ThreatMetrix to Speak and Sponsor at 2014 ISMG Fraud Summit San Francisco

Posted on April 23rd, 2014 by Dan Rampe

Andreas Baumhof, ThreatMetrix CTO, to Participate in a Panel on Big Data Analytics and Fraud Detection

San Jose, CA – April 23, 2014 – ThreatMetrix®, the fastest-growing provider of context-based security and advanced fraud prevention solutions, today announced it is speaking and sponsoring at the at the 2014 Information Security Media Group (ISMG) Summit San Francisco, April 29 at the San Francisco Mariott Marquis.

The ISMG Fraud Summit series features one-day summits in major cities across North America and the United Kingdom, including San Francisco, Chicago, Toronto, London, New York, Orlando and Dallas. At the summits, fraud and cybersecurity thought leaders will have the opportunity to network and address key issues including account takeover fraud losses and trends, emerging mobile banking risks and insider threats.

Attendees at each summit will also benefit from earning up to eight hours of continuing professional education (CPE credits) and receiving exclusive research on emerging threats and countermeasures.

Andreas Baumhof, chief technology officer at ThreatMetrix, will participate in a panel at the summit titled “Big Data Analytics & Fraud Detection.” The panel, moderated by ISMG Executive Editor Tracy Kitten, will address how big data can help institutions discover anomalous behavior and expose fraudulent activity. Attendees will learn how to create an effective combination of expertise, experience and solutions to make meaningful sense of big data for fraud prevention and detection.

“Given recent data breaches – including Target, Neiman Marcus and Michaels – and other threats such as the Heartbleed vulnerability, businesses need advanced fraud prevention and context-based security solutions to protect against today’s sophisticated cybercriminals,” said Baumhof. “ThreatMetrix leverages big data to enable its customers to share threat data across business boarders in real time and I look forward to sharing this collective approach to cybersecurity with ISMG Fraud Summit attendees.”

ThreatMetrix enables its customers to use big data analytics to their advantage through the ThreatMetrix TrustDefender™ Cybercrime Protection Platform, which leverages more than 500 million monthly transactions in the ThreatMetrix® Global Trust Intelligence Network to differentiate between authentic and fraudulent activity. The company recently enhanced its big data analytics with the ThreatMetrix® Spring 2014 Release, which offers unprecedented trust analytics. This enables businesses and enterprises to improve identity authentication policies by comparing against global benchmarks derived from peers in their industry, the size and scale of the business, geographic location and more.

To register for the ISMG Fraud Summit San Francisco, visit http://www.ismgcorp.com/fraud-summit/san-francisco/registration.

About ThreatMetrix

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 500 million monthly transactions and protects more than 160 million active user accounts across 2,500 customers and 10,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

© 2014 ThreatMetrix. All rights reserved. ThreatMetrix, TrustDefender ID, TrustDefender Cloud, TrustDefender Mobile, TrustDefender Client, the TrustDefender Cybercrime Protection Platform, ThreatMetrix Labs, and the ThreatMetrix logo are trademarks or registered trademarks of ThreatMetrix in the United States and other countries. All other brand, service or product names are trademarks or registered trademarks of their respective companies or owners.

Media Contacts
Dan Rampe
ThreatMetrix
Tel: 408-200-5716
Email: drampe@threatmetrix.com

Beth Kempton
WalkerSands Communications
Tel: 312.241.11178
Email: beth.kempton@walkersands.com

Why Doesn’t Anybody Fire Those Responsible for Heartbleed Getting by OpenSSL? Because Nobody Hired Them! Just a Few Volunteers Maintain This Critical Software.

Posted on April 23rd, 2014 by Dan Rampe

Heartbleed

When the Heartbleed glitch left hackers a wide-open back door in OpenSSL, the software that protects banks, email, social media, government and just about everything else online, it even got the attention of people who were still using Windows 95.

No one has a handle on how much damage may have been caused. Or if the majority of cybercriminals were as clueless about the Heartbleed flaw as the rest of us. One thing is certain. Heartbleed virtually had the entire virtual world in crisis mode. And when an event of this magnitude occurs, there is always a call for finding out who’s responsible and making them pay. So why hasn’t this happened?

Writing on money.cnn.com, Jose Pagliery explains who was holding their fingers in the dike and why holding them (the people, not their fingers) responsible would be like blaming a friend who was house-sitting for a burglary that took place while he was at work. (Note: the following has been modified to fit our format.)

They’re all volunteers. And only one does it as a full-time job.

Their labor of love is OpenSSL, a free program that secures a lot of online communication. And it was a tiny coding slip-up two years ago that caused the Heartbleed bug, a hole that allows attackers to peer into computers. The bug forced emergency changes last week at major websites like Facebook, Google and Yahoo.

But security experts say OpenSSL is severely underfunded, understaffed and largely ignored.

The bug wasn’t caught until recently, because the OpenSSL Software Foundation doesn’t have the resources to properly check every change to the software, which is now nearly half a million lines of code long. And yet that program guards a vast portion of our commerce and government — including weapon systems and smartphones, the foundation claims.

“The mystery is not that a few overworked volunteers missed this bug; the mystery is why it hasn’t happened more often,” Steve Marquess, the foundation’s president, said in an open letter.

When weighed against its critical importance to Internet security, OpenSSL has a shoestring budget. It has never received more than $1 million a year, Marquess said. The only federal support listed online was a single $20,000 renewal contract from the Department of Defense.

While the foundation receives money from the Department of Homeland Security, Citrix and others, the vast majority of its funding is from specific work-for-hire contracts. A company wants a certain feature added here, a specific function there. It keeps developers busy. But Marquess said there’s no money going toward reviewing the code or performing audits.

In fact, the only person working on this full-time is Stephen Henson, an extremely private mathematician living in England who referred to Marquess for comment. Only a handful of other developers pitch in with any consistency, and Marquess told CNN their total labor amounts to maybe two full-time workers.

Even in the aftermath of Heartbleed, the foundation has received only $9,000 — sparking Marquess to publicly call out companies that use OpenSSL for free.

“I’m looking at you, Fortune 1000 companies,” he wrote.

In the wake of Heartbleed, this lack of funding for OpenSSL may prove a wake-up call.

Startups and major corporations frequently use open-source software because it’s freely distributed and costs nothing. But they rarely contribute back in dollars or donated time. Without significant outside help — donating dedicated staff and money without strings attached — open-source projects like this are at risk of fizzling out or blowing up in our faces, said Azorian Cyber Security founder Charles Tendell.

“If you bought your car and knew it was put together by volunteers, how would you feel about that?” Tendell asked.

A select few firms provide some help. Facebook and Microsoft sponsor bug bounties via the HackerOne program — essentially paying hackers to find mistakes that need fixing. And it was a Google security researcher, Neel Mehta, who discovered the Heartbleed bug.

Others are convinced it’s time to chip in. The initial response by Marc Gaffan, cofounder of cloud-security provider Incapsula, was: “What do you expect? You got this for free. You get what you pay for.” But it turns out his company relies on OpenSSL too. When asked if he would lead by example, Gaffan promised his firm would make its first donation.

This recent scare has gotten the White House’s attention. The Obama administration is now “taking a hard look at widely used tools such as OpenSSL to see if there is more that the federal government needs to do — including supporting research and development,” said National Security Council spokeswoman Laura Lucas Magnuson.

There’s a catch, however. The government can only get so close without triggering fears that it’s actually undermining the security of online communications, especially after Edward Snowden’s disclosures about the National Security Agency’s extensive surveillance programs. Former NSA crypto engineer Randy Sabett, now a tech privacy attorney at the Cooley law firm, expects the open-source community will be apprehensive.

“The public does not want the government involved in the design of the commercial Internet,” he said. “They don’t want back doors put in.”

ThreatMetrix® builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 500 million monthly transactions and protects more than 160 million active user accounts across 2,500 customers and 10,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

You Don’t Have to Be Young, Old, Rich, Poor, Male or Female. Any Race, Religion or Nationality Will Do. You Don’t Even Have to Be Alive. Larry Magid on Identity Theft – and How to Avoid It.

Posted on April 22nd, 2014 by Dan Rampe

Center for Identity Theft

Technology columnist and commentator, Larry Magid, discusses what he learned at the Center for Identity’s ID 360 conference, where experts from around the world gathered to talk about identity theft and how not to become a victim. (The following has been edited to fit our format.)

Identity theft is a problem from cradle to grave, said Suzanne Barber, director of the Center for Identity Theft. “More and information is being asked for by different organizations,” she noted. “The book club asks for information along with the grocery store, and you’re left with a dilemma — ‘I want the services and access that these different originations provide but they want a lot of information about me.”‘

One thing you should avoid sharing, she said, is your Social Security number, which is very valuable to identity thieves. A lot of businesses ask for your Social Security number to verify your identity but there are often other ways to do this.

I give my Social Security number to banks when I open a new account because it’s a government requirement that they have it for tax purposes. But when a doctor’s office asked for it recently, I declined because they don’t need it to bill me or my insurance company and they certainly don’t need it to treat me. If anyone asks for your Social Security number, ask why they need it.

Barber said parents should be especially careful when it comes to their children’s Social Security numbers. She said children are 35 times more likely than adults to be identity theft victims. One reason is because children almost always have clean credit ratings, which makes them very valuable to identity thieves. Also, said Barber, parents tend not to monitor their children’s Social Security numbers and credit ratings, so they’re less likely to uncover a child’s identity theft until they’ve been victimized.

According to the Federal Trade Commission, warning signs that your child may have been victimized include their being turned down for government benefits because the benefits are being paid to another account using your child’s Social Security number. Other warnings include a notice from the Internal Revenue Service that the child’s Social Security number was used on another tax return or bills or collection calls for products or services not received.

Whether a child or an adult, you should check your credit reports at least once a year. You can get a free credit report from AnnualCreditReport.com or by calling 1-877-322-8228. This program is sponsored by the Federal Trade Commission. Do not confuse it with other credit reporting services that have “free” in their name.

I recommend that you check your bank and credit and debit card activity regularly. If you don’t already have an online account with your bank, set one up and go in frequently to look for recent activity, which is sometimes posted immediately after a transaction occurs. If you find anything suspicious, report it right away so you’re not charged and so the bank can investigate. This is especially important for debit cards because the bank will deduct any charges from your account immediately and you need to get them to reimburse you for any fraudulent charges.

Other types of identity theft risks include fraudulent tax returns, which could result in someone else getting your refund. There is also medical fraud — people getting medical services billed to your insurance account or prescriptions in your name. ID 360 conference speaker Ann Patterson said another risk is “misdiagnosis, mistreatment or delay in treatment,” due to someone getting medical care in your name.

The Identity Theft Resource Center advises people to use a cross-cut shredder to dispose of documents with personal information. They also advise that you “know your billing cycles and contact creditors when bills fail to show up.” That’s one piece of advice I would have never thought of. Few of us particularly enjoy getting bills, but better us than an identity thief.

ThreatMetrix® builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 500 million monthly transactions and protects more than 160 million active user accounts across 2,500 customers and 10,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

Behind the Plastic Curve. Half of U.S. Retailers to Miss October 2015 Deadline for Upgrading Credit and Debit Card Payment Systems.

Posted on April 21st, 2014 by Dan Rampe

EMV

Credit card networks set an October 2015 deadline for U.S. merchants to upgrade their payment systems to the chip-based smart card standard, EMV. The “E” of EMV stands for Europay and the “M” and “V” stand for MasterCard and Visa, the companies that first backed the technology.

Chips in EMV cards, rather than the magnetic strips on most US credit and debit cards, make it harder to copy account numbers and security codes. And because EMV cards create a unique code for each transaction, they are more difficult to hack or counterfeit.

Since just about everybody agrees EMV cards are an improvement over the cards used in the United States today, what is the problem with converting to them?

That’s what Olga Kharif and Bianca Vazquez Toness explored in their piece on businessweek.com. (Following is an excerpt from that piece that has been edited to fit our format.)

One reason for the delay is the upgrade’s high cost—$500 to $1,000 per payment terminal, according to researcher Javelin Strategy & Research, a division of Greenwich Associates. Retailers are also concerned that the switch will slow checkout times and that it remains unclear how the EMV software will work with debit cards. “It is not a question of just turning it on,” says Margaret Chabris, a spokeswoman for 7-Eleven, “EMV specifications are still being finalized.”

Still, some big retailers, including Wal-Mart Stores, Kroger and Target, have pushed ahead with the upgrade. Wal-Mart started updating its payment terminals in U.S. stores eight years ago. The company says it has progressed slowly because of a lack of industry support, despite the clear benefits. “We saw the fact that it was being implemented in the U.K. and many other countries around the globe; we saw the fraud decrease once this solution was implemented,” says Mike Cook, assistant treasurer at Wal-Mart.

All of Wal-Mart’s 4,838 U.S. stores (including Sam’s Clubs) have the chip-based hardware in place. Of those, 1,000 have turned it on. By year end, Wal-Mart says, the new payment terminals will be running in all of the company’s U.S. locations. “We want to activate early if there are any problems or bugs to be worked out,” Cook says.

For terminals to provide added security, customers must have chip-enabled cards. “Part of the reason we haven’t pushed faster is there’re just no cards out there for acceptance,” Cook says. Today, with about 1 billion cards in use in the U.S., just 20 million chip cards have been issued, according to Smart Card Alliance. Only 20 percent to 30 percent of U.S. card holders will have the new cards by the deadline, says Nick Holland, an analyst at Javelin.

The new cards can cost up to $2 each, compared with pennies for the magnetic-stripe models. “We’ve got 10 million cards in inventory out in the field,” says Mark Putman, a senior vice president for First Data which offers prepaid card services. “At $2, we are probably looking at a $20 million investment, which I am going to defer for as long as possible.”

Retailers are willing to do their part to improve security, the National Retail Federation says, but banks and card companies also have a responsibility to update their systems. That includes making and issuing chip-enabled cards.

The price for not complying could be high. Credit card companies have said most retailers and banks will be liable for some fraudulent in-store transactions if they don’t have the new system. Even so, “merchants aren’t crazy about this migration to EMV, and many of them are fighting it tooth and nail,” says Julie Conroy, an analyst at Aite Group.

ThreatMetrix® builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 500 million monthly transactions and protects more than 160 million active user accounts across 2,500 customers and 10,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

With Credit and Debit Card Fraud Nearly Doubling Between 2012 and 2013, Financial Pros Are “Doubling Down” on Security.

Posted on April 20th, 2014 by Dan Rampe

Credit Card Fraud

The Association for Financial Professionals (AFP) surveyed more than 5000 members. The result? As a reaction to ongoing and persistent credit and debit card fraud, most companies are increasing or seriously considering increasing security.

The “2014 AFP Payments Fraud and Control Survey” found that 63 percent of polled organizations have already added or planned to add new security measures including secure signature stamps, electronic stamps, and storing payment data with third-party vendors.

Quoted in a piece on associationsnow.com, AFP’s president and CEO, Jim Kaitz said, “Criminals will try to stay a step ahead. But with potential liability increasing for merchants, companies are taking a hard look at where their own vulnerabilities lie. This is especially important for big companies with complex systems, which are frequent targets for fraud.”

Last year, according to the study, 60 percent of organizations were exposed to fraud or attempted fraud. And according to Katie Bascuas’ piece on associationsnow.com, while checks were the most common form of payment fraud in 2013, fraudulent activity using credit and debit cards nearly doubled between 2012 and 2013.

Mallory Duncan, general counsel for the National Retail Federation, places much of the blame on technology. Duncan told Reuters, “The technology that exists in cards out there is 20th-century technology, and we’ve got 21st-century hackers.”

Whether banks, retailers or credit card companies would pay for the upgrades is still to be determined. One solution the Electronic Transactions Association is working on is chip-based Europay, MasterCard, and Visa (EMV) cards, which would help stop criminals from counterfeiting cards using stolen account numbers. However, it would do nothing to prevent cybercrooks from using stolen credit card numbers online.

The Retail Industry Association said it intended to launch the RILA Cybersecurity and Data Privacy Initiative to improve payment card security, establish a cybersecurity leaders’ council, and call for federal data-breach notification legislation.

RILA President Sandy Kennedy said, “By working together with public-private sector stakeholders, our ability to develop innovative solutions and anticipate threats will grow, enhancing our collective security and giving customers the service and peace of mind they deserve.”

ThreatMetrix® builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 500 million monthly transactions and protects more than 160 million active user accounts across 2,500 customers and 10,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

Breaches Bad for Californians’ Health. Patients’ Personal Medical Record Data Stolen in 3 Separate Incidents

Posted on April 19th, 2014 by Dan Rampe

Healthcare

Old-fashioned burglary to cutting-edge malware put patients’ data at risk from one end of California to the other.

The Los Angeles Times reported that Torrance, California’s Sutherland Healthcare Solutions, a medical billing and collections company, was burglarized and eight computers taken. Data stored on those computers included 338,700 patients’ first and last names, Social Security numbers and certain billing information. Also possibly compromised were birth dates, addresses and diagnoses.

Patients were offered free credit monitoring. That didn’t stop the filing of three class-action suits. Meanwhile, the police, the L.A. County D.A.’s cybercrime team and the U.S. Secret Service are investigating.

Writing on fiercehealthit.com, Ashley Gold reports that in Orange County, the La Palma Intercommunity Hospital learned in September 2012 that an employee, who was not authorized, accessed Social Security numbers, driver’s license numbers, addresses, birth dates and some medical information. However the hospital didn’t notify patients of the employee’s spying for more than a year.

At the other end of the state, in Northern California, Kaiser Permanente told 5,100 patients, who participated in a research study, that their information was compromised when malicious software infected a Kaiser server. The stolen data included first and last names, addresses, race/ethnicity, medical record numbers, lab results and responses to the study. And, according to Government Health IT, it took Kaiser more than two and half years to discover the breach.

A recent report by IT security audit firm Redspin noted that more than 7 million patient records were breached last year, an increase of 138 percent from 2012.

ThreatMetrix® builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 500 million monthly transactions and protects more than 160 million active user accounts across 2,500 customers and 10,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

 

What Do You Get When You Mix Malware with More People than Ever Doing E-commerce Online Transactions? 28.4 Million Cyberattacks.

Posted on April 18th, 2014 by Dan Rampe

Malware

A new study, “Financial Cyber Threats in 2013,” from Kaspersky Lab says cyberattacks using financial malware increased 27.6 percent in 2013 over the previous year.

Cybercriminals used every possible maltechnology (yes we just coined the word) including banking Trojans, keyloggers and two new types of malware; one targets Bitcoin wallets, the other downloads software to generate the crypto-currency.

Kaspersky Lab senior security researcher, Sergey Lozhkin, said, “The popularity of banking Trojans and other programs targeting financial data is due to the fact cybercriminals can use them to make money quickly. The current situation has forced users and financial institutions to take active measures against online threats, while security software vendors have to develop new protection solutions.”

Banking Trojans such as Zbot, Carberp, and SpyEye were responsible for about two-thirds of financial malware in 2013. However, their “market share” decreased compared to 2012 because most of the attacks were aimed at Bitcoin users. Keylogger use also decreased because cybercriminals opted for improved specialized programs.

Compared to the previous year, financial attacks on Russian users declined by 9.19 percent while attacks on American users increased from 17.56 percent in 2012 to 30.8 percent in 2013. The proportion of attacks on German users almost doubled from 5.83 percent to 9.32 percent.

Also of note in the study:

• 31.45% of all phishing attacks in 2013 targeted financial institutions.

• 22.2% of all attacks involved fake bank websites; the share of banking phishing doubled over 2012.

• In 2013, the number of cyberattacks involving malware designed to steal financial data rose by 27.6% to 28.4 million. The number of users attacked by this financial-targeting malware reached 3.8 million, an 18.6% increase year on year.

• In the study’s malware sample collection, the number of malicious Android applications designed to steal financial data rose almost fivefold in the second half of 2013, from 265 samples in June to 1321 in December.

ThreatMetrix® builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 500 million monthly transactions and protects more than 160 million active user accounts across 2,500 customers and 10,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

 

 

 

 

Retailers Follow the Leader: ThreatMetrix. Will Share Cyberthreat Data along the Lines of ThreatMetrix’s Global Trust Intelligence Network Which Analyzes Half-a-Billion Transactions Monthly.

Posted on April 17th, 2014 by Dan Rampe

National Retail Federation

Does Macy’s tell Gimbels? Okay Gimbels, a major retailer and one of Macy’s chief competitors, has gone the way of the Oldsmobile, Blockbuster and Windows XP. But at one time “Does Macy’s tell Gimbels?” was another way of saying “top secret;” competitors don’t share information with the competition.

Now, with the Target, Neiman-Marcus, Michaels and other retail breaches fresh in their minds and with pressure from Congress to improve security, U.S. retailers have taken a major step toward improving security.

In a story on zdnet.com, Natalie Gagliordi reports that the National Retail Federation (NRF) in consultation with the Financial Services Forum for Security Threats is establishing a retailer-specific Information Sharing and Analysis Center (ISAC). This joint cybersecurity cooperative would offer retailers access to “critical information on threats identified by fellow retailers, government agencies, law enforcement and partners in the financial services sector.”

NRF President and CEO Matthew Shay said, “We believe a heightened and well coordinated information sharing platform such as a retail ISAC is a vital component for helping retailers in their fight against cyber attacks.

“Establishing a new program takes time, but time is not our friend when it comes to stopping these sophisticated and unpredictable criminals. The willingness of the FS-ISAC to work with retailers provides our industry with a new and important tool as we explore all of the options available for merchants to protect their customers and their businesses.”

ThreatMetrix® builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 500 million monthly transactions and protects more than 160 million active user accounts across 2,500 customers and 10,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

 

 

 

 

Tired of Hearing about Heartbleed? Do Something About It. ThreatMetrix Strategies for “Staunching” Heartbleed and Any Similar Threats in the Future.

Posted on April 16th, 2014 by Dan Rampe

Heartbleed

After going unnoticed for two years, researchers discovered Heartbleed, the flaw that could let a hacker defeat OpenSSL, the most common encryption technology on the Internet. Another way of saying it is Heartbleed put 66 percent of servers worldwide at the mercy of cybercriminals. And another way of saying that is email, instant messaging, e-commerce transactions and more were being jeopardized in every corner of the planet, exposing passwords, credit card numbers and other personal data.

The Heartbleed security flaw was a danger to websites and the mobile applications and networking equipment that connect homes and businesses to the Internet, including such things as routers and printers. In short, the flaw presented a danger to the entire Internet of Things, i.e., any device from air conditioners to refrigerators that could be connected online.

After putting in a patch to fix the flaw, many, if not most online businesses, only had one strategy to offer users: change your passwords.

“Today it’s Heartbleed and tomorrow it will be another data breach or vulnerability,” said Alisdair Faulkner, chief products officer, ThreatMetrix.

“Passwords are a static means of security and are frankly obsolete as a stand-alone authentication solution in today’s cybersecurity landscape. Once account login information is obtained, cybercriminals have access to personal data used for committing bank fraud or falsifying credit card transactions – the possibilities are endless. Security should not just rely on point-in-time authentication solutions. Instead, continuous evaluation of trust is required based on what the user is attempting to do.”

ThreatMetrix’s preventative cybersecurity strategies offer protection that goes well beyond passwords and other forms of static authentication:

Real-time trust analytics – Move beyond just big-data collection and improve effectiveness of controls with real-time analysis of device, location, identity and behavioral context for every authentication attempt. Real-time trust analytics offer unprecedented identity authentication policies for businesses and enterprises by comparing against global benchmarks derived from peers in their industry, the size and scale of the enterprise, geographic location and more.

Enhanced mobile identification – Detects jailbroken devices and offers location-based authentication, protecting mobile transactions by indicating when the mobile operating system has been breached and the security of applications has been compromised.

“To protect against future attacks like Heartbleed, businesses need to move beyond legacy verification and authentication solutions and recognize the benefits of leveraging a collective approach to cybersecurity,” said Faulkner. “The ThreatMetrix® Global Trust Intelligence Network (The Network) delivers real-time intelligence, providing customers with consistent risk assessments of data and creating a digital persona of users by mapping their online behaviors and devices.”

Consumers can protect their online identities and personal information from threats like Heartbleed by ensuring location information on social networks is encrypted and by using different passwords across sites and never storing them on devices.

ThreatMetrix® builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 500 million monthly transactions and protects more than 160 million active user accounts across 2,500 customers and 10,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

Heartbleed Vulnerability Underscores the Need for Real-Time Trust Analytics in Place of Static Authentication

Posted on April 16th, 2014 by Dan Rampe

ThreatMetrix® Announces Strategies to Protect Consumers and Businesses from Future Vulnerabilities and Cybercrime Risks

San Jose, CA – April 16, 2014 – ThreatMetrix®, the fastest-growing provider of context-based security and advanced fraud prevention solutions, today announces several strategies for consumers to stay protected following the recent Heartbleed vulnerability, which has potentially exposed millions of passwords, credit card numbers and other personal identifiers. These strategies aim to help businesses and customers avoid being compromised by similar threats in the future.

Last week, a major lapse in Internet security – known as the Heartbleed vulnerability – was uncovered after going undetected for nearly two years. The flaw created an opening in OpenSSL, the most common encryption technology on the Internet. OpenSSL is designed to protect data in transit including email, instant messaging and e-commerce transactions. The vulnerability in OpenSSL enables hackers to access server memory that could allow hijacking of accounts or theft of private keys used to decrypt communications.

Since Heartbleed went undetected for so long, the scope of compromised information is still unclear, but many online businesses are urging users to change their passwords as a precautionary measure.

“Today it’s Heartbleed and tomorrow it will be another data breach or vulnerability,” said Alisdair Faulkner, chief products officer, ThreatMetrix. “Passwords are a static means of security and are frankly obsolete as a stand-alone authentication solution in today’s cybersecurity landscape. Once account login information is obtained, cybercriminals have access to personal data used for committing bank fraud or falsifying credit card transactions – the possibilities are endless. Security should not just rely on point-in-time authentication solutions. Instead, continuous evaluation of trust is required based on what the user is attempting to do.”

The Heartbleed security flaw does not only impact websites, but also mobile applications and networking equipment that connects homes and businesses to the Internet (also known as the Internet of Things), such as routers and printers. As more and more devices move online through the Internet of Things, hacks and cybersecurity breaches are becoming more common.

Businesses need to stay one step ahead of threats such as Heartbleed and implement preventative cybersecurity strategies in place of passwords and other forms of static authentication. Suggested strategies include:

Real-time trust analytics – Move beyond just big-data collection and improve effectiveness of controls with real-time analysis of device, location, identity and behavioral context for every authentication attempt. Real-time trust analytics offer unprecedented identity authentication policies for businesses and enterprises by comparing against global benchmarks derived from peers in their industry, the size and scale of the enterprise, geographic location and more.

Enhanced mobile identification – Detects jailbroken devices and offers location-based authentication, protecting mobile transactions by indicating when the mobile operating system has been breached and the security of applications has been compromised.

“To protect against future attacks like Heartbleed, businesses need to move beyond legacy verification and authentication solutions and recognize the benefits of leveraging a collective approach to cybersecurity,” said Faulkner. “The ThreatMetrix® Global Trust Intelligence Network (The Network) delivers real-time intelligence, providing customers with consistent risk assessments of data and creating a digital persona of users by mapping their online behaviors and devices.”

In addition to businesses implementing real-time trust analytics and other collective cybersecurity strategies, consumers can also take responsibility for protecting their online identities. Specifically, consumers can protect against threats such as Heartbleed by ensuring location information on social networks is encrypted, using different passwords across sites and not storing passwords on any devices.

About ThreatMetrix

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix™ Global Trust Intelligence Network, which analyzes over 500 million monthly transactions and protects more than 160 million active user accounts across 2,500 customers and 10,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

© 2014 ThreatMetrix. All rights reserved. ThreatMetrix, TrustDefender ID, TrustDefender Cloud, TrustDefender Mobile, TrustDefender Client, the TrustDefender Cybercrime Protection Platform, ThreatMetrix Labs, and the ThreatMetrix logo are trademarks or registered trademarks of ThreatMetrix in the United States and other countries. All other brand, service or product names are trademarks or registered trademarks of their respective companies or owners.

Media Contacts
Dan Rampe
ThreatMetrix
Tel: 408-200-5716
Email: drampe@threatmetrix.com

Beth Kempton
WalkerSands Communications
Tel: 312.241.11178
Email: beth.kempton@walkersands.com