41st Parameter has conducted a thorough security assessment of its software products and systems and determined we have no exposure to the Heartbleed vulnerability. Software Engineers and IT Operations staff conducted thorough reviews of all application, server, and network infrastructure components to determine if vulnerable versions of OpenSSL were being used. Our security team manually tested SSL connections to validate the vulnerability does not exist. At no time do we believe any of our software services could have been compromised because of the security measures we have in place.
Share this: 41st Parameter has conducted a thorough security assessment of its software products and systems and determined we have no exposure to the Heartbleed vulnerability. Software Engineers and IT Operations staff conducted thorough reviews of all application, server, and network infrastructure components to determine if vulnerable versions of OpenSSL were being used. Our security …View full post
Share this: Who better to help launch the new Safety solution for the Brazilian market than 41st Parameter’s Fraud Father Ori Eisen launching FraudNet in Brazil. Serasa Experian (the Brazilian subsidiary of Experian) along with insights from 41st Parameter and their long-time advisor, Frank Abagnale Jr. one of the most successful fraudsters in history, spent the …View full post
Share this: Sponsor Webinar Series October 2, 2013 | 10am PT / 1pm ET Balancing Fraud Prevention and Customer Experience: A Real-World Case Study with Cars.com This webinar brings fraud experts from Cars.com and 41st Parameter together to discuss the following: Understanding attack rates Preventing fraud before it happens Maintaining a positive customer experience Real-World case …View full post
Share this: Yesterday’s attack on the New York Times Web site should serve as an urgent warning — that American interests are under constant cyber attack by threats, both domestically and abroad. That should come as no surprise given the long recent string of hacks against multiple news outlets, the NASDAQ stock exchange, and social …View full post
Share this: Watch this 60-second video to see how FraudNet prevents and detects online fraud for the world’s leading banks, merchants and airlines.View full post
Who better to help launch the new Safety solution for the Brazilian market than 41st Parameter’s Fraud Father Ori Eisen launching FraudNet in Brazil.
Serasa Experian (the Brazilian subsidiary of Experian) along with insights from 41st Parameter and their long-time advisor, Frank Abagnale Jr. one of the most successful fraudsters in history, spent the day discussing the unique challenges facing the Brazilian market with Abagnale giving tips on how consumers can do their part in preventing fraud.
About 120 clients and 20 members of the Brazilian Press were treated to real-world experiences from two experts in their field; albeit viewing the problem from very different perspectives.
“The simple truth is that we are fighting creative and motivated people, not predictable systems,” Ori stated. “That’s why it is critical that we look for malice and not anomalies and we always know that finding the fraudster will find the fraud.”
According to Serasa Experian, fraud against Brazilian consumers totaled U.S. $ 2.3 billion in 2013, of which £ 1.2 billion was attempted fraud offline (better known as identity theft), U.S. $500 million in e-commerce and R $600 million in internet banking.
“The shear volume of fraud in the country – coupled with upcoming global events – is the primary reason we launched our Safety solution this year,” stated Celso Pinto, Serasa Experian. “And the fact that we had about 500 appearances in the Brazilian press including interviews in Jornal das Dez, GloboNews, Valor Economico and Radio Globo is a clear call to provide consumers with the tools they need to combat fraud. This, coupled with the 41st Parameter solution and experts, provides us a unique opportunity to reduce fraud and operating costs while increasing that all-important top line revenue.”
Here’s a great local write-up in Portuguese in Globo.com.
This webinar brings fraud experts from Cars.com and 41st Parameter together to discuss the following:
- Understanding attack rates
- Preventing fraud before it happens
- Maintaining a positive customer experience
- Real-World case study with Cars.com:
- Reducing attack rates by 64%
- Cutting review rates by 50% while increasing fraud detection
- Enhancing the customer experience
- Managing a successful fraud team with accurate analytics and data
Yesterday’s attack on the New York Times Web site should serve as an urgent warning — that American interests are under constant cyber attack by threats, both domestically and abroad. That should come as no surprise given the long recent string of hacks against multiple news outlets, the NASDAQ stock exchange, and social media sites, data compromises across top Web sites, and ongoing DDoS campaigns against financial institutions. But for some reason, we see the individual alarms but miss the big picture.
Well, it’s time to take note, America. While recent attacks have been relatively limited in scope and financial impact, there is no denying that the level of sophistication has skyrocketed. Hackers have long been carrying out attacks, compromising data, and sending millions of phishing e-mails, but the important distinction today is that they are finally having success with some high profile targets. The most concerning point, however, is that these attacks have involved very limited coordination to-date. Restricting access to the New York Times Web site is probably a nuisance for most, but imagine a single broad, coordinated attack disabling access to online banking, hitting key communication networks, manipulating medical records, proliferating rumors and hoaxes on social media, sinking global financial exchanges, and disabling a vulnerable region of the power grid as part of a broad plan to undermine citizens’ confidence in all of the controls designed to protect against these “what if” scenarios. This type of worst-case concentrated attack would strike at the very heart of our financial, physical, social, and values systems, likely initiating the type of chaos that has become all-too-common across the globe in recent years. Unfortunately, this nightmare scenario remains a possibility because warning signs continue to be ignored and appropriate layers of security are not enacted when vulnerabilities are identified.
Thankfully, we still have a choice. A chance to avoid a doomsday where chaos prevails and the attackers win. But it requires that we learn from previous mistakes and implement layers of proactive offensive and defensive controls to ensure that we are prepared for the worst possible “cyberstorm”. Failing to acknowledge the warning signs of a rapidly advancing, sophisticated, and interconnected organization of attackers by implementing proper security controls will virtually assure that this type of attack eventually becomes a reality.
Hopefully many of you have seen our latest data breach infographic and Mike Gross’s commentary in WIRED on the data breach risks for businesses. It got me thinking about the risks for consumers as well…
I remember the first time I ever used a computer. I was in the 4th grade, and we had this new thing called a computer class that we had to attend. Computer class consisted of playing Wheel of Fortune and Jeopardy on old Apple 2Es. It’s safe to say that as a Millennial the Internet and I grew up together, and in that span between 4th grade and now, the World Wide Web has spidered it’s electronic grip into every aspect of life, resulting in my entire life being online. My. Entire. Life. In the rush to live online there was something I didn’t learn in that and subsequent computer classes. I didn’t learn how to use the Internet properly, and may have made it more efficient not just for myself but for hackers as well.
I have one email address that I use on my resume and my resume only. There are no personal accounts on the Internet anywhere linked to this account. You don’t want your college debauchery visible to someone you’re asking to trust you and give you money. You do want a responsible version of yourself visible, so perhaps your LinkedIn account and any professional publications should link back to this email. I have one other email address that I use for just about everything else. That one email address touches every aspect of my digital existence.
I sat down and tried to think of all the places I have my email registered. The most important and critical part is my financial life; I have my bank account, my retirement account, credit cards, student loans, utilities, and my tax preparation services, among others. These are all very sacred to the online consumer as they contain sensitive information. I have at least 19 financial based accounts. The next biggest chunk of online accounts I have are ecommerce accounts. Websites I’ve shopped at once to buy something very specific, never to return again, websites I shop at religiously and return to over and over again, and websites that I love to window-shop in before I go in store to make my purchase. They all have my email address. There are only 25 that I can remember. That I can remember.
Next up are my social media sites. My wonderfully full email, the videos I have posted of my son and daughter on YouTube, the thousands of pictures I have posted on Facebook, and my affinity for DIY projects is clearly visible to all on my Pinterest. I have at least twelve social media accounts, including a defunct Twitter that I never sent a single tweet from and a Tumblr account I haven’t used in over a year.
I completed my Bachelor’s degree online. I have signed up for email notifications from the last two cities I have lived in. I pay my doctor’s bills online as well. I am looking at buying a house soon so there is my Zillow account. I travel and get miles with a few airline carriers and hotels. I check my son’s grades online and deposit money into his lunch account online. Prescription rewards. Movie tickets. DMV. Everything is online.
All in all, I have at least 115 accounts, and this does not include to 50 or so ecommerce accounts that I am guessing I have out there and have completely forgotten about because I only bought one thing one time five years ago.
Realistically 200 or more companies have some sort of account on me.
But is this really a problem?
Maybe. If someone gets ahold of any of these accounts, whether through a data breach or malware, they can login to them and place orders or send money to themselves. It’s really not that hard to do if you think about it. Most merchants don’t require a security image or question, and those that do have security questions that are pretty lame and easy to figure out by looking at a social media account. Oh, you went to such and such high school, which had this mascot, your mom is your friend and she used her maiden name when she created her social media account. Name of your kids, city you were born in, favorite sports team, favorite TV show- all visible within five minutes of viewing your profile.
It is also possible for fraudsters to reverse engineer some of these enough so that they can not only place orders with already store card information, but they can also obtain the full number to make purchases elsewhere. But so what if they do? Credit and debit cards have zero fraud liability these days and all it takes is a phone call from me to dispute some charges. I change my password to that account, my money is back in my account, I’m out five to ten minutes of my day and life goes on.
What is more concerning is if someone gets ahold of multiple accounts and pieces together my entire life. It can make identity theft really easy for someone to perpetrate. This can take months, or even years to resolve.
But these are all resolvable. The worst thing that can happen is if someone logs into your accounts just for the sole purpose of erasing everything you have. All of those videos I mentioned earlier, the pictures of my kids at Valley Forge, at the beach, D.C., reunions with friends, weddings, and family vacations, all can be erased because I was careless and didn’t protect them. If I don’t back them up they could be gone forever. You may think I am being a little dramatic, but it actually happened to this guy at Wired. It really can be devastating.
So what can be done, realistically? Should I create 115 different emails? Of course not, I am a Millennial, ain’t nobody got time for that. What I do have time for is creating four or five email addresses and declining the option to link them together. One for financial information, one for social networking, one for work and career, one for ecommerce purchases, and one that you give out every time you go to the store and buy something and they want to clue you in to their special deals.
The next thing we can do is get better with our password usage. For some reason, digital society continues to use passwords like ‘password’ and ‘monkey’ or whatever the default is, which is most often the username. Seriously, people really still use ‘password’ for their password and in high numbers. Diversify the passwords you use, don’t use the defaults, and change them somewhat frequently. I am guilty of this- unless I am prompted to I don’t usually change my password. I have banked online for at least eight years with the same bank, and in those eight years I have only been asked to change my password once. Fail on my part.
There are a few other steps you can take as well. Opt out of storing your credit card information when making purchases. Yes this may be a bit of a hassle the next time you go to purchase, but it might be worth it in the long run. And finally, back up the important things that can’t be recovered- your thesis from college, a copy of your wedding vows, and your videos and pictures. You’ve probably had someone ask you what you would take with you if your house were on fire- most reply with ‘important documents and family photos.’ If you’re afraid of losing these items in a physical fire, then you should be afraid of losing them to a hacker and should take proper precautions.
The age-old adage is still true: an ounce of prevention is worth a pound of cure.
41st Parameter’s latest webinar “Protecting the Mobile Channel with 41st Parameter’s FraudNet,” presented by John Sarreal, Director of Product Management, is now available online!
According to recent Aite Group survey, 75% of executives agree that the mobile channel poses significant risks that are not fully understood.
This webinar discusses the following:
– The 2013 Mobile Landscape including trends and emerging threats
– 41st Parameter’s Mobile Fraud Prevention Solution Overview
– Considerations and Best Practices for Developing your Mobile Strategy
You can access the webinar here.
Thank you to all the wonderful folks who stopped by the booth and attended the presentation by 41st Parameter last week at PCI London 2013. There was a full house of key representatives from the payments industry, leading retail and travel brands and financial institutions at the well-attended event which exposed a number of innovative technologies for organisations that assist in the CNP transaction space. 41st Parameter presented its offering – DeviceInsight for Payments to an interested crowd including John Lewis, WorldPay, Bank of America (MBNA), Global Payments, Play.com, NetaPorter.com, HP, World First, British Telecom, ClickandBuy, Retalix, Just Giving, William Hill, HSBC, Yorkshire Bank, Nationwide, DVLA, and Odeon. DeviceInsight for Payments is a patented and proven mobile optimised, tag-less technology that can be used to recognise any device on every visit across all channels. The technology has been protecting the largest global financial institutions, merchants and airlines with a high degree of granularity; proven to quickly identify and prevent those devices perpetrating fraud. DeviceInsight for Payments is specifically designed for the payment services industry, enabling them to leverage their unique position in the ecosystem to offer high margin, incremental revenue fraud services. If you are interested in this cutting-edge offering from 41st Parameter please visit either the DeviceInsight for Payments webpage or our webpage dedicated to Payment Service Providers.
Looking forward to seeing you at the next Payment Service Provider event!
Cyber crime is on the rise – from large-scale fraud attacks to politically-motivated DDoS attacks on organizations – and it is costing businesses and financial institutions billions of dollars every year. Much of this growth stems from the maturation of the criminal digital underground and its emerging “industrial” approach to cyber crime. To help organizations navigate the evolving threat environment, 41st Parameter has released a report on The Growing Threats of Cyber Crime, along with this related infographic.
Thank you to all who were able to join our latest Fraud Trends in Finance Executive Event: Designing for Analytics at Barberian’s Steakhouse in Downtown Toronto. This event drew attendees from executives and the greatest fraud minds from several of the largest banks in Canada for an evening of excellent conversation, networking and delicious food in the exclusive 2-story wine cellar in Barbeians.
We would also like to extend a special thanks to our guest speaker – Mr. Andrew Warzecha, VP of Strategy for IBM’s Software Group.
If you would like to be notified of our next networking event or would like to request a copy of the presentations from the event please let us know!