White House Selling. Silicon Valley Buying?

Posted on May 1st, 2015 by Dan Rampe

Snowden

Defense Secretary Tours Valley Looking for Buy-in on New Computer Military Strategy and Rebuilding Trust Post-Snowden Revelations

To borrow a basketball analogy — and what better time than during the NBA playoffs — the White House has been doing a full-court press to impress the Valley’s movers and shakers in both business and academia. In their article on nytimes.com, David E. Sanger and Nicole Perlroth examine the White House’s efforts to form a new military cyberstrategy and rebuild trust that’s been shaken by Snowden’s NSA disclosures.

Investing in start-ups and looking for talent

[Defense Secretary] Ashton B. Carter, toured Silicon Valley…to announce a new military strategy for computer conflict, starting the latest Pentagon effort to invest in promising start-ups and to meet with engineers whose talent he declared the Pentagon desperately needed in fending off the nation’s adversaries.

Whom do you trust?

Mr. Carter immediately acknowledged, though, the need to rebuild trust with Silicon Valley, whose mainstays — like Apple, Google and Facebook…have spent two years demonstrating to customers around the world that they are rolling out encryption technologies to defeat surveillance. That, of course, includes blocking the National Security Agency, a critical member of the military-intelligence community.

“I think that people and companies need to be convinced that everything we do in the cyber domain is lawful and appropriate and necessary,” Mr. Carter told students and faculty at Stanford.

Ask not what your country can do for you

He urged the next generation of software pioneers and entrepreneurs to take a break from developing killer apps and consider a tour of service fending off Chinese, Russian and North Korean hackers, even as he acknowledged that the documents leaked by Edward J. Snowden, the former intelligence contractor, “showed there was a difference in view between what we were doing and what people perceived us as doing.”

Doubters

[Jeh Johnson], the secretary of Homeland Security, and a group of other government officials ran into a buzz saw of skepticism at the world’s largest conference of computer security professionals….Those officials argued for some kind of technical compromise to allow greater security of electronic communications while enabling the F.B.I. and intelligence agencies to decode the emails and track the web activities of suspected terrorists or criminals. Yet many among the computer security professionals at the conference argued that no such compromise was possible, saying that such a system would give Russians and Chinese a pathway in, too, and that Washington might abuse such a portal.

No compromise. No access

Not long after Mr. Johnson declared that “encryption is making it harder for your government to find criminal activity and potential terrorist activity,” large numbers of entrepreneurs and engineers crammed into the first of several seminars, called “Post-Snowden Cryptography.” There, they took notes as the world’s best code makers mocked the Obama administration’s drive for a “technical compromise” that would ensure the government some continued access.

Everybody’s going to want a key

Ronald Rivest, one of the inventors of a commonly used encryption algorithm, took on the arguments by Mr. Johnson and other senior officials, including John P. Carlin, the head of the Justice Department’s national security division, that the best minds in Silicon Valley could find a way to ensure legal government access while still assuring users that communications and data stored in their iPhones and the cloud are safe. “There are lots of problems with these ideas,” Mr. Rivest said. “We live in a global information system now, and it’s not going to be just the U.S. government that wants a key. It’s going to be the U.K., it’s going to be Germany, it’s going to be Israel, it’s going to be China, it’s going to be Iran, etc.”

Trust us. We want you to make money

One of Mr. Johnson’s deputies, Phyllis Schneck [revealed] the government’s plans for real-time monitoring and blocking of malware flowing through the Internet, urging private industry to help. “We want you to make money,” said Ms. Schneck, a former chief technology officer at McAfee Inc….. Many in the crowd, though, said they worried whether the government would turn any malware-monitoring system to other uses.

Technology outpacing agreements

Mr. Obama’s cybercoordinator, Michael Daniel, who has been trying to preside over the unwieldy administration debate over encryption rules, was meeting executives in private and calling in public for “cybernorms of behavior” that could constrain the kind of hackers who attacked American corporations, the White House, the State Department and the Pentagon. But he acknowledged that this was an area where the grindingly slow wheels of diplomacy were being outpaced by technological development.

Banks, Silicon Valley giants and security companies on front lines of cyberwar

Mr. Carter, in his Stanford talk, noted that past wars were fought state to state. But in computer conflict, he said, the most sophisticated threats and weapons are seen by banks, security firms and Silicon Valley companies like Apple, Google, Yahoo, Twitter and Facebook that serve as conduits for the world’s communications. That is data Washington most needs.

The Snowden aftereffect

Yet nearly two years after the Snowden revelations, many companies are as reluctant as ever to give the government any information unless they are compelled to do so, particularly as they try to convince foreign customers in global markets that they are doing everything they can to keep Washington at a distance.

The President seeks balance

Mr. Obama, on a trip to Stanford in February, had expressed sympathy with those who were striving to protect privacy, even while saying it had to be balanced against the concerns of the F.B.I. and other agencies that fear “going dark” because of new encryption technologies. (Apple says that with its new iPhone operating system, it has no way to decode data in phones, even if given a court order.) Mr. Obama’s aides say decisions about how to resolve these differences are still months away.

Split-key. Court order

With so much more data at stake, and attacks so frequent, cryptographers say the need for encryption is greater than ever. One proposal, by Adm. Michael S. Rogers, the head of the National Security Agency, is to develop a split-key system in which companies hold half and the government, or some outside agent, holds the other half of the key to unlock encrypted communications. The two would be put together only with approval of a court. But many computer security experts reject that idea, saying it would leave too much room for theft and would motivate other governments to require the same.

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions leveraging a global shared digital identity network and real time customer driven analytics platform.  These solutions help customers differentiate between trusted users and potential fraud resulting in reduced friction, incremental revenue and lower fraud and operational costs.

ThreatMetrix secures customers against account takeover, payment fraud, fraudulent account registrations resulting from malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over one billion monthly transactions and protects more than 250 million active user accounts across 3,000 customers and 15,000 websites and mobile applications. ThreatMetrix is deployed by industry leaders across financial services, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

Fraud and Security Pros to Meet at ThreatMetrix Cybercrime Prevention Summit 2015

Posted on April 30th, 2015 by Dan Rampe

Blog-Header

5th Annual Summit Has Experts from Around the World Discussing Collaborative Strategies to Fight Evolving Cybercrime

Themed “Connect and Collaborate,” the ThreatMetrix® Cybercrime Prevention Summit 2015, the largest of its kind, will bring together 250 cybersecurity experts from around the globe to exchange ideas on the latest trends in cybersecurity, shared intelligence, protection against mobile fraud and improvement of online trust and Internet security. The fifth annual Summit runs from October 7-9 at the Silverado Resort & Spa in Napa, the heart of California wine country.

2014: breaches happening at unprecedented rate

There were major breaches in almost every sector — healthcare, financial services, retail, government, military and other industries. The Identity Theft Resource Center tracked a record 780 plus breaches – a 27.5 percent increase over the number of breaches reported in 2013. Faced with this ongoing assault, the summit will focus on how businesses and consumers can leverage a collective approach to cybersecurity.

The ThreatMetrix Digital Identity Network: leading a collaborative approach to defeating fraud and data breaches

Processing more than one billion online transactions each month, the ThreatMetrix Digital Identity Network, the world’s largest, enables ThreatMetrix customers across industries to access the most comprehensive world-wide data and analysis available to combat cybercrime.

Bert Rankin, ThreatMetrix chief marketing officer, on the best way to combat fraud

“The fallout from a record high in data breaches last year has made it challenging for businesses to protect their employees and customers from fraud on various levels. The best way to combat fraud in the wake of these breaches is to bring together all aspects of customers’ and employees’ online devices and behaviors into one unique digital identity. By connecting with experts and peers, summit attendees will hear specific insights on the most recent cyber attacks identified through the ThreatMetrix Digital Identity Network and the best practices being used to deter them.”

For Summit attendees an opportunity to connect and collaborate with experts in fraud prevention and cybersecurity

Through a variety of activities, attendees will be able to get a clearer understanding of the most recent cyberthreats and take their respective companies’ best practices to the next level.

Summit subjects

Topics at the Summit include finding ways to reduce online payment fraud, account takeover, identity spoofing and other forms of cybercrime. And, attendees will include experts and senior fraud and cybercrime prevention professionals from the world’s leading online businesses, representing financial services, e-commerce, social networks, government, insurance and other industries.

Attending: key members of the ThreatMetrix executive and professional services team

Sharing insights and trends identified through the ThreatMetrix Digital Identity Network will be key members of the ThreatMetrix team. In addition, industry experts including Julie Conroy, research director for Aite Group’s Retail Banking practice, will speak at the Summit on ongoing research regarding fraud, data security and other market data.

Attendance at the Summit limited to 250

To foster personal interactions, attendance at the ThreatMetrix Cybercrime Prevention Summit 2015 will be limited to 250 attendees. To learn more or to register, please visit: http://cybercrimepreventionsummit.com/.

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions leveraging a global shared digital identity network and real-time customer driven-analytics platform.  These solutions help customers differentiate between trusted users and potential fraud resulting in reduced friction, incremental revenue and lower fraud and operational costs.

ThreatMetrix secures customers against account takeover, payment fraud, fraudulent account registrations resulting from malware, and data breaches. Underpinning the solution is the ThreatMetrix® Digital Identity Network, which analyzes more than one billion monthly transactions and protects more than 250 million active user accounts across 3,000 customers and 15,000 websites and mobile applications. ThreatMetrix is deployed by industry leaders across financial services, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

 

 

ThreatMetrix to Host the Fifth Annual Cybercrime Prevention Summit 2015

Posted on April 30th, 2015 by Dan Rampe

Blog-Header

The Summit Brings Together Industry Experts to Discuss Collaborative Strategies
for Businesses and Consumers to Combat Evolving Cybercrime Threats

San Jose, CA – April 30, 2015 – ThreatMetrix®, the fastest-growing provider of context-based security and advanced fraud prevention solutions, today announced the ThreatMetrix® Cybercrime Prevention Summit 2015, themed “Connect and Collaborate.” The fifth annual summit will take place October 7-9 at the Silverado Resort & Spa, Napa, Calif.

The ThreatMetrix Cybercrime Prevention Summit 2015 is the largest of its kind, bringing together 250 cybersecurity experts from around the globe to “Connect and Collaborate” on the latest trends in cybersecurity, shared intelligence, protection against mobile fraud and improvement of online trust and Internet security.

During 2014 major breaches in healthcare, financial services, retail, government, military and other industries continued to increase. The Identity Theft Resource Center tracked a record high number of data breaches in 2014, with more than 780 breaches – a 27.5 percent increase over the number of breaches reported in 2013. Faced with the continued escalation in online attacks, the summit will focus on how businesses and consumers can leverage a collective approach to cybersecurity. A collaborative approach to cybercrime prevention will become even more important as cybercriminals have access to even more ways to easily commit fraud than ever before.

The ThreatMetrix® Digital Identity Network, the world’s largest trusted identity network, which is currently processing more than one billion online transactions each month, enabling ThreatMetrix customers across industries to access the most comprehensive world-wide data and analysis available to combat cybercrime.

“The fallout from a record high in data breaches last year has made it challenging for businesses to protect their employees and customers from fraud on various levels,” said Bert Rankin, chief marketing officer, ThreatMetrix. “The best way to combat fraud in the wake of these breaches is to bring together all aspects of customers’ and employees’ online devices and behaviors into one unique digital identity. By connecting with experts and peers, summit attendees will hear specific insights on the most recent cyber attacks identified through the ThreatMetrix Digital Identity Network and the best practices being used to deter them.”

The conference will connect industry experts, technologists and other fraud prevention and cybersecurity practitioners to connect and collaborate in an informal environment. During the summit, attendees will have the chance to make direct, meaningful connections through various activities to better understand the most recent cyber threats and take their company’s best practices to the next level.

The information and experiences at the ThreatMetrix Cybercrime Prevention Summit are valuable for anyone interested in finding ways to reduce online payment fraud, account takeover, identity spoofing and other forms of cybercrime. Attendees include experts and senior fraud and cybercrime prevention professionals from the world’s leading online businesses, representing financial services, e-commerce, social networks, government, insurance and other industries.

During this year’s summit, key members of the ThreatMetrix executive and professional services team will share insights and trends identified through the ThreatMetrix Digital Identity Network. In addition, industry experts including Julie Conroy, research director for Aite Group’s Retail Banking practice will speak at the summit. Conroy will present on ongoing research regarding fraud, data security and other market data to promote discussion among the event attendees.

To maintain intimacy and foster personal interactions, attendance at the ThreatMetrix Cybercrime Prevention Summit 2015 will be limited to 250 attendees. To learn more or to register, please visit: http://cybercrimepreventionsummit.com/.

ThreatMetrix Resources

About ThreatMetrix

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions leveraging a global shared digital identity network and real-time customer driven-analytics platform.  These solutions help customers differentiate between trusted users and potential fraud resulting in reduced friction, incremental revenue and lower fraud and operational costs.

ThreatMetrix secures customers against account takeover, payment fraud, fraudulent account registrations resulting from malware, and data breaches. Underpinning the solution is the ThreatMetrix® Digital Identity Network, which analyzes more than one billion monthly transactions and protects more than 250 million active user accounts across 3,000 customers and 15,000 websites and mobile applications. ThreatMetrix is deployed by industry leaders across financial services, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

© 2015 ThreatMetrix. All rights reserved. ThreatMetrix, TrustDefender ID, TrustDefender Cloud, TrustDefender Mobile, TrustDefender Client, the TrustDefender Cybercrime Protection Platform, ThreatMetrix Labs, and the ThreatMetrix logo are trademarks or registered trademarks of ThreatMetrix in the United States and other countries. All other brand, service or product names are trademarks or registered trademarks of their respective companies or owners.

Media Contacts

Dan Rampe
ThreatMetrix
Tel: 408-200-5716
Email: drampe@threatmetrix.com

Beth Kempton
Walker Sands Communications
Tel: 312-241-1178
Email: beth.kempton@walkersands.com

Not Just Numbers

Posted on April 29th, 2015 by Dan Rampe

Anthem

Often Overlooked in the Anthem and Premera Breaches That Compromised Tens of Millions Are Individual Victims. These Are Some of Their Stories.

Seen People’s Court? The opening has the announcer intoning “Real cases. Real people.” Forgotten among the tens of millions who’ve had their information compromised, but haven’t been affected…yet…are the cases of “real people” who’ve had their lives turned upside down by identity theft.

On truth-out.org, which co-published with USA Today, Charles Ornstein, writing for ProPublica, which describes itself as an independent nonprofit newsroom for investigative journalism in the public interest, puts the Anthem and Premera breaches in “human terms.” He does so by relating stories of individuals who’ve suffered identity theft as a result of these attacks. The following has been excerpted from his truth-out.org piece and edited to fit our format. You may find the full article by clicking on this link.

Knowing the score doesn’t ensure you won’t be a victim

[A] company’s privacy officer didn’t realize that health insurer Anthem even had her data. “It gives you a new perspective when you’re actually one of the folks whose data is disclosed.”

[Rebecca Fayed’s company provides research, technology and consulting services to health care and higher education organizations.] As the privacy officer for The Advisory Board Co., Rebecca Fayed knows a thing or two about privacy and what can happen when it’s violated. But when Fayed received a letter telling her that she, like nearly 80 million others, was the victim of a hacking attack on health insurer Anthem Inc., she couldn’t figure out why. Anthem wasn’t her insurance provider.

“I had no idea that Anthem even had my data,” Fayed told a gathering of privacy professionals recently at the National HIPAA Summit in Washington, D.C. “I went running around the house, ‘Why does Anthem have my data?'”

Fayed soon figured out the connection: Her previous insurer, a Blue Cross plan, was affiliated with Anthem in some way. Whoever hacked Anthem’s records accessed names, Social Security numbers, dates of births, addresses and more going back a decade.

But they weren’t covered by Anthem or Premera

Julie Grimley, 46, a content editor for an educational software startup, initially assumed the Anthem breach wouldn’t affect her because her family had coverage through CareFirst BlueCross BlueShield. Then she got letters informing her that her data, along with that of her husband and 15-year-old daughter, might have been compromised.

“At this point, I’m not sure what the best thing” to do is, said Grimley…”I really don’t.”

What about her college-age daughter?

Grimley said she is most worried about her daughter. “She’s already starting the college process,” she said. “Her life is starting. This could be really serious. I should be worried about me too but we’re established. … I’ve read horror stories and think, ‘Oh my gosh.'”

Lightning strikes twice

Bethesda, Md., resident Eric Forseter and his family managed to fall victim to both the Anthem and the Premera hackings.

Forseter’s wife and son received letters…from their health insurer Premera telling them that some of their information—but not their Social Security numbers–was compromised in the Anthem breach. Days later, they received additional letters saying they also were victims of Premera’s own breach, which affected not only Social Security numbers, but also medical claims information.

Forseter, 40, who works for an IT security and identity management company, said he doesn’t know how his family’s information got ensnared in the Anthem breach but suspects it may have happened because his son had to see a doctor while in New York. He’s gotten nowhere when he’s called the insurers’ customer- service line for answers.

“I don’t think they really know half the stuff that’s happening,” he said. “Unfortunately they’re reading a canned script and all they want to do is say, ‘Well, sorry.'”

Forseter said he is considering legal action against the insurers for failing to safeguard his family’s information. He called the offer of two years of credit monitoring inadequate.

“If data was stolen then sold and sold many times over, then potentially three to five to 10 years from now, that data could be used and I’d have to pay for my own coverage and I’m at risk,” he said. “I’m responsible for covering it.”

Lightning strikes “more than” twice

For some victims, the Anthem and Premera breaches have been all too familiar.

Bill Speaks, 61, who works in mainframe software for the U.S. Department of Interior in Colorado, said he was also a victim of the Home Depot hacking attack last year, as well as one involving his bank, and he believes he was also a victim of the Target hack. Moreover, he said, his driver’s license was stolen when he had surgery at a hospital about three years ago. That may have resulted in someone opening up an account and running up charges in his name, he said.

Speaks said he’s fed up.

“No one is looking out for us and no one at the higher levels of these organizations are suffering any consequences because of their lax security,” he said.

What have the insurers done?

Anthem spokesman Darrel Ng said the company finished mailing letters notifying those affected …. The process took two months because of the number of people affected and to not overwhelm its credit-monitoring vendor, AllClear. “Anthem initially started by sending out 1.5 million letters a day and eventually ramped up to about 2.5 million per day.”

Anthem said it has tried to reach people in other ways, including by email and through a website, AnthemFacts.com. Ng said he did not know how many people had signed up for the credit monitoring, but anyone can seek help in clearing up credit reports and contesting false charges for the next two years.

Premera also has set up a website with information, premeraupdate.com. It has notified 6 million members in Washington and Alaska affected by the breach and is working to notify members of other Blue Cross plans if they sought care in those states. As of April 1, more than 194,000 people had enrolled in credit monitoring, Premera spokeswoman Melanie Coon said by email.

Did Anthem and Premera do all they could?

The Department of Health and Human Services’ Office for Civil Rights, which oversees compliance with federal patient privacy law, is investigating the Anthem and Premera breaches. If the agency determines the insurers did not take adequate steps to protect members’ health information, it could impose steep fines.

A right to be nervous

Ann Patterson, senior vice president and program director for the Medical Identity Fraud Alliance, an industry group, said consumers are right to be nervous. Medical identity theft poses a more serious risk than credit card fraud. “You really can’t change your birth date. So when that kind of information is out there, the type of fraud that is perpetrated in the health care sense involves your wellbeing, your life.”

Patterson recommends that consumers take several steps if they have been affected. First, they should sign up for the free credit monitoring, which alerts people to possible suspicious activity if it happens. “If you became a victim, you would be notified as soon as possible,” she said, noting that it doesn’t prevent fraud. Beyond that, consumers should review all insurance forms, hospital bills and other medical correspondence they receive. If something doesn’t look right, don’t throw it out, Patterson said; make a phone call to clarify what has been sent.

“Some reason people think, ‘I was not the patient, so why should I call that hospital?’ Definitely call the provider and the health plan to make [sure] both parties know that you are not the patient. You should report it to your local law enforcement so you have a record that it was reported from a legal standpoint.”

ThreatMetrix: a caution and solutions

In his blog, The Anthem Tipping Point Reed Taussig, ThreatMetrix® president and CEO advised, “The most valuable data stores for fraudsters are stolen patient records that are associated with a valid health insurance policy. While most enterprises continue to focus on securing their internal networks, what is really required is broad adoption and use of secure, anonymized global shared intelligence that will identify what for and where those 90 million stolen identities are being used.”

Alisdair Faulkner, ThreatMetrix chief products officer, notes, “When Anthem and Premera sneezed, the cybersecurity industry caught a cold. Most organizations are focusing purely within their own networks, but the board room needs to be aware that these massive data breaches are just a precursor to the main event – a systemic and continuous attack on their customer and employee authentication, fraud and identity systems. To do a credible job defending against stolen identities, organizations need better risk intelligence based on anonymized shared intelligence to differentiate between trusted users and cyber threats.”

Find more in the ThreatMetrix news release, Anthem and Premera Healthcare Breaches Were Preventable: Protection Beyond Encryption: ThreatMetrix Strategies for Preventing Cybercrime in Healthcare and Other Industries

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions leveraging a global shared digital identity network and real time customer driven analytics platform.  These solutions help customers differentiate between trusted users and potential fraud resulting in reduced friction, incremental revenue and lower fraud and operational costs.

ThreatMetrix secures customers against account takeover, payment fraud, fraudulent account registrations resulting from malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over one billion monthly transactions and protects more than 250 million active user accounts across 3,000 customers and 15,000 websites and mobile applications. ThreatMetrix is deployed by industry leaders across financial services, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

 

 

Biting off More Than You Can Chew: Why Biometrics Aren’t the Future

Posted on April 28th, 2015 by Dan Rampe

Standard-Header-Tony

Recently a senior PayPal evangelist gave a rather controversial interview to the Wall Street Journal. In it, he appeared to suggest a radical alternative to password-based authentication systems: biometrics generated by devices ingested or embedded under the user’s skin. Now, it’s true that passwords should no longer be used by any online provider serious about security. And it’s always interesting to hear new approaches to user authentication.

But organisations need an answer today to the mounting problem of online fraud. It needs to be fast, affordable, frictionless and accurate. And in those respects, biometrics just don’t deliver.

So why isn’t biometric technology the answer?

The problem with biometrics

On paper, the prospect of biometrics like embedded wireless chips monitoring ECG readings, or ingestible capsules that can detect glucose levels, sounds like a decent idea. After all, the readings they then transmit should be unique to that person – surmounting problems of false positives and false negatives. LeBlanc even suggested that batteries for such systems could be powered by stomach acid. At last, a fully internalised, unhackable “natural body identification” system to put “users in charge of their own security”. Right?

Well, not really.

The main issue many people have with biometrics is that they rely on something that should be unhackable – impossible to simulate or crack. But if cyber criminals do find a way of doing so – and they’ve proven themselves to be a pretty resourceful bunch thus far – then what? You might be able to reset your password pretty easily after a phishing attack, but what about your heart rate? Or your glucose levels?

The next major barrier is the users themselves. Security versus usability is a tough balance at the best of times. How much tougher will it be to sell such invasive authentication systems if the user is basically happy with the level of security they get with a regular fingerprint scan or a phone based one-time passcode system?

Why context-based wins

I’m not dismissing the work of PayPal and others to improve on password-based verification. But too many question marks remain over biometrics – even the systems that are closer to reality than the hypothetical scenarios painted by LeBlanc. Whether your business is in e-commerce, social media, banking, insurance or another sector – you need fast, reliable, friction-free two factor authentication that works … today.

The key for organisations going forward is to seek out systems which can work in the background, completely invisible to the user, checking things like device identity, malware, and use of ToR or other obfuscation methods favoured by cybercriminals. They’ll be able to check against a series of unique attributes associated with that user comprised of log-in habits, typical locations, user IDs, email addresses, phone numbers, shipping information etc, and flag a suspect transaction even if the person is using valid (but stolen) credentials.

Futuristic biometrics will always grab the headlines. But context-based authentication is where the smart money’s already being spent, to cut fraud and keep customers happy.

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions leveraging a global shared digital identity network and real-time customer-driven analytics platform. These solutions help customers differentiate between trusted users and potential fraud resulting in reduced friction, incremental revenue and lower fraud and operational costs.

ThreatMetrix secures customers against account takeover, payment fraud, fraudulent account registrations resulting from malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes more than one billion monthly transactions and protects more than 250 million active user accounts across 3,000 customers and 15,000 websites and mobile applications. ThreatMetrix is deployed by industry leaders across financial services, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

 

 

 

ThreatMetrix a Winner in 3 Info Security Products Guide 2015 Global Excellence Awards’ Categories

Posted on April 27th, 2015 by Dan Rampe

Awards

ThreatMetrix Takes Home More Awards! Wins 3 Bronzes and Is Honored by the Info Security Products Guide at RSA

During RSA, the security industry honored some of the best companies, executives and products in the world with Info Security Products Guide 2015 Global Excellence Awards.

Winner in 3 Info Security Products Guide 2015 Global Excellence Awards’ categories

ThreatMetrix took Bronzes for the Most Innovative Security Software (Product) of the Year, Most Innovative Company of the Year (Security), and Innovation in Enterprise Security.

Other honors ThreatMetrix received in 2015

  • Winner of the 2015 Cyber Defense Magazine Awards for Best Anti-Malware and Hot Company in Multi-Factor Authentication
  • Named to the 2015 OnCloud Top 100 private companies list
  • The Channel Company’s CRN 100 Coolest Cloud Computing Vendors of 2015

Bert Rankin, ThreatMetrix chief marketing officer, on the company’s pioneering efforts

“Recognition by the Info Security Products Guide serves as validation of our continued efforts to stay one step ahead of cybercriminals by leveraging global shared intelligence,” said Bert Rankin, chief marketing officer at ThreatMetrix. “Given the sophistication of today’s cybercriminals, no business or individual can stand alone in the fight against cybercrime and ThreatMetrix is pioneering efforts to securely and anonymously share threat intelligence across business boundaries.”

During RSA ThreatMetrix announced its Digital Identity Network

The ThreatMetrix Digital Identity Network, the largest network of its kind in the world, creates an anonymized digital identity of consumers based on device, persona and behavior from every transaction, account creation and account login.

Analyzing more than a billion transactions each month to stop cybercrime

Leveraging the ThreatMetrix Digital Identity Network, ThreatMetrix analyzes more than one billion transactions each month to differentiate between fraudulent and authentic account creations, logins and transactions.

Less friction for a better customer experience

ThreatMetrix offers the only frictionless cybersecurity solution that combines enhanced mobile identification, location-based authentication, endpoint intelligence, behavior intelligence and real-time trust analytics into a powerful, context-based authentication and fraud prevention solution.

For a full list of 2014 Global Excellence Awards winners, go to: http://www.infosecurityproductsguide.com/world/

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions leveraging a global shared digital identity network and real-time customer-driven analytics platform. These solutions help customers differentiate between trusted users and potential fraud resulting in reduced friction, incremental revenue and lower fraud and operational costs.

ThreatMetrix secures customers against account takeover, payment fraud, fraudulent account registrations resulting from malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes more than one billion monthly transactions and protects more than 250 million active user accounts across 3,000 customers and 15,000 websites and mobile applications. ThreatMetrix is deployed by industry leaders across financial services, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

 

 

ThreatMetrix Wins Three Bronze Awards in the Info Security Products Guide 2015 Global Excellence Awards

Posted on April 27th, 2015 by Dan Rampe

Awards

Award Winners and Finalists Were Honored by Info Security Products Guide in San Francisco during the RSA Conference 2015

San Jose, CA – April 27, 2015 – ThreatMetrix®, the fastest-growing provider of context-based security and advanced fraud prevention solutions, today announces it has won Bronze in three categories of the Info Security Products Guide 2015 Global Excellence Awards. The security industry celebrated the annual Global Excellence Awards during RSA Conference 2015 in San Francisco by honoring excellence in every facet of the industry, including companies, executives and products.

ThreatMetrix is a Bronze winner in the Most Innovative Security Software (Product) of the Year, Most Innovative Company of the Year (Security) and Innovation in Enterprise Security categories of the Global Excellence Awards. ThreatMetrix continues its cybersecurity innovation following its recent announcement of the ThreatMetrix Digital Identity Network during the RSA Conference. The world’s largest network of its kind, it creates an anonymized digital identity of consumers based on device, persona and behavior from every transaction, account creation and account login.

“Recognition by the Info Security Products Guide serves as validation of our continued efforts to stay one step ahead of cybercriminals by leveraging global shared intelligence,” said Bert Rankin, chief marketing officer at ThreatMetrix. “Given the sophistication of today’s cybercriminals, no business or individual can stand alone in the fight against cybercrime and ThreatMetrix is pioneering efforts to securely and anonymously share threat intelligence across business boundaries.”

By leveraging the ThreatMetrix Digital Identity Network, ThreatMetrix analyzes more than one billion transactions each month to differentiate between fraudulent and authentic account creations, logins and transactions. ThreatMetrix offers the only frictionless cybersecurity solution that combines enhanced mobile identification, location-based authentication, endpoint intelligence, behavior intelligence and real-time trust analytics into a powerful, context-based authentication and fraud prevention solution.

For a full list of 2014 Global Excellence Awards winners, visit: http://www.infosecurityproductsguide.com/world/

ThreatMetrix Resources

About Info Security Products Guide Awards

SVUS Awards organized by Silicon Valley Communications are conferred in 10 annual award programs: The Info Security’s Global Excellence Awards, The IT Industry’s Hot Companies and Best Products Awards, The Golden Bridge Business and Innovation Awards, and Consumer World Awards, CEO World Awards, Customer Sales and Service World Awards, The Globee Fastest Growing Private Companies Awards, Women World Awards, PR World Awards, and Pillar Employee Recognitions World Awards. These premier awards honor organizations of all types and sizes from all over the world including the people, products, performance, PR and marketing. To learn more, visit www.svusawards.com

About ThreatMetrix

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions leveraging a global shared digital identity network and real-time customer-driven analytics platform. These solutions help customers differentiate between trusted users and potential fraud resulting in reduced friction, incremental revenue and lower fraud and operational costs.

ThreatMetrix secures customers against account takeover, payment fraud, fraudulent account registrations resulting from malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes more than one billion monthly transactions and protects more than 250 million active user accounts across 3,000 customers and 15,000 websites and mobile applications. ThreatMetrix is deployed by industry leaders across financial services, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

© 2015 ThreatMetrix. All rights reserved. ThreatMetrix, TrustDefender ID, TrustDefender Cloud, TrustDefender Mobile, TrustDefender Client, the TrustDefender Cybercrime Protection Platform, ThreatMetrix Labs, and the ThreatMetrix logo are trademarks or registered trademarks of ThreatMetrix in the United States and other countries. All other brand, service or product names are trademarks or registered trademarks of their respective companies or owners.

Media Contacts

Dan Rampe
ThreatMetrix
Tel: 408-200-5716
Email: drampe@threatmetrix.com

Beth Kempton
Walker Sands Communications
Tel: 312-241-1178
Email: beth.kempton@walkersands.com

 

iGad!

Posted on April 24th, 2015 by Dan Rampe

ThreatMetrix-CafeThreats

iOS Vulnerability Discovered by Researchers Could Let an Attacker Crash Any iPad or iPhone within Range of WiFi Hotspot

Researchers discovered an iOS vulnerability that turns WiFi into Why Me!!! Now imagine you’re strolling past a WiFi hotspot without a care in the world except how to pay your monthly iPhone bill. Well no worries. The mere act of walking past the WiFi hotspot could solve that problem because, say researchers, that’s all it’ll take to turn your iPhone into a doorstop.

In his piece on gizmodo.com Chris Mills explains what the researchers discovered. The following has been excerpted from his article and edited to fit our format. You may find the complete article by clicking on this link.

A bug in iOS.8

The vulnerability takes advantage of a bug in iOS 8: namely, that by manipulating SSL certificates sent to iOS devices over a network — certificates used in virtually every app, and in iOS itself — the researchers could make iOS devices crash, in the worst-case scenario putting them into a constant boot-loop.

Not connecting doesn’t help

At first glance, the vulnerability doesn’t seem too bad: after all, in order to have those bad SSL certificates sent to you, the attacker needs control of the Wi-Fi network. So just don’t connect to random Wi-Fi hotspots, and you should be fine — or you’d think.

Have to turn off WiFi completely

The researchers combined the SSL certificate flaw with an older exploit, one they’d named WiFiGate. In short, they found that iOS devices are pre-programmed by the carrier to automatically connect to certain networks. For example, AT&T customers will auto-connect to any network called ‘attwifi’. There’s no way to prevent your phone from doing this, short of turning Wi-Fi off altogether.

No way out

[The] Skycure team [i.e., the researchers who found the flaw] could create a tainted Wi-Fi hotspot, which any nearby iOS device would connect to, and then constantly crash, rendering the device useless. And, because the device is stuck in a bootloop, there’s no easy way to disable Wi-Fi, and escape the hacker’s network. [The] vulnerability can be used to render any iOS device in a certain location completely useless….

Apple working on a fix

The team is working with Apple on a fix; in the meantime, they haven’t disclosed the full details of their attack, but anyone with an iPhone is theoretically vulnerable for now.

Advice from ThreatMetrix on how to avoid the bad guys at WiFi hotspots:

In Avoid a Very Expensive Cup of Coffee: ThreatMetrix Has Tips to Stop Cybertheft When Using WiFi at Coffee Shops, Eateries and Other Public Places, Dean Weinert, ThreatMetrix product manager, cautions, “Consumers can easily access public Wi-Fi networks from just about anywhere – and so can cybercriminals. Cyberthreats are certainly a reality at local coffee shops and other wireless hotspots. If consumers don’t take extra precaution to protect their personal devices, they can unwittingly share sensitive information with cybercriminals interfering on the network.”

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions leveraging a global shared digital identity network and real time customer driven analytics platform.  These solutions help customers differentiate between trusted users and potential fraud resulting in reduced friction, incremental revenue and lower fraud and operational costs.

ThreatMetrix secures customers against account takeover, payment fraud, fraudulent account registrations resulting from malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over one billion monthly transactions and protects more than 250 million active user accounts across 3,000 customers and 15,000 websites and mobile applications. ThreatMetrix is deployed by industry leaders across financial services, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

TIGTA Gives IRS an F

Posted on April 23rd, 2015 by Dan Rampe

Tax

TIGTA (Treasury Inspector General for Tax Administration) Gives the IRS Poor Marks for Handling ID Theft Victims

A recently released Treasury Inspector General for Tax Administration report says the IRS tells an ID theft victim that his/her case will be resolved in 180 days. While that’s what the IRS claims, the TIGTA report says it actually takes the IRS 278 days. Imagine what a victim of ID theft goes through having to wait those additional 98 days.

In his piece on theblaze.com, Fred Lucas describes what the TIGTA found while doing its audit, a follow-up to one done in 2013. The following has been excerpted from his article and edited to fit our format. You may find the full story by clicking on this link.

You will get an answer, but it may not be the right one

Based on a sampling of 100 identity theft tax accounts, the inspector general [projected] that 25,565 cases out of 267,692 were resolved incorrectly, or almost [1 in 10.]

Better maybe, but not what the IRS tells the public

In 2013, about 2.9 million tax identity theft incidents happened, an increase from 1.8 million in 2012, the Chicago Tribune reported. The average for resolving a case in 2013 [was] down from the average of 312 days in fiscal year 2012, but it [was] still well over what the IRS [instructed] employees to tell taxpayers who were victims of fraud.

“IRS guidance in FY 2013 instructed employees to inform taxpayers who [inquired] about the status of their identity theft case that cases are resolved within 180 days,” the IG report says.

IRS case processing data said resolutions took between 228 and 298 days

“[The IRS’s] own case processing data did not support the 180-day resolution time period. In fact, IRS data showed case resolutions were taking between 228 to 298 days.”

Misleading stakeholders

“When the IRS provides misleading identity theft case resolution time periods, it creates a false portrayal of improvement to stakeholders and makes it more difficult for the IRS to gage and improve its own operations.”

No change in procedure needed

“The IRS disagreed with the recommendation to develop processes and procedures to calculate the average time it takes to fully resolve taxpayer accounts.”

Victims deserve better

“While the IRS is making some progress in assisting victims of identity theft, those who have been affected by this devastating crime deserve better.”

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions leveraging a global shared digital identity network and real time customer driven analytics platform.  These solutions help customers differentiate between trusted users and potential fraud resulting in reduced friction, incremental revenue and lower fraud and operational costs.

ThreatMetrix secures customers against account takeover, payment fraud, fraudulent account registrations resulting from malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over one billion monthly transactions and protects more than 250 million active user accounts across 3,000 customers and 15,000 websites and mobile applications. ThreatMetrix is deployed by industry leaders across financial services, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

 

 

 

 

 

ThreatMetrix Cyber Defense Magazine Award Winner in Two Categories

Posted on April 22nd, 2015 by Dan Rampe

awards

ThreatMetrix Wins 2015 Cyber Defense Magazine Awards for Best Anti-Malware Product and Hot Company in Multi-Factor Authentication

The awards, which Cyber Defense Magazine confers on companies for the best ideas, products and services in the information technology industry, are being announced at the RSA Conference 2015 in San Francisco.

Unveiled at RSA: the ThreatMetrix Digital Identity Network, world’s largest

Leveraging global shared intelligence to safeguard online customer identities, the ThreatMetrix Digital Identity Network creates an anonymized digital identity of consumers based on device, persona and behavior from every transaction, account creation and account login.

Bert Rankin, ThreatMetrix chief marketing officer, on ThreatMetrix solutions

“The landscape of fraud is changing as cybercriminals’ networks grow in breadth and sophistication, capitalizing on the digital debris of data breach fallouts. Our team continuously enhances our solutions to stay one step ahead of cybercriminals by providing businesses with an anonymized view of their customers based on devices, personas and behaviors. Being recognized by Cyber Defense Magazine as a leader in both anti-malware and multi-factor authentication is a ringing endorsement for ThreatMetrix.”

Recognized for the TrustDefender Cybercrime Protection Platform

The Best Anti-Malware award recognizes ThreatMetrix for its success offering high-level malware detection for businesses through the TrustDefender Cybercrime Protection Platform.

TrustDefender Cybercrime Protection Platform combines comprehensive data collection, behavioral analytics and the ThreatMetrix Digital Identity Network into a powerful, risk-based security and fraud prevention solution. Integrating malware and device identification, this solution enables ThreatMetrix customers to proceed with legitimate transactions while screening out cybercriminals and criminal activity without added user friction.

Supporting financial institution authentication requirements

The Hot Company in Multi-Factor Authentication award identifies ThreatMetrix as a leader in offering multi-factor authentication (MFA) solutions for financial institutions. These provide frictionless customer logins, decrease operational costs and improve cybercrime detection. In contrast to the design of many legacy MFA solutions, ThreatMetrix can easily support financial institution authentication requirements and provide trusted customers access without excessive step-up authentication.

Visit ThreatMetrix at Booth #4235

To learn more about ThreatMetrix’s unique anti-malware and multi-factor authentication services, visit ThreatMetrix this week in Booth #4235, located in the North Hall at RSA Conference 2015.

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions leveraging a global shared digital identity network and real-time customer-driven analytics platform. These solutions help customers differentiate between trusted users and potential fraud resulting in reduced friction, incremental revenue and lower fraud and operational costs.

ThreatMetrix secures customers against account takeover, payment fraud, fraudulent account registrations resulting from malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes more than one billion monthly transactions and protects more than 250 million active user accounts across 3,000 customers and 15,000 websites and mobile applications. ThreatMetrix is deployed by industry leaders across financial services, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.