along with the cost of lost merchandise, the total includes investigation of the fraud. That’s tougher on phones than on PCs, because many businesses aren’t equipped to track mobile devices’ unique identifiers such as IP addresses. Stores often don’t catch when a card issued in Los Angeles is used for a mobile order from Mexico, says Aaron Press, director of e-commerce and payments at LexisNexis Risk Solutions. “It’s kind of a wake-up call,” he says.

Lower-tech fraud

Some mobile fraud remains low-tech. Last year, the Better Business Bureau warned consumers about a scam in which people posted absurdly cheap offers for used cars online, then tricked interested buyers into wiring funds through a phony version of Google Wallet.

Higher-tech fraud

Other frauds are more technical, such as the hackers who found a bug in a Chilean public transportation app that let them top off their travel credits for free.

The weak link

Like the brief flurry of duplicate charges that accompanied Apple Pay’s debut in October, such glitches highlight the vulnerability inherent in a system that requires banks, card networks, and software makers to keep pace with thieves. “If you don’t make the proper investment, they’ll be attracted to the weakest link,” says PayPal’s Barel.

Biometrics may stop some cybercriminals

Smartphone operating systems, at least, are tougher to infiltrate than those of PCs. Phones with biometric sensors can also make a person’s identity tougher to steal. Mobile payment service LoopPay says it’s adding support for biometric features such as Apple’s fingerprint reader, despite hackers’ claims that they can fool the iPhone’s sensor. Rival CurrentC says it’s considering similar measures….

“There’s no perfect system,” says Will Graylin, chief executive officer of LoopPay. “It’s always a game of cat and mouse.”

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 850 million monthly transactions and protects more than 210 million active user accounts across 3,000 customers and 15,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

 

 

ThreatMetrix Named to OnCloud’s “Top 100” and CEO Tapped as Keynote for OnCloud 2015 Summit

Posted on February 17th, 2015 by Dan Rampe

Standard-Header-Reed

A Panelist at the Annual AlwaysOn Summit, ThreatMetrix CEO Reed Taussig Will Deliver His Keynote Speech on Security in the Cloud

AlwaysOn’s OnCloud 2015 Summit will take place at the College of San Mateo (San Mateo, CA) on February 26, 2015. The Summit brings together “the best and the brightest” including top entrepreneurs, investors, and corporate players in the business-to-business application and cloud infrastructure space to discuss and debate the future of cloud technology.

Reed Taussig’s keynote

Titled “Global Shared Intelligence: The Best Solution to Combat Cybercrime,” Taussig’s keynote presentation will take place at 11:30 a.m. PST. Over the course of his speech, he’ll be providing an overview of the current cybercrime landscape.

Using examples from ThreatMetrix’s TrustDefender Cybercrime Protection Platform, Taussig will show how ThreatMetrix discovered and defeated organized crime rings by leveraging the power of the ThreatMetrix Global Trust Intelligence Network (The Network).

A distinguished panel

Taussig will also be participating in a panel alongside host Aditya Singh, partner at Foundation Capital and co-panelist Barmak Meftah, president and CEO at AlienVault. The subject of the discussion will be “The New Frontier in Cloud Infrastructure” and will take place at 11:45 a.m. PST.

ThreatMetrix’s CEO on global shared intelligence

“The global cybercrime landscape is constantly evolving to include new, more sophisticated threats and the only way to combat these threats is through collective intelligence,” said Taussig. “This isn’t a threat any business or consumer can fight alone. It requires a collective network that leverages data from across a global information base. I’m honored to share what ThreatMetrix has accomplished in the fight against cybercrime by leveraging global shared intelligence with this year’s OnCloud attendees. The OnCloud summit hosts key industry players who can help to make shared intelligence an industry standard.”

ThreatMetrix on OnCloud’s Top 100 private companies list

The annual list honors companies in the B2B applications, management tools, security and infrastructure sectors that are rising to the challenge of bringing the world’s businesses and enterprises into the cloud. This year’s OnCloud 100 companies were selected based on a set of five criteria: innovation, market potential, commercialization, stakeholder value and media buzz. A full list of the OnCloud Top 100 winners is available here.

Validation of our continued innovation

“The OnCloud Top 100 honors companies that take big data and create useful, actionable intelligence from it to make high-powered decisions,” said Taussig. “In the case of ThreatMetrix and The Network, such decisions have the power to stop cybercriminals in real time. ThreatMetrix leverages data from the largest shared intelligence network available to make an immediate and educated decision to differentiate between authentic and fraudulent transactions. Being named to OnCloud’s Top 100 private companies list serves as validation of our continued innovation in advanced fraud prevention and context-based authentication.”

For more information on the OnCloud 2015 summit, click here.

ThreatMetrix has garnered a host of awards. Following are some of the most recent:

  • The Channel Company’s CRN 100 Coolest Cloud Computing Vendors of 2015
  • Gold Stevie in New Product or Service of the Year – Security Solution category and a Silver in the Most Innovative Tech Company of the Year – Computer Software category.
  • Gold for “Innovative Company of the Year” and for “Integrated Security (Software) Innovation” at the 2014 Golden Bridge Business Awards
  • CIOReview100 for the “100 Most Promising Technology Companies in the U.S.”
  • Best in Biz Awards 2014 International Silver for “Enterprise Product of the Year – Software”
  • The AlwaysOn Global 250 Top Private Companies in the “B2B Cloud and Infrastructure” category
  • Lead411’s 2014 “Hottest Companies in Silicon Valley” list
  • Products Guide (NPG) Hot Companies and Best Product Award Winner for the “Best Products and Services – Information Security and Risk Management” category and also in the “Best Products and Services – Security Software” category.
  • Judges Choice for Best Overall Fraud/Security Solution at the 2014 CardNotPresent.com (CNP) Awards for the ThreatMetrix TrustDefender Cybercrime Protection Platform
  • A 2014 Global Excellence Award for Most Innovative Company of the Year (Security)
  • 2014 Cyber Defense Magazine Award Winner in 2 Categories: Most Innovative Anti-Malware Appliances Solution & Best Product Network Access Control Solution

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations resulting from malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 850 million monthly transactions and protects more than 210 million active user accounts across 3,000 customers and 15,000 websites and mobile applications.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

If Imitation Is the Sincerest Form of Flattery, Facebook Sure Did Flatter Us.

Posted on February 13th, 2015 by Dan Rampe

ThreatExchange

Facebook Launches ThreatExchange for Security Pros to Exchange Info about Cyberthreats

Does the concept of exchanging information about cyberthreats to make everyone safer sound somehow vaguely familiar? You know, like you’ve heard it somewhere before?

Well, how about the name “ThreatExchange?” That remind you of another company name? Like ThreatMetrix® perhaps?

Okay, it’s possible to chalk up Facebook’s latest “idea” to coincidence. Something that looks like a duck, waddles like a duck and quacks like a duck could turn out to be an ugly swan with a sprained ankle and deviated septum. Then, of course, there’s another explanation. It could be Facebook is validating the extremely successful concept pioneered years ago by ThreatMetrix.

In a recent article that appeared in Infosecurity, ThreatMetrix Chief Products Officer Alisdair Faulkner issued this cautionary note: “Shared threat intelligence is essential for stopping the bad guys, you just need to be careful you don’t stop customers as well. Reputation around shared identifiers like IP addresses can be a double edged sword.”

In his piece on mashable.com Rex Santus discusses Facebook’s launch. The following has been excerpted from his piece and edited to fit our format. You may find the full article by clicking on this link.

What a concept!

Doing what it does best, Facebook has created a platform — or a mini-social network, if you will — but this time for cybersecurity specialists. The concept is that researchers and professionals can learn from each other, and help keep everyone’s systems safer.

Been there. Done that.

“Our goal is that organizations anywhere will be able to use ThreatExchange to share threat information more easily, learn from each other’s discoveries, and make their own systems safer,” Mark Hammell, Facebook’s manager of threat infrastructure, wrote in a blog post announcing the project.

Déjà vu “all over again”

Security threats aren’t typically relegated to just one target, and the lack of communication between malware targets ends badly for everyone, according to ThreatExchange. So far, some pretty big-name Internet players have joined Facebook on ThreatExchange, including Bitly, Dropbox, Pinterest, Tumblr, Twitter and Yahoo. The platform expects to attract more partners as time goes on.

The new platform builds on Facebook’s ThreatData, a framework that stores cyberthreat information (such as bad URLs) for analysis by security pros.

A year ago you say?

The idea for ThreatExchange came about a year ago, when Facebook and others were facing a malware spam attack. The social network’s security specialists “quickly learned that sharing with one another was key to beating” the problem, Hammell wrote.

Share and share alike. Not exactly

To quell any fears that potential partners may have about sharing too much information publicly, Facebook said participants can tweak settings to pick and choose with whom they share their information. For example, a company may only want to share sensitive data with another partner that is experiencing the same attack.

An original thought that’s been heard before

“That’s the beauty of working together on security,” Hammell wrote. “When one company gets stronger, so do the rest of us.”

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 850 million monthly transactions and protects more than 210 million active user accounts across 3,000 customers and 15,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

 

 

 

 

 

Happy Data Privacy Day. Keep It Under Your Hat.

Posted on January 26th, 2015 by Dan Rampe

Standard-Header---Logo-Faulkner

In Conjunction with Data Privacy Day, ThreatMetrix Offers Strategies to Help Business Protect Privacy, Secure Data and Build Trust on the Internet.

Little more than a week after the President’s State of the Union call for vastly improved cybersecurity and privacy measures comes Data Privacy Day.

Coordinated and led by the National Cyber Security Alliance (NCSA), Data Privacy Day is held each year on January 28th to raise international awareness and empower individuals and businesses to better protect their privacy. This year’s theme is “Respecting Privacy, Safeguarding Data and Enabling Trust.”

ThreatMetrix Data Privacy Day Champion

For its third consecutive year, ThreatMetrix has signed on as a Data Privacy Day Champion, supporting the ideal that individuals, organizations, business and government all share the responsibility to be aware of data privacy challenges.

Cybersecurity on both Democratic and Republican agendas

The State of the Union address made it clear that cybersecurity is an urgent and growing concern for government, business, consumers, students — everyone. And, it is at least one thing that both parties agree on.

Privacy Bill of Rights

The proposed Privacy Bill of Rights would let consumers decide what personal data could be collected by companies and how the data would be used. Under the proposed legislation consumers could prohibit companies which collect data for one purpose to use it for another. These changes have the potential to significantly impact the way businesses process customer data.

Alisdair Faulkner, ThreatMetrix’s chief products officer

“The only way we can build trust on the Internet is through better control of the consumer data processed online. Obama’s proposed Privacy Bill of Rights will raise the bar for privacy protections, keeping all companies no matter where they reside to the same standards. It may seem backwards, but to build trust, businesses and government entities need to increase data sharing while ensuring privacy. This means implementing security solutions that share data in real time, but preserve customer privacy through encryption and tokenization.”

Businesses may have the will, but no way to ensure privacy and security

Many businesses are well-intentioned, but they lack the resources or knowledge to protect their customers’ privacy and data. And, through their use of stolen identities, compromised devices, and masked IP addresses, cybercriminals are often virtually impossible to locate or stop without special skill and resources.

Alisdair Faulkner

“All businesses, regardless of industry, need efficient, automated processes for fraud detection and customer notification,” said Faulkner. “Any company that uses some form of online user authentication is now going to be held accountable for at least a minimal level of protecting customer privacy. The proposed Privacy Bill of Rights requires customers be notified by businesses about a data breach within 30 days, but cybercriminals can take data in the blink of an eye. Thirty days gives cybercriminals an eternity to monetize that information. Ideally, businesses need to be able to measure unauthorized access in real time, address the problem and notify customers immediately.”

ThreatMetrix strategies businesses can implement for combating cybercrime while building trust online:

  • Digital Identity Proofing–Traditional identity verification technologies, e.g. challenge questions, rely on personal information that has already been breached and in the hands of the criminals they are trying to vet. Businesses need a different approach. By analyzing global patterns of identity usage, including locations, devices, accounts, transactions and associations over time, it’s possible to factor in all aspects of a user’s behavior without putting artificial speed-bumps in his/her path.
  • Secure Anonymized Shared Intelligence– You have to have a network to fight a network. Additionally, you need “privacy by design” built into the ecosystem. Intelligence networks must anonymize and secure data not just from outside attacks, but also internal theft and social engineering attacks. Legal restrictions, such as those proposed by the President will fail to protect consumer data if not backed by solid technology and processes.
  • Endpoint Threat Intelligence – To differentiate between trusted users and cybercriminals, businesses must consider the context of every access attempt and transaction from each user. Whether initiated by a customer or an employee, businesses have to establish the credibility of the transaction in real time based on the full context of the user’s identity, behavior over time and device threats. These threats include Man-in-the-Middle and Man-in-the-Browser attacks, account compromises, bots, proxies, and location and transaction anomaly screening to determine the level of authentication and authorization required to process the request.

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations resulting from malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 850 million monthly transactions and protects more than 210 million active user accounts across 3,000 customers and 15,000 websites and mobile applications.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

 

 

ThreatMetrix Shares Strategies for Businesses to Protect Privacy, Safeguard Data and Build Trust on the Internet in Alignment with Data Privacy Day

Posted on January 26th, 2015 by Dan Rampe

Standard-Header---Logo-Faulkner

Following President Obama’s State of the Union Address, Businesses Must Increase Data Sharing to Protect Consumer Privacy While Combatting Fraud

San Jose, CA – January 26, 2015 – ThreatMetrix®, the fastest-growing provider of context-based security and advanced fraud prevention solutions, today announced its alignment with Data Privacy Day by outlining strategies for businesses to build trust on the Internet through better cybersecurity measures without compromising consumer privacy.

Coordinated and led by the National Cyber Security Alliance (NCSA), Data Privacy Day is held each year on January 28 to raise international awareness and empower individuals and businesses to better protect their privacy, centered on the theme of “Respecting Privacy, Safeguarding Data and Enabling Trust.” For its third consecutive year, ThreatMetrix has signed on as a Data Privacy Day Champion, supporting the ideal that individuals, organizations, business and government all share the responsibility to be aware of data privacy challenges.

During President Obama’s State of the Union address last week, it was clear that cybersecurity is an urgent and growing concern among the U.S. government and its citizens. The proposed Privacy Bill of Rights would allow consumers to decide what pieces of their personal data are collected by companies and decide how that data is used. The legislation would also enable consumers to prohibit companies that collect their data for one purpose to use it for another. These changes have the potential to significantly impact the way businesses process customer data.

“The only way we can build trust on the Internet is through better control of the consumer data processed online,” said Alisdair Faulkner, chief products officer at ThreatMetrix. “Obama’s proposed Privacy Bill of Rights will raise the bar for privacy protection, keeping all companies no matter where they reside to the same standards. It may seem backwards, but to build trust, businesses and government entities need to increase data sharing while ensuring privacy. This means implementing security solutions that share data in real time, but preserve customer privacy through encryption and tokenization.”

Many businesses lack the resources or knowledge to fulfill their responsibility of protecting customers’ privacy and data. Cybercriminals are often virtually impossible to locate due to the use of stolen identities, compromised devices, and masked IP addresses and many businesses simply don’t know how to stop those networks of fraudsters.

“All businesses, regardless of industry, need efficient, automated processes for fraud detection and customer notification,” said Faulkner. “Any company that uses some form of online user authentication is now going to be held accountable for at least a minimal level of protecting customer privacy. The proposed Privacy Bill of Rights requires customers be notified by businesses about a data breach within 30 days, but cybercriminals can take data in the blink of an eye. Thirty days gives cybercriminals an eternity to monetize that information. Ideally, businesses need to be able to measure unauthorized access in real time, address the problem and notify customers immediately.”

To help combat cybercrime while maintaining customer privacy to build trust online, ThreatMetrix has outlined several strategies for businesses to implement:

  • Digital Identity Proofing–Traditional identity verification technologies such as challenge questions rely on personal information that has already been breached and is in the hands of the cybercriminals. Businesses need to take a different approach and analyze global patterns of identity usage, including locations, devices, accounts, transactions and associations over time to consider all aspects of a user’s behavior without putting artificial speed bumps in the way of the customer.
  • Secure Anonymized Shared Intelligence– Businesses need a network to fight a network, but they also need “privacy by design.” Intelligence networks need to anonymize and secure data not only against outside attacks but also internal theft and social engineering attacks. Legal restrictions such as those proposed by Obama will fail to protect consumer data if not backed by advanced technology and processes.
  • Endpoint Threat Intelligence – To differentiate between trusted users and cybercriminals, businesses need to consider the context of every access attempt and transaction from each user. Whether initiated by a customer or an employee, businesses need to establish the credibility of the transaction in real time based on the full context of the user’s identity, behavior over time and device threats. These threats include man-in-the-middle and man-in-the-browser attacks, account compromise, bots, proxies, and location and transaction anomaly screening to determine the level of authentication and authorization required to process the request.

The most effective way for businesses to protect against cybercrime is through information sharing, leveraging an anonymized global data repository, such as the ThreatMetrix® Global Trust Intelligence Network (The Network), which analyzes over 850 million monthly transactions and protects more than 210 million active user accounts across 3,000 customers and 15,000 websites and mobile applications.

ThreatMetrix Resources

About ThreatMetrix

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations resulting from malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 850 million monthly transactions and protects more than 210 million active user accounts across 3,000 customers and 15,000 websites and mobile applications.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

© 2015 ThreatMetrix. All rights reserved. ThreatMetrix, TrustDefender ID, TrustDefender Cloud, TrustDefender Mobile, TrustDefender Client, the TrustDefender Cybercrime Protection Platform, ThreatMetrix Labs, and the ThreatMetrix logo are trademarks or registered trademarks of ThreatMetrix in the United States and other countries. All other brand, service or product names are trademarks or registered trademarks of their respective companies or owners.

Media Contacts

Dan Rampe
ThreatMetrix
Tel: 408-200-5716
Email: drampe@threatmetrix.com

Beth Kempton
Walker Sands Communications
Tel: 312-241-1178
Email: beth.kempton@walkersands.com

A Civil War Between the States and Federal Government Over One Law for All Breach Notifications

Posted on February 19th, 2014 by Dan Rampe

Data Breach

Unlike other recent Congressional fights, the dispute over a single federal law on how customers should be notified about breaches looks to be less rancorous and more civil. That’s because privacy concerns cut across party and ideological lines, often uniting staunch conservative Republicans with civil libertarian Democrats.

The renewed interest in a federal breach notification law covering all fifty states comes on the heels of the Target, Neiman Marcus and Michaels breaches. And while the same vitriol that was apparent in other Congressional battles may not be present, there is a lot to be considered, including how a federal law would affect state regulations that are already in force.

In her Reuters piece, tech/cyber policy reporter Alina Selyukh writes:

Although federal laws already regulate how specific industries, such as banks and hospitals, handle compromised data security, certain other kinds of companies, including retailers, face no such uniform standard.

Instead, 46 states and the District of Columbia have passed their own laws that tell companies when and how consumers have to be alerted to data breaches and what qualifies as a breach.

With that, negotiations over fitting state standards under an umbrella federal law face a tug of war between companies, consumer advocates and state authorities.

Large companies working across state lines argue that state laws present a patchwork of regulations and compliance poses a challenge. Companies often issue one nationwide notice to consumers with state-specific supplements at the end. “Certainly, one standard is easier to follow than 47,” John Mulligan, Target’s chief financial officer, told lawmakers…. The No. 3 U.S. retailer has stores in every U.S. state except Vermont.

The National Retail Federation in a January letter to Congress also restated its decade-old position in favor of a nationwide standard that would pre-empt state rules. “A preemptive federal breach notification law would allow retailers to focus their resources on complying with one single law and enable consumers to know their rights regardless of where they live.”.

Some state attorney generals worry above all that federal standards would dilute their power to pursue violators….

“There are 47 state standards, there’s no reason to add a 48th,” said [Representative Lee] Terry, the most prominent Republican leading a legislative effort at this point.

Consumer advocates say that the companies’ call for a single law masks the goal of having a weaker federal standard that would trump stricter laws on the books in states like California and Massachusetts.

“None of the federal proposals are as strong as the strongest state laws and that’s wrong,” said Edmund Mierzwinski, consumer program director at U.S. Public Interest Research Group. “I don’t think we need (a federal law) that’s weaker than California’s.”

California was the first state to adopt a data breach law in 2003. After a decade of fine-tuning, it requires a detailed disclosure to consumers “in the most expedient time possible and without unreasonable delay” when personal information, including emails with passwords, is “reasonably believed” to have been stolen.

Though many state requirements are broadly similar, some states, such as Montana and Ohio, require notification only if a breach poses or is believed to pose harm or material risk such as identity theft.

Many states also use more limited definitions of what personal information is included. A common definition includes name combined with the Social Security number, driver’s license number or payment card number together with information needed to access financial records.

Alabama, Kentucky, New Mexico and South Dakota do not have their own data breach notification laws.

ThreatMetrix secures Web transactions against account takeoverpayment fraudidentity spoofing, malware, and data breaches. The ThreatMetrix Global Trust Intelligence Network, which analyzes 500 million monthly transactions, provides context-based authentication and Web fraud prevention to help companies accelerate revenue, reduce costs and eliminate friction. ThreatMetrix protects more than 160 million active user accounts, 2,500 customers and 10,000 websites across a variety of industries, including financial servicesenterprisee-commerce, payments, social networks, government, and insurance. For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

 

 

A New Model for Building Trust on the Internet

Posted on January 28th, 2014 by Dan Rampe

Reed-Header

The beginning of a new year is often a time of reflection. At ThreatMetrix™, we have a lot to reflect on and look forward to. ThreatMetrix turns seven this year. In Internet- and dog-years alike, that’s a long time.

When we started ThreatMetrix, the online world was a simpler place. While we were developing our advanced device identification technologies in 2007, with proxy piercing and global device identification, Apple announced the iPhone. Amazon launched the Kindle in November of 2007. Those devices and others changed the way that we connect with the world.

We’ve worked hard to keep pace with those changes:

  • Since one size doesn’t fit all, we added customer-configurable rules to our risk analysis.
  • As cybercriminals got better at disguising their identities, we developed ThreatMetrix ExactID™ and ThreatMetrix SmartID™ technologies to look beyond the devices to the people using them.
  • Recognizing that legitimate user devices can be compromised by malware, we became the first advanced device identification technology to integrate malware detection.
  • Because it’s just as important for businesses to allow legitimate customers or employees access to applications as to keep out the false ones, we created ThreatMetrix™ Persona ID and ThreatMetrix™ Trust Tags technologies to help streamline access for trusted visitors.

The Trust Trifecta: Technologies, Processes and Data

Advanced device identification and malware detection were just the first phase in the evolution of the ThreatMetrix solution set. Although we started out as a first line of defense in the fight against fraud, in working with our customers we dove into the broader issues of online trust. In doing so, we have expanded our innovations to include processes for configuring and validating business policies and a global data set of shared intelligence.

For example, the Persona ID technology addresses the broader issue of tracking the behavior of a person online – whether or not you know exactly who that person is. The ThreatMetrix Persona ID approach is both passive and anonymous from the user’s perspective. This type of analysis is only possible by tracking and analyzing online behavior across sites – something we do through the ThreatMetrix™ Global Trust Intelligence Network.

So in addition to innovative technologies, we now have a core set of processes, a massive data set generated and refreshed daily by a global network, and comprehensive data analysis from that data. This combination of technologies, processes and data significant broadens the scope of the ThreatMetrix solution in the online world. We can address broader issues of risk assessment and identity authentication.

ThreatMetrix Today: Building Trust on the Internet

Which brings me to where the company is today, in early 2014. We’ve changed our tagline to reflect our broader purpose: Building Trust on the Internet. We’re building and growing our ThreatMetrix™ Global Trust Intelligence Network, which monitors and scores more than 500 million transactions per month. Our Persona ID and Trust Tag technologies, enhanced with our global network and data, enable a new kind of passive, context-based authentication for all kinds of online sites and applications. And we’re working not only with online banks and retailers, but also enterprises and government agencies to help streamline access for legitimate users and keep out those who don’t belong.

No one can see what twist and turns the Internet will take in the coming years – but building a foundation of trust with employees and customers is an important first step. And that’s where we’re putting all of our efforts from this point forward.

About ThreatMetrix

ThreatMetrix secures Web transactions against account takeoverpayment fraudidentity spoofing, malware, and data breaches. The ThreatMetrix Global Trust Intelligence Network, which analyzes 500 million monthly transactions, provides context-based authentication and Web fraud prevention to help companies accelerate revenue, reduce costs and eliminate friction. ThreatMetrix protects ThreatMetrix protects more than 160 million active user accounts, 2,500 customers and 10,000 websites across a variety of industries, including financial servicesenterprisee-commerce, payments, social networks, government, and insurance. For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.