Securing Data One Device at a Time
Posted June 15, 2015
The ThreatMetrix® Digital Identity Network provides businesses and consumers with safety and security amid an expanding digital ecosystem.
The explosion of connected devices such as smart phones, watches and cars has changed the way we receive and share information with the world around us. By the year 2022, there will be an estimated 18 billion machine-to-machine connections with the average consumer’s home having as many as 500 connected devices.
While it may be easier than ever to keep in touch, this added convenience is not free of charge. The threat of fraud looms large as providing security for connected devices has become increasingly difficult and expensive due to the fact that each device operates on a different system and has its own customized apps.
The Apple Watch, one of the latest connected devices on the market, has already dealt with security issues following its release in April, prompting an immediate software update from the company aimed at deterring further threats. Most recently, Apple also announced an extension of its HomeKit capabilities, which will enable consumers to control security systems, smart locks and carbon monoxide detectors remotely using iCloud on their mobile devices and tablets.
As the number of data sources increases with new technology, fraudsters have the opportunity to exploit yet another access point to sensitive information stored on connected devices. More must be done to secure digital identities, which consist of all aspects of a person’s online devices and behavior, including email addresses, geo-locations, devices and both personal and business personas.
ThreatMetrix® product and engineering executives actively monitor industry trends to identify areas of focus for future product delivery. In light of the Apple Watch’s recent launch, we sat down with a few executives at ThreatMetrix to discuss the impact of the growth of connected devices, specifically wearables. Below is an excerpt of our conversation with Nick Blievers, ThreatMetrix director of mobile research and development; Dean Weinert, ThreatMetrix director of mobile products; and Vanita Pandey, ThreatMetrix head of strategy and product marketing.
ThreatMetrix executives chime in on connected devices
Vanita: As new devices gain traction for users to access applications, they will become a target for fraudsters. Use of the devices has been very specialized and that will continue. The Apple Watch is a great example. It is not meant to replace the iPhone or iPad, yet it will integrate with other devices. Going forward, trackable and mineable data will become critical.
Nick: The selling point is that connected devices create more data and send out a very specific signature about location, behavior etc. Understanding this interaction between devices can provide a lot of data that will be increasingly important.
Dean: This interaction will be used to create a behavioral signature, but it will still need to get users’ permission.
Nick: Getting permission can be as simple as saying, “Is there a watch there?”
The future of connected devices
Dean: Making a payment could be possible.
Nick: Making sure the parent device that is the bridge to the card is secure becomes more critical.
Vanita: The whole space will evolve.
Dean: We will get down to one device and it will likely be a watch.
Nick: I disagree…the watch is a terrible form factor.
Dean: It will function as the primary device. The hub will change to a wearable.
Nick: A foldable screen will help.
Nick: This is about an explosion of devices, some of which will be cheap, insecure and out of date.
Vanita: The phone will evolve into a central hub, but an argument can also be made for convergence on wearables.
Nick: Data usage for in-home computing devices has exploded. There is just so much concurrent usage. I use my tablet while I watch TV and it’s a useful device in that niche. We won’t get rid of it for one central device.
Nick: The phone will be the personal computing hub while wearables will serve as accessories. We will have a hub device along with a bunch of wearables. Small devices have a small amount of information.
Dean: Since these devices track a lot of personal information, the central hub needs to be secure. Personal devices record a very personal signature. We need to make sure the parent device is secure.
Scaling security across the digital ecosystem
Nick: When a concept is new and pushing for mass of consumer deployment, security is not a large concern as part of the product design. This is easily seen in the embedded operating systems and software that underlies these products. Consumer adoption is at an early stage and this is reflected in their interaction with these devices. Many consumers do not change their passwords or choose to keep generic passwords. As
fraudsters become smarter, the risk of connecting a large number of unsecured devices such as home routers to the Internet has the potential to be catastrophic. Especially as many embedded devices are never updated. Can you imagine browsing the Web with a 10-year-old Web browser? That is what your fridge/car/etc. is going to do.
Vanita: It is more than just making sure the devices are secure. The big issue is that the data from these devices is being harvested in an automated fashion. The Apple Watch, for example, can pinpoint identity, location, activity and environment, current health and aspiration, not to mention the state of mind. With devices that can monitor environmental control, home security, medical devices, health data and transportation systems, any breach can deliver insights to potential fraudsters that are much more sensitive than payment data currently being harvested. On a personal side note, when I was growing up in India, having a phone and TV was a big deal for a household. The ramifications of having every part of my life organized and monitored by a device designed specifically for that activity is exciting, but also scary.
Dean: I agree, the ability to access home security system, locks or detect carbon monoxide, as announced by Apple, is exciting but creates another node of vulnerability. As devices gain traction, better operating systems and software will be deployed to inherently secure devices. Detection will be crucial in making sure the consumers’ digital identity is secure.
The ThreatMetrix Digital Identity Network steps in
As the number of connected devices continues to rise, consumers face the risk of losing sensitive data to fraudsters in more ways than ever before. In order to combat this danger, ThreatMetrix has introduced the ThreatMetrix Digital Identity Network. Bringing together all aspects of a customer’s online devices and behavior, the ThreatMetrix Digital Identity Network creates an anonymous digital identity of customers based on device, persona and behavior from every transaction, account creation and account login.
The end result is protection from sophisticated cybercriminals seeking to use a customer’s accounts, money or identity. Regardless of where technology takes us in the future, ThreatMetrix will be one step ahead of fraudsters, ensuring its customers have the confidence to use any device without worrying about who might be looking over their shoulder.
ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions leveraging a global shared digital identity network and real time customer driven analytics platform. These solutions help customers differentiate between trusted users and potential fraud resulting in reduced friction, incremental revenue and lower fraud and operational costs.
ThreatMetrix secures customers against account takeover, payment fraud, fraudulent account registrations resulting from malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over one billion monthly transactions and protects more than 250 million active user accounts across 3,000 customers and 15,000 websites and mobile applications. ThreatMetrix is deployed by industry leaders across financial services, e-commerce, payments, social networks, government and insurance.
For more information, visit www.threatmetrix.com or call 1-408-200-5755.