Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint

1/22/2014
01:14 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

ThreatMetrix Shares Strategies For Implementing Effective Security Measures Without Disrupting Authentic Users And Compromising Privacy

Company suggests using behavior-based identity proofing

San Jose, Calif. – January 22, 2014 – ThreatMetrix&trade, the fastest-growing provider of integrated cybercrime prevention solutions, continues its alignment with Data Privacy Day by announcing several strategies for businesses to change the economics of data breaches and identity theft through global trust intelligence.

The Identity Theft Resource Center recorded more than 600 data breaches in 2013, a 30% increase over the number of breaches in 2012. Target and Neiman Marcus are just two examples of companies that experienced significant breaches recently and more are expected to occur in 2014. Personally identifiable information exposed in past breaches includes credit card numbers, password hints, names, email addresses and other sensitive information.

To make matters worse, in the aftermath of data breaches, the solutions companies put in place to protect consumer identities are far from ideal. Businesses in the past have either implemented intrusive two-factor authentication solutions or offered customers credit monitoring.

"The current way in which companies prevent misuse of stolen identities is broken," said Alisdair Faulkner, chief products officer, ThreatMetrix. "Many businesses that offer credit monitoring, two-factor authentication and other means of protecting personal information following a data breach end up causing additional damage to the customer relationship due to added charges, intrusive features or requesting more personal data. Instead we need solutions that make stolen identities worthless in the hands of cybercriminals."

While two-factor authentication solutions such as SMS one-time passwords can provide an extra layer of protection, the reality is that they are expensive, can lead to abandonment and only protect the fraction of users that choose to adopt.

As an alternative to two-factor authentication, some businesses offer free trials of credit monitoring services, which expire and can require payment through automatic renewal. Instead of putting consumers at ease, these services can potentially cause backlash if customers perceive companies are profiting from their misfortune. In any case, credit monitoring does not prevent identities from being abused to hack accounts or commit payment fraud.

High profile breaches are a prime example of why businesses across industries – including retailers, financial institutions and others – should not rely on traditional identity verification services to screen users.

"Legacy identity verification solutions are largely a solution for a bygone era because they can prove that an identity exists, but not ownership of that identity," said Faulkner. "The cat is out of the bag – cybercriminals and consumers are well aware that traditional verification and authentication solutions are no longer effective – and businesses need better strategies in place for customer identity protection."

Instead of applying bandage-like solutions, ThreatMetrix recommends changing the economics of data breaches and identity theft by transparently rendering stolen data invaluable with global trust intelligence comprising of:

Anonymized Shared Intelligence – A collective problem requires a collaborative solution. Leveraging trusted identity networks that use strict anonymization practices to share intelligence improves security without compromising privacy. Anonymized networks used in this way enable trust to be federated across applications and companies to reduce challenge rates.

Behavior-Based Identity Proofing – Simple reputation systems cause authentic customers to be treated unfairly when their identities or accounts are abused. Analyzing patterns of usage including locations, identities, devices and associations over time provides 'spoof-proof' identity screening without false positives – incorrectly labeling legitimate customers as fraudulent.

Passive Two-factor Authentication – Use cookieless device identification technologies in combination with rich contextual information such as account usage, location profiles and business risk to reduce unwanted and intrusive step-up authentications.

"ThreatMetrix uses anonymized device, identity and transaction data to determine whether or not customers are who they claim to be without needing to know their name," said Faulkner.

To effectively protect customers, businesses should leverage a global data repository that can process transactions in real time and verify their authenticity against anonymized user profiles and past behavior. The ThreatMetrix&trade Global Trust Intelligence Network (The Network) is the most comprehensive global repository of identity and fraud data and protects hundreds of millions of users and revenues each day from cybercrime. Its real-time analytics evaluate logins, payments, new account registrations and remote access attempts to differentiate between good and bad actors.

Data Privacy Day takes place on January 28 and is sponsored by the National Cyber Security Alliance. ThreatMetrix, a Data Privacy Day Champion, will continue its commitment to Data Privacy Day by publishing additional news on protecting consumer identities throughout the month of January.

About ThreatMetrix

ThreatMetrix secures Web transactions against account takeover, payment fraud, identity spoofing, malware, and data breaches. The ThreatMetrix Global Trust Intelligence Network, which analyzes 500 million monthly transactions, provides context-based authentication and Web fraud prevention to help companies accelerate revenue, reduce costs and eliminate friction. ThreatMetrix protects more than 160 million active user accounts, 1,900 customers and 9,000 websites across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government, and insurance. For more information, visit www.threatmetrix.com or call 1-408-200-5755.

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/13/2020
Omdia Research Launches Page on Dark Reading
Tim Wilson, Editor in Chief, Dark Reading 7/9/2020
Russian Cyber Gang 'Cosmic Lynx' Focuses on Email Fraud
Kelly Sheridan, Staff Editor, Dark Reading,  7/7/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-14300
PUBLISHED: 2020-07-13
The docker packages version docker-1.13.1-108.git4ef4b30.el7 as released for Red Hat Enterprise Linux 7 Extras via RHBA-2020:0053 (https://access.redhat.com/errata/RHBA-2020:0053) included an incorrect version of runc that was missing multiple bug and security fixes. One of the fixes regressed in th...
CVE-2020-14298
PUBLISHED: 2020-07-13
The version of docker as released for Red Hat Enterprise Linux 7 Extras via RHBA-2020:0053 advisory included an incorrect version of runc missing the fix for CVE-2019-5736, which was previously fixed via RHSA-2019:0304. This issue could allow a malicious or compromised container to compromise the co...
CVE-2020-15050
PUBLISHED: 2020-07-13
An issue was discovered in the Video Extension in Suprema BioStar 2 before 2.8.2. Remote attackers can read arbitrary files from the server via Directory Traversal.
CVE-2020-10987
PUBLISHED: 2020-07-13
The goform/setUsbUnload endpoint of Tenda AC15 AC1900 version 15.03.05.19 allows remote attackers to execute arbitrary system commands via the deviceName POST parameter.
CVE-2020-10988
PUBLISHED: 2020-07-13
A hard-coded telnet credential in the tenda_login binary of Tenda AC15 AC1900 version 15.03.05.19 allows unauthenticated remote attackers to start a telnetd service on the device.