ThreatMetrix Shares Strategies for Businesses to Protect Identities in Use in Support of Data Privacy Day
Posted January 13, 2014
Businesses Must Move Beyond Focusing Merely on Data at Rest and Protect Customer Identities Against Fraudulent Activity Following Data Breaches
San Jose, Calif. – January 13, 2014 – ThreatMetrix™, the fastest-growing provider of integrated cybercrime solutions, kicks off its commitment to Data Privacy Day by announcing several strategies for businesses to protect identities in use following a data breach.
Every time an identity is used online, especially when a new account is opened, there’s a chance that identity has been stolen or compromised. However, many organizations simply focus on guarding data at rest–inactive data stored on an internal server–rather than understanding the implications of identities in use and taking action to protect them.
Following a data breach, a significant implication is that customer and corporate identities are used without an individual or company’s knowledge. A key requirement for data protection is for businesses to assure personally identifiable information is screened against unauthorized use prior to being processed. Every year, ThreatMetrix protects more than four billion transactions and identities in use and has several strategies for businesses across industries to prevent spoofed or stolen identities.
Key strategies that businesses can implement to protect identities in use include:
• Device Identification – Using a visitor’s browser and machine attributes as a passive form of two-factor authentication reduces effectiveness of cybercriminals reusing stolen credentials from a new or known fraudulent device. In addition, advanced proxy piercing and virtual private network (VPN) detection capabilities eliminate IP spoofing, the most common attack vector for identity thieves.
• Malware Detection – Frictionless malware detection can analyze risk on a customer’s behalf giving businesses the option to prevent access to sensitive data if there is a known Trojan on the customer’s device.
• Behavior-Based Identity Proofing – Analyzing patterns of usage including locations, identities, devices and associations over time provide ‘spoof-proof’ identity screening.
• Anonymized Trust Federation – Passively leveraging prior authentication and verification information across departments and organizations reduces customer friction and authentication costs.
“Cybersecurity strategies often prioritize minimizing a company’s monetary losses following a data breach over protecting customer identities and data obtained by cybercriminals,” said Alisdair Faulkner, chief products officer, ThreatMetrix. “Personal identities, both consumer and workforce, account for a large amount of identities in use, and organizations and service providers must protect individual identities by investing in frictionless customer protection and fraud prevention technologies. Examples of fraudulent activity may include using a spoofed IP address to hide online location, using work-at-home scams for stolen goods deliveries or using bots for brute force attacks against customer account passwords.”
Customer data contains sensitive information–including banking credentials, email passwords, medical information and social security numbers. Once this data is exposed, it is at risk for fraudulent activity by cybercriminals or can be sold via online crime rings. To prevent such risks, businesses need to understand how stolen identities are used against consumers and companies – including fraudulent credit card transactions, social media logins and banking logins.
“Data breaches are a key focus for cybersecurity providers, but many companies don’t consider how stolen identities are eventually used against their customers for cybercrime,” said Faulkner. “ThreatMetrix is uniquely positioned to help businesses measure and understand how identities are used online, especially regarding the risks and implications of exposed customer identities following a data breach or cyber attack.”
One of the most effective ways businesses can protect online data is through an anonymized global data repository, such as the ThreatMetrix Digital Identity Network, to differentiate between authentic and suspicious transactions and online activity. The Network is the most comprehensive global repository of identity and fraud data, protecting hundreds of millions of users and data points each day from cybercrime. Its real-time analytics evaluate logins, payments, new account registrations and remote access attempts for validity.
By collaborating on a global level through a shared network, businesses can effectively build trust on the Internet by mitigating cybercrime risks. Given the severity of today’s high profile data breaches, no business can afford to stand alone in the fight against cybercrime and protecting customer identities.
Data Privacy Day, sponsored by the National Cyber Security Alliance, takes place annually on January 28, and encourages businesses and consumers to make protecting privacy and data a greater priority. Due to its alignment with online data protection and cybercrime prevention, ThreatMetrix was named a Data Privacy Day Champion by the National Cyber Security Alliance, which educates and empowers a digital society to use the Internet safely at home, work and school. ThreatMetrix will publish additional news surrounding data privacy throughout the month of January.
ThreatMetrix secures Web transactions against account takeover, payment fraud, identity spoofing, malware, and data breaches. The ThreatMetrix Global Trust Intelligence Network, which analyzes 500 million monthly transactions, provides context-based authentication and Web fraud prevention to help companies accelerate revenue, reduce costs and eliminate friction. ThreatMetrix protects more than 1,900 customers and 9,000 websites across a variety of industries, including banking, enterprise, e-commerce, payments, social networks, government, and insurance. For more information, visit www.threatmetrix.com or call 1-408-200-5755.
© 2013 ThreatMetrix. All rights reserved. ThreatMetrix, TrustDefender ID, TrustDefender Cloud, TrustDefender Mobile, TrustDefender Client, the TrustDefender Cybercrime Protection Platform, ThreatMetrix Labs, and the ThreatMetrix logo are trademarks or registered trademarks of ThreatMetrix in the United States and other countries. All other brand, service or product names are trademarks or registered trademarks of their respective companies or owners.