Internet Security: An Oxymoron?

Posted on July 24th, 2014 by Dan Rampe

Security

If you’re insecure about Internet security, Richard Adhikari’s article on technewsworld.com (Go to this link for his complete article.) won’t help you sleep any better. However, it could alert you to challenges that have to be overcome to keep the bad guys at bay. The following has been excerpted from Adhikari’s piece and edited to fit our format.

Security products are built around using outdated techniques, Randy Abrams, a research director at NSS Labs, told TechNewsWorld.

Information security has evolved over the past 40 years “in a way that has created a layered model that has added capabilities but deviates little from its core design,” he said. Security “chases the last known problem, while attackers focus on the next possible vector.”

Are vendors serving up flawed software?

[Roberto Martinez,] a security researcher at Kaspersky Lab, [said software] developers have to maintain a balance between security, functionality and ease of use when developing an application. “If priority is given to the functionality instead of application security, then the risk of a compromise is elevated. The complexity in requirements and architecture to run a program can be a factor too….”

[Chris Morales, practice manager, architecture and infrastructure, at NSS Labs added,] “The primary reason why applications are insecure is because developers generally are not security experts.”

Many parts make life hell

Many widely used PC applications and operating systems have millions of lines of code, and “it’s a statistically proven fact that new vulnerabilities are likely to get introduced per few thousand lines of code,” Rahul Kashyap, chief security architect at Bromium, pointed out.

Size is one issue, and the complex interactions between systems constitute another, Seth Hanford, manager of Cisco’s Threat Research Analysis & Communications, told TechNewsWorld.

Further, researchers constantly are discovering new ways to attack existing systems, “not because computers are better or faster, but just because of new investigations, insight or inspiration,” he said. We could be discovering more security flaws because we’re now paying more attention to security.

As for Pass-the-Hash [a hacking technique], that’s “an architectural part of Microsoft Windows,” Hanford stated. “Truly fixing that problem will require a change in the way Windows works.”

Other issues affecting security

Inadequate security training for developers, along with deadlines and budget constraints, may contribute to the existence of security flaws, Jerome Segura, senior security researcher for Malwarebytes, told TechNewsWorld.

Further, quality assurance testing “is often focused on finding typical bugs but not necessarily security vulnerabilities,” he pointed out.

Third-party libraries that may contain vulnerabilities themselves are a problem, Segura remarked, pointing to the Heartbleed flaw in OpenSSL that impacted hundreds of applications.

The nature of multipurpose OSes “makes it nearly impossible to effectively secure them,” NSS’ Abrams remarked.

Possible solutions

Security and risk professionals are considering replacing third-party AV tools with native OS AV augmented with one or more third-party alternatives such as application whitelisting, application privilege management, and endpoint execution isolation, according to Forrester.

However, “blacklisting is too reactive” and whitelisting “is not practical for end users,” Bromium’s Kashyap told TechNewsWorld.

“We need tools — programming languages, Web frameworks, even configuration guides — that make it hard to do the wrong thing,” Cisco’s Hanford suggested.

“…. As a security community, we need to do more … to identify the things that are hard to get right, important to solve, and critical to Web security, and ensure they are well and widely supported.”

In the meantime, enterprises should implement systems to monitor their networks and servers, detect anomalies, and identify any security incidents, Kaspersky’s Martinez suggested. Existing applications should be constantly audited for flaws. And, of course, systems should be patched and firewalls maintained.

ThreatMetrix® builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 500 million monthly transactions and protects more than 160 million active user accounts across 2,500 customers and 10,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

 

 

 

Second Year in a Row ThreatMetrix Makes AlwaysOn Top Private Innovative Companies Tech List

Posted on July 22nd, 2014 by Dan Rampe

AlwaysOn

For the second time in as many years, ThreatMetrix has been named as one of the AlwaysOn Global 250 Top Private Companies in the “B2B Cloud and Infrastructure” category.

Created by Red Herring founding editor, Tony Perkins, AlwaysOn connects the entrepreneurial community with information about events, sponsors, participants and more. Now, the AlwaysOn editorial team, venture capital partners and industry experts have selected their 2014 list of top companies based on innovation, market potential, commercialization, stakeholder value and media buzz. In short, these are the 250 companies that most represent leadership in global innovation and developing software and hardware solutions that are ushering in a new era of global prosperity.

“We’re honored to be selected among a talented group of companies making a promise to innovate solutions and disrupt fraud and cybercrime in the B2B arena,” said Reed Taussig, CEO, ThreatMetrix. “Our fraud and security solutions build off of the ThreatMetrix® Global Trust Intelligence Network (The Network), the most complete repository of device identification, threat assessments, identity and behavioral intelligence, which enables our customers – some of the world’s largest brands in e-commerce, financial services and other industries – to easily and accurately protect against fraudsters, while maintaining a positive user experience for trusted customers.”

In an innovative move, ThreatMetrix integrated its solution with Ping Identity’s PingFederate identity bridge leveraging context-based authentication with single sign-on. The integration enables enterprises to deliver secure, frictionless access to their business productivity applications.

ThreatMetrix also recently secured a $20 million round of Series E financing, further proof of the company’s continuing efforts to build innovative technologies and stay ahead of today’s sophisticated cybercriminals.

Winners of the AlwaysOn Global 250 Top Private Companies List will be honored July 29-30 at the Silicon Valley Innovation Summit in Mountain View, Calif. For a full list of winners, visit http://aonetwork.com/blogs/Announcing-the-2014-AlwaysOn-Global-250-Top-Private-Companies.

ThreatMetrix Resources

ThreatMetrix® builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 500 million monthly transactions and protects more than 160 million active user accounts across 2,500 customers and 10,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

 

 

 

 

No Such Thing as Small Fry in Cyberspace

Posted on July 21st, 2014 by Dan Rampe

Cybercrime

Cyberthieves Target Every Business Any Size All the Time

At the height of the subprime banking crisis, some companies were bailed out by the government because they were deemed “too big to fail.” Conversely, in the world of cybercrime, as a timesleader.com story points out (link to article), no company is too small to victimize.

Every business is at risk

A partial list from California’s attorney general shows the range and types of small businesses at risk — wine shops, dentist offices, colleges, gay and lesbian community centers, dog tag makers, sporting goods stores. So, who goes around targeting these businesses? Just about every kind of cybermiscreant you can think of: hackers; thieves who rip off office computers; disgruntled vendors who use stolen data to slander businesses or poach employees; ex-employees with an axe to grind.

Case in point

“80sTees.com of Pennsylvania discovered…someone believed to be a former high-ranking employee accessed the identities of customers all over the country. The retro shirt seller stopped accepting credit cards for four months, launched a new website and blocked all employees from accessing clients’ financial information.” You can imagine the resources in time and money this small company had to expend to put things right.

The cost of a small company breach

And, according to the National Small Business Association, 44 percent of respondents to a survey last year had been victims of at least one cyberattack, with an average $8,699.48 cost for each breach.

ThreatMetrix® builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 500 million monthly transactions and protects more than 160 million active user accounts across 2,500 customers and 10,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

Last Year Data Breaches Cost Almost Half a Billion Dollars with over 800 Million Records Compromised

Posted on July 16th, 2014 by Dan Rampe

The Economist

More than Enough Material to Merit a Special Report, “Defending the Digital Frontier” by the Legendary British Journal, The Economist

If your Economics 101 class was anything like the ones many of us had to endure, just the word, “economist”, is enough to have you racing to the closest Starbucks for a double Venti. Fortunately, The Economist’s report is a lot livelier than that economics class back in the day — likely one of the reasons the publication’s been around since 1843.

Anyway, The Economist’s just released “Defending the Digital Frontier” (You may find the complete report by clicking this link.), which explores everything from possible remedies to the different types of hackers, their motives and modes of operation and why they can be so difficult to track.

Tracing the exact source of an attack can be next to impossible if the assailants want to cover their tracks.

Over the past decade or so various techniques have been developed to mask the location of web users. For example, a technology known as Tor anonymizes internet connections by bouncing data around the globe, encrypting and re-encrypting them until their original sender can no longer be traced.

Conversely, some hackers are only too happy to let the world know what they have been up to. Groups such as Anonymous and LulzSec hack for fun (“lulz” in web jargon) or to draw attention to an issue, typically by defacing websites or launching distributed-denial-of-service (DDoS) attacks… Anonymous also has a track record of leaking e-mails and other material from some of its targets.

Criminal hackers are responsible for by far the largest number of attacks in cyberspace and have become arguably the biggest threat facing companies. Some groups have organized themselves so thoroughly that they resemble mini-multinationals. The police found that [one] group was paying salaries to its staff and had hired a marketing director to tout its software to hackers. It even maintained a customer-support team.

The report also argues that there is a need to provide incentives to improve cybersecurity.

One idea is to encourage internet-service providers (ISPs), or the companies that manage internet connections, to shoulder more responsibility for identifying and helping to clean up computers infected with malicious software (malware). Another is to find ways to ensure that software developers produce code with fewer flaws in it so that hackers have fewer security holes to exploit.

An additional reason for getting tech companies to give a higher priority to security is that cyberspace is about to undergo another massive change. Over the next few years billions of new devices, from cars to household appliances and medical equipment, will be fitted with tiny computers that connect them to the

web and make them more useful. Dubbed “the Internet of things”, this is already making it possible, for example, to control home appliances using smartphone apps and to monitor medical devices remotely.”

And the report contains a number of fascinating anecdotes.

One night in April a couple in Ohio was [awakened] by the sound of a man shouting, “Wake up, baby!” When the husband went to investigate, he found the noise was coming from a web-connected camera they had set up to monitor their young daughter while she slept. As he entered her bedroom, the camera rotated to face him and a string of obscenities poured forth.

The webcam was made by a company called Foscam, and last year a family in Houston had a similar experience with one of their products. After that episode, Foscam urged users to upgrade the software on their devices and to make sure they had changed the factory-issued password. The couple in Ohio had not done so. The problem arose even though Foscam had taken all the right steps in response to the initial breach, which shows how hard it is to protect devices hooked up to the internet.

ThreatMetrix® builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 500 million monthly transactions and protects more than 160 million active user accounts across 2,500 customers and 10,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

 

 

ProPay® Launches TSYS Guardian CyberShield in Partnership with ThreatMetrix® to Provide Advanced Fraud Prevention Solutions

Posted on July 15th, 2014 by Dan Rampe

Comprehensive Platform Accurately Differentiates Legitimate Customers from Fraudsters in Real Time

Lehi, Utah, and Columbus, Ga., July 15, 2014ProPay®, a TSYS® company, announced today a partnership with ThreatMetrix® to provide advanced fraud prevention solutions to its customers. Through this partnership, ProPay customers can have access to state-of-the-art tools to help protect them against cybercriminals. The solution — a cloud-based, real-time identity verification tool — helps validate returning customers and prospects, while protecting a wide range of transactions, including account creation, login authentication, and payment authorization.

TSYS Guardian CyberShieldSM, powered by ThreatMetrix, effectively differentiates between legitimate customers and potential fraudsters by leveraging the rich data and analytics in the ThreatMetrix® Global Trust Intelligence Network (The Network). This provides TSYS Guardian Cybershield access to the largest trusted identity network of shared intelligence, and provides insight into positive and negative behavior and threat intelligence ─ for both online personas and devices ─ using trust-based authentication. The Network sees more than 500 million monthly transactions, and protects more than 160 million active user accounts, 2,500 customers and 10,000 websites.

The Network empowers businesses to analyze the digital personas of website visitors in real time ─ including their previous online behaviors and transactions ─ before authorizing an online transaction. By doing so, TSYS Guardian Cybershield helps businesses reduce friction and arduous screening for legitimate returning online customers, while stopping cybercriminals in their tracks.

“We’re pleased to begin offering our customers more sophisticated fraud prevention and detection tools,” said Greg Pesci, president of ProPay. “The TSYS Guardian CyberShield, powered by ThreatMetrix, is just another example of our desire to provide a suite of payment solutions that allows our customers to focus on running their businesses while protecting against fraudsters.”

“While many businesses are challenged with determining whether or not an online transaction, account login or other activity is fraudulent, The Network provides TSYS Guardian CyberShield the capability to identify high-risk transactions in real time without disrupting the online experience of trusted customers,” said Bert Rankin, chief marketing officer of ThreatMetrix. “We’re thrilled to partner with TSYS and ProPay to provide the most comprehensive fraud prevention solution on the market to a growing customer base.”

About ProPay

Since 1997, ProPay has provided simple, secure and affordable payment solutions for organizations ranging from the small, home-based entrepreneur to multi-billion-dollar enterprises. ProPay is a leading provider of complete end-to-end payment security solutions designed to significantly reduce the client organization’s risk of having sensitive payment data compromised. ProPay is the recipient of the prestigious 2010 ETA ISO of the Year award. ProPay is a wholly owned subsidiary of TSYS (NYSE: TSS) and is a leader in payment data security. For information, visit www.propay.com or call 888.227.9856.

About TSYS

At TSYS® (NYSE: TSS), we believe payments should revolve around people, not the other way around. We call this belief “People-Centered Payments®.” By putting people at the center of every decision we make, TSYS supports financial institutions, businesses and governments in more than 80 countries. Through NetSpend®, A TSYS Company, we empower consumers with the convenience, security, and freedom to be self-banked. TSYS offers issuer services and merchant payment acceptance for credit, debit, prepaid, healthcare and business solutions.

TSYS’ headquarters are located in Columbus, Ga., U.S.A., with local offices spread across the Americas, EMEA and Asia-Pacific. TSYS is a member of The Civic 50 and was named one of the 2013 World’s Most Ethical Companies by Ethisphere magazine. TSYS routinely posts all important information on its website. For more, please visit us at www.tsys.com.

About ThreatMetrix

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission-critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 500 million monthly transactions and protects more than 160 million active user accounts across 2,500 customers and 10,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance. For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrixblog, Facebook, LinkedIn, and Twitter pages.

 

 

ThreatMetrix to Sponsor and Exhibit Context-Based Security Solutions at Cloud Identity Summit 2014

Posted on July 15th, 2014 by Dan Rampe

Cloud Summit

World’s Largest Identity Conference Will Bring Together Industry Leaders to Discuss Solutions for Today’s Identity Landscape

San Jose, CA – July 15, 2014 – ThreatMetrix®, the fastest-growing provider of context-based security and advanced fraud prevention solutions, today announced it is a Silver Sponsor and exhibiting at the upcoming Cloud Identity Summit 2014, held July 19-22 at the Monterey Conference Center in Monterey, Calif.

The Cloud Identity Summit is the largest annual event of its kind, bringing together top identity and security industry professionals. This year’s summit features workshops on a number of pressing identity topics, including identity management for today’s enterprise, the Internet of Things and identity management for the masses. Each year, these workshops serve as a roadmap to deploy solutions for the changing identity landscape.

“As businesses and technology continue to move to the cloud, enterprises are realizing the need to implement a modern security strategy to distinguish between good and bad actors at the point of sign-on before they even get a chance to access sensitive information,” said Bert Rankin, chief marketing officer, ThreatMetrix. “We’re excited to sponsor and exhibit at this year’s Cloud Identity Summit and to share our expertise in advanced fraud prevention and context-based authentication.”

This year’s Cloud Identity Summit host sponsor is Ping Identity and ThreatMetrix recently announced an integration with Ping Identity’s PingFederate® identity bridge. The integration leverages context-based authentication and single sign-on, which enables enterprises to deliver secure, frictionless access to their business and customer centric applications for all users.

The ThreatMetrix and Ping Identity integration works in three steps:

  • At the point of sign-on, ThreatMetrix – in real time – analyzes the connecting device, associated online personas, current transaction context and past behavior
  • This resulting analysis is used by a global policy engine that lets businesses define appropriate risk and trust levels to determine access
  • Based on achieving a predefined level of trust, users are granted access through Ping Identity’s PingFederate solution to all their associated applications and online resources

Following the Cloud Identity Summit, ThreatMetrix is participating in the Ping Cup competition on Wednesday, July 23. ThreatMetrix was chosen as one of five new integrations to demonstrate its solution in the competition and the winner will be awarded $2,002 to be donated to its charity of choice.

To register for the Cloud Identity Summit, visit https://www.cloudidentitysummit.com/events/cloud-identity-summit-2014/registration-e09252dca9f144cbbd77691980893949.aspx.

ThreatMetrix Resources

About ThreatMetrix

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 500 million monthly transactions and protects more than 160 million active user accounts across 2,500 customers and 10,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

© 2014 ThreatMetrix. All rights reserved. ThreatMetrix, TrustDefender ID, TrustDefender Cloud, TrustDefender Mobile, TrustDefender Client, the TrustDefender Cybercrime Protection Platform, ThreatMetrix Labs, and the ThreatMetrix logo are trademarks or registered trademarks of ThreatMetrix in the United States and other countries. All other brand, service or product names are trademarks or registered trademarks of their respective companies or owners.

Media Contacts
Dan Rampe
ThreatMetrix
Tel: 408-200-5716
Email: drampe@threatmetrix.com

Beth Kempton
WalkerSands Communications
Tel: 312.241.11178
Email: beth.kempton@walkersands.com

 

 

ThreatMetrix Exhibits Context-Based Security at World’s Largest ID Conference

Posted on July 15th, 2014 by Dan Rampe

Cloud Summit

The Cloud Identity Summit 2014 Runs from July 19-22 at the Monterey Conference Center in Monterey, California

ThreatMetrix is a Silver Sponsor of this year’s Cloud Identity Summit, the largest annual event of its kind designed to bring together the world’s top identity and security industry experts.

Workshops

The Summit features workshops that serve as a roadmap for deploying solutions for the ever-changing and evolving identity landscape. Workshops will cover:

  • Identity management for today’s enterprise
  • The Internet of Things
  • Identity management for the masses
  • And more

ThreatMetrix’s Chief Marketing Officer

“As businesses and technology continue to move to the cloud, enterprises are realizing the need to implement a modern security strategy to distinguish between good and bad actors at the point of sign-on before they even get a chance to access sensitive information,” said Bert Rankin, chief marketing officer, ThreatMetrix. “We’re excited to sponsor and exhibit at this year’s Cloud Identity Summit and to share our expertise in advanced fraud prevention and context-based authentication.”

Ping Identity

This year, the host sponsor of the Cloud Identity Summit is Ping Identity, whose PingFederate identity bridge has been integrated with ThreatMetrix security solutions. The integration leverages context-based authentication and single sign-on. Together they let enterprises provide users with secure, frictionless access to their business and customer-centric applications.

ThreatMetrix and Ping Identity 3-step integration:

  1. At the point of sign-on, ThreatMetrix – in real time – analyzes the connecting device, associated online personas, current transaction context and past behavior
  1. This analysis is used by a global policy engine that lets businesses define appropriate risk and trust levels to determine access
  1. Based on achieving a predefined level of trust, users are granted access to all their associated applications and online resources through Ping Identity’s PingFederate solution

The Ping Cup competition

Following the Cloud Identity Summit, ThreatMetrix, which was selected as one of five new integrations to demonstrate its solution, will participate in the Ping Cup competition on Wednesday, July 23. The winner will be awarded $2,002 to be donated to a charity of its choice.

To register for the Cloud Identity Summit, visit https://www.cloudidentitysummit.com/events/cloud-identity-summit-2014/registration-e09252dca9f144cbbd77691980893949.aspx.

ThreatMetrix Resources

ThreatMetrix® builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 500 million monthly transactions and protects more than 160 million active user accounts across 2,500 customers and 10,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

 

 

 

 

Millions Spend a Billion-a-Day in UK

Posted on July 14th, 2014 by Dan Rampe

BBA

BBA Report Has Brits Spending Close to £1 Billion (1.5 billion USD) per Day Using Mobile and Online Devices

The accounting firm, EY, and British Bankers Association (BBA) report, “The Way We Bank Now: It’s in Your Hands,” (link to report) notes that millions of UK customers use contactless cards (pocket-sized cards with embedded chips for processing and storing data), payment by mobile and SMS balance alerts. And, this year, in the UK, more than 15,000 people each day will be downloading banking apps.

Highlights from the report:

  • Internet and mobile banking is now used for transactions worth £6.4 billion (11 billion USD approximately) a week – up from £5.8 billion (9.9 billion USD approximately) last year.
  • Banking apps for mobiles and tablets have now been downloaded more than 14.7 million times – a 2.3 million rise since January at a rate of around 15,000 per day in 2014.
  • Internet banking services typically receive 7 million log-ins a day
  • Spending on contactless cards is expected to rise to £6.1 million (10 million USD approx.) a week this year – up from £3.2 million (55 million USD approximately) in 2013.

CEO of BBA

“This report shows just how enthusiastically the British public is embracing mobile banking, contactless cards and a range of other consumer-friendly banking technologies,” said Anthony Browne, chief executive of the BBA.

“This study shows that banks have, are and will continue to compete against one another to offer customers innovative technology. It’s a revolution putting more power in your hands.”

Mobile on the move

In his article on cbronline.com (link to article), Michael Moore cites Juniper Research’s prediction that more than 1.75 billion mobile phone users will be using their devices for banking by the end of 2019 compared to 800 million this year, and that countries like India and China will be driving this growth over the next several years.

Juniper Research’s Nitin Bhas, who wrote the report says, “The level of maturity in number and innovation of services being offered in the market across several geographical areas demonstrates that banks now regard the mobile channel as an indispensable revenue-stream.”

ThreatMetrix® builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 500 million monthly transactions and protects more than 160 million active user accounts across 2,500 customers and 10,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

 

 

 

Believe It or Not. Money May Be the Least of the Hassles Caused by ID Theft.

Posted on July 11th, 2014 by Dan Rampe

Identity Theft

“Who steals my purse steals trash…But he that filches from me my good name… makes me poor indeed.” — Othello Act 3, scene 3

Don’t believe money is the least of the problems identity theft causes? Okay, so maybe neither do we. But, Bob Sullivan on bobsullivan.net makes a good case for damage done by ID theft that’s not directly related to money. However, somewhere down the road, the bottom line is almost invariably the bottom line for the victim who’s stuck with a financial mess to clean up. And, even the process of cleaning up the mess costs time…and usually money.

In any case, Sullivan points out some surprising ways that ID theft hurts. The following has been edited to fit our format. You may find Sullivan’s complete article by clicking on this link.

1. Hurt Your Job Prospects

Many employers now routinely look at credit history when assessing job candidates. (About half, according to a 2012 study by the Society for Human Resource Management.) A report pockmarked by ID theft-related errors could sink your application. [Posting] your resume online or on job boards can also increase your chances of becoming an identity theft victim.

2. Cause Your Auto Insurance Rates to Rise

Virtually all auto insurers use credit scores to set rates, wherever it’s legal (California and Massachusetts ban the practice). A low score can hike premiums by 20% to 50%.  Insurers can’t outright reject you because of your credit score without telling you, but they can use the score to offer you higher rates without giving you an explanation.

3. Get You a Surprise Tax Bill

One form of ID theft known as SSN-only ID theft involves using a victim’s Social Security number in job applications, generally to fulfill government residency status requirements…. [If] the impostor ultimately fails to pay taxes, the Internal Revenue Service will try to collect from the rightful holder of the SSN.

4. Impact Your Social Security Income Credits

[Earnings] erroneously credited to an SSN can cause chaos when the rightful SSN holder tries to apply for benefits.

5. Slow Down Your Tax Refund

The Treasury Department’s inspector general says 1.6 million taxpayers were impacted by identity theft in the first six months of 2013….The IRS has massively stepped up its anti-ID theft efforts, and turned up its fraud filters, which means it has slowed down returns for many legitimate taxpayers.

6. Leave You with a Criminal Record/Get You Arrested

If a criminal is arrested and uses your name or your stolen driver’s license during booking, you could end up with a criminal record. Innocent people have been arrested during routine traffic stops and in front of their children, and some have even been thrown in jail for murder allegations.  The problem became so serious at one point that several states created a special document called an “Identity Theft Passport” to be carried by victims to prevent a wrongful erroneous arrest.

7. Kill You (Virtually)

July Rivers of Alabama … wanted to open [a bank] account. The bank refused… According to its information, she was dead. Soon, she found she was unable to get credit anywhere for the same reason…. A living, breathing human being could not convince financial institutions that she was alive. They trusted their databases instead…. Eventually she learned an ID thief was using her information and apparently decided that registering himself/herself as dead was the best way to run away from creditors. Rivers had to spend years cleaning up the mess. The Social Security Administration wrongly declares about 14,000 people dead every year.

8. Get You the Wrong Treatment at a Hospital

Doctors can create fake patients and file fake claims, for example. One such victim discovered falsified claims for psychiatric sessions when he applied for a job, according to the World Privacy Forum…. [Creation] of a [phony] medical record [may impact a] victim’s future treatment. Ponemon surveyed victims, who said…they’d experienced a misdiagnosis, (15%), mistreatment (13%), delay in treatment (14%), or were prescribed the wrong drugs (11%).

9. Keep Your Kids from Getting College Financial Aid

[This] crime is usually discovered when would-be college students fill out their first financial aid forms…. [Fraudulent] earnings that end up attached to an under-aged child can have a direct impact on that student’s eligibility for financial aid, and in extreme circumstances, delay enrollment in college.

ThreatMetrix® builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 500 million monthly transactions and protects more than 160 million active user accounts across 2,500 customers and 10,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

 

ThreatMetrix CEO to Speak at SINET Innovation Summit 2014

Posted on July 10th, 2014 by Dan Rampe

Reed Taussig, ThreatMetrix CEO, to Participate in a Panel on Protecting Against Emerging Trends in Cybercrime

San Jose, CA – July 10, 2014 – ThreatMetrix®, the fastest-growing provider of context-based security and advanced fraud prevention solutions, today announced it is speaking at the Security Innovation Network (SINET) Innovation Summit 2014, July 17 at The Times Center in New York.

The SINET Innovation Summit connects America’s three most powerful epicenters – Wall Street, Silicon Valley and the Beltway – to highlight the importance of industry, government and academic collaboration on joint research initiatives. The summit is designed to reinvigorate public-private partnership efforts and increase relationships that foster the sharing of information and joint collaboration on cybersecurity research projects.

Reed Taussig, CEO at ThreatMetrix, will participate in a panel at the summit titled “The Emerging Trends in Cyber Fraud and How to Defend Against It.” The panel will address the impact organized cybercrime has on our economy, where those threats are originating and the potential impact U.S. national security, among other pressing issues. Attendees will learn strategic and tactical solutions to combat organized cybercrime.

“The scope of cybercrime these days reaches above and beyond what many people recognize and a collective approach to cybersecurity is necessary to prevent evolving threats,” said Taussig. “In addition to the risks consumers and businesses face with increased online activity, our nation’s critical infrastructure faces more severe risks than ever before as water, power and other critical utilities move online. ThreatMetrix leverages the power of our comprehensive cybercrime data repository to help protect businesses across a wide range of industries – from financial services to government agencies – in real time and I’m looking forward to sharing our approach to cybersecurity with SINET Innovation Summit attendees.”

ThreatMetrix protects its customers and with its ThreatMetrix TrustDefender™ Cybercrime Protection Platform, which combines comprehensive data collection, behavioral analytics and ThreatMetrix® Global Trust Intelligence Network (The Network) to differentiate between authentic and fraudulent activity and protect against account takeover, payment fraud, fraudulent account registration and multi-channel Web fraud.

To register for the SINET Innovation Summit, visit http://www.security-innovation.org/innovation-summit_2014.htm.

ThreatMetrix Resources

About ThreatMetrix

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 500 million monthly transactions and protects more than 160 million active user accounts across 2,500 customers and 10,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

© 2014 ThreatMetrix. All rights reserved. ThreatMetrix, TrustDefender ID, TrustDefender Cloud, TrustDefender Mobile, TrustDefender Client, the TrustDefender Cybercrime Protection Platform, ThreatMetrix Labs, and the ThreatMetrix logo are trademarks or registered trademarks of ThreatMetrix in the United States and other countries. All other brand, service or product names are trademarks or registered trademarks of their respective companies or owners.

Media Contacts
Dan Rampe
ThreatMetrix
Tel: 408-200-5716
Email: drampe@threatmetrix.com

Beth Kempton
WalkerSands Communications
Tel: 312.241.11178
Email: beth.kempton@walkersands.com