Warning from ThreatMetrix: Summer Season’s Also Mobile Fraud Tix, Travel and Stolen ID Season

Posted on May 28th, 2015 by Dan Rampe

ThreatMetrix Offers Cybersafety Strategies to Prevent becoming a Victim While Booking Travel and Buying Tickets on Mobile Devices

Summer vacation. The sun’s up. The guard is down. And individual mobile app usage is on the rise. What a wonderful season for…cybercrime. And cybercriminals have a lot of potential victims to choose from.

Surveys say more Americans planning summer vacations using mobile devices

According to a recent survey by Orbitz.com and the University of Wisconsin, more than two-thirds (68 percent) of Americans plan to take at least one vacation this summer, with an increasing number booking hotels and flights online and via mobile devices. Travel-focused research firm PhoCusWrite estimates mobile travel apps will account for one-quarter of all U.S. online travel sales this year – driving more than $40 billion in revenue – much of which will be generated during the peak travel booking season of July and August.

Andreas Baumhof, ThreatMetrix chief technology officer, warns of huge mobile “app-ortunity” for cybercriminals

“While mobile devices are considered more secure than desktops to a certain degree, mobile apps on these devices can be a mess at times, so consumers must exercise caution when booking travel or purchasing tickets via these apps. As most hotel chains, airlines and ticketing companies have developed their own mobile apps, banks often do not have a holistic view of fraudulent activity across apps – and cybercriminals see this as an opportunity to compromise mobile apps for personal or financial gain.”

Beware of these risks

  • Downloading fraudulent apps – With nearly every hotel chain, airline and ticketing company having its own mobile app, cybercriminals create fraudulent apps that look authentic to the everyday consumer. Fraudulent apps can have malware that provides cybercriminals access to personal information that may be stored on devices. To avoid trouble, download official apps from the app store and not a third-party.
  • Accessing public Wi-Fi – Public Wi-Fi may save on mobile data usage, but it risks revealing personal information. Limit or eliminate using public Wi-Fi networks for banking and other financial activities. Be aware that cybercriminals often use these networks to intercept an individual’s connection and steal personal information or install malware.
  • Purchasing tickets from third party sources – Each year, more than five million Americans purchase fraudulent tickets to concerts, sporting events and other leisure activities. This risk is exacerbated by the increasing use of marketplaces such as Craigslist. Buying tickets from third parties you don’t know well, or from classified ad sites or scalpers can be risky. To not become a victim, purchase tickets from official event websites or approved resellers.
  • Storing personally identifiable information (PII) – A key reason many consumers use mobile devices is because it’s easy to store PII such as names, email addresses and credit card numbers. It can save time and keystrokes when returning to an e-commerce website or doing online banking. However, given the recent avalanche of data breaches, (783 in 2014), stolen consumer identities are often used without the individual’s knowledge. Therefore, consumers should limit the amount of PII stored on mobile devices – even if it means spending a few extra minutes to make a mobile transaction.

Baumhof on differentiating between fraudulent and authentic activity

“In light of recent high profile data breaches, hotel, airline and ticketing companies need an understanding of how stolen identities are used in order to differentiate between fraudulent and authentic activity, which can be done by leveraging global shared intelligence. Cybercriminals attempt to use stolen identities for activity such as credit card fraud, phishing and online transactions – and often sell stolen identities to underground crime rings. Shared global intelligence acts as a type of personal digital guardian that works and keeps consumers’ identities protected against getting burned by fraudsters in the summer months and year round.”

The ThreatMetrix Digital Identity Network for real-time intelligence via a persona-based profile

By leveraging a global trusted identity network such as the ThreatMetrix Digital Identity Network, businesses have access to real-time intelligence and protection via a persona-based profile. This safeguards consumers’ information, protecting them from fraudulent activity. It also creates a strong digital assessment on a global network that enables consistent risk assessments of data and creates a digital persona of users through mapping their online behaviors and devices. In this way businesses can differentiate between authentic and fraudulent online activities.

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions leveraging a global shared digital identity network and real-time, customer-driven analytics platform. These solutions help customers differentiate between trusted users and potential fraud resulting in reduced friction, incremental revenue and lower fraud and operational costs.

ThreatMetrix secures customers against account takeover, payment fraud, fraudulent account registrations resulting from malware, and data breaches. Underpinning the solution is the ThreatMetrix Digital Identity Network, which analyzes more than one billion monthly transactions and protects more than 250 million active user accounts across 3,000 customers and 15,000 websites and mobile applications. ThreatMetrix is deployed by industry leaders across financial services, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

 

 

FBI: Every 2 to 3 Days a New Large Scale Breach

Posted on May 27th, 2015 by Dan Rampe

FBI

Acting Assistant Director of the FBI’s Cyber Division Says Frequency of Breaches Surged from Weeks to Just Days

Unless they’ve never been online, watched TV, listened to radio or read a newspaper, there’s hardly a person over the age of ten (okay maybe five) who needs the FBI to explain that major breaches are happening all the time. However, it does take the FBI to put the frequency of those breaches in perspective.

James Trainor, acting assistant director of the FBI’s Cyber Division, speaking at an event hosted by Microsoft, observed that new, large-scale breaches occurred every two or three weeks. “Now,” said Trainor, “it is close to every two to three days.” Trainor added, “Those types of events, whether they concern a national security threat actor or a criminal actor, are ones we see on a much more regular basis.”

In an article on thehill.com, Elise Viebeck talks about how the FBI is positioning itself to fend off future attacks by working with businesses. The following has been excerpted from her piece and edited to fit our format. You may find the full article by clicking on this link.

Doubling or tripling the cybersecurity workforce

Trainor also said the cybersecurity industry needs to “double or triple” its workforce in order to keep up with hacking threats.

A top government priority

The remarks shed light on the FBI’s approach to investigating cyber crimes as online threats proliferate against U.S. businesses and government agencies.

Trainor, who called cybersecurity a “top priority” for FBI Director James Comey, said the agency has personnel embedded in embassies and law enforcement entities around the world.

An ally not a victim

The FBI treats breached companies “like a victim, not like they did something wrong” and tries to establish relationships prior to a cyberattack, he said.

As an example, he called the FBI’s relationship with Sony a “tremendous partnership” before and after the company was attacked last year.

“There were a lot of lessons learned from that in a very, very positive way,” he said.

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions leveraging a global shared digital identity network and real time customer driven analytics platform.  These solutions help customers differentiate between trusted users and potential fraud resulting in reduced friction, incremental revenue and lower fraud and operational costs.

ThreatMetrix secures customers against account takeover, payment fraud, fraudulent account registrations resulting from malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over one billion monthly transactions and protects more than 250 million active user accounts across 3,000 customers and 15,000 websites and mobile applications. ThreatMetrix is deployed by industry leaders across financial services, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

 

 

 

 

 

 

Anthem’s Response Took Edge Off Breach Negatives

Posted on May 26th, 2015 by Dan Rampe

Anthem

Survey Both Before and After Massive Breach Showed Anthem Faced Reduced Brand Damage by Way It Handled Breach

Anthem and health plans, Blue Cross and Blue Shield took “a hit in the brand” when hackers made off with 79 million customer records. As a result of the breach, there have been some 100 lawsuits seeking class-action status. So saying the brand hasn’t suffered is akin to the old line, “Other than that, how did you enjoy the play Mrs. Lincoln?”

However, a recent survey by Los Angeles-based Wedbush Securities of 1,022 consumers via the Internet both before and after Anthem disclosed the data breach, found that “while the data breach had a net negative impact, there is still a core group willing to pay more for the brand.”

In a story on ibj.com, J.K. Wall details what the Wedbush Securities survey found. The following has been excerpted from the Wall piece and edited to fit our format. You may find Wall’s complete article by clicking on this link.

A Wedbush analyst’s assessment

[Sara James wrote, “Brand] awareness and preference will be key, in our opinion, as Anthem continues to grow in the consumer sector of public and private exchanges as well as Medicare.
An 8 percent drop after breach

Before the data breach 51 percent of consumers said Anthem Blue Cross Blue Shield was a better brand than other insurers and after the breach, that figure dropped to 45 percent.
A 2 percent increase

[The 8 percent drop] was offset a bit by a 2-percent increase from other consumers who previously did not view Anthem as better, but changed their mind after seeing how Anthem handled the attack.
What Anthem did

Anthem passively enrolled all its customers in a basic identity theft protection program after the attack. It also gave members the option to sign up for more extensive protection, at Anthem’s expense.
Weeks before mailing instructions to customers

Anthem did not learn of the breach until Jan. 27—even though hackers first gained access to its systems on Dec. 10. Anthem made the breach public one week after discovering it, but then took several more weeks before mailing instructions to consumers telling them how to sign up for the ID theft protection service.
3 percent fewer willing to pay more for Anthem

Before the breach, 24 percent of consumers were willing to pay more to have an Anthem plan. But after the breach, only 21 percent were.

Nearly 11 percent of customers decreased the amount extra they would be willing to pay to have an Anthem plan over another insurer, with the average reduction being about 5 percent.
Willing to pay more after breach? Did we read that right?

But 7 percent of consumers, who had not been willing to pay a premium for Anthem plans, are now willing to do so based on Anthem’s response to the attack.
Young, old and Obamacare help Anthem

Wedbush found more favorable reactions to Anthem from younger and older consumers than from those in between. On the Obamacare exchanges, where Anthem has sold policies covering 898,000 people, the data breach actually helped Anthem, instead of hurting it.
Any company and every company can be a hack victim

James wrote, “The willingness to pay for the Anthem brand actually increased after the breach. We believe this could reflect the awareness of the younger exchange population to the proliferation of data breaches following hacking attacks on many large corporations and the willingness to pay more for a service that addresses the breach quickly and effectively.”

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions leveraging a global shared digital identity network and real time customer driven analytics platform.  These solutions help customers differentiate between trusted users and potential fraud resulting in reduced friction, incremental revenue and lower fraud and operational costs.

ThreatMetrix secures customers against account takeover, payment fraud, fraudulent account registrations resulting from malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over one billion monthly transactions and protects more than 250 million active user accounts across 3,000 customers and 15,000 websites and mobile applications. ThreatMetrix is deployed by industry leaders across financial services, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

 

 

EMV Chips Are a Good Idea. Right?

Posted on May 22nd, 2015 by Dan Rampe

EMV

With Wholesale Adoption Just Months Away, EMV Chips Show Downsides Cybercriminals Can Exploit to Defraud CNP Merchants

Is it the law of unintended consequences, Murphy’s Law, or some other cosmic statute that insists on a downside to just about every creation from bathtubs to beer?

Take the bathtub. Here is a device without which civilized society could not live in harmony (or at least proximity). Even this most benign and useful of objects has a downside. According to the United States Centers for Disease Control and Prevention (CDC), about two-thirds of accidental injuries happen in the bathtub or shower. (Yes, we looked it up.) Beer? Well, the Yin and Yang of beer is fairly self-evident – especially for people who’ve slipped in the bathtub after consuming too much of the stuff.

The EMV chip’s negatives

The EMV chip, which most security experts agree, will slash fraud at the register or Point-of-Sale (PoS) also has its downside. In a recent news release titled, Six Months Ahead of EMV Chip Deadline, ThreatMetrix Offers Strategies to Protect against Expected Increase in Online Fraud, Alisdair Faulkner, ThreatMetrix chief products officer observed, “From a consumer perspective, the shift to EMV is good news as it will make it harder for cybercriminals to counterfeit credit cards and conduct fraudulent purchases in stores. But from an online merchant perspective, as it becomes more difficult for cybercriminals to monetize on counterfeit cards, their goals are now going to shift to use [of] stolen credit card data through online channels. Right now – ahead of the October deadline – is the time for retailers to start implementing systems that look at cybercrime in context to combat the growing breadth and intelligence of fraud following the widespread adoption of EMV in the U.S.”

A note of caution sounded about EMV at the CardNotPresent.com Annual Conference and Expo

In his article on digitaltransactions.net, and based on interviews with key participants at the Conference and Expo, Kevin Woodward reports on types of fraud the EMV chip could foster. The following has been excerpted from his piece and edited to fit our format. You may find the full article by clicking on this link.

Stolen in transit

Though credit and debit issuers are staggering their chip card issuance, there remains a risk that criminals could intercept these mailings and use the cards to commit fraud, said Jackie Barwell, director of fraud product management at ACI Worldwide Inc., a … vendor of online payment security services.

One major concern of hers is that in the United States, EMV chip cards are active when mailed to cardholders, making them vulnerable to criminals who might steal them from mailboxes.

Online fraud to dramatically increase

“The challenge that comes with EMV moving forward, especially for card-not-present, is that fraud will dramatically increase,” said Terry Dooley, executive vice president and chief information officer for …Shazam Inc., a regional PIN-debit network.

Instead of criminals walking into a store to attempt to make a fraudulent transaction, they’ll go online….

Only 3 percent use 3D Secure technology to help reduce risk

Operated as Visa Inc.’s Verified by Visa and MasterCard Inc.’s SecureCode, 3D Secure systems try to replicate the point-of-sale experience by prompting cardholders to enter a secret code in a pop-up window when checking out from a retailer’s site. The measure is meant to reduce fraudulent online transactions.

“Only 3% of merchants use 3D Secure,” said Tricia Lines Hill, senior vice president of business development and marketing communications at First Atlantic Commerce, a…payment processor. “This has to change when EMV rolls out.”

Friction at the checkout hinders 3D Secure adoption

Many merchants balked at using the technology because they viewed it as disruptive to the checkout process, and not enough of their shoppers had payment cards that supported the technology.

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions leveraging a global shared digital identity network and real time customer driven analytics platform.  These solutions help customers differentiate between trusted users and potential fraud resulting in reduced friction, incremental revenue and lower fraud and operational costs.

ThreatMetrix secures customers against account takeover, payment fraud, fraudulent account registrations resulting from malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over one billion monthly transactions and protects more than 250 million active user accounts across 3,000 customers and 15,000 websites and mobile applications. ThreatMetrix is deployed by industry leaders across financial services, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

 

 

 

Aladdin Had a Genie. Alibaba Has Mobile Genius.

Posted on May 21st, 2015 by Dan Rampe

Alibaba

Since Going Public, Alibaba Has Been Taking Off Like a Rocket, Climbing from 91 Million Active Users Each Month to 217 Million

If you’re anything like us you may have on occasion confused Aladdin with Ali Baba. After all, they both begin with “A.” So here’s an easy device for telling them apart. Aladdin is the dude with the lamp who became a huge success when he rubbed it and the genie inside fulfilled all his wishes. Ali Baba? He’s the guy who outwitted forty thieves and became a huge success with two words, “open” and “sesame.” Also, he had a company named after him.

Now, how do you tell apart Alibaba, the company, from competitors like Amazon and eBay? That’s one of the points of an article about Alibaba on pymnts.com. The following has been excerpted from the pymnts.com piece and edited to fit our format. You may find the complete story by clicking on this link.

Leading in a global, mobile market

“Alibaba is very much a mobile company,” Joseph Tsai, Alibaba executive vice chairman said in the company’s third-quarter earnings call, confirming Alibaba’s position in the mobile commerce space. Of course, Alibaba has one huge advantage at their side: China’s population is more likely to have a smartphone than a computer to shop from – smartphone penetration in China is estimated to be around 45 percent.

Alipay the 21st century version of “Open sesame?”

Alibaba also has another tool in their mobile commerce book — and that’s Alipay, the mobile payment option that has north of 300 million users. Last quarter, Alibaba executives wouldn’t break out how many Alipay transactions are made, but they did reveal that Alipay accounts for 78 percent of transactions made on its eCommerce platforms.

Mobile apps has mobile sales trending up

“We believe that the continued trend towards mobile provides us with a unique advantage to deliver a better consumer experience, as well as more value to merchants, because mobile users shop more frequently and we can serve them more targeted search results. We believe the increasing use of our mobile apps will field significant future growth in our China commerce retail business,” Tsai said in the company’s Q3 earnings call.

Exceeding expectations

In Alibaba’s Q4 earnings call last week (April 7), CFO Maggie Wu also gave some indication of how Alibaba’s mobile commerce statistics have grown and how they expect it to be a major part of the company’s mobile strategy. While computers used to be the dominant force for online commerce (and very much is for most eCommerce companies still), Alibaba is seeing a rapid shift toward mobile.

“It already accounts for more than half of our total GMV. So that growth on mobile business pretty much exceeds everybody’s expectations, and that trend is continuing,” she said, later noting that the “mobile take rate should approach PC or even higher than PC.”

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions leveraging a global shared digital identity network and real time customer driven analytics platform.  These solutions help customers differentiate between trusted users and potential fraud resulting in reduced friction, incremental revenue and lower fraud and operational costs.

ThreatMetrix secures customers against account takeover, payment fraud, fraudulent account registrations resulting from malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over one billion monthly transactions and protects more than 250 million active user accounts across 3,000 customers and 15,000 websites and mobile applications. ThreatMetrix is deployed by industry leaders across financial services, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

 

 

“Privacy” Had IRS Protecting Criminal at Expense of ID Theft Victim

Posted on May 20th, 2015 by Dan Rampe

IRS

Bills Introduced in Both Houses Require IRS to Notify Victims When Their Social Security Number Has been Compromised

There’s a word that perfectly describes the situation that Wisconsin residents Robert and Debi Guenterberg found themselves in — Kafkaesque. The situation was so incredibly weird it’s even getting the Senate and House to act — albeit not exactly promptly.

In a story on fox6now.com, Bryan Polcyn reports on the case of the Internal Revenue Service (Not to be confused with the Federal Witness Protection program) protecting an ID thief’s privacy. The following has been excerpted from Polcyn’s piece and edited to fit our format. You may find the full story by clicking on this link.

In her own words

“Our federal agencies have known for years that this was going on,” Debi Guenterberg of Princeton, Wisconsin said. Ever since identity thieves ruined her husband’s credit, Guenterberg has been on a mission to change federal law. For years, the IRS knew a man was using her husband’s social security number to file his taxes. The government never told Robert Guenterberg his identity had been stolen because tax records are private — even the tax records of an identity thief.

“I can`t think of another crime. I can`t. I tried. I laid in bed last night, tossing and turning, thinking of any other criminal activity where you would get such privacy and protection. No, you don’t,” Debi Guenterberg said.

New bill introduced Co-sponsored by Sen. Johnson (R-Wisconsin) and Sen. Mark Warner (D-Virginia)

The Social Security Identity Defense Act of 2015 would require the IRS to notify individuals if the agency has reason to believe their social security number has been used to commit fraud. It would also require the IRS to notify law enforcement officials.

Companion bill to be introduced in House

Congressman Glenn Grothman (R-Wisconsin) is working on a companion bill that is expected to be introduced in the House in the next couple of weeks.

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions leveraging a global shared digital identity network and real time customer driven analytics platform.  These solutions help customers differentiate between trusted users and potential fraud resulting in reduced friction, incremental revenue and lower fraud and operational costs.

ThreatMetrix secures customers against account takeover, payment fraud, fraudulent account registrations resulting from malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over one billion monthly transactions and protects more than 250 million active user accounts across 3,000 customers and 15,000 websites and mobile applications. ThreatMetrix is deployed by industry leaders across financial services, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

 

 

 

 

 

High Court Suit Could Impact Data Breach Damages

Posted on May 19th, 2015 by Dan Rampe

Supreme Court

Supreme Court to Review Spokeo, Inc. v. Thomas Robins for Possible FCRA Violation. Result Could Apply to Data Breaches

If you’re not familiar with it, FCRA stands for the Fair Credit Reporting Act. FCRA regulates the collection, dissemination, and use of consumer information and expressly includes consumer credit information.

In his article on newsbreaks.infotoday.com, George H. Pike discusses the far-reaching implications of a Supreme Court decision on Spokeo, Inc. v. Thomas Robins for consumers suing for damages as the result of data breaches. The following has been excerpted from Pike’s piece and edited to fit our format. You may find the full article by clicking on this link.

The case

The case that the Supreme Court will review is Spokeo, Inc. v. Thomas Robins. Robins complained in a class-action lawsuit that Spokeo, a provider of personal information online, willfully violated the FCRA by posting inaccurate information about him. Also, Spokeo allegedly failed to follow “reasonable procedures” to ensure that its information was accurate, failed to provide proper notices about the use of its information, and failed to post toll-free telephone numbers that sources can use to address inaccurate information. Robins claimed that the inaccurate information impacted his ability to find a job, but in filing his lawsuit as a class-action lawsuit—representing not only himself but all others “similarly situated”—he focused more on the violations of the law rather than the injuries he suffered.

Was Robins damaged by possible misinformation

In the Robins case, the question of standing was based not on Spokeo’s alleged posting of inaccurate information, but on whether Robins had suffered an actual injury-in-fact as a result of the inaccurate information. Robins claimed that the information—which indicated he had greater wealth and a more advanced college degree than he actually had—contributed to his inability to find a job.

FRCA penalties

[The] FCRA includes a monetary penalty for a violation of at least $100 and as much as $1,000 to be paid to the consumer. The FCRA states, “Any person who willfully fails to comply with any requirement … is liable to that consumer in an amount equal to … damages of not less than $100 and not more than $1,000. …” The appellate court found that the availability of these damages met the injury-in-fact requirement for standing.

Potential law suits against Facebook, Google, Yahoo, eBay et al.

Spokeo’s appeal of this case to the Supreme Court was supported by the U.S. Chamber of Commerce; businesses such as Facebook, Google, Yahoo, and eBay; and the financial industry. Spokeo’s concern was that if a person can file a lawsuit—particularly a class-action lawsuit—by showing only that some legal violation occurred without being required to show that the violation actually caused harm, then businesses could be subject to potentially massive lawsuits for incidents that caused no or little actual harm.

“Supreme” ruling affect on data breaches

A similar outcome could apply to data breaches and other privacy violations. If a data breach takes place, but there is no resulting impact on consumers, those consumers might still have standing to pursue a personal or class-action lawsuit because the breach violated their privacy rights or violated a right created by a state or federal statute.

Under current law, most consumers have limited rights in the case of data breaches—mainly the right to be notified of the breach, to have consumer reporting services notified of the breach, and/or to get compensated for credit protection services.

Only actual victims of identity theft can file a lawsuit (under some but not all circumstances, depending on the specific law covering the breach), and then only to recover the costs associated with the breach.

Consumers’ right to sue

Consumer advocates argue that consumers must have the right to pursue litigation for data breaches or violations of privacy laws—not only to protect their rights, but also so the threat of lawsuits or liability serves as a balance against corporate excess or neglect in managing their data. A more stringent requirement for standing, they argue, would upset that balance.

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions leveraging a global shared digital identity network and real time customer driven analytics platform.  These solutions help customers differentiate between trusted users and potential fraud resulting in reduced friction, incremental revenue and lower fraud and operational costs.

ThreatMetrix secures customers against account takeover, payment fraud, fraudulent account registrations resulting from malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over one billion monthly transactions and protects more than 250 million active user accounts across 3,000 customers and 15,000 websites and mobile applications. ThreatMetrix is deployed by industry leaders across financial services, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

 

 

ThreatMetrix to Exhibit and Present on the Evolution of Fraud at the 2015 CNP Expo

Posted on May 18th, 2015 by Dan Rampe

Standard-Header-Steve

Dr. Stephen Topliss, Vice President Services and Support, will Participate in a Panel of E-Commerce and Fraud Prevention Experts

San Jose, CA – May 18, 2015 – ThreatMetrix®, the fastest-growing provider of context-based security and advanced fraud prevention solutions, is exhibiting and presenting at the 2015 CNP Expo, today through this Thursday, May 21, at the Caribe Royale in Orlando.

The CNP Expo is at the crossroads of e-commerce, software, mobile, retail and payments and was created to address the challenges of card not present (CNP) payments. It provides a meeting place for merchants, banks, processors, anti-fraud software providers, legal experts, alternative payment providers, card networks and others to learn how to leverage CNP payments in an increasingly multi-channel retail sales environment

Dr. Stephen Topliss, vice president services and support at ThreatMetrix, will participate in a panel titled, “Constant Evolution of Fraud,” on Tuesday, May 19 at 2:15 p.m. The panel will address how fraud attack methods are continuously changing and evolving based on several factors. Panelists will also discuss current challenges merchants face and the best ways to learn from these challenges in order to address advanced fraud and cybercrime threats. Other participants in the panel include executives from Backcountry.com, Tommy Bahama and Vesta.

“Given today’s advanced cybercrime threats, the most effective way for merchants and other businesses across industries to protect themselves and their customers is by sharing threat intelligence,” said Topliss. “To enable information sharing that stays one step ahead of constantly evolving fraud, we developed the ThreatMetrix Digital Identity Network, which protects more than one billion transactions per month by leveraging global shared intelligence to safeguard online identities.”

At the CNP Expo, ThreatMetrix will have a featured Solution Showcase on Wednesday, May 20 at 1:20 p.m., where attendees will have the opportunity to win a GoPro HERO4 Camera. ThreatMetrix will also exhibit at booth 415 during the expo.

According to the recent “ThreatMetrix Cybercrime Report: Q1 2015,” cybercriminals attempt approximately 25 million fraudulent transactions each month on the ThreatMetrix Digital Identity Network. Following recent high profile data breaches, retailers and other processing CNP transactions face payment and account takeover fraud as a result of cybercriminals using stolen credentials. This is particularly risky because many consumers use the same login credentials across websites so once one site is breached, this opens the door for fraud attempts against multiple retailers. Other trends leading to increased online risks outlined in the report include the shift toward new in-store technologies such as Apple Pay and Europay-MasterCard-Visa (EMV) cards.

For more info on the 2015 CNP Expo, visit: https://cardnotpresent.com/cnpexpo/default.aspx

ThreatMetrix Resources

About ThreatMetrix

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions leveraging a global shared digital identity network and real-time, customer-driven analytics platform. These solutions help customers differentiate between trusted users and potential fraud resulting in reduced friction, incremental revenue and lower fraud and operational costs.

ThreatMetrix secures customers against account takeover, payment fraud, fraudulent account registrations resulting from malware, and data breaches. Underpinning the solution is the ThreatMetrix Digital Identity Network, which analyzes more than one billion monthly transactions and protects more than 250 million active user accounts across 3,000 customers and 15,000 websites and mobile applications. ThreatMetrix is deployed by industry leaders across financial services, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

© 2015 ThreatMetrix. All rights reserved. ThreatMetrix, TrustDefender ID, TrustDefender Cloud, TrustDefender Mobile, TrustDefender Client, the TrustDefender Cybercrime Protection Platform, ThreatMetrix Labs, and the ThreatMetrix logo are trademarks or registered trademarks of ThreatMetrix in the United States and other countries. All other brand, service or product names are trademarks or registered trademarks of their respective companies or owners.

Media Contacts

Dan Rampe
ThreatMetrix
Tel: 408-200-5716
Email: drampe@threatmetrix.com

Beth Kempton
Walker Sands Communications
Tel: 312-241-1178
Email: beth.kempton@walkersands.com

Data Breaches Are Just “Fines” with California Department of Public Health

Posted on May 15th, 2015 by Dan Rampe

California DPH

California Department of Public Health Has Levied over $1.1 Million in Fines So Far This Year

Not halfway through 2015, the California Department of Public Health (DPH) has hit six hospitals and two healthcare providers with $1.1 million in fines for putting patients’ data at risk in incidents that occurred as far back as 2010. Considering that the online healthcare publication Payers & Providers says that DPH caps the fines it assesses at $250,000, the amount of the fines might have been considerably higher.

A piece on californiahealthline.org details the amounts each healthcare organization was fined for lost or stolen patient data that was inadequately secured or for inappropriate access to records by employees. The following has been excerpted from the californiahealthline.org story and edited to fit our format. You may find the full article by clicking on this link.

Reason for fines and amount assessed according to Payers & Providers:

  • $250,000 fine against San Francisco General Hospital for a 2011 incident in which an employee accessed 98 patients’ records without prior authorization
  • $250,000 fine against Huntington Memorial Hospital for a 2012 incident in which an employee accessed the records of 17 patients
  • $244,500 fine against Vale Healthcare Center for a 2013 incident in which a patient’s family member stole the records of 219 patients
  • $150,000 fine against Accent Home Healthcare for a 2013 incident in which the data of six patients was stolen from an employee’s car
  • $95,000 fine against Arrowhead Regional Medical Center for a 2011 incident in which a clerk accessed her husband’s medical records
  • $92,500 fine against Redlands Community Hospital for a 2010 incident in which three employees accessed the data of three separate employees who were being treated at the hospital
  • $25,000 fine against Torrance Memorial Medical Center for a 2011 breach of privacy incident in which two employees played a prank on another employee who had undergone surgery at the hospital
  • $6,000 fine against Colusa Regional Medical Center for a 2011 incident in which two nurses accessed a patient’s records

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions leveraging a global shared digital identity network and real time customer driven analytics platform.  These solutions help customers differentiate between trusted users and potential fraud resulting in reduced friction, incremental revenue and lower fraud and operational costs.

ThreatMetrix secures customers against account takeover, payment fraud, fraudulent account registrations resulting from malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over one billion monthly transactions and protects more than 250 million active user accounts across 3,000 customers and 15,000 websites and mobile applications. ThreatMetrix is deployed by industry leaders across financial services, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

 

 

 

Fed Report Sheds Light on Mobile Bank Usage

Posted on May 14th, 2015 by Dan Rampe

Federal Reserve Board

Federal Reserve Board Report Details How Consumers Use Their Mobile Phones for Mobile Banking and Mobile Payments

The fourth report by the Federal Reserve Board, “Consumers and Mobile Financial Services 2015, is the most recent to survey how consumers access banking and payment services using their mobile phones. The survey of 2,900 people was conducted from December 5 – 21, 2014 by GfK, an online consumer research firm.

Key findings

Following are key findings from the 76-page report. They’ve been extracted from the report itself and from an article on mobilepaymentmagazine.com (link to article) and edited to fit our format.

How consumers access financial services via mobile

  • 39 percent of mobile phone owners with a bank account used mobile banking in the 12 months prior to the survey, up from 33 percent in 2013 and 29 percent in 2012
  • 51 percent of smartphone owners with a bank account used mobile banking in the 12 months prior to the survey, up from 51 percent a year earlier
  • Among mobile phone users with bank accounts who do not currently use mobile banking, 11 percent think they will probably or definitely use it within the next 12 months, down from 12 percent a year earlier.
  • 94 percent of mobile banking is done to check account balances or recent transactions
  • Among mobile banking users, transferring money between an individual’s own accounts (61 percent) and receiving an alert (e.g., a text message, push notification, or e-mail) from their bank (57 percent) are the second and third-most common uses
  • 51 percent of mobile banking users have deposited a check using their mobile phone in the 12 months prior to the survey, up from 38 percent in 2013
  • 22 percent of mobile phone owners reported making a mobile payment in the 12 months prior to the survey, up from 17 percent in 2013 and 15 percent in 2012
  • Among mobile payment users with smartphones, the most common type was paying bills through an online system or mobile app (68 percent, up from 66 percent in 2013).
  • 39 percent of all mobile payment users with smartphones have made a point-of-sale payment using their mobile phone in the 12 months prior to the survey, in line with the 39 percent reporting such payments in 2013

Why some don’t do mobile banking

  • 86 percent of those who did NOT bank using mobile said their banking needs were being met without it
  • 75 percent said they believed it was easier to pay with cash or debit/credit cards
  • Concern about the security of the technology was a common reason given for not using mobile banking or mobile payments (62 percent and 59 percent, respectively)

Mobile phone use among unbanked and underbanked consumers

Note: Unbanked are, of course, people who do not use banks. Underbanked are those individuals or businesses that have poor access to mainstream financial services normally offered by banks

  • 13 percent of consumers are unbanked with 14 percent underbanked
  • Sixty-seven percent of the unbanked have access to a mobile phone, 65 percent of which are smartphones.
  • 90 percent of the underbanked have access to a mobile phone, 73 percent of which are smartphones
  • Forty-eight percent of underbanked consumers had used mobile banking in the 12 months prior to the survey.

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions leveraging a global shared digital identity network and real time customer driven analytics platform.  These solutions help customers differentiate between trusted users and potential fraud resulting in reduced friction, incremental revenue and lower fraud and operational costs.

ThreatMetrix secures customers against account takeover, payment fraud, fraudulent account registrations resulting from malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over one billion monthly transactions and protects more than 250 million active user accounts across 3,000 customers and 15,000 websites and mobile applications. ThreatMetrix is deployed by industry leaders across financial services, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.