Sandpiper: An Eagle When It Comes to Fighting Cybercrime

Posted on February 27th, 2015 by Dan Rampe

Europol

EC3 Supports 18-Month EU-Funded “Project Sandpiper” to Stop Payment Card Fraud in Its Tracks

The latest statistics published by the European Central Bank reveal that card-not-present (CNP) fraud is on the rise accounting for 60% of all fraud losses on cards issued in the European Union. To address the problem, Europol’s European Cybercrime Centre (EC3) has launched several investigations.

Project Sandpiper

Initiated by UK authorities and supported by Europol’s European Cybercrime Centre (EC3), Project Sandpiper took out after the bad guys. The score after eighteen months: 59 arrests; 32 prosecutions; 17 convictions; 52,812 compromised card numbers recovered; £23 million ($35 million) estimated savings to the banking industry; and the disruption of 5 organized crime groups misusing electronic payments mainly in overseas destinations.

Troels Oerting, head of EC3

An article on eurasiareview.com (link to article) quotes the head of the European Cybercrime Centre, Troels Oerting, who said, “The criminal networks involved in this sophisticated electronic payment crime have been taken down as a result of many months of hard work by police officers and prosecutors in the European Union. Through the international cooperation of law enforcement authorities, the European Commission and Europol, as well as cooperation with the financial industry, European customers’ payment transactions are safer. We continue our fight against this crime. The criminals continue to develop new methods for stealing our identities, money and ideas online, and we have to continue and further develop operations like Sandpiper and Skynet. [Skynet is the codename of a new EU-funded project. Just launched, it focuses on international cooperation to combat online CNP fraud. Six EU Member States are involved.]”

A joint EU effort

According to the eurasiareview.com story, Europol’s information and analysis systems are used to exchange and cross-check the intelligence received from member states.

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 850 million monthly transactions and protects more than 210 million active user accounts across 3,000 customers and 15,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

 

 

 

 

What’s Happening with Mobile Device Payments Is Criminal

Posted on February 23rd, 2015 by Dan Rampe

Mobile Devices

Mobile Device Fraud Makes Up a Disproportionate Share of the $6 Billion Fraud Costs Merchants and Card Issuers in the U.S. Each Year

Forrester Research says mobile payments accounted for $52 billion worth of U.S. transactions in 2014, up from $32 billion in 2013. And this year that number is expected to hit $67 billion.

A LexisNexis survey of 1,100 companies found that while mobile payments account for 14 percent of transactions among merchants, they make up 21 percent of fraud cases. In her story on bloomberg.com, Olga Kharif details how cyberthieves have continued to shift their focus to mobile devices. The following has been excerpted from her piece and edited to fit our format. You may find her complete article by clicking on this link.

More mobile fraud than on PCs

“We certainly see a surge in mobile payment attacks,” says Tomer Barel, chief risk officer at PayPal, who says his company deals with more cases of fraud on mobile devices than on PCs. “There are many more avenues for fraudsters to try.”

Every dollar of mobile fraud costs merchants $3.34

Each dollar worth of misbegotten mobile payments winds up costing a fooled merchant $3.34. That’s slightly more than the cost of a fraudulent credit card swipe or mail order, 27 percent more than a similar payment made from a PC.

Merchants aren’t equipped to handle mobile fraud

Along with the cost of lost merchandise, the total includes investigation of the fraud. That’s tougher on phones than on PCs, because many businesses aren’t equipped to track mobile devices’ unique identifiers such as IP addresses. Stores often don’t catch when a card issued in Los Angeles is used for a mobile order from Mexico, says Aaron Press, director of e-commerce and payments at LexisNexis Risk Solutions. “It’s kind of a wake-up call,” he says.

Lower-tech fraud

Some mobile fraud remains low-tech. Last year, the Better Business Bureau warned consumers about a scam in which people posted absurdly cheap offers for used cars online, then tricked interested buyers into wiring funds through a phony version of Google Wallet.

Higher-tech fraud

Other frauds are more technical, such as the hackers who found a bug in a Chilean public transportation app that let them top off their travel credits for free.

The weak link

Like the brief flurry of duplicate charges that accompanied Apple Pay’s debut in October, such glitches highlight the vulnerability inherent in a system that requires banks, card networks, and software makers to keep pace with thieves. “If you don’t make the proper investment, they’ll be attracted to the weakest link,” says PayPal’s Barel.

Biometrics may stop some cybercriminals

Smartphone operating systems, at least, are tougher to infiltrate than those of PCs. Phones with biometric sensors can also make a person’s identity tougher to steal. Mobile payment service LoopPay says it’s adding support for biometric features such as Apple’s fingerprint reader, despite hackers’ claims that they can fool the iPhone’s sensor. Rival CurrentC says it’s considering similar measures….

“There’s no perfect system,” says Will Graylin, chief executive officer of LoopPay. “It’s always a game of cat and mouse.”

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 850 million monthly transactions and protects more than 210 million active user accounts across 3,000 customers and 15,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

 

 

ThreatMetrix Named to OnCloud’s “Top 100” and CEO Tapped as Keynote for OnCloud 2015 Summit

Posted on February 17th, 2015 by Dan Rampe

Standard-Header-Reed

A Panelist at the Annual AlwaysOn Summit, ThreatMetrix CEO Reed Taussig Will Deliver His Keynote Speech on Security in the Cloud

AlwaysOn’s OnCloud 2015 Summit will take place at the College of San Mateo (San Mateo, CA) on February 26, 2015. The Summit brings together “the best and the brightest” including top entrepreneurs, investors, and corporate players in the business-to-business application and cloud infrastructure space to discuss and debate the future of cloud technology.

Reed Taussig’s keynote

Titled “Global Shared Intelligence: The Best Solution to Combat Cybercrime,” Taussig’s keynote presentation will take place at 11:30 a.m. PST. Over the course of his speech, he’ll be providing an overview of the current cybercrime landscape.

Using examples from ThreatMetrix’s TrustDefender Cybercrime Protection Platform, Taussig will show how ThreatMetrix discovered and defeated organized crime rings by leveraging the power of the ThreatMetrix Global Trust Intelligence Network (The Network).

A distinguished panel

Taussig will also be participating in a panel alongside host Aditya Singh, partner at Foundation Capital and co-panelist Barmak Meftah, president and CEO at AlienVault. The subject of the discussion will be “The New Frontier in Cloud Infrastructure” and will take place at 11:45 a.m. PST.

ThreatMetrix’s CEO on global shared intelligence

“The global cybercrime landscape is constantly evolving to include new, more sophisticated threats and the only way to combat these threats is through collective intelligence,” said Taussig. “This isn’t a threat any business or consumer can fight alone. It requires a collective network that leverages data from across a global information base. I’m honored to share what ThreatMetrix has accomplished in the fight against cybercrime by leveraging global shared intelligence with this year’s OnCloud attendees. The OnCloud summit hosts key industry players who can help to make shared intelligence an industry standard.”

ThreatMetrix on OnCloud’s Top 100 private companies list

The annual list honors companies in the B2B applications, management tools, security and infrastructure sectors that are rising to the challenge of bringing the world’s businesses and enterprises into the cloud. This year’s OnCloud 100 companies were selected based on a set of five criteria: innovation, market potential, commercialization, stakeholder value and media buzz. A full list of the OnCloud Top 100 winners is available here.

Validation of our continued innovation

“The OnCloud Top 100 honors companies that take big data and create useful, actionable intelligence from it to make high-powered decisions,” said Taussig. “In the case of ThreatMetrix and The Network, such decisions have the power to stop cybercriminals in real time. ThreatMetrix leverages data from the largest shared intelligence network available to make an immediate and educated decision to differentiate between authentic and fraudulent transactions. Being named to OnCloud’s Top 100 private companies list serves as validation of our continued innovation in advanced fraud prevention and context-based authentication.”

For more information on the OnCloud 2015 summit, click here.

ThreatMetrix has garnered a host of awards. Following are some of the most recent:

  • The Channel Company’s CRN 100 Coolest Cloud Computing Vendors of 2015
  • Gold Stevie in New Product or Service of the Year – Security Solution category and a Silver in the Most Innovative Tech Company of the Year – Computer Software category.
  • Gold for “Innovative Company of the Year” and for “Integrated Security (Software) Innovation” at the 2014 Golden Bridge Business Awards
  • CIOReview100 for the “100 Most Promising Technology Companies in the U.S.”
  • Best in Biz Awards 2014 International Silver for “Enterprise Product of the Year – Software”
  • The AlwaysOn Global 250 Top Private Companies in the “B2B Cloud and Infrastructure” category
  • Lead411’s 2014 “Hottest Companies in Silicon Valley” list
  • Products Guide (NPG) Hot Companies and Best Product Award Winner for the “Best Products and Services – Information Security and Risk Management” category and also in the “Best Products and Services – Security Software” category.
  • Judges Choice for Best Overall Fraud/Security Solution at the 2014 CardNotPresent.com (CNP) Awards for the ThreatMetrix TrustDefender Cybercrime Protection Platform
  • A 2014 Global Excellence Award for Most Innovative Company of the Year (Security)
  • 2014 Cyber Defense Magazine Award Winner in 2 Categories: Most Innovative Anti-Malware Appliances Solution & Best Product Network Access Control Solution

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations resulting from malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 850 million monthly transactions and protects more than 210 million active user accounts across 3,000 customers and 15,000 websites and mobile applications.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

ThreatMetrix Named to OnCloud Top 100 Private Companies and CEO to Speak at OnCloud 2015 Summit

Posted on February 17th, 2015 by Dan Rampe

Standard-Header-Reed

CEO Reed Taussig to Provide Keynote on Security in the Cloud and Participate as a Panelist at Annual AlwaysOn Summit

San Jose, CA – February 17, 2015 – ThreatMetrix®, the fastest-growing provider of context-based security and advanced fraud prevention solutions, today announced its CEO, Reed Taussig, will serve as a keynote speaker and participate in a panel at AlwaysOn’s OnCloud 2015 Summit in San Mateo, Calif. on Feb. 26.

Hosted annually in the heart of Silicon Valley at the College of San Mateo, OnCloud brings together the brightest minds and top entrepreneurs, investors, and corporate players in the business-to-business application and cloud infrastructure space to discuss and debate the future of cloud technology.

Taussig’s keynote presentation on security in the cloud, entitled, “Global Shared Intelligence: The Best Solution to Combat Cybercrime,” will take place at 11:30 a.m. PST. During this presentation, he will provide an overview of the current cybercrime landscape, citing examples from ThreatMetrix’s comprehensive solution, the ThreatMetrix TrustDefender™ Cybercrime Protection Platform, which has been successful in discovering and defeating organized crime rings by leveraging the power of the ThreatMetrix® Global Trust Intelligence Network (The Network). Taussig will also participate in a panel alongside host Aditya Singh, partner at Foundation Capital and co-panelist Barmak Meftah, president and CEO at AlienVault, entitled, “The New Frontier in Cloud Infrastructure,” at 11:45 a.m. PST.

“The global cybercrime landscape is constantly evolving to include new, more sophisticated threats and the only way to combat these threats is through collective intelligence,” said Taussig. “This isn’t a threat any business or consumer can fight alone. It requires a collective network that leverages data from across a global information base. I’m honored to share what ThreatMetrix has accomplished in the fight against cybercrime by leveraging global shared intelligence with this year’s OnCloud attendees. The OnCloud summit hosts key industry players who can help to make shared intelligence an industry standard.”

ThreatMetrix was also recently included in the 2015 OnCloud Top 100 private companies list. The annual list honors companies in the B2B applications, management tools, security and infrastructure sectors that are rising to the challenge of bringing the world’s businesses and enterprises into the cloud. This year’s OnCloud 100 companies were selected based on a set of five criteria: innovation, market potential, commercialization, stakeholder value and media buzz. A full list of the OnCloud Top 100 winners is available here.

“The OnCloud Top 100 honors companies that take big data and create useful, actionable intelligence from it to make high-powered decisions,” said Taussig. “In the case of ThreatMetrix and The Network, such decisions have the power to stop cybercriminals in real time. ThreatMetrix leverages data from the largest shared intelligence network available to make immediate and educated decisions to differentiate between authentic and fraudulent transactions. Being named to OnCloud’s Top 100 private companies list serves as validation of our continued innovation in advanced fraud prevention and context-based authentication.”

For more information on the OnCloud 2015 summit, click here.

ThreatMetrix Resources

About ThreatMetrix

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations resulting from malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 850 million monthly transactions and protects more than 210 million active user accounts across 3,000 customers and 15,000 websites and mobile applications.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

© 2015 ThreatMetrix. All rights reserved. ThreatMetrix, TrustDefender ID, TrustDefender Cloud, TrustDefender Mobile, TrustDefender Client, the TrustDefender Cybercrime Protection Platform, ThreatMetrix Labs, and the ThreatMetrix logo are trademarks or registered trademarks of ThreatMetrix in the United States and other countries. All other brand, service or product names are trademarks or registered trademarks of their respective companies or owners.

Media Contacts
Dan Rampe
ThreatMetrix
Tel: 408-200-5716
Email: drampe@threatmetrix.com

Beth Kempton
WalkerSands Communications
Tel: 312.241.1178
Email: beth.kempton@walkersands.com

 

White House Cybersecurity Summit Decisions Aligned with ThreatMetrix Solutions

Posted on February 16th, 2015 by Dan Rampe

Obama

President Calls for Threat Information Sharing and Right to Privacy

In the wake of the White House Cybersecurity Summit held at Stanford University last week, Alisdair Faulkner, chief products officer, ThreatMetrix® wrote:

In light of President Obama’s visit to Silicon Valley, now is a better time than ever to address online security and privacy. Collecting an unreasonable amount of personal information will lead to a “Privacy Pearl Harbor.”

How much information collection is too much?

Threat intelligence sharing is necessary but only to a certain extent – businesses must make sure that reasonable security is not an unreasonable privacy invasion. There needs to be a reasonable amount of digital identity verification such as verifying one’s location or phone number when using a banking app. However, some businesses, including ride sharing services and major banks, have access to information about your entire location and activity history each time you use the app. With so much information stored on users’ mobile devices and in specific mobile apps, this often leads to an unreasonable privacy invasion beyond what is necessary for security measures. Instead, the recent influx of data breaches and privacy concerns calls for industry-wide authentication guidelines that do not compromise privacy.

Anonymized shared intelligence: authentication and privacy

To maintain a balance between privacy and security, businesses should leverage anonymized shared intelligence, behavior-based identity proofing and context-based authentication. At a minimum, industries operating online should self-enforce standards for controlling access to customer data from both insider and outsider theft without invading privacy.

Protecting customer and corporate identities

In addition to balancing privacy and security, businesses need to focus on protecting data in use in addition to data at rest. Data in use refers to customer or corporate identities that are used following a data breach without the individual’s knowledge. A key requirement for data protection is for businesses to ensure personally identifiable information is screened against unauthorized use prior to being processed. This can be done through device identification, malware detection and anonymized trust federation.

For more on preserving privacy while maintaining security, see:

ThreatMetrix Shares Strategies for Walking the Tightrope Between Consumer Online Privacy and Security

ThreatMetrix Shares Strategies for Businesses to Protect Identities in Use in Support of Data Privacy Day

At summit President acknowledges challenge of info sharing vs. privacy

In her story on techcrunch.com, Sarah Buhr discusses the primary themes that emerged from the President’s call for closer cooperation between government and the private sector. The following has been excerpted from her piece and edited to fit our format. You may find the complete article by clicking on this link.

A new sheriff in town

While pushing for that collaboration, he admitted it would be a challenge to both keep up with cyber threats and protect American’s right to privacy at the same time. “Protecting the American people while making sure government is not abusing its capabilities is hard. The cyberworld is sort of the Wild Wild West and to some degree we are asked to be the sheriff…”

President signs Executive Order

[Obama] signed an Executive Order….. One of those provisions encourages information sharing and analysis organizations (ISAOs), which would serve as points of contact for information sharing between the government and the private sector.

The order added the Department of Homeland Security to the list of government organizations that would be able to approve the sharing of classified information and ensure that proper information is shared between entities.

The Snowden effect

The big question here is whether the private sector will be willing to offer this information. Many companies are still reeling from Edward Snowden’s revelations that they were handing over consumer information to the U.S. government and have since taken measures to encrypt data, even from themselves.

Constructing a cathedral

Obama acknowledged the challenge to protect American citizens from cyber threats, but at the same time protect their right to privacy. [He] likened the process of technological development to building a cathedral.

“[T]hat cathedral will not just be about technology but about the values we have embedded in this system. It will be about privacy and security and about connection. A magnificent cathedral and we’re all going to be a part of that.”

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 850 million monthly transactions and protects more than 210 million active user accounts across 3,000 customers and 15,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

 

ThreatMetrix Cautions President and Participants at Cybersecurity Summit

Posted on February 13th, 2015 by Dan Rampe

Standard-Header-AF

ThreatMetrix’s Alisdair Faulkner Warns of a Possible “Privacy Pearl Harbor” Should Collecting Personal Info for Security Destroy Privacy

The long awaited presidential summit on cybersecurity taking place at Stanford University in Palo Alto, California brings together experts from industry, hi-tech, and law enforcement as well as consumer and privacy advocates, law professors who are specialists in the field, and students.

In its announcement of the Cybersecurity Summit, The White House says the Obama administration is pursuing five key priorities that will strengthen [the U.S.] approach to cybersecurity threats by:

  1. Protecting the country’s critical infrastructure — our most important information systems — from cyber threats.
  2. Improving our ability to identify and report cyber incidents so that we can respond in a timely manner.
  3. Engaging with international partners to promote internet freedom and build support for an open, interoperable, secure, and reliable cyberspace.
  4. Securing federal networks by setting clear security targets and holding agencies accountable for meeting those targets.
  5. Shaping a cyber-savvy workforce and moving beyond passwords in partnership with the private sector.

One key issue not touched upon in the White House announcement is the issue of privacy.

Alisdair Faulkner, ThreatMetrix chief products officer,  warns about losing privacy to gain security

In light of President Obama’s visit to Silicon Valley, now is a better time than ever to address online security and privacy. Collecting an unreasonable amount of personal information will lead to a “Privacy Pearl Harbor.”

How much information collection is too much?

Threat intelligence sharing is necessary but only to a certain extent – businesses must make sure that reasonable security is not an unreasonable privacy invasion. There needs to be a reasonable amount of digital identity verification such as verifying one’s location or phone number when using a banking app. However, some businesses, including ride sharing services and major banks, have access to information about your entire location and activity history each time you use the app. With so much information stored on users’ mobile devices and in specific mobile apps, this often leads to an unreasonable privacy invasion beyond what is necessary for security measures. Instead, the recent influx of data breaches and privacy concerns calls for industry-wide authentication guidelines that do not compromise privacy.

Anonymized shared intelligence: authentication and privacy

To maintain a balance between privacy and security, businesses should leverage anonymized shared intelligence, behavior-based identity proofing and context-based authentication. At a minimum, industries operating online should self-enforce standards for controlling access to customer data from both insider and outsider theft without invading privacy.

Protecting customer and corporate identities

In addition to balancing privacy and security, businesses need to focus on protecting data in use in addition to data at rest. Data in use refers to customer or corporate identities that are used following a data breach without the individual’s knowledge. A key requirement for data protection is for businesses to ensure personally identifiable information is screened against unauthorized use prior to being processed. This can be done through device identification, malware detection and anonymized trust federation.

For more on preserving privacy while maintaining security, see:

ThreatMetrix Shares Strategies for Walking the Tightrope Between Consumer Online Privacy and Security

ThreatMetrix Shares Strategies for Businesses to Protect Identities in Use in Support of Data Privacy Day

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 850 million monthly transactions and protects more than 210 million active user accounts across 3,000 customers and 15,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

 

 

Faulkner: “Umbrellas in a Tornado”

Posted on February 11th, 2015 by Dan Rampe

Standard-Header-AF

ThreatMetrix’s Alisdair Faulkner Is Joined by Other Security Experts Who Offer Views on Many Aspects of the Health Data Breach Menace

On the utility of credit monitoring, Alisdair Faulkner, ThreatMetrix chief products officer, wryly observed to Maria Korolov for her story on csoonline.com, “Credit monitoring for a breach of your identity data, medical or not, is like handing out umbrellas in a tornado.”

And, of course, the consequences of a stolen ID to a patient and his/her family could be catastrophic both medically and monetarily. Faulkner adds, “If I’m a criminal, I can either try to apply for a credit card with a limit of a few thousand dollars, or I can use your identity to access or bill for healthcare worth hundreds of thousands of dollars. How long until we see people being bankrupt by procedures they didn’t have, or doctors making the wrong call in a medical emergency due to false medical history?”

The most recent Ponemon study on the subject says that 1.8 million Americans or their close family members were victims of medical identity theft with 36 percent facing significant out-of-pocket expenses. Some victims had to pay full price for medical services or medicine because their medical insurance lapsed. Or they had to pay for costs incurred by cybercriminals. The average price tag? $18, 660.

In her csoonline.com article, in addition to Faulkner, Maria Korolov tapped a number of experts for their input on medical ID theft and fallout from the Anthem breach. The following has been excerpted from her story and edited to fit our format. You may find the full article by clicking on this link.

On your record

“If someone gets your medical identity, and uses that to get medical goods, services, prescriptions — everything they do goes on your personal health record,” said Bob Gregg, CEO at Portland, Ore.-based ID Experts, which provides medical identity monitoring services. Then, the next time you’re unconscious in the emergency room, the doctor won’t just see your medical history, but that of the fraudsters as well. “Suddenly, all your preexisting conditions are incorrect,” he said. “Allergies, drug interactions.”

A potential victim’s view

Claudia Gere, an author consultant based in Massachusetts, was one of the 80 million affected by the recent Anthem breach. She said that learning of the breach made her feel vulnerable and scared. “When I need to get medication in an emergency and I find that my account has been closed for lack of payment or whatever reason… I think I would be able to dispute the charges,” she said. If it took three months to sort things out, she said, she’d be able to cover her current medications out-of-pocket. “But for a lot of people, it could be more than an inconvenience,” she said. “It could be life threatening.”

Billing fraud

According to Anthem, the data stolen includes names, dates of birth, member ID and social security numbers, addresses, phone numbers, email addresses and employment information. “That data could definitely be used for billing fraud,” said Andrew Hicks, healthcare practice Lead at Denver-based Coalfire Labs.

Black market big on medical ID info

In fact, medical identity information is significantly more valuable than credit card numbers or social security numbers alone. According to the World Privacy Forum, the former has a street value of around $50 — compared to a street value of $1 for the latter. And the average profit per record is $20,000 — compared to just $2,000 for regular identity theft.

“Generally, prices for stolen health coverage data are an order of magnitude greater than for compromised payment card data,” said Don Jackson, director of threat intelligence at Charleston, SC-based PhishLabs.

Takes twice as long to spot med. info. fraud

One reason, according to an EMC white paper about healthcare cybercrime, is that medical information fraud takes twice as long to spot, and is difficult to address.

Difficult to repair

Bank accounts can be easily closed, and credit cards re-issued, but correcting medical records is a far tougher challenge.

The World Privacy Forum has a list of tips for consumers, which include requesting copies of insurance billing records on a regular basis, filing police reports when there are fraudulent charges, and taking steps to correct the records when discrepancies are found. However, the organization admits that some of this can be difficult — in particular, police departments may not even accept a report on crimes outside their jurisdictions.

Insurance companies miss fraudulent transactions

Meanwhile, many insurance companies do not have the kind of monitoring that credit card companies do to catch unusual behaviors or fraudulent transactions, said ID Experts’ Gregg.

Criminals take advantage

According to Gregg, there are three main ways that criminals take advantage of this. There’s the classic medical identity theft where fraudsters print up fake IDs and get medical care on your dime.

Then there’s a more profitable billing fraud industry, where fraudsters set up fake clinics and bill your insurance provider for services and treatments you never received.

“It’s like having a credit card that you can use to the limits of your policy, which is usually measured in the millions of dollars,” he said.

Finally, your medical information can be used to order prescription drugs, which are then resold on the street for a steep markup.

“There are online pharmacies basically set up as pill mills,” he said.

They don’t care if the prescription itself is valid — as long as the billing information is correct.

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 850 million monthly transactions and protects more than 210 million active user accounts across 3,000 customers and 15,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

 

 

 

ThreatMetrix Honored as Coolest Cloud Computing Vendor by CRN

Posted on February 11th, 2015 by Dan Rampe

Standard-Header-Reed

ThreatMetrix Analyzes and Protects More Than 850 Million Monthly Transactions with its Innovative TrustDefender™ Cybercrime Protection Platform

San Jose, CA – February 11, 2015 – ThreatMetrix®, the fastest-growing provider of context-based security and advanced fraud prevention solutions, today announced it has earned recognition on The Channel Company’s CRN 100 Coolest Cloud Computing Vendors of 2015. This annual list recognizes some of the most innovative cloud companies supporting the IT channel today.

The 100 Coolest Cloud Computing Vendors honor is presented to companies based on their approach to creating innovative products, services or partner programs that have helped channel partners transform into true solution providers, ultimately helping customers take advantage of the ease of use, flexibility, scalability and savings that cloud computing offers.

The ThreatMetrix TrustDefender™ Cybercrime Protection Platform, a cloud-based solution, leverages the collective power of the ThreatMetrix® Global Trust Intelligence Network (The Network) to eliminate cybercrime. The Network enables ThreatMetrix to analyze and protect online transactions and activity, especially surrounding mobile-based transactions. By analyzing device, identity and behavioral data in real time, ThreatMetrix can quickly identify cybercriminals attempting to create fraudulent new accounts, takeover existing accounts or execute card-not-present (CNP) fraud. Additionally, this analysis provides a competitive advantage by enabling trusted customers frictionless account and transaction access while keeping costs low by greatly reducing the use of step-up or out-of-band authentication.

“ThreatMetrix is honored to receive recognition as one of CRN’s 100 Coolest Cloud Computing Vendors of 2015 as it serves as validation of our continued innovation in advanced fraud prevention and context-based authentication,” said Reed Taussig, president and CEO at ThreatMetrix. “Many of the world’s largest brands trust ThreatMetrix to protect their business operations against cybercriminals in real time without disrupting the customer experience. The only way for businesses to combat today’s sophisticated cybercriminals without adding friction is with a collective network that leverages data from across a global information base within and across industries.”

This year’s 100 Coolest Cloud Computing honorees are identified across five major categories including platforms, infrastructure, storage, security and software. This list is an effort to help solution providers navigate through the ambiguity of the cloud market to identify the vendors, products and services that can help elevate their cloud services offerings. Companies were chosen based on data and information gathered from solution provider nominations along with input from the CRN editorial team.

“Widespread demand for cloud computing solutions is increasing across businesses of all shapes and sizes,” said Robert Faletra, CEO, The Channel Company. “As organizations become more willing to adopt cloud technology and services, experienced solution providers are in greater demand. The 100 Coolest Cloud Computing Vendors list enables solution providers to engage with companies who are poised to help them capitalize on these opportunities.”
Coverage of the 100 Coolest Cloud Computing Vendors is featured in the February 2015 issue of CRN and online at www.CRN.com.

ThreatMetrix Resources

About the Channel Company

The Channel Company, with established brands including CRN, XChange Events, IPED and SharedVue, is the channel community’s trusted authority for growth and innovation. For more than three decades, we have leveraged our proven and leading-edge platforms to deliver prescriptive sales and marketing solutions for the technology channel. The Channel Company provides Communication, Recruitment, Engagement, Enablement, Demand Generation and Intelligence services to drive technology partnerships. Learn more at www.thechannelcompany.com.

About ThreatMetrix

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations resulting from malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 850 million monthly transactions and protects more than 210 million active user accounts across 3,000 customers and 15,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

© 2015 ThreatMetrix. All rights reserved. ThreatMetrix, TrustDefender ID, TrustDefender Cloud, TrustDefender Mobile, TrustDefender Client, the TrustDefender Cybercrime Protection Platform, ThreatMetrix Labs, and the ThreatMetrix logo are trademarks or registered trademarks of ThreatMetrix in the United States and other countries. All other brand, service or product names are trademarks or registered trademarks of their respective companies or owners.

Media Contacts

Dan Rampe
ThreatMetrix
Tel: 408-200-5716
Email: drampe@threatmetrix.com

Beth Kempton
Walker Sands Communications
Tel: 312-241-1178
Email: beth.kempton@walkersands.com

 

 

 

Top of Form 1

If 2015 Is the Year of the Healthcare Breach, This Could Be Its “Anthem”…And ThreatMetrix Predicted It

Posted on February 6th, 2015 by Dan Rampe

Anthem

ThreatMetrix Warned of Healthcare System’s Vulnerability. Hack of Anthem, U.S.’s Second Largest Insurer, Proves ThreatMetrix Correct

Alisdair Faulkner, chief products officer at ThreatMetrix®, came right to the point when he predicted in a news release last year that “insurance, healthcare and pharmacies will be new focuses for fraudsters. As healthcare information makes the shift electronically via the Health Insurance Portability and Accountability Act (HIPAA), fraudsters will find ways through its security holes to commit healthcare fraud and steal personal information.”

While ThreatMetrix warned about the healthcare industry becoming a prime target of cybercrime, the Anthem breach came as a loud wakeup call with hackers gaining access to the private data of 80 million former and current members and employees of the nation’s number two healthcare company. While the breach did not involve healthcare records or credit care numbers, it did expose Social Security numbers, income data, birthdays, and street and e-mail addresses — in short, everything cybercriminals need to pull off identity theft on a grand scale.

In a washingtonpost.com story, Drew Harwell and Ellen Nakashima explored many aspects of the breach. The following has been excerpted from their piece and edited to fit our format. You may find the full article by clicking on this link.

China?

Investigators suspect Chinese hackers may be responsible for the breach, according to a person briefed on some aspects of the probe. There are also some indications that other health-care companies may have been targeted, said the individual, who spoke on the condition of anonymity to discuss the ongoing investigation.

“The more information the Chinese have about large segments of the American population, the easier it is for them to penetrate our military and intelligence agencies,” said Joel Brenner, a former top U.S. counterintelligence official. “They then have the health-care information, the fingerprints and the real names of an enormous set of people, many of whom are prime recruits for our intelligence services or our military or who are already in our military. It’s an enormous advantage in penetrating cover.”

Healthcare a ripe target

Security experts said health care has become one of the ripest targets for hackers because of its vast stores of lucrative financial and medical information. Health insurers and hospitals, they added, have often struggled to mount the kinds of defenses­ used by large financial or retail companies, leaving key medical information vulnerable.

Industry unprepared

The massive computer breach against Anthem, the nation’s second-largest health insurer, exposes a growing cyberthreat facing health-care companies that experts say are often unprepared for large attacks.

Invaluable on the black market

[The] breach underlines the worrying potential for hackers to steal private health data that is valued on the black market as tools for extortion, fraud or identity theft. Medical information could be exploited, for example, to file false insurance claims and buy prescription drugs, and attackers could extort cash from policyholders desperate to keep their private medical data under wraps.

Big bucks

A set of complete health insurance credentials sold for $20 on underground markets in 2013 — 10 to 20 times the price of a U.S. credit card number with a security code, according to Dell ­SecureWorks.

Worse than stolen credit cards

“Health-care records are the new credit cards,” said Ben Johnson, chief security strategist at cybersecurity firm Bit9 + Carbon Black. “If someone gets your credit card number, you cancel it. If you have HIV, and that gets out, there’s no getting that back.”

Preparing for another attack?

That the employee data was stolen in the Anthem hack could indicate that hackers might be preparing for another attack, which would allow them to access internal systems that they were otherwise unable to reach, said Tom DeSot, an executive at the cybersecurity firm Digital Defense.

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 850 million monthly transactions and protects more than 210 million active user accounts across 3,000 customers and 15,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

 

 

 

Why Not Just Call It Val-oween!

Posted on February 2nd, 2015 by Dan Rampe

TopFace

ThreatMetrix Tips for Avoiding Valentine’s Day Disasters Like the 20 Million Accounts Hacked on a Russian Dating Site TopFace

Valentine’s Day (February 14)  is the only holiday between Super Bowl Sunday and St. Patrick’s Day. Of course, there’s President’s Day, but would anybody notice if they just dropped the “President” and made it “Sales Day?” Anyway, the point is Valentine’s Day is a big deal. But you already knew that, especially if you neglected to buy a token of your affection — candy, a rose, champagne, a diamond-studded necklace. Or if you were a third grader and got the fewest Valentine’s Day cards in your class, even less than the kid who never wiped his nose and sprayed when he talked. But, we digress.

Social website hacked

Okay, cybercriminals of every shade of crooked are going to be out there doing their level worst to turn Valentine’s Day into Halloween. The latest horror tale comes from the Russian dating site TopFace, which, according to Elena Holodny on businessinsider.com (link to article), had 20 million accounts hacked. The thief, who went by the moniker, “Mastermind” put the accounts up for sale on an underground site.

Daniel Ingevaldson, whose company discovered the hack, said “such personal information usually sells quickly, to fraudsters who use automated software programs to find sites where people used the same information they did to access the dating site.”

Holodny writes “Hackers have been increasingly targeting social media websites to steal usernames and passwords, in order to try and break into electronic-payment and mobile-payment accounts.”

ThreatMetrix tips

According to the National Retail Foundation, projected spending for Valentine’s Day 2015 will be $18.9 billion, up from last year’s whopping $17.3 billion. With cybercriminals looking to take their cut, ThreatMetrix offered tips and strategies for businesses and consumers to keep from being scammed.

  • Be Wary of Red Flags in Dating Profiles – Cybercriminals often create fake profiles with fraudulent information to lure users into sharing personal information or wiring money. Red flags include a prospective date claiming to be an alumnus of an Ivy League school, yet he or she has poor grammar. Another warning sign is a dating match claiming to be located in another country, such as Nigeria, and asking the user to wire money for return travel.
  • Download Mobile Apps from Legitimate Sources – Consumers should only download from official app stores to protect against cybercriminals compromising personal information or downloading malware onto mobile devices.
  • Use Caution with Location-Based Mobile Apps – Many of today’s mobile dating apps are location-based by city or state. Sharing one’s location offers cybercriminals and crazies one piece of the puzzle towards compromising an identity.
  • Evaluate Privacy Policies – Make sure mobile apps and dating sites encrypt data and don’t shared data with third party sources, such as for marketing or sales purposes. Of particular concern are apps that don’t encrypt information in transit that can be easily intercepted on public Wi-Fi. Also, perform a Web search to see if the dating site of interest has experienced issues with cybercrime in the past.

“Around Valentine’s Day, consumers and retailers must take the same preventative measures as other peak shopping holidays including Black Friday and Cyber Monday,” said Alisdair Faulkner, chief products officer, ThreatMetrix. “Retailers must implement strategies to protect against malware attacks, account takeover and payment fraud. At the same time, consumers should only make purchases from legitimate e-commerce websites and refrain from using the same login information across websites.”

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 850 million monthly transactions and protects more than 210 million active user accounts across 3,000 customers and 15,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.