Silver Tail Systems Blog

Preventing Online Fraud Through Web Session Intelligence

Silver Tail Wins the MRC Emerging Technology Awards!

Laura Mather Proudly Displaying our Win of the 2011 METAward

Yesterday was certainly exciting for our team at Silver Tail! I attended the 2011 Merchant Risk Council (MRC) Annual e-Commerce Payments & Risk Conference in Las Vegas, where Silver Tail Systems was honored as the organization’s first ever winner of the Emerging Technology Award.

The MRC is a merchant-led trade association focused on global risk and security for the e-Commerce industry. The organization leads industry networking, education, benchmarking and advocacy programs to help make e-Commerce more efficient, safe and profitable, and we are thrilled to be honored by this esteemed group of security professionals. The finalist judges included representatives from leading brands such as BestBuy.com, eBay, Go Daddy, HP, Microsoft, NCsoft, Overstock.com, Tiffany & Co., T-Mobile, Tobi.com, Urban Outfitters, among others.

This is award is particularly exciting, as it recognizes our commitment to detecting and preventing fraud and abuse to some of the world’s leading websites. Additionally, as I mentioned earlier this month, e-Commerce is a green field for cybercriminals and it is essential that groups like the MRC continue to thrive so that we can continue to exchange information, discuss prevention and mitigation methods and ultimately work to improve e-Commerce security. As a part of this group, we too are working toward this common goal and are continuing to build on our solutions to better protect our customers and their online businesses.

Thank you to the MRC for this honor and to our customers for all of your support!

March 25, 2011 Posted by | information security | , | Leave a Comment

The Android Mobile Security Scare

The security of the Android platform has recently come under fire as the DroidDream Trojan has infected numerous applications and Google has removed more than 50 apps from the marketplace as a result.

The likelihood that additional apps are infected with malware is high, and not entirely unexpected. Historically, cyber criminals have targeted Microsoft because it is such a popular platform and as a result, the return on bad guys’ efforts was much higher. The same holds true for the Android platform – it is incredibly popular and therefore provides more opportunity for criminals to make more money.

Mobile platforms are still relatively new and many users have yet to really understand that the man-in-the-mobile is a very real security threat. According to a study conducted late last year by Goode Intelligence, 68% of smart phone/tablet users who used their devices for work email were not even thinking about mobile security.

Even if users are thinking about security, there are concerns about where to even begin. As mobile devices operate on the Web, the same foundational Web security principles still apply. As an example, Silver Tail provides predictive security analytics for Web sessions, enabling users to identify abnormal session behavior and mitigate any attacks with a business logic rules-based approach. And most mobile applications interact with the web server – so Silver Tail Systems can see this traffic.  So if malicious activity such as screen scraping were occurring during a mobile Web session, an administrator would be identified and could create a rule to combat any future screen scraping from occurring.

This applies not just to Android platforms, but any mobile devices connecting to the Web. While the mobile threat is a newer one – the folks behind the malware are the same. The threats will continue to evolve, but so will the security teams and providers that are fighting to protect the platforms that become the criminals’ newest targets.

March 21, 2011 Posted by | information security, predictive analytics | , | Leave a Comment

Combating Online Financial Crime – Still a Priority Given Lower Reported Losses?

Historically, financial firms have been a significant target for online attackers – primarily because they can target financial customers and directly extract information and/or wealth. That being said, banks are becoming smarter and in 2010, the UK saw a decrease in payment card, check and online fraud from the previous year, as reported by the UKCards Association.

Though the losses from cybercrime in the financial industry seem to have waned in the last year, we must make sure we’re keeping one step ahead of the bad guys.  Huge breaches like those seen in the financial industry are often pre-meditated, as is evident from the 2010 Verizon Data Breach Investigations Report (focused only on known and disclosed data breaches). According to the report, 54% of breaches occurred through web applications last year. Additionally, 85% of compromised records incidents were attributed to organized criminal organizations.

The threat landscape is constantly changing, and if organizations do not evolve along with the criminals – we could be facing another upswing in losses this year. It is imperative to monitor web session behavior for anything out of the ordinary so that attacks can be detected and remediated in real-time. This is becoming increasingly important as more and more of our daily transactions happen online and cybercrime has made its way to the forefront.

March 16, 2011 Posted by | Fraud | , | Leave a Comment

Gearing up for IT Entrepreneurs Forum

In case you haven’t heard, the IT Entrepreneurs Forum (ITSEF) is being held on Tuesday and Wednesday of this week. I’ve been to three of these events and they are always fascinating. Obviously, there is a huge push in the federal government to improve cybersecurity and address the various types of cyber threats.

The ITSEF (and SINET) events are always a strange mix of federal government types and startups. Having worked in both the federal government and at a startup, I can tell you that the two groups couldn’t be more different – hence the challenge of getting them to work together. It’s great to have a setting like ITSEF to continue moving the conversation between the two groups forward.

For any of you that will be in attendance, I’ll be part of a workshop at 3:25 pm on Tuesday about women in security and IT. If you are attending the workshop, please stop by and say hi.

March 14, 2011 Posted by | information security | | Leave a Comment

Financial Institutions to e-Commerce: Online Crime Moving Forward

Forrester Research just released a forecast report last week. The report estimates that by 2015 online retail is expected to reach $279 billion US and 134 billion Euros in Europe. As the market grows, so will security concerns.  In the past couple of weeks, I’ve been asked several times about crime in the e-commerce space and how it compares to crime with online financial institutions.  In general, I would say that anecdotally, crime in e-commerce companies is nascent, but it’s growing.

What scares me about the fact that the crime is growing is that the criminals appear to be leveraging the same techniques against e-commerce sites that they do against the banks.  What this means is that criminals aren’t starting from scratch in their attacks.  They have already honed the attacks so that they have a level of sophistication that the banks didn’t see until 10+ years into their fight against online crime.

Having grown through my career in fighting online criminals, I’d hate for e-commerce companies to have to struggle through all of the education on how to fight the criminals.  Hopefully they can benefit from what the banks have already learned.

Does anyone have good data on how e-crime is expanding into e-commerce? Let’s compare notes.

March 8, 2011 Posted by | Cost of fraud, education, Fraud, Online Fraud | | Leave a Comment

   

Follow

Get every new post delivered to your Inbox.