EMV Chips Are a Good Idea. Right?

Posted on May 22nd, 2015 by Dan Rampe

EMV

With Wholesale Adoption Just Months Away, EMV Chips Show Downsides Cybercriminals Can Exploit to Defraud CNP Merchants

Is it the law of unintended consequences, Murphy’s Law, or some other cosmic statute that insists on a downside to just about every creation from bathtubs to beer?

Take the bathtub. Here is a device without which civilized society could not live in harmony (or at least proximity). Even this most benign and useful of objects has a downside. According to the United States Centers for Disease Control and Prevention (CDC), about two-thirds of accidental injuries happen in the bathtub or shower. (Yes, we looked it up.) Beer? Well, the Yin and Yang of beer is fairly self-evident – especially for people who’ve slipped in the bathtub after consuming too much of the stuff.

The EMV chip’s negatives

The EMV chip, which most security experts agree, will slash fraud at the register or Point-of-Sale (PoS) also has its downside. In a recent news release titled, Six Months Ahead of EMV Chip Deadline, ThreatMetrix Offers Strategies to Protect against Expected Increase in Online Fraud, Alisdair Faulkner, ThreatMetrix chief products officer observed, “From a consumer perspective, the shift to EMV is good news as it will make it harder for cybercriminals to counterfeit credit cards and conduct fraudulent purchases in stores. But from an online merchant perspective, as it becomes more difficult for cybercriminals to monetize on counterfeit cards, their goals are now going to shift to use [of] stolen credit card data through online channels. Right now – ahead of the October deadline – is the time for retailers to start implementing systems that look at cybercrime in context to combat the growing breadth and intelligence of fraud following the widespread adoption of EMV in the U.S.”

A note of caution sounded about EMV at the CardNotPresent.com Annual Conference and Expo

In his article on digitaltransactions.net, and based on interviews with key participants at the Conference and Expo, Kevin Woodward reports on types of fraud the EMV chip could foster. The following has been excerpted from his piece and edited to fit our format. You may find the full article by clicking on this link.

Stolen in transit

Though credit and debit issuers are staggering their chip card issuance, there remains a risk that criminals could intercept these mailings and use the cards to commit fraud, said Jackie Barwell, director of fraud product management at ACI Worldwide Inc., a … vendor of online payment security services.

One major concern of hers is that in the United States, EMV chip cards are active when mailed to cardholders, making them vulnerable to criminals who might steal them from mailboxes.

Online fraud to dramatically increase

“The challenge that comes with EMV moving forward, especially for card-not-present, is that fraud will dramatically increase,” said Terry Dooley, executive vice president and chief information officer for …Shazam Inc., a regional PIN-debit network.

Instead of criminals walking into a store to attempt to make a fraudulent transaction, they’ll go online….

Only 3 percent use 3D Secure technology to help reduce risk

Operated as Visa Inc.’s Verified by Visa and MasterCard Inc.’s SecureCode, 3D Secure systems try to replicate the point-of-sale experience by prompting cardholders to enter a secret code in a pop-up window when checking out from a retailer’s site. The measure is meant to reduce fraudulent online transactions.

“Only 3% of merchants use 3D Secure,” said Tricia Lines Hill, senior vice president of business development and marketing communications at First Atlantic Commerce, a…payment processor. “This has to change when EMV rolls out.”

Friction at the checkout hinders 3D Secure adoption

Many merchants balked at using the technology because they viewed it as disruptive to the checkout process, and not enough of their shoppers had payment cards that supported the technology.

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions leveraging a global shared digital identity network and real time customer driven analytics platform.  These solutions help customers differentiate between trusted users and potential fraud resulting in reduced friction, incremental revenue and lower fraud and operational costs.

ThreatMetrix secures customers against account takeover, payment fraud, fraudulent account registrations resulting from malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over one billion monthly transactions and protects more than 250 million active user accounts across 3,000 customers and 15,000 websites and mobile applications. ThreatMetrix is deployed by industry leaders across financial services, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

 

 

 

Aladdin Had a Genie. Alibaba Has Mobile Genius.

Posted on May 21st, 2015 by Dan Rampe

Alibaba

Since Going Public, Alibaba Has Been Taking Off Like a Rocket, Climbing from 91 Million Active Users Each Month to 217 Million

If you’re anything like us you may have on occasion confused Aladdin with Ali Baba. After all, they both begin with “A.” So here’s an easy device for telling them apart. Aladdin is the dude with the lamp who became a huge success when he rubbed it and the genie inside fulfilled all his wishes. Ali Baba? He’s the guy who outwitted forty thieves and became a huge success with two words, “open” and “sesame.” Also, he had a company named after him.

Now, how do you tell apart Alibaba, the company, from competitors like Amazon and eBay? That’s one of the points of an article about Alibaba on pymnts.com. The following has been excerpted from the pymnts.com piece and edited to fit our format. You may find the complete story by clicking on this link.

Leading in a global, mobile market

“Alibaba is very much a mobile company,” Joseph Tsai, Alibaba executive vice chairman said in the company’s third-quarter earnings call, confirming Alibaba’s position in the mobile commerce space. Of course, Alibaba has one huge advantage at their side: China’s population is more likely to have a smartphone than a computer to shop from – smartphone penetration in China is estimated to be around 45 percent.

Alipay the 21st century version of “Open sesame?”

Alibaba also has another tool in their mobile commerce book — and that’s Alipay, the mobile payment option that has north of 300 million users. Last quarter, Alibaba executives wouldn’t break out how many Alipay transactions are made, but they did reveal that Alipay accounts for 78 percent of transactions made on its eCommerce platforms.

Mobile apps has mobile sales trending up

“We believe that the continued trend towards mobile provides us with a unique advantage to deliver a better consumer experience, as well as more value to merchants, because mobile users shop more frequently and we can serve them more targeted search results. We believe the increasing use of our mobile apps will field significant future growth in our China commerce retail business,” Tsai said in the company’s Q3 earnings call.

Exceeding expectations

In Alibaba’s Q4 earnings call last week (April 7), CFO Maggie Wu also gave some indication of how Alibaba’s mobile commerce statistics have grown and how they expect it to be a major part of the company’s mobile strategy. While computers used to be the dominant force for online commerce (and very much is for most eCommerce companies still), Alibaba is seeing a rapid shift toward mobile.

“It already accounts for more than half of our total GMV. So that growth on mobile business pretty much exceeds everybody’s expectations, and that trend is continuing,” she said, later noting that the “mobile take rate should approach PC or even higher than PC.”

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions leveraging a global shared digital identity network and real time customer driven analytics platform.  These solutions help customers differentiate between trusted users and potential fraud resulting in reduced friction, incremental revenue and lower fraud and operational costs.

ThreatMetrix secures customers against account takeover, payment fraud, fraudulent account registrations resulting from malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over one billion monthly transactions and protects more than 250 million active user accounts across 3,000 customers and 15,000 websites and mobile applications. ThreatMetrix is deployed by industry leaders across financial services, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

 

 

“Privacy” Had IRS Protecting Criminal at Expense of ID Theft Victim

Posted on May 20th, 2015 by Dan Rampe

IRS

Bills Introduced in Both Houses Require IRS to Notify Victims When Their Social Security Number Has been Compromised

There’s a word that perfectly describes the situation that Wisconsin residents Robert and Debi Guenterberg found themselves in — Kafkaesque. The situation was so incredibly weird it’s even getting the Senate and House to act — albeit not exactly promptly.

In a story on fox6now.com, Bryan Polcyn reports on the case of the Internal Revenue Service (Not to be confused with the Federal Witness Protection program) protecting an ID thief’s privacy. The following has been excerpted from Polcyn’s piece and edited to fit our format. You may find the full story by clicking on this link.

In her own words

“Our federal agencies have known for years that this was going on,” Debi Guenterberg of Princeton, Wisconsin said. Ever since identity thieves ruined her husband’s credit, Guenterberg has been on a mission to change federal law. For years, the IRS knew a man was using her husband’s social security number to file his taxes. The government never told Robert Guenterberg his identity had been stolen because tax records are private — even the tax records of an identity thief.

“I can`t think of another crime. I can`t. I tried. I laid in bed last night, tossing and turning, thinking of any other criminal activity where you would get such privacy and protection. No, you don’t,” Debi Guenterberg said.

New bill introduced Co-sponsored by Sen. Johnson (R-Wisconsin) and Sen. Mark Warner (D-Virginia)

The Social Security Identity Defense Act of 2015 would require the IRS to notify individuals if the agency has reason to believe their social security number has been used to commit fraud. It would also require the IRS to notify law enforcement officials.

Companion bill to be introduced in House

Congressman Glenn Grothman (R-Wisconsin) is working on a companion bill that is expected to be introduced in the House in the next couple of weeks.

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions leveraging a global shared digital identity network and real time customer driven analytics platform.  These solutions help customers differentiate between trusted users and potential fraud resulting in reduced friction, incremental revenue and lower fraud and operational costs.

ThreatMetrix secures customers against account takeover, payment fraud, fraudulent account registrations resulting from malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over one billion monthly transactions and protects more than 250 million active user accounts across 3,000 customers and 15,000 websites and mobile applications. ThreatMetrix is deployed by industry leaders across financial services, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

 

 

 

 

 

ThreatMetrix’s VP Services and Support to Speak at 2015 CNP Expo on Evolution of Fraud

Posted on May 18th, 2015 by Dan Rampe

Standard-Header-Steve

ThreatMetrix to Exhibit and Dr. Stephen Topliss to Take Part in Panel of eCommerce and Fraud-Prevention Experts

Addressing the challenges of card-not-present (CNP) payments, the 2015 CNP Expo is scheduled to take place May 18-21 at the Caribe Royale in Orlando, Florida. At the Expo, merchants, bankers, processors, anti-fraud software providers, legal experts, alternative payment providers, card networking professionals et al. will be able to discuss and discover how best to leverage CNP payments in a multi-channel retail sales environment.

“Constant Evolution of Fraud” panel discussion: May 19 (2:15 p.m.)

Along with executives from Backcountry.com, Tommy Bahama and Vesta, ThreatMetrix vice president services and support, Dr. Stephen Topliss will be a panelist on the “Constant Evolution of Fraud,” which addresses how fraud attack methods are continuously changing and evolving. Additionally, the panel will take up current challenges merchants face and the best ways to learn from those challenges to address advanced fraud and cybercrime threats.

Dr. Stephen Topliss on sharing threat intelligence

“Given today’s advanced cybercrime threats, the most effective way for merchants and other businesses across industries to protect themselves and their customers is by sharing threat intelligence. To enable information sharing that stays one step ahead of constantly evolving fraud, we developed the ThreatMetrix Digital Identity Network, which protects more than one billion transactions per month by leveraging global shared intelligence to safeguard online identities.”

See ThreatMetrix’s Solution Showcase. Win a GoPro HERO4 Camera

ThreatMetrix will be exhibiting at booth 415 and have a featured Solution Showcase on Wednesday, May 20 at 1:20 p.m. Attendees who stop by will have the opportunity to win a GoPro HERO4 Camera.

“ThreatMetrix Cybercrime Report: Q1 2015” points up security challenges

Recently the “ThreatMetrix Cybercrime Report: Q1 2015” revealed that the ThreatMetrix Digital Identity Network caught cybercriminals attempting approximately 25 million fraudulent transactions each month.

In the wake of high profile data breaches that put stolen credentials in the hands of cybercriminals, retailers and others who process CNP transactions face an avalanche of payment and account takeover fraud. Because many consumers use the same login credentials across websites, once one site is breached, the door is wide open for fraud attempts against multiple retailers.

Other trends detailed in the report are new in-store technologies (examples being Apple Pay and Europay-MasterCard-Visa (EMV) cards) that create new and different security challenges.

For more info on the 2015 CNP Expo

Visit: https://cardnotpresent.com/cnpexpo/default.aspx

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions leveraging a global shared digital identity network and real-time, customer-driven analytics platform. These solutions help customers differentiate between trusted users and potential fraud resulting in reduced friction, incremental revenue and lower fraud and operational costs.

ThreatMetrix secures customers against account takeover, payment fraud, fraudulent account registrations resulting from malware, and data breaches. Underpinning the solution is the ThreatMetrix Digital Identity Network, which analyzes more than one billion monthly transactions and protects more than 250 million active user accounts across 3,000 customers and 15,000 websites and mobile applications. ThreatMetrix is deployed by industry leaders across financial services, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

 

 

ThreatMetrix to Exhibit and Present on the Evolution of Fraud at the 2015 CNP Expo

Posted on May 18th, 2015 by Dan Rampe

Standard-Header-Steve

Dr. Stephen Topliss, Vice President Services and Support, will Participate in a Panel of E-Commerce and Fraud Prevention Experts

San Jose, CA – May 18, 2015 – ThreatMetrix®, the fastest-growing provider of context-based security and advanced fraud prevention solutions, is exhibiting and presenting at the 2015 CNP Expo, today through this Thursday, May 21, at the Caribe Royale in Orlando.

The CNP Expo is at the crossroads of e-commerce, software, mobile, retail and payments and was created to address the challenges of card not present (CNP) payments. It provides a meeting place for merchants, banks, processors, anti-fraud software providers, legal experts, alternative payment providers, card networks and others to learn how to leverage CNP payments in an increasingly multi-channel retail sales environment

Dr. Stephen Topliss, vice president services and support at ThreatMetrix, will participate in a panel titled, “Constant Evolution of Fraud,” on Tuesday, May 19 at 2:15 p.m. The panel will address how fraud attack methods are continuously changing and evolving based on several factors. Panelists will also discuss current challenges merchants face and the best ways to learn from these challenges in order to address advanced fraud and cybercrime threats. Other participants in the panel include executives from Backcountry.com, Tommy Bahama and Vesta.

“Given today’s advanced cybercrime threats, the most effective way for merchants and other businesses across industries to protect themselves and their customers is by sharing threat intelligence,” said Topliss. “To enable information sharing that stays one step ahead of constantly evolving fraud, we developed the ThreatMetrix Digital Identity Network, which protects more than one billion transactions per month by leveraging global shared intelligence to safeguard online identities.”

At the CNP Expo, ThreatMetrix will have a featured Solution Showcase on Wednesday, May 20 at 1:20 p.m., where attendees will have the opportunity to win a GoPro HERO4 Camera. ThreatMetrix will also exhibit at booth 415 during the expo.

According to the recent “ThreatMetrix Cybercrime Report: Q1 2015,” cybercriminals attempt approximately 25 million fraudulent transactions each month on the ThreatMetrix Digital Identity Network. Following recent high profile data breaches, retailers and other processing CNP transactions face payment and account takeover fraud as a result of cybercriminals using stolen credentials. This is particularly risky because many consumers use the same login credentials across websites so once one site is breached, this opens the door for fraud attempts against multiple retailers. Other trends leading to increased online risks outlined in the report include the shift toward new in-store technologies such as Apple Pay and Europay-MasterCard-Visa (EMV) cards.

For more info on the 2015 CNP Expo, visit: https://cardnotpresent.com/cnpexpo/default.aspx

ThreatMetrix Resources

About ThreatMetrix

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions leveraging a global shared digital identity network and real-time, customer-driven analytics platform. These solutions help customers differentiate between trusted users and potential fraud resulting in reduced friction, incremental revenue and lower fraud and operational costs.

ThreatMetrix secures customers against account takeover, payment fraud, fraudulent account registrations resulting from malware, and data breaches. Underpinning the solution is the ThreatMetrix Digital Identity Network, which analyzes more than one billion monthly transactions and protects more than 250 million active user accounts across 3,000 customers and 15,000 websites and mobile applications. ThreatMetrix is deployed by industry leaders across financial services, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

© 2015 ThreatMetrix. All rights reserved. ThreatMetrix, TrustDefender ID, TrustDefender Cloud, TrustDefender Mobile, TrustDefender Client, the TrustDefender Cybercrime Protection Platform, ThreatMetrix Labs, and the ThreatMetrix logo are trademarks or registered trademarks of ThreatMetrix in the United States and other countries. All other brand, service or product names are trademarks or registered trademarks of their respective companies or owners.

Media Contacts

Dan Rampe
ThreatMetrix
Tel: 408-200-5716
Email: drampe@threatmetrix.com

Beth Kempton
Walker Sands Communications
Tel: 312-241-1178
Email: beth.kempton@walkersands.com

Data Breaches Are Just “Fines” with California Department of Public Health

Posted on May 15th, 2015 by Dan Rampe

California DPH

California Department of Public Health Has Levied over $1.1 Million in Fines So Far This Year

Not halfway through 2015, the California Department of Public Health (DPH) has hit six hospitals and two healthcare providers with $1.1 million in fines for putting patients’ data at risk in incidents that occurred as far back as 2010. Considering that the online healthcare publication Payers & Providers says that DPH caps the fines it assesses at $250,000, the amount of the fines might have been considerably higher.

A piece on californiahealthline.org details the amounts each healthcare organization was fined for lost or stolen patient data that was inadequately secured or for inappropriate access to records by employees. The following has been excerpted from the californiahealthline.org story and edited to fit our format. You may find the full article by clicking on this link.

Reason for fines and amount assessed according to Payers & Providers:

  • $250,000 fine against San Francisco General Hospital for a 2011 incident in which an employee accessed 98 patients’ records without prior authorization
  • $250,000 fine against Huntington Memorial Hospital for a 2012 incident in which an employee accessed the records of 17 patients
  • $244,500 fine against Vale Healthcare Center for a 2013 incident in which a patient’s family member stole the records of 219 patients
  • $150,000 fine against Accent Home Healthcare for a 2013 incident in which the data of six patients was stolen from an employee’s car
  • $95,000 fine against Arrowhead Regional Medical Center for a 2011 incident in which a clerk accessed her husband’s medical records
  • $92,500 fine against Redlands Community Hospital for a 2010 incident in which three employees accessed the data of three separate employees who were being treated at the hospital
  • $25,000 fine against Torrance Memorial Medical Center for a 2011 breach of privacy incident in which two employees played a prank on another employee who had undergone surgery at the hospital
  • $6,000 fine against Colusa Regional Medical Center for a 2011 incident in which two nurses accessed a patient’s records

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions leveraging a global shared digital identity network and real time customer driven analytics platform.  These solutions help customers differentiate between trusted users and potential fraud resulting in reduced friction, incremental revenue and lower fraud and operational costs.

ThreatMetrix secures customers against account takeover, payment fraud, fraudulent account registrations resulting from malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over one billion monthly transactions and protects more than 250 million active user accounts across 3,000 customers and 15,000 websites and mobile applications. ThreatMetrix is deployed by industry leaders across financial services, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

 

 

 

Fed Report Sheds Light on Mobile Bank Usage

Posted on May 14th, 2015 by Dan Rampe

Federal Reserve Board

Federal Reserve Board Report Details How Consumers Use Their Mobile Phones for Mobile Banking and Mobile Payments

The fourth report by the Federal Reserve Board, “Consumers and Mobile Financial Services 2015, is the most recent to survey how consumers access banking and payment services using their mobile phones. The survey of 2,900 people was conducted from December 5 – 21, 2014 by GfK, an online consumer research firm.

Key findings

Following are key findings from the 76-page report. They’ve been extracted from the report itself and from an article on mobilepaymentmagazine.com (link to article) and edited to fit our format.

How consumers access financial services via mobile

  • 39 percent of mobile phone owners with a bank account used mobile banking in the 12 months prior to the survey, up from 33 percent in 2013 and 29 percent in 2012
  • 51 percent of smartphone owners with a bank account used mobile banking in the 12 months prior to the survey, up from 51 percent a year earlier
  • Among mobile phone users with bank accounts who do not currently use mobile banking, 11 percent think they will probably or definitely use it within the next 12 months, down from 12 percent a year earlier.
  • 94 percent of mobile banking is done to check account balances or recent transactions
  • Among mobile banking users, transferring money between an individual’s own accounts (61 percent) and receiving an alert (e.g., a text message, push notification, or e-mail) from their bank (57 percent) are the second and third-most common uses
  • 51 percent of mobile banking users have deposited a check using their mobile phone in the 12 months prior to the survey, up from 38 percent in 2013
  • 22 percent of mobile phone owners reported making a mobile payment in the 12 months prior to the survey, up from 17 percent in 2013 and 15 percent in 2012
  • Among mobile payment users with smartphones, the most common type was paying bills through an online system or mobile app (68 percent, up from 66 percent in 2013).
  • 39 percent of all mobile payment users with smartphones have made a point-of-sale payment using their mobile phone in the 12 months prior to the survey, in line with the 39 percent reporting such payments in 2013

Why some don’t do mobile banking

  • 86 percent of those who did NOT bank using mobile said their banking needs were being met without it
  • 75 percent said they believed it was easier to pay with cash or debit/credit cards
  • Concern about the security of the technology was a common reason given for not using mobile banking or mobile payments (62 percent and 59 percent, respectively)

Mobile phone use among unbanked and underbanked consumers

Note: Unbanked are, of course, people who do not use banks. Underbanked are those individuals or businesses that have poor access to mainstream financial services normally offered by banks

  • 13 percent of consumers are unbanked with 14 percent underbanked
  • Sixty-seven percent of the unbanked have access to a mobile phone, 65 percent of which are smartphones.
  • 90 percent of the underbanked have access to a mobile phone, 73 percent of which are smartphones
  • Forty-eight percent of underbanked consumers had used mobile banking in the 12 months prior to the survey.

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions leveraging a global shared digital identity network and real time customer driven analytics platform.  These solutions help customers differentiate between trusted users and potential fraud resulting in reduced friction, incremental revenue and lower fraud and operational costs.

ThreatMetrix secures customers against account takeover, payment fraud, fraudulent account registrations resulting from malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over one billion monthly transactions and protects more than 250 million active user accounts across 3,000 customers and 15,000 websites and mobile applications. ThreatMetrix is deployed by industry leaders across financial services, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

 

 

 

 

 

Fraudsters Go Local and Undercover in Q1 … But We Still Spot Them

Posted on May 13th, 2015 by Dan Rampe

Standard-Header-Tony

The Internet has brought us all closer together. It has enriched our lives, made us more productive at work and allowed businesses to expand with greater agility into previously untapped markets. But we often hear that the Internet also provides a dangerous mask of anonymity to criminals, who launch cyber attacks across borders with impunity, knowing they can’t be caught because they’re sat in a different jurisdiction. That’s why it’s interesting to see that more and more online fraudsters have actually been focusing their scams on local users recently.

The latest ThreatMetrix® Cybercrime Report: Q1 2015 has found that the majority of fraud attacks from October 2014 to March 2015 originated from and targeted the same country. It’s intelligence like this and many other insights in the report which will help us better protect our customers and further the fight against fraud globally.

Staying local

The top 5 attack origination and target countries were Canada, the U.S., France, UK and Germany. In the UK nearly three-quarters (72%) of fraudsters came from within the same country, and the figure was even higher in Germany (81%), Russia (85%), France (87%), and Italy (94%).

We know this because our technology specifically looks for fraudsters’ attempts to hide their true location through proxy servers and VPNs – something they’re doing with increasing regularity to escape detection. We can also say that most attacks originated in countries with a high volume of online and mobile transactions.

This isn’t to say, of course, that cyber crime isn’t still a global affair. In the case of the UK, for example, the second biggest concentration of scammers defrauding British consumers was in Mexico, followed by Nigeria, Germany and the U.S. Cross-border cyber crime remains a very real threat requiring greater co-operation between governments and law enforcement to stamp out.

At this point, it’s worth mentioning that these ThreatMetrix® stats are among the most comprehensive you’re likely to find in the industry, anywhere in the world. We source them from our Global Trust Intelligence Network, which analyses one billion transactions every month on behalf of more than 3,000 customers and 15,000 websites worldwide.

Key themes

So what else can we say about the ever-evolving nature of fraud over the past two quarters? Here are a few more insights from the report:

  • ThreatMetrix spotted 11.4 million fraud attempts during the peak holiday shopping season (Nov-Dec 2014)
  • Cloaking/spoofing attacks rose, driven by an increase in the use of sophisticated crimeware tools, readily available for fraudsters to buy on underground forums
  • Device spoofing remains the top attack vector, accounting for 6.1% of transactions
  • Account log-ins (80%) and payments (18%) were the most popular transaction types during the period but…
  • …Account creation fraud was the highest risk – with a 4% share of fraudulent transactions, rising to 6.7% in the e-commerce sector. Fraudsters are making use of the vast quantity of breached identities available on the underground markets plus crimeware tools than can cloak traffic to trick first generation fraud prevention tools.
  • Mobile commerce represents around one third of the total. But, whilst growing, mobile fraud remains significantly below that on desktops.

Better together

We’ve seen how resourceful, determined and agile the bad guys are. As increasing numbers look to tap new vectors, using crimeware tools to hide their identities and ever-available troves of breached ID data to carry out successful scams, businesses are struggling to differentiate fraudster from legitimate customer. Some react by installing overly aggressive anti-fraud tools that cause basket abandonment and end up costing more than fraud losses themselves. So how should we respond?

The answer is a joined-up, global, networked approach. With the power of our huge network of shared anonymous transactional data we can spot patterns others miss. This underpins a context-based authentication approach, which sees through typical cloaking tools and obfuscation methods used by fraudsters. It checks against a series of unique attributes associated with a user (think log-in habits, typical locations, shipping info etc) to spot whether a transaction is authentic or not.

It’s fast, simple, friction-free and highly reliable. That’s how we beat the fraudsters.

Check out the ThreatMetrix® Cybercrime : 2015 to find out more about the latest fraud trends.

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions leveraging a global shared digital identity network and real time customer driven analytics platform.  These solutions help customers differentiate between trusted users and potential fraud resulting in reduced friction, incremental revenue and lower fraud and operational costs.

ThreatMetrix secures customers against account takeover, payment fraud, fraudulent account registrations resulting from malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over one billion monthly transactions and protects more than 250 million active user accounts across 3,000 customers and 15,000 websites and mobile applications. ThreatMetrix is deployed by industry leaders across financial services, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

ThreatMetrix CPO Speaks on “Enabling Customer Channel Innovation through Rapid Security Intelligence and Response” at FS-ISAC Summit

Posted on May 13th, 2015 by Dan Rampe

Standard-Header-AF

ThreatMetrix Chief Products Officer, Alisdair Faulkner, to Address Attendees during Summit in Miami Beach Florida (May 17-20)

Officially titled the FS-ISAC & Bits Annual Summit 2015, this 3-day event is held by the Financial Services Information Sharing and Analysis Center (FS-ISAC), a non-profit association of financial institutions. By disseminating trusted and timely information, the association’s aim is to protect the financial services sector from physical and cyberthreats and attacks.

To draw hundreds of financial industry professionals

Financial industry executives will have an opportunity to discuss the latest information about cybersecurity threats, trends and technology in the financial services sector. In addition, the summit will include presentations from more than three dozen senior executive FS-ISAC members.

Alisdair Faulkner, ThreatMetrix’s Chief Products Officer, to present on Wednesday May 20 (9:30-10:30 a.m. EDT)

Faulkner, who will be joined by Bryan Strong, a Senior VP and director of information security at Zions Bancorporation, will speak on “Enabling Customer Channel Innovation through Rapid Security Intelligence and Response.” The talk offers an opportunity for attendees to learn about the benefits of rapid security controls to detect cyberthreats in real time to be able to take action against those threats as soon as possible.

Alisdair Faulkner on rapid, accurate authentication

“Financial institutions currently face challenges in meeting the growing number of authentication guidelines in the wake of major data breaches, which have exposed many customers’ credentials. In the current cybercrime environment, financial institutions must assume identities and devices are compromised before authenticating transactions. With static controls, by the time a threat is identified, it takes financial institutions far too long to take action against it. At the summit, I’ll be discussing tactics for financial institutions to leverage a digital identity network to quickly and accurately authenticate good users and keep out cybercriminals.”

The ThreatMetrix Digital Identity Network for real-time authentication

In order for financial institutions to assume digital identities and to identify cybercriminals in real time, the ThreatMetrix Digital Identity Network offers a layered approach to stop criminals in their tracks. Faulkner will be discussing several ways for financial institutions to mitigate a core risk of compromised credentials by using a layered approach. The ThreatMetrix Digital Identity Network brings together all aspects of a person’s online devices and behavior into one unique digital identity – including email addresses, geo-locations, devices and both personal and business personas. This network enables financial institutions to meet authentication guidelines and to protect accounts against bots using stolen credentials by leveraging a global view of devices and persona behavior to detect anomalies.

ThreatMetrix will be exhibiting at booth 14. Please stop by.

For more info on the FS-ISAC & Bits Summit:

Visit http://www.fsisac-summit.com/2015-fs-isac-bits-annual-summit/.

About ThreatMetrix

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions leveraging a global shared digital identity network and real time customer driven analytics platform.  These solutions help customers differentiate between trusted users and potential fraud resulting in reduced friction, incremental revenue and lower fraud and operational costs.

ThreatMetrix secures customers against account takeover, payment fraud, fraudulent account registrations resulting from malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over one billion monthly transactions and protects more than 250 million active user accounts across 3,000 customers and 15,000 websites and mobile applications. ThreatMetrix is deployed by industry leaders across financial services, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

ThreatMetrix to Present on “Enabling Customer Channel Innovation through Rapid Security Intelligence and Response” at FS-ISAC & BITS Annual Summit

Posted on May 13th, 2015 by Dan Rampe

Standard-Header-AF

Alisdair Faulkner, Chief Products Officer, Will Educate Attendees on Helping Financial Institutions Avoid Cyber Threats by Using Rapid Security Intelligence

San Jose, CA – May 13, 2015 – ThreatMetrix®, the fastest-growing provider of context-based security and advanced fraud prevention solutions, ThreatMetrix®, the fastest-growing provider of context-based security and advanced fraud prevention solutions, today announced that Alisdair Faulkner, chief products officer, will present at the FS-ISAC & Bits Annual Summit 2015, May 17-20, Loews Miami Beach Hotel, Miami Beach, Fla.

FS-ISAC – the Financial Services Information Sharing and Analysis Center – is a non-profit association comprised of financial institution members. The organization is dedicated to protecting the financial services sector from physical and cyber threats, attacks and incidents through the dissemination of trusted and timely information. The 2015 Annual Summit will draw in hundreds of industry executives and practitioners to discuss the latest information on cybersecurity threats, trends and technology in the financial services industry. The summit will include presentations from more than three dozen senior executive FS-ISAC members.

Faulkner’s presentation, titled “Enabling Customer Channel Innovation through Rapid Security Intelligence and Response” will take place on Wednesday, May 20 from 9:30-10:30 a.m. EDT. Presenting alongside Faulkner will be Bryan Strong, senior vice president, director of information security at Zions Bancorporation. During Faulkner and Strong’s presentation, attendees will learn about the benefits of using rapid security controls for financial institutions to detect cyber threats in real time and act quickly to protect against them. Additionally, ThreatMetrix will exhibit at booth 14 during the summit.

“Financial institutions currently face challenges in meeting the growing number of authentication guidelines in the wake of major data breaches, which have exposed many customers’ credentials,” said Faulkner. “In the current cybercrime environment, financial institutions must assume identities and devices are compromised before authenticating transactions. With static controls, by the time a threat is identified, it takes financial institutions far too long to take action against it. At the summit, I’ll be discussing tactics for financial institutions to leverage a digital identity network to quickly and accurately authenticate good users and keep out cybercriminals.”

In order for financial institutions to assume digital identities and to identify cybercriminals in real time, the ThreatMetrix Digital Identity Network offers a layered approach to stop criminals in their tracks. Faulkner will be discussing several ways for financial institutions to mitigate a core risk of compromised credentials by using a layered approach. The ThreatMetrix Digital Identity Network brings together all aspects of a person’s online devices and behavior into one unique digital identity – including email addresses, geo-locations, devices and both personal and business personas. This network enables financial institutions meet authentication guidelines and to protect accounts against bots using stolen credentials by leveraging a global view of devices and persona behavior to detect anomalies.

For more info on the FS-ISAC & Bits Summit, visit http://www.fsisac-summit.com/2015-fs-isac-bits-annual-summit/.

ThreatMetrix Resources

About ThreatMetrix

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions leveraging a global shared digital identity network and real time customer driven analytics platform.  These solutions help customers differentiate between trusted users and potential fraud resulting in reduced friction, incremental revenue and lower fraud and operational costs.

ThreatMetrix secures customers against account takeover, payment fraud, fraudulent account registrations resulting from malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over one billion monthly transactions and protects more than 250 million active user accounts across 3,000 customers and 15,000 websites and mobile applications. ThreatMetrix is deployed by industry leaders across financial services, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

© 2015 ThreatMetrix. All rights reserved. ThreatMetrix, TrustDefender ID, TrustDefender Cloud, TrustDefender Mobile, TrustDefender Client, the TrustDefender Cybercrime Protection Platform, ThreatMetrix Labs, and the ThreatMetrix logo are trademarks or registered trademarks of ThreatMetrix in the United States and other countries. All other brand, service or product names are trademarks or registered trademarks of their respective companies or owners.

Media Contacts

Dan Rampe
ThreatMetrix
Tel: 408-200-5716
Email: drampe@threatmetrix.com

Beth Kempton
Walker Sands Communications
Tel: 312-241-1178
Email: beth.kempton@walkersands.com