ThreatMetrix Outlines Cybersecurity Pros and Cons for Consumers Purchasing the New iPhone 6

Posted on September 17th, 2014 by Dan Rampe

As Millions of Consumers Make the Shift to the Newest iPhone, They Must be Aware of Privacy Concerns and Fraud Shifting to Online Channels

San Jose, CA – September 17, 2014 – ThreatMetrix®, the fastest-growing provider of context-based security and advanced fraud prevention solutions, today announced the security pros and cons associated with some of the newest features of the iPhone 6 and the iPhone 6 Plus, both hitting shelves today.

“The most recent iPhone has received a ton of buzz, especially regarding some of its latest features such as Apple Pay, which has the potential to revolutionize the way consumers and retailers alike do business,” said Alisdair Faulkner, chief products officer at ThreatMetrix. “However, the fact remains that these features may also potentially make Apple the new prime target for cybercriminals all over the world, as the iPhone 6 increasingly becomes the remote control of its owners life.”

With 25 million iPhone users planning to upgrade their devices by the end of 2014, there are a multitude of security pros and cons associated with the features of the latest iPhones that those making the switch should be aware of prior to purchasing. These include:

  • Apple Pay a Safer Way– Passbook isn’t an entirely new feature of the iPhone, which previously enabled users to store purchased tickets and other virtual goods that they could then present on their iPhones in place of its physical counterpart. Now, Passbook enables users to register credit cards at the click of a button and access them for secure, one-touch transactions using the iTouch fingerprint reader. The Passbook does not store credit card details on the actual device or in iCloud. Instead it stores a token on a Secure Element. This means that any malware attempting to intercept a transaction will not be able to get access to the real credit card number. This is a net positive for transaction security.
  • Fraud Pushed from Banks to Online Merchants – With Apple supporting Near Field Communications (NFC) technology, this prevents store employees from taking copies of card data. In addition, when EMV payment systems become mandatory in the U.S. in October 2015, criminal gangs will shift more attention to online channels. Modern card terminals typically support both EMV payment systems and NFC, and the new Apple Pay functionality will further drive adoption of these new readers in stores. Unlike in-store purchases that are covered by banks, online merchants have to cover the costs of inadvertently accepting fraudulent transactions. The other major impact will be a significant increase in online credit card origination theft. If it’s more difficult to breach data in store and create counterfeit cards due to EMV payment systems and Apple Pay, then criminals will focus more efforts online.
  • Increased Account Compromise Risk – iCloud is like a remote control for users’ lives. If a hacker gains access to a username and password, which is often shared across sites, they can use the Find My Phone feature to not only disable Apple Pay purchasing from your device, but also get access to backup photos and remotely delete and reset your password as well. “Consumers have the opportunity to upgrade to two-factor authentication for better online protection as account compromise risks increase,” said Julie Conroy, research director at Aite Group. “However, very few consumers will do so due to inconvenience and added effort of such security measures.”
  • Privacy Concerns – Apple has stated that it does not track Apple Pay purchases, and that health data collected by HealthKit will remain encrypted on the phone and not stored on Apple’s servers, however there may be future business pressure to better monetize Apples iAd network. HealthKit App Developers need consent to access health data, but consumers do not have good ways of ensuring their data remains protected once data is stored off their phone.
  • Selling and Gifting Older Models – Many consumers will want to get rid of their older iPhone models and this can lead to multiple security risks, such as previously jailbroken devices, devices that have pre-stored malware and unwiped devices that still have personal information stored on them. Before selling or gifting older models, consumers must make sure that you have deleted all content (Settings > General > Reset > Erase All Content and Settings) and remove the devices from their iCloud accounts.

“The newest iPhone has the potential to be one of the most groundbreaking models to date,” said Faulkner. “However, consumers making the switch should be aware of the pros and cons of doing so, especially if they are in the first round of buyers. Consumers need to be mindful that the data they sync to iCloud is now likely only protected by a weak username and password combination.”

In the wake of the new potential threats to consumers’ sensitive information and privacy with the widespread adoption of the iPhone 6, businesses such as Apple need a way to protect their customers beyond simple username and password combinations with a collective, global network. The ThreatMetrix® Global Trust Intelligence Network analyzes more than 500 million monthly transactions and combines device identification, threat assessments, identity and behavioral intelligence to accurately identify cybercriminals without creating friction for good users.

ThreatMetrix Resources

About ThreatMetrix

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 850 million monthly transactions and protects more than 210 million active user accounts across 3,000 customers and 15,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

© 2014 ThreatMetrix. All rights reserved. ThreatMetrix, TrustDefender ID, TrustDefender Cloud, TrustDefender Mobile, TrustDefender Client, the TrustDefender Cybercrime Protection Platform, ThreatMetrix Labs, and the ThreatMetrix logo are trademarks or registered trademarks of ThreatMetrix in the United States and other countries. All other brand, service or product names are trademarks or registered trademarks of their respective companies or owners.

Media Contacts
Dan Rampe
ThreatMetrix
Tel: 408-200-5716
Email: drampe@threatmetrix.com

Beth Kempton
WalkerSands Communications
Tel: 312.241.11178
Email: beth.kempton@walkersands.com

 

 

 

Reminder: October Approval Expected for New EU Breach Notification Law

Posted on September 16th, 2014 by Dan Rampe

European Union

Law Applies to All Companies Doing Business in Europe

The European Union’s updated data protection law requires any business that suffers a data breach involving personal information to alert regulators and directly notify affected individuals “without undue delay.” What makes a delay an “undue delay”? Could there be some legal wiggle room?

In his article on bankinfosecurity.eu (link to article), Mathew J. Schwartz cites security expert Jacky Wagner, managing director at the consultancy PricewaterhouseCoopers, observing that current EU laws “don’t have any explicit requirement around notifying either regulators or individuals if there’s been some sort of breach of their personal information.”

Wagner adds, “”We’ve seen – over the last several years – most of the states in the U.S. pass notification laws that require explicit notification if an individual’s data has been breached.” The revised EU law includes a similar provision.

Schwartz writes that in addition to tough breach notification requirements, the measure also would require businesses of a certain size to hire data protection officers.

Included in the new law may be the” right to be forgotten” where EU Internet users could demand Google and other search engines remove certain sensitive information about them from searches.

While the new law may burden some businesses, it might help others who, instead of having to comply with a patch-work of regulations country-by-country, now only have to comply with one law.

ThreatMetrix® builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 500 million monthly transactions and protects more than 160 million active user accounts across 2,500 customers and 10,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

 

 

Who Says Mac OS X Doesn’t Need Malware Protection?

Posted on September 15th, 2014 by Dan Rampe

mac os x

…Not the 18 Companies Creating Anti-Malware for It

Okay, compared to attacks on Windows and Android operating systems, there are a lot fewer Mac attacks. Not exactly news. And the reason why is also not news. With fewer devices running OS X rather than Windows or Android, it just makes sense hackers would look for targets with better returns. Every day, independent test lab AV-TEST.org captures more than 400,000 new malware samples for Windows and 5,000 new samples for Android compared to less than 100 per month for Mac.

18 anti-malware products tested

In his piece on zdnet.com, Larry Seltzer discusses the 18 anti-malware products now available for OS X and how they made out in AV-TEST.org tests. The following has been excerpted from his article and edited to fit our format. You may find the full article by clicking on this link.

  • avast! Free Antivirus 9.0 (41877)
  • AVG AntiVirus 14.0 (4715)
  • Avira Free Antivirus 2.0.5.100
  • Bitdefender Antivirus for Mac 2.21.4959
  • Comodo Antivirus 1.1.214829.106
  • ESET Cyber Security Pro 6.0.9.1
  • F-Secure Anti-Virus for Mac 1.0.282 (13406)
  • G Data Antivirus for Mac 2.30.5095
  • Intego VirusBarrier 10.8.1
  • Kaspersky Internet Security 14.0.1.46c
  • McAfee Internet Security 3.1.0.0 (1702)
  • Microworld eScan for Mac 5.5-8
  • Norman Antivirus for Mac 3.0.7664
  • Panda Antivirus 10.7.8 (772)
  • Sophos Anti-Virus 8.0.23
  • Symantec Norton Internet Security 5.6 (25)
  • Trend Micro Titanium 3.0.1251
  • Webroot SecureAnywhere 8.0.6.105: 181

You can find complete results [on the a-v test.org site.] Five of the products (avast!, Sophos, AVG, Comodo and Avira) are free.

About testing methods

AV-TEST used “…the products which are offered at the AV vendor’s websites as downloads. The versions available at the Mac App Store might be limited in functionality, as they cannot access all APIs.”

AV-TEST provides test results for malware detection, both on-access and on-demand; false positives; impact on system performance; and ancillary features, specifically anti-spam, anti-phishing, personal firewall, safe browsing, parental control, backup and encryption.

How some products fared

The products from avast!, Bitdefender, G Data, Norman, ESET, Intego, Panda, Microworld, F-Secure, Sophos and Kaspersky detected a very high percentage of the malware on-access. AV-TEST also gives results for on-demand scanning, but their importance pales (in our opinion) in comparison to those of on-access. Kaspersky detected 95.2% on-access, several others detected 97.6% and 98.8% and four products detected 100% of malware on-access. All of these numbers are excellent, but obviously it doesn’t get better than 100%.

Disappointing products

Several products, all with well-known brands, had disappointing results. Trend Micro (33.3%), Webroot (22.6%) and McAfee (21.4%) all stand out in a bad way.

None of the products had a single false positive. This may be possible because of the relatively low number of samples.

Compared to PC products, the Mac products offer very few additional features. Eight of them add no extra features (as counted by AV-TEST). Only five offer more than one. The only real stand-out is ESET Cyber Security Pro, which offers anti-spam, personal firewall, safe browsing and parental control.

ThreatMetrix® builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 500 million monthly transactions and protects more than 160 million active user accounts across 2,500 customers and 10,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

 

 

 

 

 

They Could Call It “Click-Before-You-Think” Insurance

Posted on September 12th, 2014 by Dan Rampe

Chubb

Company Offers Insurance Against Losses from Socially Engineered Scams

In the U.S. Army, they used to call it the 10 percent — the 10 percent who didn’t get it no matter how often something was explained. Don’t click on a link in an email because the email appears to have come from the company’s bank. Don’t provide passwords and other private information to disembodied voices on a phone just because they say they’re IRS agents. Don’t click on a website’s URL unless you’re certain it’s genuine and not one that’s been set up to spoof a legitimate site with a URL spelling that’s a letter off.

According to the insurancejournal.com (link to article) (note this is a legitimate link), the Chubb Group’s Social Engineering Fraud Endorsement Insurance “provides coverage for an organization’s losses when an employee is tricked into making a payment through email, telephone, letter or other means to someone who purports to be a vendor or client.”

Greg Bangs, vice president and worldwide crime insurance manager for Chubb, notes, “As organizations continue to seek to improve their computer security, social engineering scams are taking aim elsewhere – at human beings. It’s easy for a thief to pose as a vendor and request by email that a payment be directed to a new bank account. The company may not realize it was defrauded until weeks or months later when the vendor sends out an overdue payment notice.”

Coverage is available up to $250,000 per occurrence, although higher limits may be available to qualified customers. Considering the millions or tens of millions one occurrence could cost, will $250,000 help organizations that have been compromised? Looks like it’s up to those organizations.

ThreatMetrix® builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 500 million monthly transactions and protects more than 160 million active user accounts across 2,500 customers and 10,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

 

 

 

If You’re One of the 25 Million iPhone Users Planning an Upgrade, There Are Things You Ought to Know

Posted on September 11th, 2014 by Dan Rampe

iPhone6-InfographicThreatMetrix’s Latest Infographic Analyzes the Security Pros and Cons of iPhone 6 and iPhone 6 Plus, Apple Pay, Passbook and Much More

By the time people get around to singing auld lang syne (or trying to), some 25 million iPhone users will have upgraded to iPhone 6 and iPhone 6 Plus (according to comScore) with all kinds of new features and capabilities. You might like to check the review on techradar.com.

When it comes to security, like most new technologies, Apple’s latest products and services come with pluses and minuses. ThreatMetrix’s new infographic takes up the security pros and cons of Passbook, which enables users to upload and store credit cards including iTunes credit cards; NFC technology, enabling users to make one-touch contactless payments; Find My Phone which lets users stop Passbook payments when a device is lost; Apple Pay which works with American Express, MasterCard and Visa to make contactless payments possible; and selling and gifting older models.

With the vast numbers of people expected to be using Apple Pay and Passbook, ThreatMetrix believes security should not fall only on the shoulders of consumers, but rather there should be an emphasis on customer account protection to ensure security across the board.

ThreatMetrix® builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 500 million monthly transactions and protects more than 160 million active user accounts across 2,500 customers and 10,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

 

 

 

ThreatMetrix Execs to Speak on Real World Apps of Big Data Analytics at ISMG Fraud Summits

Posted on September 11th, 2014 by Dan Rampe

ISMG

Andreas Baumhof, Chief Technology Officer and Alisdair Faulkner, Chief Products Officer to Present at Information Security Media Group (ISMG) Annual Fraud Summits in Toronto, London and NYC

ISMG’s fraud summits will take place in Toronto on September 17th, London on September 23rd and in New York on October 21st.

At the Toronto summit, Andreas Baumhof will speak on the “Real World Applications of Big Data Analytics – Social Network Analysis and Post Breach Fraud Detection” panel focusing on how big data is being used to detect and prevent fraud. Specifically, the panel will focus on two use cases that are currently providing significant real-world value: social network analysis and post breach fraud detection.

Subsequently, Alisdair Faulkner will be presenting at both the London and New York summits.

“At ThreatMetrix, we know a collective approach to cybersecurity through the use of big data is far more effective than leaving every entity to fend for themselves,” said Bert Rankin, chief marketing officer at ThreatMetrix. “We’re thrilled to lend our expertise to ISMG for another round of their groundbreaking fraud summits.”

ISMG, which publishes BankInfoSecurity, CUInfoSecurity and InfoRiskToday, hosts the one-day events to showcase the top fraud trends of 2014. Supported by ThreatMetrix and other industry leading companies and associations such as (ISC)2, ISSA, ACT Canada, Interac, the summits offer a forum for experts to share practical insights to help combat the many forms of fraud impacting financial institutions, retail, card issuers, and law enforcement.

Summit attendees have an opportunity to get information from top experts in the industry, including attorneys, analysts, researchers and banking/security practitioners on topics ranging from account takeover to retail breaches, the mobile banking threatscape and bank Trojans.

In addition to ThreatMetrix’s Alisdair Faulkner and Andreas Baumhof, other confirmed speakers for upcoming summits include Julie Conroy of Aite, Tim Webb of RBS Citizens Bank, Dan McKenzie of RBC Bank and Mark Sullivan of Interac Association.

For more information, schedules and to register for the individual events, please visit http://www.ismgcorp.com/fraudsummit?rf=thrtmtrx.

ThreatMetrix® builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 500 million monthly transactions and protects more than 160 million active user accounts across 2,500 customers and 10,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

 

 

ThreatMetrix to Present Real World Applications of Big Data Analytics at ISMG’s Fraud Summits

Posted on September 11th, 2014 by Dan Rampe

ThreatMetrix Executives to Participate in Three of the Top Security Publisher’s Unique One-Day Fraud Summits

San Jose, CA – September 11, 2014 – ThreatMetrix®, the fastest-growing provider of context-based security and advanced fraud prevention solutions, today announced it will present at the Information Security Media Group (ISMG) annual Fraud Summits in Toronto, London and New York on September 17, Sept. 23 and Oct. 21, respectively.

Andreas Baumhof, chief technology officer at ThreatMetrix, will speak on a panel at the Toronto summit entitled “Real World Applications of Big Data Analytics – Social Network Analysis and Post Breach Fraud Detection.” The panel will focus on how big data is being used to detect and prevent fraud, specifically focusing on two use cases that are currently providing significant real-world value: social network analysis and post breach fraud detection. Additionally, Alisdair Faulkner, chief products officer at ThreatMetrix, will present at the London and New York summits.

“At ThreatMetrix, we know a collective approach to cybersecurity through the use of big data is far more effective than leaving every entity to fend for themselves,” said Bert Rankin, chief marketing officer at ThreatMetrix. “We’re thrilled to lend our expertise to ISMG for another round of their groundbreaking fraud summits.”

ISMG, publisher of BankInfoSecurity, CUInfoSecurity and InfoRiskToday hosts the one-day events to showcase the top fraud trends of 2014. The ISMG summits, supported by industry-leading companies and associations such as (ISC)2, ISSA, ACT Canada, Interac, and most recently ThreatMetrix, are the forum for experts to share practical insights to help combat the many forms of fraud impacting financial institutions, retail, card issuers, and law enforcement. Attendees will hear from top experts in the industry, including attorneys, analysts, researchers and banking/security practitioners on topics ranging from account takeover to retail breaches, the mobile banking threatscape to banking Trojans. Other confirmed speakers for upcoming Fraud Summits include Julie Conroy of Aite, Tim Webb of RBS Citizens Bank, Dan McKenzie of RBC Bank and Mark Sullivan of Interac Association.

“The Fraud Summits focus exclusively on the top fraud trends impacting organizations and the mitigation strategies to overcome those challenges,” said Tom Field, vice president of editorial at ISMG. “Attendees enter these day-long sessions with questions, and they leave with new answers.”

The Fraud Summit 2014 series will be held at conference centers all over the world that provide easy access to public transportation and major highways. For more information, schedules and to register for the individual events, please visit http://www.ismgcorp.com/fraudsummit?rf=thrtmtrx.

ThreatMetrix Resources

About ThreatMetrix

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 500 million monthly transactions and protects more than 160 million active user accounts across 2,500 customers and 10,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

© 2014 ThreatMetrix. All rights reserved. ThreatMetrix, TrustDefender ID, TrustDefender Cloud, TrustDefender Mobile, TrustDefender Client, the TrustDefender Cybercrime Protection Platform, ThreatMetrix Labs, and the ThreatMetrix logo are trademarks or registered trademarks of ThreatMetrix in the United States and other countries. All other brand, service or product names are trademarks or registered trademarks of their respective companies or owners.

Media Contacts
Dan Rampe
ThreatMetrix
Tel: 408-200-5716
Email: drampe@threatmetrix.com

Beth Kempton
WalkerSands Communications
Tel: 312.241.11178
Email: beth.kempton@walkersands.com

 

 

Healthcare System Coughs Up Data on Well Over 30 Million Patients

Posted on September 8th, 2014 by Dan Rampe

Healthcare

In the Last 5 Years, 944 Major Health Breaches Affected 30.1 Million Patients

The U.S. Department of Health and Human Services (HHS) defines a major breach as one that affects at least 500 people. So NOT included in the 30.1 million patients are, for example, the 165,135 patients in 21,194 smaller breaches (that’s only for 2012). Also not included were the 4.5 million patients affected by the recent Community Health Systems data breach.Hey, but who’s counting? Usually this is a snide rhetorical question. But in actuality, the Washington Post‘s “Wonkblog” is counting or rather analyzing HHS numbers.

The following has been excerpted from a piece on californiahealthline.org and edited to fit our format. You may find the full article at this link.

According to [the] “Wonkblog” analysis of the data, the types of reported data breaches include:

  • Medical record theft, which has affected 17.4 million individuals
  • Data loss, which has affected 7.2 million individuals
  • Hacking, which has affected 3.6 million individuals
  • Unauthorized access accounts, which has affected 1.9 million individuals

Cost of data breaches

Overall, data breaches cost the industry $5.6 billion per year, according to a Ponemon Institute report (Millman, “Wonkblog,” Washington Post, 8/19).

CIOs take action

In response to recent high-profile data breaches, some healthcare CIOs are altering the way their organizations approach cybersecurity, the Wall Street Journal‘s “CIO Journal” reports.

Specifically, CIOs said they are:

  • Hiring new, security-focused staff
  • Implementing new security processes
  • Installing new security software
  • Meeting with their boards more consistently

Further, some CIOs said they are trying to protect against data breaches through internal training programs that aim to help staff recognize potential threats (Boulton, “CIO Journal,” Wall Street Journal, 8/19).

Community Health Systems 2nd largest HIPAA breach

The incident is the second largest HIPAA breach…and the largest hacking-related HIPAA data breach ever reported, according to data from the Office for Civil Rights (Kutscher, Modern Healthcare, 8/18).

Heartbleed bug leaves healthcare providers open to attack

Security experts said the Heartbleed computer bug could leave hospitals’ and providers’ online networks — including email accounts, electronic health records and remote monitoring devices — vulnerable to attack.

David Harlow, principal of health care law Harlow Group, warned that health groups that do not rely on OpenSSL should be worried about ramifications of the massive breach (California Healthline, 4/15).

ThreatMetrix® builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 500 million monthly transactions and protects more than 160 million active user accounts across 2,500 customers and 10,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

 

 

You’ve Been Warned 3,000,000 Times…

Posted on September 5th, 2014 by Dan Rampe

Google

…And That’s Just This Week. Google Rolls out Safe Browsing Tech to Be Available on Chrome, Firefox and Safari

Google has expanded its safe browsing technology to ID even more types of malicious software. With the new technology more than 3 million warnings will be shown per week with very few false positives.

According to Zach Miners on computerworld.com (link to article), the company is honing in on downloads that claim to be helpful, but end up switching the user’s homepage or other browser settings.

An unwanted PUP

Referred to as PUP (potentially unwanted programs), the malware or adware is often bundled with free apps that could run unwanted processes in the background or create pop-up ads.

A virtual machine

Miners says, “Google checks URLs against a constantly updated list of suspected phishing and malware pages, testing the questionable sites using a virtual machine to see if the machine gets infected.”

When bad sites are detected, the software is blocked. However, if users still want to do a download, the software is available from Google’s download list.

In addition to Google’s Chrome, the service will also be used by Firefox and Safari.

ThreatMetrix® builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 500 million monthly transactions and protects more than 160 million active user accounts across 2,500 customers and 10,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

 

 

 

What EU Country, Whose National Anthem Is La Marseillaise, Suffered the Most Fraud Losses Per Card Transaction?

Posted on September 4th, 2014 by Dan Rampe

LaMarseillaise

Hint. It’s Not the UK, Which, Overall, Lost the Most Money to Fraud than any Other European Union Member.

Okay, so maybe we won’t get a gig writing questions for Jeopardy. However, we do have some unsettling answers. Based on data released by the global market intelligence firm, Euromonitor, an article on paymentmagnates.com (link to article) points out that, rather than causing fraud to fall, the adoption of PIN and chip cards in the EU will cause fraudulent activity to rise — especially in the banking and online payment sectors.

Nineteen EU countries and Russia lost a total of €1.55 billion (approximately $2 billion plus). The UK lost the most money to fraud, €535 million (approximately $715 million) while at €429 million (approximately $573 million), France lost the most in the EU to fraud-per-card transaction.

Martin Warwick, a fraud consultant at the financial analytics company, FICO, observed that: “In France, chip and PIN has been used for so long that criminals have completely changed their approach and reverted to ID theft, which accounted for 66 percent of French fraud losses in 2013.”

In France, fraud related losses have grown significantly since the introduction of EMV cards from €7.6 million (approximately $10 million) in 2006 to €284 million (approximately $379) in 2013. And, in 2012 alone, 60 percent of all bank-related card fraud occurred online.

ThreatMetrix® builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 500 million monthly transactions and protects more than 160 million active user accounts across 2,500 customers and 10,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.