Retailer “To Do” List

Posted on March 30th, 2015 by Dan Rampe

online retailers

New Survey of Retailers Has Security and Upgrading Point-of-Sale Payment Systems as Top Priorities

Boston Retail Partners, an independent consulting firm, recently surveyed more than 500 retailers. Even a quick glance at the survey’s results suggests that top-of-mind subjects for retailers are protecting customer data from breaches, the shift in liability for those breaches from banks and credit card companies to retailers and upgrading point-of-sale systems to take advantage of EMV and NFC technologies.

In his story on digitaltransactions.net, Kevin Woodward details results of the Boston Retail Partner’s report. The following has been excerpted from Woodward’s piece and edited to fit our format. You may find the complete, unedited article by clicking on this link.

Security is number one

In the survey…63% cited payment security as their top priority in 2015.

Equipment for processing EMV

[Retailers] need new equipment to accept [EMV] cards. [The] survey found a 650% increase in the number of retailers supporting EMV transactions within the next year.

Encryption, tokenization, NFC

Forty-five percent…said they expect to add encryption services by October to help protect card data as it moves within their payment networks, with 40% planning to add tokenization by channel to mask the card data. Thirty-five percent plan to add near-field communications (NFC) support, and 23% plan a single tokenization scheme across all of their sales channels.

Emphasis on protecting customer data

The combination of EMV, tokenization, and encryption signals a retail strategy to protect customer data on a variety of fronts. [Ryan Grogman, a vice president at Boston Retail Partners] says. “Retailers realize there are significant costs associated with a breach event and are taking significant steps to protect their customers’ data on a variety of fronts,” he says. “Retailers [who] employ a multitiered approach, combining EMV compliance with [end-to-end encryption] and tokenization, will have the strongest payment security platform.”

Apple Pay outdistancing rivals

As for why 35% of retailers plan to add NFC support, part of the explanation is that Apple Inc.’s Apple Pay has excited consumers. The survey found that 30% of retailers plan to add Apple Pay support within the next 12 months. That is the highest rating among the alternative-payments types. Only 18% plan to add PayPal support, with 13% anticipating in-app acceptance; 15% Google Wallet; 13% Softcard; and 8% each for CurrentC and Bitcoin.

One Apple Pay alternative could be a contender. Or not

With the future of Softcard uncertain, CurrentC, the mobile-payments app proffered by Merchant Customer Exchange, could be a top contender. “While CurrentC may [catch the attention of] many retailers [who] are excited by the opportunity to eliminate credit card fees, the key issue is how cumbersome the process is for consumers and sales associates,” Grogman says. “Consumers have to open the CurrentC app on their phone, open the scanner, scan the code from the cashier, and wait for the transaction to be confirmed. That may present more friction from consumers than simply paying with a credit card, and it’s certainly more clunky than the sexy interface on Apple Pay.”

Retailers looking to Apple Pay as the answer?

Apple’s branding expertise may be a factor. “However, when you combine Apple’s iconic brand, their significant investment and marketing efforts behind this service with the iPhone 6 line, and their savvy and loyal customer base, it is widely expected that adoption of Apple Pay as a payment source will continue to increase dramatically,” says John Eagles, a vice president at the consulting firm. “This will also allow retailers to start to recoup some of their investment dollars from their payment-terminal upgrades, which should create a win-win situation for both merchants and customers.”

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 850 million monthly transactions and protects more than 210 million active user accounts across 3,000 customers and 15,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

 

 

 

The Anthem Tipping Point

Posted on March 27th, 2015 by Dan Rampe

Standard-Header-Reed

The Anthem security breach is a tipping point for all businesses and individuals that use the Internet to conduct their day-to-day business. The ramifications of more than 80 million personal identities in the hands of cybercriminals will result in the loss of untold millions of dollars to anyone and everyone that becomes a victim of this crime for many years to come.

Rather than dwell on the negatives of this event, let’s turn our attention to what good may come out of it.

Anthem’s misfortunes just might get the attention of senior management and boards of directors to recognize that cybersecurity is just as important to the enterprise as the operations of their customer-facing Internet applications themselves. Rather than putting their fingers in the dyke to patch up security holes after the damage has been done, maybe companies will recognize that protecting sensitive and critical data is equally important to their customers, and therefore to the enterprise itself, as the purchase of the products and services the company hopes customers buy in support of the business.

Businesses believe they exist on islands of commerce and all that matters are the attacks that are being directly targeted toward them. This misconception drives the decision to exclude the wealth of information that is collected through the use of global shared intelligence across the internet.

During a recent speech at Stanford University, President Obama discussed his executive order urging companies to join information-sharing hubs to exchange data about online threats. In other words, these hubs will create an environment of global shared intelligence for the purpose of stopping cybercrime using the shared information collected by all enterprises, whether the enterprises are in the same industry or not. What President Obama is asking all of us to do is to create a global “Neighborhood Watch Group” where every enterprise online participates in the protection of every other enterprise on the Internet.

The real consequences of the Anthem breach lie in the millions of stolen identities that will be used to defraud individuals across every aspect of their lives online. While most enterprises continue to focus on securing their internal networks, what is really required is broad adoption and use of secure, anonymized global shared intelligence that will identify what for and where those 80 million stolen identities are being used.

So then comes the critical question. Will enterprises simply add to their already ineffective methods of protecting critical data on the advice of vendors who are selling products designed to recognize intrusions only after the attack has occurred; or will they embrace the fact that today’s threats need to be stopped before the damage is done, outside of the firewall and on the Internet itself?

ThreatMetrix® and our customers believe that in order to protect enterprises from data breaches, a new approach is needed to differentiate between trusted users and cyber threats. At ThreatMetrix, we know that in cyberspace, our identities and personas are inextricably tied to the devices on which they are used, their security posture, their location, behavior and their associations built over time across the myriad of online services they use each day. In order to be me, you need to not only assume my identity and device at a point in time but for all time in order to replicate my digital fingerprint. Better yet, using a privacy-by-design approach, ThreatMetrix doesn’t need to know your name to know you’re not who you say you are. We are the first digital identity network that doesn’t just encrypt data, but also anonymizes data with a one-way filter so that personally identifiable information remains secure against both intentional and unintentional breaches.

ThreatMetrix is the leader in anonymized global shared intelligence to protect digital identities from being exploited. In real time ThreatMetrix protects more than 15,000 websites servicing more than 250 million consumer accounts who in turn execute tens of billions of transactions per year on a global basis. ThreatMetrix stops cybercrime, not customers, by using real-time identity, fraud and security analytics powered by the world’s largest trusted identity network. By creating an anonymized digital identity of consumers based on device, persona and behavior from every interaction (account origination, login and access, and purchase) and comparing it in real time to previous activities, ThreatMetrix enables enterprises to accurately identify good customers from cybercriminals – regardless of channel.

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions leveraging a global shared digital identity network and real time customer driven analytics platform.  These solutions help customers differentiate between trusted users and potential fraud resulting in reduced friction, incremental revenue and lower fraud and operational costs.

ThreatMetrix secures customers against account takeover, payment fraud, fraudulent account registrations resulting from malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over one billion monthly transactions and protects more than 250 million active user accounts across 3,000 customers and 15,000 websites and mobile applications. ThreatMetrix is deployed by industry leaders across financial services, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

 

 

 

 

 

 

 

Apple Watch Could Be a Real Steal

Posted on March 25th, 2015 by Dan Rampe

Apple Watch

Time Will Tell Whether Apple Watch Increases Fraud by Making It Easier and Cheaper to Use Stolen Data for In-Store Purchases

Using Apple Pay on iPhone 6 and stolen credit card numbers, cybercriminals have been buying high-end goods at brick-and-mortar stores, especially Apple stores. Experts have a one word description for this fraud — “rampant.”

If things look bad now, Al Sacco in his piece on cio.com says just wait until Apple Watch is released in April. The following has been excerpted from Sacco article and edited to fit our format. You may find the full unedited story by clicking on this link.

For cheap crooks

[Apple Watch], when it’s released in April, could take [the hike in fraud using Apple Pay] further, because it also supports Apple Pay and offers a cheaper option than buying a new iPhone, at least without a carrier subsidy.

How Apple Pay works Apple Watch

To add payment cards to Apple Watch, you simply open up the companion iOS app, which is now available in iOS 8.2, and use the Passbook & Apple Pay option to enter credit card data. After you save the information, and Apple runs a quick check for potential red flags, you’re good to go. (It’s unclear whether or not the Watch will automatically import payment information iPhone 6 users already store in Passbook.)

Next, you head on over to a local retailer with NFC-compatible POS terminals, pick up some goodies, head to the cashier, double-tap the bottom button on the side of the Watch and then hold it close to the payment terminal.

Security

For security purposes, you have to authenticate yourself via a passcode anytime you remove and replace the Watch and then try to access Apple Pay.

[While] Touch ID authenticates Apple Pay purchases when you use an iPhone 6, a passcode protects your card information when you pay via Apple Watch. After you type in your code once, you don’t have to retype it to make additional payments — as long as you don’t remove the device, causing it to break contact with your skin.

Apple Watch and Apple Pay fraud

[You] need an iPhone to do just about anything on the Apple Watch. It is, after all, a companion device, and without an iPhone buddy it does little more than track your steps and, you know, tell time.

Apple Watch and cheap iPhone cost less than iPhone 6

[Cybercriminals] who exploit Apple Pay to make fraudulent purchases don’t steal iPhones to use owners’ payment information. Rather, they buy or steal card data from another source and then add it to their own iPhones and use Apple Pay to turn that data into something physical that can be used in stores.

Today, you need an iPhone 6 or iPhone 6 Plus to perpetrate such a crime, because they’re the only Apple devices that support in-store Apple Pay. Both of these devices are relatively expensive….However, the Apple Watch works with earlier iPhones, including the 5 and 5s. Starting on April 10, bad guys will be able to purchase the cheapest version of Apple Watch for $349 and then jump on eBay (or some similar site) and snag a used iPhone 5 or 5s for as little as 99 cents.

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions leveraging a global shared digital identity network and real time customer driven analytics platform.  These solutions help customers differentiate between trusted users and potential fraud resulting in reduced friction, incremental revenue and lower fraud and operational costs.

ThreatMetrix secures customers against account takeover, payment fraud, fraudulent account registrations resulting from malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over one billion monthly transactions and protects more than 250 million active user accounts across 3,000 customers and 15,000 websites and mobile applications. ThreatMetrix is deployed by industry leaders across financial services, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

 

“Unsafe at Any Speed” — Even Standing Still

Posted on March 25th, 2015 by Dan Rampe

car on internet

Senator Proposes New Rules of the Road for Connected Cars That Leave Drivers Open to Invasions of Privacy and Cyberattack

When Ralph Nader’s Unsafe at Any Speed was published half a century ago accusing car manufacturers of resistance to spending money on safety, it caused a sea change in the auto industry. No. Not amphibious cars. But, it did lead to mandatory seat belt laws and the introduction of a host of other safety features.

Recently Sen. Ed Markey of Massachusetts released a report on the risks of cyberattack and loss of privacy posed by cars connected to the Internet. In a statement, he warned that “automakers haven’t done their part to protect us from cyber-attacks or privacy invasions [adding that even] as we are more connected than ever in our cars and trucks, our technology systems and data security remain largely unprotected.”

In her piece on washingtonpost.com, Andrea Peterson explores the many questions raised by the new Internet of Things smart cars and a few answers. The following has been excerpted from her piece and edited to fit our format. You may find the full article by clicking on this link.

Who’s foot is on the brake pedal?

Cybersecurity experts have long warned that cars’ electronic systems might be vulnerable to hackers, especially as auto-makers started building wireless connections to the outside world into vehicles. Researchers Charlie Miller and Chris Valasek demonstrated how to take over the steering and brakes of a Ford Escape and a Toyota Prius using a laptop connected to the vehicles with a cable in 2013.

Many attack surfaces

Last year, the pair released a report detailing the wireless “attack surfaces” of a wide variety of vehicles on the market — things like Wi-Fi, keyless entry systems, and Bluetooth that might be targeted by a malicious hacker.

Inconsistent and haphazard

Nearly all cars on the market “include wireless technologies that could pose vulnerabilities to hacking or privacy intrusions,” according to Markey’s report…. Security measures to prevent remote access to a car’s electronic systems are “inconsistent and haphazard across all automobiles” and many manufacturers “did not seem to understand” the questions the legislator was asking. However, most manufacturers were either unaware or unable to report on previous hacking incidents.

“Cavalry” involved

Other groups have raised concerns about the security practices of auto-makers. I am the Cavalry, a group focused on where computer security intersects with physical safety, has urged vehicle manufacturers to adopt a five-star-style rating system for security best practices, akin to the ratings for traditional vehicle safety.

Your car is listening

The report also found that modern cars collect a significant amount of information on driving history and that drivers often cannot opt out of data collection without disabling features such as navigation. “A majority of automakers offer technologies that collect and wirelessly transmit driving history data to data centers, including third-party data centers, and most do not describe effective means to secure the data,” it said.

Markey calls for new regulatory standards

[Markey] calls for the National Highway Traffic Safety Administration to set new regulatory standards with input from the Federal Trade Commission. The standards should ensure that car’s wireless and data-collection features protect against hacking and security breaches, require that carmakers test their systems with penetration testing, require drivers be explicitly told about how data is collected and used, and give drivers a way to opt out of such features, the report argues.

Rules of the road enforced

“We need to work with the industry and cyber-security experts to establish clear rules of the road – not voluntary agreements – to ensure the safety and privacy of 21st-century American drivers,” Markey said.

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 850 million monthly transactions and protects more than 210 million active user accounts across 3,000 customers and 15,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

 

 

 

 

 

16 Million Mobile Devices Hit. Malware Infections Up 25 Percent.

Posted on March 24th, 2015 by Dan Rampe

Malware

Latest Study by French Telecom Equipment Company Alcatel-Lucent Shows 2014 Was a Banner Year for Bad Guys.

The Motive Security Labs division of Alcatel-Lucent recently published a report that found mobile device malware infections increased 25 percent compared with a 20 percent increase in 2013. Extrapolated out that comes to 16 million infected devices.

In his piece on zdnet.com, Leon Spencer highlights major findings from the report, officially titled, Motive Security Labs malware report – H2 2014. The following has been excerpted from Spencer’s zdnet.com story and edited to fit our format. You may find the full article by clicking on this link.

Mobile spyware big threat

[Six] of the mobile malware top 20 spyware…apps that are used to spy on the phone’s owner, and can track a phone’s location, monitor incoming and outgoing calls and text messages, monitor emails, and track a phone user’s web browsing.

Android devices now as popular with cybercriminals as Windows’ devices

[Android] devices have caught up with Windows laptops in terms of malware attack numbers, with infection rates between Android and Windows devices split 50/50.

iPhone and Blackberry not cybercriminals favorite target…yet

Less than 1 percent of infections came from iPhone and BlackBerry smartphones. However, new vulnerabilities, such as the “Find My iPhone” exploit discovered last year, have emerged in the past 12 months, showing that Apple is not immune from malware threats.

Owners not responsible

[The] growth in malware infections has been aided by mobile device owners not taking “proper” device security precautions. A recent Motive Security Labs survey found that 65 percent of the security platform subscribers expected their service provider to protect both their mobile and home devices.

Who’d ‘ve “thunk” it?

The report also found that, somewhat counter-intuitively, consumers who avoid shopping online out of fear that their credit or debit card information may be stolen may, in fact, be exposing themselves to greater risk. A spate of retail payment systems security breaches in 2014 showed that malware infections are more likely to be found on cash registers or point-of-sale terminals, rather than on online store payment portals.

Increase in DDoS

[Researchers] found that there was an increase in distributed denial-of-service (DDoS) attacks using network infrastructure components such as home routers, DSL modems, cable modems, mobile Wi-Fi hotspots, DNS servers, and NTP servers.

Additionally, the first DDOS attacks launched from mobile phones took place, suggesting how so-called “hacktivism” movements against the mobile infrastructure might be launched in the future….

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 850 million monthly transactions and protects more than 210 million active user accounts across 3,000 customers and 15,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

 

 

Browser Beware

Posted on March 23rd, 2015 by Dan Rampe

Browsers

Ponemon Survey of 645 Information Tech Companies Says Half of All Malware Was the Result of Web Browsers That Weren’t Secure

Less than a third of respondents thought major browsers had “effective security tools for blocking web-borne malware.” And, close to 70 percent of IT professionals thought browser-borne malware was getting worse and was “a more significant threat today than [just] 12 months ago.” These were among the observations brought to light in the Ponemon study as reported by Cory Bennett on thehill.com. The following has been excerpted from Bennett’s article and edited to fit our format. You may find his full article by clicking on this link.

An unsettling thought

Over three quarters [of IT professionals] thought it was certain or very likely their organization had an undetected infiltration from browser-based malware.

Google hunting for bugs

[Google is taking …steps to root out more bugs in its Chrome browser, which recently became the second-most popular browser behind Microsoft’s Internet Explorer.

The [company] said it [would] start giving no-strings-attached grants to independent researchers to suss out flaws in its products, including Chrome. The company will post vulnerabilities they are looking to eradicate and will dole out up to $3,133.70 to researchers willing to take a shot at it.

The hunt gets harder

Since 2010, Google has rewarded researchers if they discovered flaws in Google products and services. The company said it’s adding the new grant program because these vulnerabilities are increasingly difficult to find, after years of independent researchers and Google’s in-house team working on the issue.

“Of course, that’s good news, but it can also be discouraging when researchers invest their time and struggle to find issues,” said Google security engineer Eduardo Vela Nava.

Chrome chief beneficiary

Chrome has benefited from these rewards as much, if not more, than any other product, Nava said. In 2014, more than half of the Chrome bugs discovered by outside researchers were found in beta versions of the browser.

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 850 million monthly transactions and protects more than 210 million active user accounts across 3,000 customers and 15,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

 

 

 

 

Yah Who?

Posted on March 19th, 2015 by Dan Rampe

Yahoo

Yahoo Offers Optional On-Demand Password-Free Email Login. Now Unnecessary for Users to Remember Passwords to Login.

Last year, Yahoo suffered a massive hack that compromised Yahoo Mail usernames and passwords. In response to that attack, writes Samantha Murphy Kelly on mashable.com (link to article), “[Yahoo wanted] to provide a safe, encrypted way to keep accounts secure.”

How Yahoo’s password-free login works

Murphy writes that the “new on-demand login feature…sends…a specialized code to [users’] mobile devices to gain access. The code is generated only for that account [and] changes each time [users] log in.” The same password is never used twice.

For years, ThreatMetrix warned that passwords offer minimal security

In a 2013 blog titled “ThreatMetrix Strategies for Helping Your Business Avoid Its Own Password Apocalypse,” the company pointed to the 130 million people who had their identities stolen or bank accounts drained when Adobe and LivingSocial were breached (Since that time, of course, tens of millions more people have had their personal information compromised in breaches from Target to Anthem.) and noted that password systems were not up to the task of protecting those people.

Alisdair Faulkner, ThreatMetrix’s chief products officer, observed in the same blog:

“Retailers are caught between a rock and a hard place. They loathe introducing speed bumps, such as resetting passwords or requiring two-factor authentication, as these steps pose an inconvenience to their customers. It’s crucial to adapt effective technologies that can quickly identify potential threats without negatively impacting the user experience for customers.”

Other companies offering similar password protection to Yahoo’s

Murphy notes that “Many companies like Twitter, Facebook and Google have offered a similar option — two-factor authentication — for some time. This method is like double-locking your door at night (you need both a standard password and the messaged code to enter). Yahoo differs because you don’t need a permanent password, just the one that the company sends you on demand.”

Even though Yahoo’s method differs slightly, no doubt there are going to be users who are turned off by having to jump through hoops just to check their email.

What happens if Yahoo email user loses his device or has it stolen?

Writing on techcrunch.com (link to article), Jon Russell notes that “if you lose your phone, the person in possession of it has a ticket into your email. In some cases, if you get SMS notifications on your lock-screen, the on-demand password will show up even if your phone is locked. So, if you lose it, the person who picks it up doesn’t even need to know your passcode to get into your Yahoo account once they know your ID.”

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions leveraging a global shared digital identity network and real time customer driven analytics platform.  These solutions help customers differentiate between trusted users and potential fraud resulting in reduced friction, incremental revenue and lower fraud and operational costs.

ThreatMetrix secures customers against account takeover, payment fraud, fraudulent account registrations resulting from malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over one billion monthly transactions and protects more than 250 million active user accounts across 3,000 customers and 15,000 websites and mobile applications. ThreatMetrix is deployed by industry leaders across financial services, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

 

Are You Treating Your Customers Like Criminals?

Posted on March 18th, 2015 by Dan Rampe

Standard-Header-Tony

Picture this: you head to your favourite restaurant for dinner – a place you visit often and are well known. After a delicious meal you try to pay the bill, only to be marched out to the cashpoint in the rain, as your credit cards have been rejected.

Sound humiliating?

Loyal online shoppers are currently being subjected to this exact type of treatment. Every day, retailers turn away valuable business because their web fraud systems lack the intelligence to identify that they are genuine customers.

And even if they are accepted, many ecommerce regulars are turned off by burdensome second level authentication such as 3DSecure, and abandon their basket.

Current fraud management systems make it difficult to separate authentic customers from cybercriminals – and sometimes misidentify fraudsters as genuine shoppers.

To add to this challenge, many shoppers log on from multiple devices, and businesses fail to recognise high value ecommerce consumers when they log on from their mobile device. It’s costing the retail sector millions.

How can retailers simplify customer authentication without letting in criminals?

A new approach is needed to create a frictionless online customer experiences. Instead of pouring budget into manual checks to stop legitimate customers falling into fraud filters, retailers need to adopt a single platform that provides comprehensive context-based authentication and personal recognition.

By treating people like people, businesses can provide real-time defence to minimise credit card fraud and account takeover risks, while keeping the customer experience hassle-free and protecting their account login.

And this method has proven benefits – context aware authentication solutions halve fraud losses and reduce cart abandonment rates by 50%, as well as cutting ‘false positive’ results (where genuine customers are identified as cybercriminals) by 70%.

To reduce your fraud management burden and improve ecommerce customer service, download our guide: “Are You Treating Your Customers Like Criminals?” and learn how etailers can increase sales conversions and create frictionless customer experiences.

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions leveraging a global shared digital identity network and real time customer driven analytics platform.  These solutions help customers differentiate between trusted users and potential fraud resulting in reduced friction, incremental revenue and lower fraud and operational costs.

ThreatMetrix secures customers against account takeover, payment fraud, fraudulent account registrations resulting from malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over one billion monthly transactions and protects more than 250 million active user accounts across 3,000 customers and 15,000 websites and mobile applications. ThreatMetrix is deployed by industry leaders across financial services, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

 

New ThreatMetrix TrustDefender Mobile App Enhancement Helps Businesses Meet PCI DSS

Posted on March 18th, 2015 by Dan Rampe

MRC

Extended Mobile App Reputation and Device Analysis Enables Businesses to Meet Latest Payment Card Industry Data Security Standards

ThreatMetrix’s latest TrustDefender Mobile release, the mobile software development kit (SDK), helps ThreatMetrix customers identify fraudulent behavior and reduce friction for transactions originating from mobile apps.

Android and iOS devices

In addition to Android, the release extends ThreatMetrix’s industry-leading Mobile App Reputation and Integrity capability to iOS devices.

Dean Weinert, ThreatMetrix director of mobile products, on stopping malware apps from different vendors

“One of the challenges our customers face in the mobile channel comes with the explosion of apps from a multitude of different vendors – many of which are used as vehicles to deliver malware. It’s important for businesses to distinguish between real, trusted apps and apps that have been altered, but that requires a significant amount of data, especially for mobile devices. ThreatMetrix provides a solution that is lightweight on users’ devices, putting those device attributes and threat risks into our digital identity network. The network is constantly learning about the growing mobile attack surface so our customers don’t have to.”

One billion transactions analyzed each month

This month, ThreatMetrix announced that the ThreatMetrix Global Trust Intelligence Network (The Network), the largest digital identity network in the world, has reached one billion transactions analyzed monthly, more than 250 million of which originate from mobile devices from more than 200 countries. The ThreatMetrix mobile solution further enhances the value of The Network by creating an anonymized digital identity of consumers based on device, persona and behavior from every transaction and comparing it in real time to previous activity. This growing network enables ThreatMetrix customers to understand users and associated devices, gain effective fraud intelligence without in-house expertise and ensure application integrity to stop fraud, not customers.

Vanita Pandey, ThreatMetrix senior director, strategy and product marketing, on the expansion of mobile in banking and ecommerce

“Mobile and other connected devices are fast becoming the leading way for users to access commerce and banking services. Mobile is the biggest emerging opportunity and risk for businesses and financial institutions trying to deliver frictionless experiences to their customers. Continued growth of mobile payments and banking will lead to stricter rules and regulations to secure these transactions.”

New mobile 2015 Payment Card Industry Data Security Standards

The recently instituted 2015 Payment Card Industry Data Security Standards (PCI DSS) for mobile devices are now stricter, including requirements for detecting rooted or jailbroken devices, detecting malware, and more.

The latest release of TrustDefender Mobile delivers enhanced capabilities to meet these new standards including:

  • Mobile App Reputation extended to iOS devices in addition to Android – This provides protection against malware and malicious applications across these platforms. Leveraging the intelligence from The Network with real-time reputation data from more than 14 million applications, ThreatMetrix can identify and classify millions of mobile applications, compared to the hundreds identified by competitors.
  • New mobile-specific attributes analyzed – The newest attributes analyzed by ThreatMetrix include additional details of device networks and security, as well as details of application “deep linking” to further identify unique devices and more importantly, to highlight devices compromised by malicious actors and malware.
  • Continues to leverage The Network – As with all ThreatMetrix products, the newest release is fully integrated with the ThreatMetrix digital identity network and analysis engine to help stop cybercriminals across mobile and other connected devices, using a common set of intelligence and policies.

iOS gains in the marketplace could make it a more tempting target

“iOS drives a significant percentage of mobile commerce,” said Pandey, “During Cyber Week 2014, The Network found that 39 percent of transactions originated from mobile devices, with nearly 80 percent of those transactions originating from iOS. While Android is at higher risk for malware, iOS is more prevalent. Extending the Mobile App Reputation and Integrity capabilities of TrustDefender Mobile to iOS offers our customers a more consistent solution.”

Visit ThreatMetrix at MRC Vegas 2015

ThreatMetrix is sponsoring and exhibiting its latest TrustDefender Mobile capabilities in booth 119 at MRC Vegas 2015, the industry-leading conference for merchants to discuss the latest trends in risk and payments, March 23-26 in Las Vegas. ThreatMetrix will participate in several speaking sessions and panels at the event, including:

Merchant Focus Group – Tuesday, March 24

  • 12:15-1:30 p.m. PST, Bristlecone 3 Room
  • Speaker: Carmen Honacker, director of customer advocacy at ThreatMetrix
  • Topic: Building a Fraud Prevention Community (Invite Only)

Ignite Session – Tuesday, March 24

  • 4:00-5:00 p.m. PST, Pinyon 2 Room
  • Speaker: Bert Rankin, chief marketing officer at ThreatMetrix

Speaking Session – Thursday, March 26

  • 9:55-10:35 a.m. PST, Bristlecone 3 Room
  • Speakers: Carmen Honacker and Peter Zeigler, senior products manager at TripAdvisor
  • Topic: Beyond Device ID: Using Digital Identification to Reduce E-Commerce Fraud

Joint ThreatMetrix and TripAdvisor session at MRC Vegas

Attendees at the joint ThreatMetrix and TripAdvisor speaking session on the final day of MRC Vegas will learn why and how e-commerce businesses need to move beyond simple device identification through the use of cookies to include other criteria. Cookies are easily compromised by hackers and privacy-conscious users alike. To complicate matters, IP address information is dangerously easy to spoof by using proxies, virtual private networks (VPNs) and botnets. This session will discuss how e-commerce merchants can take into account the context of an online event, resulting in historical evidence of persona behavior across all data.

For more information on MRC Vegas, visit www.merchantriskcouncil.org/Pages/home.aspx.

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions leveraging a global shared digital identity network and real time customer driven analytics platform.  These solutions help customers differentiate between trusted users and potential fraud resulting in reduced friction, incremental revenue and lower fraud and operational costs.

ThreatMetrix secures customers against account takeover, payment fraud, fraudulent account registrations resulting from malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over one billion monthly transactions and protects more than 250 million active user accounts across 3,000 customers and 15,000 websites and mobile applications. ThreatMetrix is deployed by industry leaders across financial services, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

 

 

ThreatMetrix Advances Cybercrime Prevention with Extended Mobile App Reputation and Device Analysis

Posted on March 18th, 2015 by Dan Rampe

MRC

Latest Enhancements to ThreatMetrix TrustDefender™ Mobile Enables Businesses to Meet New Heightened Payment Card Industry Data Security Standards (PCI DSS)

San Jose, CA – March 18, 2015 – ThreatMetrix®, the fastest-growing provider of context-based security and advanced fraud prevention solutions, today announced the latest release of ThreatMetrix TrustDefender™ Mobile, the mobile software development kit (SDK) that helps ThreatMetrix customers identify fraudulent behavior and reduce friction for transactions originating from mobile applications. The newest release extends the industry-leading ThreatMetrix Mobile App Reputation and Integrity capabilities to iOS devices in addition to Android, and widens the breadth of attributes analyzed from mobile devices.

“One of the challenges our customers face in the mobile channel comes with the explosion of apps from a multitude of different vendors – many of which are used as vehicles to deliver malware,” said Dean Weinert, director of mobile products at ThreatMetrix. “It’s important for businesses to distinguish between real, trusted apps and apps that have been altered, but that requires a significant amount of data, especially for mobile devices. ThreatMetrix provides a solution that is lightweight on users’ devices, putting those device attributes and threat risks into our digital identity network. The network is constantly learning about the growing mobile attack surface so our customers don’t have to.”

This month, ThreatMetrix announced that the ThreatMetrix® Global Trust Intelligence Network (The Network), the largest digital identity network in the world, has reached one billion transactions analyzed monthly, more than 250 million of which originate from mobile devices from more than 200 countries. The ThreatMetrix mobile solution further enhances the value of The Network by creating an anonymized digital identity of consumers based on device, persona and behavior from every transaction and comparing it in real time to previous activity. This growing network enables ThreatMetrix customers to understand users and associated devices, gain effective fraud intelligence without in-house expertise and ensure application integrity to stop fraud, not customers.

“Mobile and other connected devices are fast becoming the leading way for users to access commerce and banking services,” said Vanita Pandey, senior director, strategy and product marketing at ThreatMetrix. “Mobile is the biggest emerging opportunity and risk for businesses and financial institutions trying to deliver frictionless experiences to their customers. Continued growth of mobile payments and banking will lead to stricter rules and regulations to secure these transactions.”

The recently instituted 2015 Payment Card Industry Data Security Standards (PCI DSS) for mobile devices are now stricter, including requirements for detecting rooted or jailbroken devices, detecting malware, and more.  ThreatMetrix’s mobile solution addresses these requirements. The latest release of TrustDefender Mobile delivers enhanced capabilities including:

  • Mobile App Reputation extended to iOS devices in addition to Android – This provides protection against malware and malicious applications across these platforms. Leveraging the intelligence from The Network with real-time reputation data from more than 14 million applications, ThreatMetrix can identify and classify millions of mobile applications, compared to the hundreds identified by competitors.
  • New mobile-specific attributes analyzed – The newest attributes analyzed by ThreatMetrix include additional details of device networks and security, as well as details of application “deep linking” to further identify unique devices and more importantly, to highlight devices compromised by malicious actors and malware.
  • Continues to leverage The Network – As with all ThreatMetrix products, the newest release is fully integrated with the ThreatMetrix digital identity network and analysis engine to help stop cybercriminals across mobile and other connected devices, using a common set of intelligence and policies.

“iOS drives a significant percentage of mobile commerce,” said Pandey, “During Cyber Week 2014, The Network found that 39 percent of transactions originated from mobile devices, with nearly 80 percent of those transactions originating from iOS. While Android is at higher risk for malware, iOS is more prevalent. Extending the Mobile App Reputation and Integrity capabilities of TrustDefender Mobile to iOS offers our customers a more consistent solution.”

ThreatMetrix is sponsoring and exhibiting its latest TrustDefender Mobile capabilities in booth 119 at MRC Vegas 2015, the industry-leading conference for merchants to discuss the latest trends in risk and payments, March 23-26 in Las Vegas. ThreatMetrix will participate in several speaking sessions and panels at the event, including:

Merchant Focus Group – Tuesday, March 24

  • 12:15-1:30 p.m. PST, Bristlecone 3 Room
  • Speaker: Carmen Honacker, director of customer advocacy at ThreatMetrix
  • Topic: Building a Fraud Prevention Community (Invite Only)

Ignite Session – Tuesday, March 24

  • 4:00-5:00 p.m. PST, Pinyon 2 Room
  • Speaker: Bert Rankin, chief marketing officer at ThreatMetrix

Speaking Session – Thursday, March 26

  • 9:55-10:35 a.m. PST, Bristlecone 3 Room
  • Speakers: Carmen Honacker and Peter Zeigler, senior products manager at TripAdvisor
  • Topic: Beyond Device ID: Using Digital Identification to Reduce E-Commerce Fraud

Attendees at the joint ThreatMetrix and TripAdvisor speaking session on the final day of MRC Vegas will learn why and how e-commerce businesses need to move beyond simple device identification through the use of cookies to include other criteria. Cookies are easily compromised by hackers and privacy-conscious users alike. To complicate matters, IP address information is dangerously easy to spoof by using proxies, virtual private networks (VPN) and botnets. This session will discuss how e-commerce merchants can take into account the context of an online event, resulting in historical evidence of persona behavior across all data.

For more information on MRC Vegas, visit www.merchantriskcouncil.org/Pages/home.aspx.

ThreatMetrix Resources

About ThreatMetrix

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions leveraging a global shared digital identity network and real time customer driven analytics platform.  These solutions help customers differentiate between trusted users and potential fraud resulting in reduced friction, incremental revenue and lower fraud and operational costs.

ThreatMetrix secures customers against account takeover, payment fraud, fraudulent account registrations resulting from malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over one billion monthly transactions and protects more than 250 million active user accounts across 3,000 customers and 15,000 websites and mobile applications. ThreatMetrix is deployed by industry leaders across financial services, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

© 2015 ThreatMetrix. All rights reserved. ThreatMetrix, TrustDefender ID, TrustDefender Cloud, TrustDefender Mobile, TrustDefender Client, the TrustDefender Cybercrime Protection Platform, ThreatMetrix Labs, and the ThreatMetrix logo are trademarks or registered trademarks of ThreatMetrix in the United States and other countries. All other brand, service or product names are trademarks or registered trademarks of their respective companies or owners.

Media Contacts
Dan Rampe
ThreatMetrix
Tel: 408-200-5716
Email: drampe@threatmetrix.com

Beth Kempton
Walker Sands Communications
Tel: 312.241.1178
Email: beth.kempton@walkersands.com