$9.5 Billion Being Invested to Make U.S. Smart-er

Posted on January 29th, 2015 by Dan Rampe

Chip And Pin

Report Says Smart Card Updates to 1.2M POS Card Readers and 7M Card-Reading Terminals to Cost $9.5B and Won’t Be Completed till 2018

The retail and payment card industries are committed to converting to Chip and PIN Smart Card technology by December 2015. However, a report by Homeland Security Research Corp (HSRC), a non-governmental marketing research firm,forecasts that it will take until 2018 for Chip and PIN to reach 80 percent of the market. In addition to pointing out this dichotomy, a discountedhotelrooms.org story featuring HSRC’s study discusses other key issues in the adoption of Chip and PIN technology in the United States. The following has been excerpted from the discountedhotelrooms.org article and edited to fit our format. You may find the complete article by clicking on this link.

U.S. only G-20 country using magnetic strips

As of January 2014, 95% of U.S. payment cards still use the 1970’s magnetic strip technology. This makes the U.S. the only G-20 country that uses this insecure technology, while more than 100 countries have converted their payment cards to the secure Chip & PIN smartcard technology by 2004.

France proves effectiveness of Chip and PIN

France…has cut face to face and ATM transactions fraud by more than 80% since the introduction of Chip & PIN EMV smartcards

Major retailers committed to December 2015 implementation date

[Retail] chains such as Home Depot, Target, Walgreens and Walmart joined Visa and American Express and committed to replace the magnetic stripe cards and POS readers to the secured Chip & PIN technology by December 2015.

Feds lead in Chip and PIN

Signed on October 10th, 2014, President Obama’s “BuySecure” Executive Order lays out a new policy to secure payments to and from the federal government by applying Chip & PIN technology to newly issued and existing government credit cards, as well as debit cards like Direct Express. Upgrading retail payment card terminals at federal agency facilities to accept chip and PIN-enabled cards.

Fastest growing private sector security market

According to the report, the U.S. Financial Services, Retail & Payment Cybersecurity Market is the largest and fastest growing private sector cybersecurity market.

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 850 million monthly transactions and protects more than 210 million active user accounts across 3,000 customers and 15,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

 

 

 

The ThreatMetrix Alternative to Outdated Adaptive Authentication

Posted on January 28th, 2015 by Dan Rampe

Standard-Header---Logo-Ken

Offering Financial Institutions Frictionless Authentication That Cuts MFA Costs and Improves Customer Experience

Many financial institutions use outdated MFA (multi-factor authentication) systems like RSA’s Adaptive Authentication. These require excessive step-up challenges before trusted customers can access their accounts. Frustrating? You bet.

33 percent failure rates

According to analysis from banking login data processed by the ThreatMetrix Global Trust Intelligence Network (The Network), excessive step-up authentication requirements had trusted customer step-up failure rates of more than 33 percent.

Frictionless customer logins lower operational costs and improve protection

ThreatMetrix enhancements to existing multi-factor authentication solutions for financial services institutions provide frictionless customer logins, lower operational costs and improve cybercrime detection.

Ken Jochims, ThreatMetrix director of product marketing

“Many financial institutions have trouble authenticating returning, trusted customers due to simple changes in a customer’s environment. Clearing cookies, changing browsers or using a VPN for web access at a coffee shop are everyday occurrences that can cause legacy security solutions from vendors like RSA or Actimize to request step-up authentication. ThreatMetrix’s frictionless authentication solution offers a proven alternative for financial institutions to improve customer satisfaction and increase revenue.”

Compare and contrast

In contrast to the design of many legacy MFA solutions, ThreatMetrix can easily support financial institution authentication requirements and provide trusted customers access without excessive step-up authentication. This is secure, accurate authentication, in real time without annoying customers and without false positives. And, it’s delivered through ThreatMetrix’s shared global intelligence network which provides real-time risk analysis based on billions of web and mobile transactions – something never envisioned by first-generation security solutions.

Can be deployed to enhance legacy security systems

ThreatMetrix has been deployed to enhance in-place security solutions from companies like RSA and Actimize to successfully minimize step-up challenges and improve the customer experience.

Case in point

One of ThreatMetrix’s large North American-based multinational bank customers successfully enhanced its RSA on-premise solution by adding intelligent customer authentication. The bank, which provides online and mobile account access to 1,000 branch offices, provides retail and commercial banking, wealth management and insurance services to more than 22 million customers. Therefore, a positive customer experience is critical.

The bank’s ThreatMetrix solution improved both step-up-related customer experience issues and reduced step-up operational expenses.

Jochims explains how the solution works

“ThreatMetrix can determine trusted customers logins in real time by analyzing devices and identities based on activity we’ve seen in The Network,” said Jochims. “We only require a step-up if very unusual behavior is detected, such as flagging a device that has been identified as suspicious from any of the 15,000 websites and mobile applications we protect or flagging an identity used across an excessive number of devices or locations over a short period of time. Solutions provided by companies like RSA and Actimize may have been acceptable a decade ago, when there was less online activity, mobile devices didn’t exist and consumers weren’t routinely using smart devices in place of computers. Now financial institutions need to look at the bigger picture, using contextual factors derived from a global intelligence network to quickly identify trusted users from cybercriminals.”

Protects against account takeover, payment fraud, and much more

ThreatMetrix authenticates customer access to browser and mobile-based banking applications using real-time identity and access analytics that leverage the world’s largest shared global trust intelligence network. The solution protects financial web and mobile applications against account takeover, payment fraud, and fraudulent account registrations as a result of stolen credentials obtained from malware, social engineering, phishing and data breaches.

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations resulting from malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 850 million monthly transactions and protects more than 210 million active user accounts across 3,000 customers and 15,000 websites and mobile applications.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

ThreatMetrix Delivers Frictionless Authentication for Financial Institutions to Minimize Costly Multi-Factor Authentication and Improve the Online Customer Experience

Posted on January 28th, 2015 by Dan Rampe

Standard-Header---Logo-Ken

ThreatMetrix Offers Alternatives to RSA’s Outdated Adaptive Authentication through Its Risk-Based Authentication Solution

San Jose, CA – January 28, 2015 – ThreatMetrix®, the fastest-growing provider of context-based security and advanced fraud prevention solutions, today announced enhancements to its existing multi-factor authentication (MFA) solutions for financial services institutions to provide frictionless customer logins, decrease operational costs and improve cybercrime detection.

In online and mobile banking, a frictionless customer experience is critical to keeping customers. Unfortunately, many financial institutions rely on outdated MFA systems like RSA’s Adaptive Authentication that require excessive step-up challenges for trusted customers to access their accounts, adding significant friction and frustration. These excessive step-up authentication requirements were shown to have trusted customer step-up failure rates of more than 33% according to analysis from banking login data processed by the ThreatMetrix® Global Trust Intelligence Network (The Network).

“Many financial institutions have trouble authenticating returning, trusted customers due to simple changes in a customer’s environment,” said Ken Jochims, director of product marketing at ThreatMetrix. “Clearing cookies, changing browsers or using a VPN for web access at a coffee shop are everyday occurrences that can cause legacy security solutions from vendors like RSA or Actimize to request step-up authentication. ThreatMetrix’s frictionless authentication solution offers a proven alternative for financial institutions to improve customer satisfaction and increase revenue.”

In contrast to the design of many legacy MFA solutions, ThreatMetrix can easily support financial institution authentication requirements and provide trusted customers access without excessive step-up authentication. Financial institutions require secure, accurate authentication, in real time without annoying customers or creating false positives. ThreatMetrix delivers this through a shared global intelligence network that provides real-time risk analysis based on billions of web and mobile transactions – something never envisioned by first-generation security solutions.

ThreatMetrix has been deployed to enhance in-place security solutions from companies like RSA and Actimize, successfully minimizing step-up challenges and improving the customer experience. One of ThreatMetrix’s large North American banking customers successfully enhanced its RSA on-premise solution by adding intelligent customer authentication. Customer experience is a critical business metric for this multinational bank that provides online and mobile account access in addition to 1,000 branch offices. The bank provides retail and commercial banking, wealth management and insurance services to more than 22 million customers. Its ThreatMetrix solution improved both step-up related customer experience issues and reduced step-up operational expenses along with the support issues they created.

“ThreatMetrix can determine trusted customers logins in real time by analyzing devices and identities based on activity we’ve seen in The Network,” said Jochims. “We only require a step-up if very unusual behavior is detected, such as flagging a device that has been identified as suspicious from any of the 15,000 websites and mobile applications we protect or flagging an identity used across an excessive number of devices or locations over a short period of time. Solutions provided by companies like RSA and Actimize may have been acceptable a decade ago, when there was less online activity, mobile devices didn’t exist and consumers weren’t routinely using smart devices in place of computers. Now financial institutions need to look at the bigger picture, using contextual factors derived from a global intelligence network to quickly identify trusted users from cybercriminals.”

ThreatMetrix authenticates customer access to browser and mobile-based banking applications using real-time identity and access analytics that leverage the world’s largest shared global trust intelligence network. The solution protects financial web and mobile applications against account takeover, payment fraud, and fraudulent account registrations as a result of stolen credentials obtained from malware, social engineering, phishing and data breaches.

ThreatMetrix Resources

About ThreatMetrix

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations resulting from malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 850 million monthly transactions and protects more than 210 million active user accounts across 3,000 customers and 15,000 websites and mobile applications.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

© 2015 ThreatMetrix. All rights reserved. ThreatMetrix, TrustDefender ID, TrustDefender Cloud, TrustDefender Mobile, TrustDefender Client, the TrustDefender Cybercrime Protection Platform, ThreatMetrix Labs, and the ThreatMetrix logo are trademarks or registered trademarks of ThreatMetrix in the United States and other countries. All other brand, service or product names are trademarks or registered trademarks of their respective companies or owners.

Media Contacts

Dan Rampe
ThreatMetrix
Tel: 408-200-5716
Email: drampe@threatmetrix.com

Beth Kempton
Walker Sands Communications
Tel: 312-241-1178
Email: beth.kempton@walkersands.com

ThreatMetrix 2014: Great. ThreatMetrix 2015: Greater.

Posted on January 27th, 2015 by Dan Rampe

Standard-Header-Reed

With the Largest Shared Intelligence Network on the Planet, ThreatMetrix Continues Setting New Milestones, Growing, and Making Strategic Hires to Add to Its Success

What can you expect from ThreatMetrix in 2015? More of what you’ve come to expect from the company which operates the world’s largest shared intelligence network, the ThreatMetrix Global Trust Intelligence Network, The Network.

Processing one billion transactions every month

Through analysis of the collective intelligence provided by The Network, ThreatMetrix protects 210 million active user accounts doing more than 850 million transactions each month. By the end of Q1 2015, it’s anticipated that The Network will process more than one billion transactions per month with 40 percent initiated from mobile devices.

Authentication without compromising privacy

The Network provides comprehensive anonymized information to determine context-based risk authentication – without compromising consumer privacy.

Largest brands and companies trust ThreatMetrix

“Many of the world’s largest brands and companies trust ThreatMetrix to help protect their business operations from cybercriminals in real time,” said Reed Taussig, president and CEO at ThreatMetrix. “The global cybercrime landscape is continuously evolving, with new bad actors, technology and organization, and the only way to prevail against these threats is with a collective network that leverages data from across a global information base.”

2014’s many memorable achievements

Throughout 2014, ThreatMetrix made significant advances in cybercrime prevention and growth, including:

  • Global expansion – Spearheaded by the growth of its European data center providing faster and more accurate fraud screenings for international customers, ThreatMetrix has seen its business double year-over-year in Europe. Additionally, the company opened a new office in Tokyo, doubling its staff in Asia and signing a number of key accounts in the Asia-Pacific (APAC) region.

“As a company, we anticipate significantly increasing investment in our Asian business in 2015,” said Taussig. “In the past year, we signed several major Asian e-commerce companies. We’ve hired seasoned regional management for the APAC region, as well as other international markets, and expect to see continued growth in the coming year.”

  • The Network – In September, ThreatMetrix announced that The Network – the largest independent, federated intelligence network of anonymized, privatized data – surpassed 850 million monthly transactions. The expansion of The Network enables ThreatMetrix to analyze and protect even more online transactions and activity, especially mobile-based transactions. By analyzing device, identity and behavioral data in real time, ThreatMetrix can quickly identify cybercriminals attempting to create fraudulent new accounts, takeover existing accounts or execute card-not-present (CNP) fraud. Additionally, this analysis provides a competitive advantage by allowing trusted customers frictionless account and transaction access while keeping costs low by greatly reducing the use of step-up or out-of-band authentication.

“United we stand, divided we fall” said Taussig. “The only way to combat highly organized, well-funded cybercriminals is by sharing cybercrime intelligence within and across industries. That is exactly what we’re trying to accomplish through The Network.”

  • New products and technologies – Significant investments in The Network and the ThreatMetrix TrustDefender Cybercrime Protection Platform contributed to the company’s success in 2014. With its Spring and Fall Releases, ThreatMetrix combined sophisticated trust analytics with improved behavior intelligence and enriched its context-based authentication through additions such as PersonaID, Trust Tags, PersonaDB and Smart ID 2. Additionally, the company received a patent for accurately differentiating between trusted customers and cybercriminals across mobile and web interactions.
  • Company evolution – In 2014, ThreatMetrix completed its transition as the leading provider of advanced fraud prevention and frictionless context-based security solutions. The company has made advancements in its field by leveraging the power of The Network to enable frictionless, context-based authentication to prevent unauthorized access to enterprise applications without damaging the user experience for good customers.
  • Funding – In March, ThreatMetrix announced that it closed a Series E round of financing led by Adams Street Partners. The investment round brought in $20 million in capital, with all existing ThreatMetrix institutional investors participating in the investment.
  • Rise of mobile – From Thanksgiving Day through Cyber Monday, mobile accounted for 39 percentof all transactions across The Network. By the 2015 holiday shopping season, ThreatMetrix predicts this number will surpass 50 percent.
  • Record transaction volume – Year-over-year from 2013 to 2014, transaction volumes in The Network increased by more than 80 percent, from 3.8 billion to 6.9 billion. Currently, ThreatMetrix experiences transaction volumes of more than 1,000 transactions per second and expects that number to double in 2015.
  • Billings and Customer Growth – ThreatMetrix continues to experience double-digit annual billings growth and the company more than doubled its customer base in 2014 through direct sales effort and in conjunction with its extensive global partner channel.
  • SaaS recurring revenue model – ThreatMetrix’s outstanding financial performance is driven largely by its high customer retention. Through recurring revenue, ThreatMetrix is able to sustain and grow its global shared intelligence to provide the highest level of context-based authentication and fraud prevention possible.
  • Ping Identity Integration – In June, ThreatMetrix announced its integration with Ping Identity’s PingFederate® identity bridge. The combined solution provides context-based authentication for enterprises with secure, transparent and frictionless access for mobile and online users.

“At ThreatMetrix, we are continuously aggressive in terms of adding partnerships that can provide our customers with enhanced services and capabilities,” said Taussig.

  • OFAC Regulations – To ensure companies can easily stay compliant with the Office of Foreign Assets Control (OFAC) regulations, ThreatMetrix began an initiative to allow businesses to stop transactions originating from embargoed or restricted countries by accurately identify user locations, even if advanced location cloaking technology is being used.
  • ThreatMetrix Cybercrime Report – In 2014, ThreatMetrix began the release of its quarterly report outlining the landscape of cybercrime through data from The Network. The report offers a representative summary of activity across industries identifying the types of attack methods used to perpetrate account creation, payment and login fraud.
  • New and existing markets – While continuing its success in the global financial services market, global e-commerce market and media industries, among others, ThreatMetrix also entered the online gaming market in 2014. It plans to expand its presence in the insurance and healthcare markets in 2015.
  • Strategic management hires – ThreatMetrix increased its staffing by 61 percent in 2014, which was reflected in its strategic hiring of key management, including Pascal Podvin as General Manager for U.S. and EMEA and Gene Kuo as vice president and General Manager of Asia Pacific.
  • ThreatMetrix 2014 Cybercrime Prevention Summit – Themed “Building Trust on the Internet,” the ThreatMetrix 2014 Cybercrime Prevention Summit saw a record number of attendees, bringing together more than 250 industry and cybersecurity experts from around the globe to discuss strategies to make the Internet safer for businesses and consumers alike.
  • Awards – ThreatMetrix won almost one dozen industry awards, including a Gold Stevie Award in “New Product or Service of the Year – Security Solution” category and a Silver Award in the “Most Innovative Tech Company of the Year – Computer Software” category in the 12th Annual American Business Awards; Gold Awards as “Innovative Company of the Year” and “Integrated Security (Software) Innovation” in the Golden Bridge Awards; Named to the “100 Most Promising Technology Companies in the U.S.” by CIOReview; Recognized as a Silver Winner in the “Enterprise Product of the Year – Software” Category by the Best in Biz Awards 2014 International; Judges’ Choice for “Best Overall Fraud/Security Solution” at the 2014 CardNotPresent.com (CNP) Awards for the ThreatMetrix TrustDefender Cybercrime Protection Platform, among others.

A final word from Reed Taussig

“ThreatMetrix’s accomplishments in 2014 are helping us pave the way to a truly collective approach to cybercrime through the power of The Network,” said Taussig. “We have ambitious goals to continue our growth in many of the major industries affected by cybercrime – including financial services, e-commerce and media – and we anticipate tremendous strides in combatting cybercrime in those industries as well as new industries throughout 2015.”

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations resulting from malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 850 million monthly transactions and protects more than 210 million active user accounts across 3,000 customers and 15,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

 

 

ThreatMetrix Enters 2015 Protecting Online Transactions Against Cybercrime with the Largest Shared Intelligence Network Available

Posted on January 27th, 2015 by Dan Rampe

Standard-Header-Reed

Significant Growth of The ThreatMetrix® Global Trust Intelligence Network, Global Expansion and Strategic Hires Positions ThreatMetrix for Continued Success in 2015

San Jose, CA – January 27, 2015 – ThreatMetrix®, the fastest-growing provider of context-based security and advanced fraud prevention solutions, today announced several of its 2014 milestones and its expectations for the company in the coming year.

Through analysis of the collective intelligence provided by the ThreatMetrix™ Global Trust Intelligence Network (The Network), the company protects 210 million active user accounts creating more than 850 million transactions each month. The Network provides the most comprehensive anonymized information available to determine context-based risk authentication – without compromising consumer privacy. By the end of Q1 2015, ThreatMetrix anticipates The Network will process more than one billion transactions each month, with up to 40 percent of those transactions initiating from mobile devices.

“Many of the world’s largest brands and companies trust ThreatMetrix to help protect their business operations from cybercriminals in real time,” said Reed Taussig, president and CEO at ThreatMetrix. “The global cybercrime landscape is continuously evolving, with new bad actors, technology and organization, and the only way to prevail against these threats is with a collective network that leverages data from across a global information base.”

Throughout 2014, ThreatMetrix made significant advances in cybercrime prevention and company growth, including:

  • Global expansion – ThreatMetrix greatly expanded its presence globally, spearheaded by the growth of its European data center to provide faster and more accurate fraud screenings for its international customers, enabling its business to double year-over-year in Europe. Additionally, the company opened a new office in Tokyo, doubled its staff in Asia and signed a number of key accounts in the Asia-Pacific (APAC) region.

“As a company, we anticipate significantly increasing investment in our Asian business in 2015,” said Taussig. “In the past year, we signed several major Asian e-commerce companies. We’ve hired seasoned regional management for the APAC region, as well as other international markets, and expect to see continued growth in the coming year.”

  • The Network – In September, ThreatMetrix announced that The Network – the largest independent, federated intelligence network of anonymized, privatized data – surpassed 850 million monthly transactions. The expansion of The Network enables ThreatMetrix to analyze and protect even more online transactions and activity, especially surrounding mobile-based transactions. By analyzing device, identity and behavioral data in real time, ThreatMetrix can quickly identify cybercriminals attempting to create fraudulent new accounts, takeover existing accounts or execute card-not-present (CNP) fraud. Additionally, this analysis provides a competitive advantage by allowing trusted customers frictionless account and transaction access while keeping costs low by greatly reducing the use of step-up or out-of-band authentication.

“United we stand, divided we fall” said Taussig. “The only way to combat highly organized, well-funded cybercriminals is by sharing cybercrime intelligence within and across industries. That is exactly what we’re trying to accomplish through The Network.”

  • New products and technologies – Significant investments in The Network and the ThreatMetrix TrustDefender™ Cybercrime Protection Platform contributed to the company’s success in 2014. With its Spring and Fall Releases, ThreatMetrix combined sophisticated trust analytics with improved behavior intelligence and enriched its context-based authentication through additions such as PersonaID, Trust Tags, PersonaDB and Smart ID 2. Additionally, the company received a patent for its ability to accurately differentiate between trusted customers and cybercriminals across mobile and web interactions.
  • Company evolution – In 2014, ThreatMetrix completed its transition as the leading provider of advanced fraud prevention and frictionless context-based security solutions. The company has made advancements in its field by leveraging the power of The Network to enable frictionless, context-based authentication, which prevents unauthorized access to enterprise applications without damaging the user experience for good customers.
  • Funding – In March, ThreatMetrix announced that it closed a Series E round of financing led by Adams Street Partners. The investment round brought in $20 million in capital, with all existing ThreatMetrix institutional investors participating in the investment.
  • Rise of mobile – From Thanksgiving Day through Cyber Monday, mobile accounted for 39 percentof all transactions across The Network. By the 2015 holiday shopping season, ThreatMetrix predicts this number will surpass 50 percent.
  • Record transaction volume – Year-over-year from 2013 to 2014, transaction volumes in The Network increased by more than 80 percent, from 3.8 billion to 6.9 billion. Currently, ThreatMetrix experiences transaction volumes of more than 1,000 transactions per second and expects that number to double in 2015.
  • Billings and Customer Growth – ThreatMetrix continues to experience double-digit annual billings growth and more than doubled its customer base in 2014 through its direct sales effort and in conjunction with its extensive global partner channel.
  • SaaS recurring revenue model – ThreatMetrix’s outstanding financial performance is driven largely by its high customer retention. Through recurring revenue, ThreatMetrix is able to sustain and grow its global shared intelligence to provide the highest level of context-based authentication and fraud prevention possible.
  • Ping Identity Integration – In June, ThreatMetrix announced its integration with Ping Identity’s PingFederate® identity bridge. The combined solution provides context-based authentication for enterprises with secure, transparent and frictionless access for mobile and online users.

“At ThreatMetrix, we are continuously aggressive in terms of adding partnerships that can provide our customers with enhanced services and capabilities,” said Taussig.

  • OFAC Regulations – To ensure companies can easily stay compliant with the Office of Foreign Assets Control (OFAC) regulations, ThreatMetrix began an initiative to allow businesses to stop transactions originating from embargoed or restricted countries by accurately identify user locations, even if advanced location cloaking technology is being used.
  • ThreatMetrix Cybercrime Report – In 2014, ThreatMetrix began the release of its quarterly report outlining the landscape of cybercrime through data from The Network. The report offers a representative summary of activity across industries identifying the types of attack methods used to perpetrate account creation, payment and login fraud.
  • New and existing markets – While continuing its success in the global financial services market, global e-commerce market and media industries, among others, ThreatMetrix also entered the online gaming market in 2014. It plans to expand its presence in the insurance and healthcare markets in 2015.
  • Strategic management hires – ThreatMetrix increased its staffing by 61 percent in 2014, which was reflected in its strategic hiring of key management, including Pascal Podvin as General Manager for U.S. and EMEA and Gene Kuo as vice president and General Manager of Asia Pacific.
  • ThreatMetrix 2014 Cybercrime Prevention Summit – Themed “Building Trust on the Internet,” the ThreatMetrix 2014 Cybercrime Prevention Summit saw a record number of attendees, bringing together more than 250 industry and cybersecurity experts from around the globe to discuss strategies to make the Internet safer for businesses and consumers alike.
  • Awards – ThreatMetrix won almost one dozen industry awards, including a Gold Stevie® Award in “New Product or Service of the Year – Security Solution” category and a Silver Award in the “Most Innovative Tech Company of the Year – Computer Software” category in the 12th Annual American Business Awards; Gold Awards as “Innovative Company of the Year” and “Integrated Security (Software) Innovation” in the Golden Bridge Awards; Named to the “100 Most Promising Technology Companies in the U.S.” by CIOReview; Recognized as a Silver Winner in the “Enterprise Product of the Year – Software” Category by the Best in Biz Awards 2014 International; Judges’ Choice for “Best Overall Fraud/Security Solution” at the 2014 CardNotPresent.com (CNP) Awards for the ThreatMetrix TrustDefender Cybercrime Protection Platform, among others.

“ThreatMetrix’s accomplishments in 2014 are helping us pave the way to a truly collective approach to cybercrime through the power of The Network,” said Taussig. “We have ambitious goals to continue our growth in many of the major industries affected by cybercrime – including financial services, e-commerce and media – and we anticipate tremendous strides in combatting cybercrime in those industries as well as new industries throughout 2015.”

ThreatMetrix Resources

About ThreatMetrix

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations resulting from malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 850 million monthly transactions and protects more than 210 million active user accounts across 3,000 customers and 15,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

© 2015 ThreatMetrix. All rights reserved. ThreatMetrix, TrustDefender ID, TrustDefender Cloud, TrustDefender Mobile, TrustDefender Client, the TrustDefender Cybercrime Protection Platform, ThreatMetrix Labs, and the ThreatMetrix logo are trademarks or registered trademarks of ThreatMetrix in the United States and other countries. All other brand, service or product names are trademarks or registered trademarks of their respective companies or owners.

Media Contacts

Dan Rampe
ThreatMetrix
Tel: 408-200-5716
Email: drampe@threatmetrix.com

Beth Kempton
Walker Sands Communications
Tel: 312-241-1178
Email: beth.kempton@walkersands.com

 

Happy Data Privacy Day. Keep It Under Your Hat.

Posted on January 26th, 2015 by Dan Rampe

Standard-Header---Logo-Faulkner

In Conjunction with Data Privacy Day, ThreatMetrix Offers Strategies to Help Business Protect Privacy, Secure Data and Build Trust on the Internet.

Little more than a week after the President’s State of the Union call for vastly improved cybersecurity and privacy measures comes Data Privacy Day.

Coordinated and led by the National Cyber Security Alliance (NCSA), Data Privacy Day is held each year on January 28th to raise international awareness and empower individuals and businesses to better protect their privacy. This year’s theme is “Respecting Privacy, Safeguarding Data and Enabling Trust.”

ThreatMetrix Data Privacy Day Champion

For its third consecutive year, ThreatMetrix has signed on as a Data Privacy Day Champion, supporting the ideal that individuals, organizations, business and government all share the responsibility to be aware of data privacy challenges.

Cybersecurity on both Democratic and Republican agendas

The State of the Union address made it clear that cybersecurity is an urgent and growing concern for government, business, consumers, students — everyone. And, it is at least one thing that both parties agree on.

Privacy Bill of Rights

The proposed Privacy Bill of Rights would let consumers decide what personal data could be collected by companies and how the data would be used. Under the proposed legislation consumers could prohibit companies which collect data for one purpose to use it for another. These changes have the potential to significantly impact the way businesses process customer data.

Alisdair Faulkner, ThreatMetrix’s chief products officer

“The only way we can build trust on the Internet is through better control of the consumer data processed online. Obama’s proposed Privacy Bill of Rights will raise the bar for privacy protections, keeping all companies no matter where they reside to the same standards. It may seem backwards, but to build trust, businesses and government entities need to increase data sharing while ensuring privacy. This means implementing security solutions that share data in real time, but preserve customer privacy through encryption and tokenization.”

Businesses may have the will, but no way to ensure privacy and security

Many businesses are well-intentioned, but they lack the resources or knowledge to protect their customers’ privacy and data. And, through their use of stolen identities, compromised devices, and masked IP addresses, cybercriminals are often virtually impossible to locate or stop without special skill and resources.

Alisdair Faulkner

“All businesses, regardless of industry, need efficient, automated processes for fraud detection and customer notification,” said Faulkner. “Any company that uses some form of online user authentication is now going to be held accountable for at least a minimal level of protecting customer privacy. The proposed Privacy Bill of Rights requires customers be notified by businesses about a data breach within 30 days, but cybercriminals can take data in the blink of an eye. Thirty days gives cybercriminals an eternity to monetize that information. Ideally, businesses need to be able to measure unauthorized access in real time, address the problem and notify customers immediately.”

ThreatMetrix strategies businesses can implement for combating cybercrime while building trust online:

  • Digital Identity Proofing–Traditional identity verification technologies, e.g. challenge questions, rely on personal information that has already been breached and in the hands of the criminals they are trying to vet. Businesses need a different approach. By analyzing global patterns of identity usage, including locations, devices, accounts, transactions and associations over time, it’s possible to factor in all aspects of a user’s behavior without putting artificial speed-bumps in his/her path.
  • Secure Anonymized Shared Intelligence– You have to have a network to fight a network. Additionally, you need “privacy by design” built into the ecosystem. Intelligence networks must anonymize and secure data not just from outside attacks, but also internal theft and social engineering attacks. Legal restrictions, such as those proposed by the President will fail to protect consumer data if not backed by solid technology and processes.
  • Endpoint Threat Intelligence – To differentiate between trusted users and cybercriminals, businesses must consider the context of every access attempt and transaction from each user. Whether initiated by a customer or an employee, businesses have to establish the credibility of the transaction in real time based on the full context of the user’s identity, behavior over time and device threats. These threats include Man-in-the-Middle and Man-in-the-Browser attacks, account compromises, bots, proxies, and location and transaction anomaly screening to determine the level of authentication and authorization required to process the request.

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations resulting from malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 850 million monthly transactions and protects more than 210 million active user accounts across 3,000 customers and 15,000 websites and mobile applications.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

 

 

ThreatMetrix Shares Strategies for Businesses to Protect Privacy, Safeguard Data and Build Trust on the Internet in Alignment with Data Privacy Day

Posted on January 26th, 2015 by Dan Rampe

Standard-Header---Logo-Faulkner

Following President Obama’s State of the Union Address, Businesses Must Increase Data Sharing to Protect Consumer Privacy While Combatting Fraud

San Jose, CA – January 26, 2015 – ThreatMetrix®, the fastest-growing provider of context-based security and advanced fraud prevention solutions, today announced its alignment with Data Privacy Day by outlining strategies for businesses to build trust on the Internet through better cybersecurity measures without compromising consumer privacy.

Coordinated and led by the National Cyber Security Alliance (NCSA), Data Privacy Day is held each year on January 28 to raise international awareness and empower individuals and businesses to better protect their privacy, centered on the theme of “Respecting Privacy, Safeguarding Data and Enabling Trust.” For its third consecutive year, ThreatMetrix has signed on as a Data Privacy Day Champion, supporting the ideal that individuals, organizations, business and government all share the responsibility to be aware of data privacy challenges.

During President Obama’s State of the Union address last week, it was clear that cybersecurity is an urgent and growing concern among the U.S. government and its citizens. The proposed Privacy Bill of Rights would allow consumers to decide what pieces of their personal data are collected by companies and decide how that data is used. The legislation would also enable consumers to prohibit companies that collect their data for one purpose to use it for another. These changes have the potential to significantly impact the way businesses process customer data.

“The only way we can build trust on the Internet is through better control of the consumer data processed online,” said Alisdair Faulkner, chief products officer at ThreatMetrix. “Obama’s proposed Privacy Bill of Rights will raise the bar for privacy protection, keeping all companies no matter where they reside to the same standards. It may seem backwards, but to build trust, businesses and government entities need to increase data sharing while ensuring privacy. This means implementing security solutions that share data in real time, but preserve customer privacy through encryption and tokenization.”

Many businesses lack the resources or knowledge to fulfill their responsibility of protecting customers’ privacy and data. Cybercriminals are often virtually impossible to locate due to the use of stolen identities, compromised devices, and masked IP addresses and many businesses simply don’t know how to stop those networks of fraudsters.

“All businesses, regardless of industry, need efficient, automated processes for fraud detection and customer notification,” said Faulkner. “Any company that uses some form of online user authentication is now going to be held accountable for at least a minimal level of protecting customer privacy. The proposed Privacy Bill of Rights requires customers be notified by businesses about a data breach within 30 days, but cybercriminals can take data in the blink of an eye. Thirty days gives cybercriminals an eternity to monetize that information. Ideally, businesses need to be able to measure unauthorized access in real time, address the problem and notify customers immediately.”

To help combat cybercrime while maintaining customer privacy to build trust online, ThreatMetrix has outlined several strategies for businesses to implement:

  • Digital Identity Proofing–Traditional identity verification technologies such as challenge questions rely on personal information that has already been breached and is in the hands of the cybercriminals. Businesses need to take a different approach and analyze global patterns of identity usage, including locations, devices, accounts, transactions and associations over time to consider all aspects of a user’s behavior without putting artificial speed bumps in the way of the customer.
  • Secure Anonymized Shared Intelligence– Businesses need a network to fight a network, but they also need “privacy by design.” Intelligence networks need to anonymize and secure data not only against outside attacks but also internal theft and social engineering attacks. Legal restrictions such as those proposed by Obama will fail to protect consumer data if not backed by advanced technology and processes.
  • Endpoint Threat Intelligence – To differentiate between trusted users and cybercriminals, businesses need to consider the context of every access attempt and transaction from each user. Whether initiated by a customer or an employee, businesses need to establish the credibility of the transaction in real time based on the full context of the user’s identity, behavior over time and device threats. These threats include man-in-the-middle and man-in-the-browser attacks, account compromise, bots, proxies, and location and transaction anomaly screening to determine the level of authentication and authorization required to process the request.

The most effective way for businesses to protect against cybercrime is through information sharing, leveraging an anonymized global data repository, such as the ThreatMetrix® Global Trust Intelligence Network (The Network), which analyzes over 850 million monthly transactions and protects more than 210 million active user accounts across 3,000 customers and 15,000 websites and mobile applications.

ThreatMetrix Resources

About ThreatMetrix

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations resulting from malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 850 million monthly transactions and protects more than 210 million active user accounts across 3,000 customers and 15,000 websites and mobile applications.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

© 2015 ThreatMetrix. All rights reserved. ThreatMetrix, TrustDefender ID, TrustDefender Cloud, TrustDefender Mobile, TrustDefender Client, the TrustDefender Cybercrime Protection Platform, ThreatMetrix Labs, and the ThreatMetrix logo are trademarks or registered trademarks of ThreatMetrix in the United States and other countries. All other brand, service or product names are trademarks or registered trademarks of their respective companies or owners.

Media Contacts

Dan Rampe
ThreatMetrix
Tel: 408-200-5716
Email: drampe@threatmetrix.com

Beth Kempton
Walker Sands Communications
Tel: 312-241-1178
Email: beth.kempton@walkersands.com

Lessons from the Oval Office: Sharing Global Trust to Fight Cyber Fraud

Posted on January 23rd, 2015 by Dan Rampe

Standard-Header-Tony

Lessons from the Oval Office: Sharing Global Trust to Fight Cyber Fraud

Do firms understand the value of co-operation? When it comes to cyber security and online fraud prevention I remain sceptical. Not because there aren’t risk managers and information security professionals out there who know that the best way of fighting back is by collecting and analysing more complete industry-wide sets of data. Rather, because too often they’re shouted down by their legal and corporate counterparts who think that the risks of sharing outweigh the reward of more effective fraud prevention.

Now, last week Barack Obama and David Cameron stood in the Oval Office and jointly announced a series of new measures designed to improve information sharing and intelligence co-operation on cyber issues. I say we should all take a leaf out of their book this coming year.

Stronger together

The U.S. and UK leaders agreed that the problems both countries are facing from a faceless, but determined and well-resourced enemy in cyber space required an equally bold response. They agreed to share best practices and standards for the benefit of organisations in both nations; to increase threat information sharing; and conduct joint cybersecurity and network defence exercises. Also on the cards is deeper collaboration between MI5, GCHQ and the NSA, with the establishment of a “joint cyber cell” which will co-locate operatives from both sides, in each country.

The U.S. and UK are two of the world’s most advanced nations when it comes to e-commerce, internet infrastructure and the provision of services online. They also both regard themselves as world leaders in cyber security best practice. So by foregoing that advantage to gain an even greater one through improved co-operation, Obama and Cameron are sending out a clear example that we should all follow.

On the front line

Unfortunately, away from the heady world of geopolitics, ordinary businesses are still reluctant to co-operate in the fight against online crime and fraud. There’s little formalised information sharing of fraud data, leaving even third party platforms lacking that critical mass of data they need to provide accurate fraud and risk scoring to clients.

On the one hand it’s understandable. After all, no-one wants to hand over information on their business or online defences which competitors could use against them – it could be disastrous. But even when reassured about the anonymity of any data sharing, there can be a cultural barrier which stops many firms. Part of it has to do with the fact that the UK and much of Europe still doesn’t have mandatory data breach notification laws, so the approach has always been to keep any online fraud or breach incidents a secret.

Tentative steps

Now there are signs of changing attitudes. An agreement between the European Banking Federation and Europol will help banks understand fraud patterns better and boost law enforcers’ efforts to track cyber criminals. The British Bankers Association, meanwhile, will provide its members with a Financial Crime Alerts Service (FCAS) using government and law enforcement data. In addition, Action Fraud has been set up as the UK’s centralised fraud and cyber crime reporting centre.

It’s a start, but there’s a long way to go and an awful lot to do.

Global trust, shared

At ThreatMetrix®, we firmly believe in the power of shared fraud intelligence. It’s what our Global Trust Intelligence Network is based upon. Every month it analyses behavioural, device and identity data and threat assessments from over 850 million transactions to determine whether they’re fraudulent or not. All data is anonymised to protect the reputation and privacy of our 3,000+ clients and their customers.

The beauty of this system is that the more clients and data we have to crunch, the more accurate we can be about connecting up global fraud patterns and making the right call on logins, payments, new account registrations and remote access attempts. The decision is made in real-time and is completely invisible to the user.

Sharing information needn’t mean giving away competitive advantage. If two global giants like the UK and U.S. can do it, we can too.

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 850 million monthly transactions and protects more than 210 million active user accounts across 3,000 customers and 15,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

 

 

 

Is Anywhere in the World Free from Payment Fraud?

Posted on January 22nd, 2015 by Dan Rampe

Taiwan

…NO. Taiwan’s Payment Fraud Is Four Times from What It Was in 2009. Lax Password Security Appears to Be a Major Factor

When it comes to cybersecurity, passwords have proven anything but effective. Alisdair Faulkner, ThreatMetrix’s Chief Products Officer, has been warning about their inherent weaknesses for years and dubbed the fallout from the many breaches they failed to prevent the “Password Apocalypse.”

So what’s worse than password protection? How about no protection at all?

Tsai Chin-lung, a legislator in Taiwan’s ruling Kuomintang (KMT) party observed that of the ten major web merchants based in Taiwan, only one, books.com.tw, asked consumers for password authentication when making a purchase. The other nine others, including PChome, Yahoo and Momo, requested only a credit card number and its three-digit security code.

Tsai added that of 37 major financial institutions surveyed, only seven required users’ credit card information and none required authentication before web transactions.

In her article on chinapost.com, Enru Lin discusses the alarming rise in online payment fraud and how Taiwan is facing the challenge. The following has been excerpted from her piece on chinapost.com and edited to fit our format. You may find the complete article by clicking on this link.

Fraud growing faster than online transactions

Kuomintang [Taiwan’s ruling party] Legislator Tsai Chin-lung said fraudulent web payments in Taiwan have been growing at a faster rate than total online transactions.

Citing data from the Ministry of Economic Affairs’ (MOEA) Institute for Information Industry, Tsai said web transactions rose from NT$295 billion in 2009 [9,366,250.00 USD] to NT$746.5 billion [23,701,375.00 USD] in 2013, a 2.5-fold increase.

Over the same period, web payment fraud rose from NT$54.77 million [1,738,947.50] to NT$268.94 million [8,538,845.00 USD or a] four-fold increase.

A call for standardized authentication

[Tsai] called on the central government to standardize authentication measures for both banks and online vendors — “a dual line of defense” — before rolling out third-party payment and other platforms for web commerce.

“The Financial Supervisory Commission has an obligation to create a safe environment for consumers,” he said.

The Executive Yuan’s (Cabinet’s) response

Chen Hsiang-yin, a section chief at the [Financial Supervisory Commission] FSC’s banking bureau, responded that the FSC already works closely with banks to maintain security [, adding that] fraud is not always due to banking vulnerabilities….

Banking security mechanisms already in place

Chen said many local banks have adopted security mechanisms that are exemplary, such as telephone confirmations for transactions and virtual accounts. “Based on my understanding, all banks have measures that secure transactions and the difference is only in form and degree,” she said.

Chen said the FSC will work with the Bankers Association of the Republic of China to publish a list of banks and the protection measures and security technologies they offer for online consumers.

Retailers base security on cost and compliance

Similarly, the MOEA’s Department of Commerce responded that while web merchants adopt different security mechanisms based on cost considerations, all merchants must comply with the standards of the Regulations Governing Institutions Engaging in Credit Card Business

The law stipulates that a merchant must ensure the accuracy of payment request data and maintain the confidentiality of the cardholder’s personal information, said Deputy Chief Chen Mi-shun

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 850 million monthly transactions and protects more than 210 million active user accounts across 3,000 customers and 15,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

 

 

 

 

 

 

 

“Pigs Fly” at State of the Union

Posted on January 21st, 2015 by Dan Rampe

State of the Union

In a Speech Full of Proposals Most Pundits Say Can’t Pass Congress, President’s Historic Cybersecurity Push Clear Exception

After the State of the Union, analysts of every stripe concluded that most of the President’s agenda would pass the Republican-controlled Congress “when pigs fly.” However, on one issue, pigs have grown wings and are soaring. And that’s cybersecurity, where the President’s call had both Republicans and Democrats standing and applauding.

In his wide-ranging article on thehill.com, Cory Bennett describes the President’s measures for increasing cybersecurity, which Bennett noted, “easily surpassed any previous cyber mention in specificity, breadth and urgency.” The following has been excerpted from Bennett’s story and edited to fit our format. You may find the complete piece by clicking on this link.

High on national security priorities

[Cybersecurity] was the third issue Obama mentioned while discussing national security during the speech. The president also hit nearly every aspect of the new White House cyber agenda, which was rolled out last week.

Bipartisan standing ovation

“No foreign nation, no hacker, should be able to shut down our networks, steal our trade secrets, or invade the privacy of American families, especially our kids,” Obama said to a bipartisan standing ovation.

Information sharing

The administration’s legislative cyber proposals include measures intended to facilitate cyber threat information-sharing between the public and private sectors; to protect student data; to raise the punishments for cyber crime; and to create a federal breach notification standard and nationwide cyber defense standards.

“We are making sure our government integrates intelligence to combat cyber threats, just as we have done to combat terrorism,” Obama said.

Bully pulpit promotion

The security industry and privacy advocates alike appreciated the president using one of the country’s biggest bully pulpits to promote national awareness of cybersecurity, even if they quibble with the administration’s policy specifics.

Roughly 33 million viewers watch the State of the Union each year….

Republicans join in

“I welcome him to the conversation,” said Rep. Michael McCaul (R-Texas), chairman of the House Homeland Security Committee. “Confronting the cyber threat has been a priority of mine for the past 10 years.”

Attention now turns to those same lawmakers, as the White House looks for allies to introduce its legislative offerings.

“Tonight, I urge this Congress to finally pass the legislation we need to better meet the evolving threat of cyber-attacks, combat identity theft, and protect our children’s information,” Obama said.

“That should be a bipartisan effort,” he added, going off script briefly.

Sen. Bill Nelson (D-Fla.), the ranking member on the Senate Commerce Committee, has already said he will introduce a data breach notification bill that closely resembles the White House proposal.

National breach notification proposed

It would require companies to notify consumers within 30 days that their information had been breached. Companies would also have to notify the government of certain breaches and adhere to cybersecurity standards set by the Federal Trade Commission.

Rep. Jim Langevin (D-R.I.), co-chair of the Congressional Cybersecurity Caucus, said after the speech that he will soon introduce a House version of the president’s data breach proposal.

“I am particularly excited to see cybersecurity come center stage in the State of the Union and in the public dialogue,” he added.

A bone of contention

The most contentious issue will be Obama’s proposal to enhance cybersecurity information-sharing between the government and private sector. The offering would provide limited liability protections for companies sharing cyber threat indicators with the Department of Homeland Security.

The measure has been at the top of industry group’s cyber wish list for years. But cybersecurity firms caution that a rushed, non-specific bill could prove ineffective. “How are you going to implement limited liability?” Cole wondered. “What does that mean?”

Privacy advocates worry those same vagaries could give the government another way to collect personal information on U.S. citizens. They’ve pushed for National Security Agency (NSA) reform to come before any cyber information sharing bill.

Increased transparency, but privacy advocates wary

Obama insisted he would not let NSA reform fall to the wayside. “While some have moved on from the debates over our surveillance programs, I haven’t,” he said. “As promised, our intelligence agencies have worked hard, with the recommendations of privacy advocates, to increase transparency and build more safeguards against potential abuse.”

Privacy advocates remained wary after hearing Obama’s remarks.

“It’s heartening that President Obama’s address focused on Americans’ privacy, but the only way to fulfill that promise is to pass surveillance reform before taking up cyber [info sharing] legislation,” said Robyn Greene, policy counsel for the Open Technology Institute.

Not all sunshine

Different committees have pushed their own sharing proposals, creating intra-party squabbles and jurisdictional turf wars. Key Democrats on cyber issues have also broken with the White House on their own cyber threat sharing bills.

Rep. Dutch Ruppersberger (D-Md.) recently reintroduced the Cyber Intelligence Sharing and Protection Act (CISPA), which would enable sharing between the private sector and the NSA, not the DHS.

Senate Intelligence Committee ranking member Dianne Feinstein (D-Calif.) was also a big proponent of a Senate version of CISPA last Congress.

Well some sunshine

The two recently installed chairmen on the Senate Intelligence Committee and Senate Homeland Security and Governmental Affairs Committee will play a big role in setting the legislative agenda. Both Intelligence Chairman Richard Burr (R-N.C.) and Homeland Security Chairman Ron Johnson (R-Wis.) have indicated they’re willing to work with the White House on a joint cyber proposal.

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 850 million monthly transactions and protects more than 210 million active user accounts across 3,000 customers and 15,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.