Is Buying an iPhone 6 Buying Trouble? Or Peace of Mind?

Posted on September 17th, 2014 by Dan Rampe

iPhone6

ThreatMetrix Explores the Pros and Cons of iPhone 6 as They Relate to Privacy and Cyberfrauds’ Shift to Online Channels

When it comes to security, do the “I”s have it? ThreatMetrix takes a hard look at iPhone 6 and iPhone 6 Plus, exploring whether some of their newest features will be making their owners more secure or bigger cybercrime targets. (For a quick overview, ThreatMetrix prepared the following infographic on iPhone 6 and iPhone 6 Plus cybersecurity pros and cons.)

“The most recent iPhone has received a ton of buzz, especially regarding some of its latest features such as Apple Pay, which has the potential to revolutionize the way consumers and retailers alike do business,” said Alisdair Faulkner, chief products officer at ThreatMetrix. “However, the fact remains that these features may also potentially make Apple the new prime target for cybercriminals all over the world, as the iPhone 6 increasingly becomes the remote control of its owners’ life.”

By the end of 2014, some 25 million iPhone users will have upgraded their devices. Following ThreatMetrix security experts critique the newest features and how they affect security.

  • Apple Pay a Safer Way– Passbook isn’t an entirely new feature of the iPhone, which previously enabled users to store purchased tickets and other virtual goods. These could then be presented on their iPhones in lieu of tickets, etc. Now, Passbook enables users to register credit cards at the click of a button and access them for secure, one-touch transactions using the iTouch fingerprint reader. The Passbook does not store credit-card details on the actual device or in iCloud. Instead it stores a token on a Secure Element. This means that any malware attempting to intercept a transaction will not be able to get access to the real credit card number. This is a net positive for transaction security.
  • Fraud Pushed from Banks to Online Merchants –Apple supports Near Field Communications (NFC) technology, which prevents store employees from taking copies of card data. In October 2015, EMV payment systems become mandatory in the U.S. and will cause criminal gangs to shift more of their attention to online channels. Modern card terminals typically support both EMV payment systems and NFC, and the new Apple Pay functionality will further drive adoption of these new readers in stores. Now, unlike in-store purchases that are covered by banks, online merchants have to cover the costs of inadvertently accepting fraudulent transactions. The other major impact will be a significant increase in online credit card origination theft. If it’s more difficult to breach data in-store and create counterfeit cards because of EMV payment systems and Apple Pay, criminals will focus more of their efforts online.
  • Increased Account Compromise Risk – iCloud is like a remote control for users’ lives. If hackers gain access to a username and password, which is often shared across sites, they can use the Find My Phone feature to not only disable Apple Pay purchasing from your device, but also get access to backup photos and remotely delete and reset your password as well.“Consumers have the opportunity to upgrade to two-factor authentication for better online protection as account compromise risks increase,” said Julie Conroy, research director at Aite Group. “However, very few consumers will do so due to inconvenience and added effort of such security measures.”
  • Privacy Concerns – Apple has stated that it does not track Apple Pay purchases, and that health data collected by HealthKit will remain encrypted on the phone and not stored on Apple’s servers. However there may be future business pressure to better monetize Apple’s iAd network. While HealthKit App Developers require an iPhone owner’s consent to access health data, consumers do not have good ways of ensuring their data remains protected once it is stored off their phones.
  • Selling and Gifting Older Models – Many consumers will want to get rid of their older iPhone models and this can lead to multiple security risks, such as previously jailbroken devices, devices that have pre-stored malware and unwiped devices that still have personal information stored on them. Before selling or gifting older models, consumers must make sure that they have deleted all content (Settings > General > Reset > Erase All Content and Settings) and remove the devices from their iCloud accounts.

“The newest iPhone has the potential to be one of the most groundbreaking models to date,” said Faulkner. “However, consumers making the switch should be aware of the pros and cons of doing so, especially if they are in the first round of buyers. Consumers need to be mindful that the data they sync to iCloud is now likely only protected by a weak username and password combination.”

The widespread adoption of the iPhone 6 means there will be new threats to consumers’ sensitive information and privacy. Businesses such as Apple need a way to protect their customers beyond simple username and password combinations. They need a collective, global network. The ThreatMetrix® Global Trust Intelligence Network analyzes more than 850 million monthly transactions and combines device identification, threat assessments, identity and behavioral intelligence to accurately identify cybercriminals without creating friction for good users.

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 850 million monthly transactions and protects more than 210 million active user accounts across 3,000 customers and 15,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

Fighting Mobile Crime Means Never Standing Still. ThreatMetrix Announces Spring 2014 Release with Improved Jailbreak Detection and Location-Based Authentication.

Posted on March 13th, 2014 by Dan Rampe

Mobile

An extension to the ThreatMetrix™ TrustDefender™ Cybercrime Protection Platform, the Spring 2014 Release is an update that delivers enhanced endpoint and context intelligence for mobile activity through a solution built on the ThreatMetrix™ Global Trust Intelligence Network (The Network).

More and more account logins and transactions are done via mobile devices. It’s true of both consumers and the workforce. Last year, mobile represented one third of total traffic on The Network. By the end of this year that number will jump to 50 percent. Cybercriminals are just as aware of these numbers as anybody. So, it’s no surprise they’re going to go where the money is.

For protection for themselves and their customers without compromising the intuitive user experience of mobile apps and browsers, more and more companies are turning to advanced fraud prevention and context-based security.

“Mobile device usage for e-commerce and banking will continue to rise and in order to prevent the associated risks, businesses must have the capabilities to effectively analyze mobile activity to detect returning authentic customers and device anomalies that indicate malicious behavior,” said Mustafa Rassiwala, senior director of product management, ThreatMetrix. “This includes differentiating between normal and jailbroken devices, as users with jailbroken devices are more likely to engage in criminal activity.”

With the Spring 2014 Release, The Network protects against mobile cybercrime using:

• Enhanced Mobile Identification: With the enhanced mobile software development kit (SDK), businesses can now detect jailbroken devices. This information often indicates that the mobile operating system has been breached and the security of all applications has been compromised. Cybercriminals typically jailbreak stolen mobile devices to gain full access to the original owner’s personal information. Additionally. sophisticated attacks can remotely jailbreak end users’ mobile devices to set up Man-in-the-Middle attacks and easily compromise sensitive information – including social media, banking and e-commerce website logins.

• Mobile-Specific Context Information: GPS-based location detection enables businesses to implement geo-fencing and accept transactions only when end users are within a specified proximity of an approved location. For example, banks may want to restrict certain high risk activities — adding new payments and money transfers on mobile devices for example — to when a user is in close proximity to his/her home address.

“By implementing enhanced location-based authentication capabilities and device recognition comprised of mobile jailbreak detection, identity, behavior and threat intelligence, businesses can establish trust for mobile activity without compromising user identity or convenience,” said Rassiwala. “ThreatMetrix analyzes each mobile activity such as user login or credit card purchase by combining intelligence from billions of previous transactions in The Network, the largest trusted identity network of shared intelligence, to provide businesses with the most comprehensive identity authentication solution on the market.”

With these new capabilities, ThreatMetrix offers comprehensive mobile protection with:

• Mobile SDK for Android and iOS to uniquely identify mobile devices

• Cookieless smart identification of devices when using mobile browsers

• Identity and account authentication using analytics that combine anonymized persona information, behavior and transaction context

“Businesses should rightfully focus on offering the best user experience on mobile apps without compromising on security and fraud prevention,” said Rassiwala. “Developers should not have to deal with low level device identification attributes that change periodically and ThreatMetrix regularly updates its mobile SDK leveraging the latest operating system enhancements to remain compliant and secure.”

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix™ Global Trust Intelligence Network, which analyzes over 500 million monthly transactions and protects more than 160 million active user accounts across 2,500 customers and 10,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.