A Summary of Digital Brand and Fraud Protection News and Topics on Compliance and Privacy
We gather together topics for Digital Brand and Fraud Protection
Monster Worldwide Hardens Its Web Security with Cyveillance
Cyveillance , a global leader in cyber intelligence, today announced that Monster ® , the leading global online career and recruitment resource and flagship brand of Monster Worldwide, Inc. (NASDAQ:MNST), has selected Cyveillance to help further protect its customers from potential online fraud. Under the agreement, Cyveillance will also provide Monster with brand identity protection in addition to user privacy and anti-phishing services.
“Enhancing Monster' s defenses against phishing and other online fraud is a top priority,” said Patrick W. Manzo, vice president, Compliance and Fraud Prevention, Monster North America. "Cyveillance ' s proactive cyber intelligence will help Monster provide our customers with an even safer environment to conduct their online career development and recruiting activities."
Read the article
BrandProtect Offers Ten Tips to Avoid Being Targeted by Email Scams
Phishers continue to find ways to circumvent anti-phishing technology as approximately 1.07 percent of all emails contain some form of phishing attack or scam, according to a study issued in January 2007 by MessageLabs. These messages can occur in the form of ‘spoof’ emails that lead consumers to counterfeit Web sites designed to trick them into divulging financial data such as credit card numbers or other sensitive account information, or even chain emails sent illegitimately from a user’s
email to those on their address list. To help protect email account holders from being targeted by these types of email scams, BrandProtect, the industry leader in online brand protection, today announced the top ten ways to avoid having an email account
compromised.
“With the growing complexity of online fraud and brand abuse on the Internet, it has become increasingly difficult for consumers and email account holders to identify fraudulent mail and they are often times subject to attack simply by opening the email,”
said Hugh Hyndman, CTO, BrandProtect. “BrandProtect analysts are experts in identifying and taking down online threats and are able to apply this expertise to provide a list of preventative measures to help avoid being a victim of online attacks.”
“Ten Tips to Avoid Email Attacks”
Read the article
Roche Diagnostics – Anatomy of a serious data breach
On Wednesday 9 May 2007, the Roche Diagnostics marketing team must have been very happy. The very first edition of ‘Reach' had been sent to all the people who had registered for the Accu-Chek newsletter. Accu-Chek is a range of diabetic monitoring equipment for the patient's own use, and is well known and well respected, as is Roche Diagnostics. But, as the newsletter hit inboxes, they learned that things had gone very wrong indeed, and that highly confidential medical data about patients was haemorrhaging from their database.
Read the article
Tablus Brings Next Generation Content Discovery to Large Enterprises
Tablus Inc., a leading provider of comprehensive content loss prevention solutions, today (24 April 2007) announced the availability of the next generation of content discovery for large enterprises. The company's release of Content Sentinel 3 represents a revolutionary approach and the industry's most viable solution for discovering sensitive content residing on corporate networks and work stations. The solution is a vital component for the IT security architecture of today's large enterprises - many of which have tens of thousands of servers and computers containing petabytes of digital content. To truly protect customer data, corporate assets and brand equity, organizations need to first locate their sensitive content across these large repositories.
"In today's content driven business environment, where information grows by the day, companies are increasingly at risk for the loss or misuse of sensitive or confidential content," said Brian Burke, research manager of security products at industry analyst firm IDC. "Whether intentional or accidental, the data breaches gripping newspaper headlines are primarily driven by an enterprise's inability to locate, and consequently protect, sensitive information. Content discovery, or the ability for organizations to locate sensitive, at-risk content, is vital."
According to a 2007 research study sponsored by EMC Corp. titled "The Expanding Digital Universe," IDC estimates that the world generated 161 billion gigabytes of digital information in 2006, a volume of content that poses new challenges for corporate governance and compliance as well as overall corporate reputation. Organizations that do not effectively incorporate content discovery into their overall IT security architectures run the risk of non-compliance with strict state and federal policies around the protection of Personally Identifiable Information (PII) and data governed by the Payment Card Industry (PCI) Standard. More dangerous than facing the fines associated with a breach of these regulations, however, is the negative impact that the loss or theft of sensitive content has on brand, shareholder value and customer loyalty.
Read the article
Nationwide Foils Phishers with Help from MarkMonitor
Financial services giant achieves ROI with Antiphishing Solutions in just three months
April 18, 2007 – MarkMonitor®, the global leader in enterprise brand protection, announced Nationwide Building Society (Nationwide), the U.K.-based financial services giant, has successfully deployed Antiphishing Solutions from MarkMonitor to automatically identify and shut down phishing scams. After just three months of use, Nationwide reports the solution has paid for itself in prevented phishing and other online fraud attacks.
According to the Anti-Phishing Working Group (APWG), 90 percent of phishing attacks carried out in December 2006 were perpetrated against financial services companies. The Anti-Phishing Working Group also estimates that overall financial losses due to phishing top $1 billion per year. As a leading European financial institution, Nationwide found itself one of the targets for online scammers.
To combat this issue, Nationwide created a Strategic Fraud Initiative group within the company and turned to MarkMonitor for its comprehensive Antiphishing Solutions. Implemented in just 10 days, MarkMonitor made an immediate impact on Nationwide's bottom line, shutting down hundreds of phishing scams within the first few months.
Prior to working with MarkMonitor, Nationwide staff manually tracked phishing scams carried out against the company. "It became extremely difficult to shut down phishing sites quickly enough and cope with the number of incoming e-mails from customers reporting phishing attacks or suspicious-looking Web sites," said Peter Corrie, Head of the Strategic Fraud Initiative for Nationwide.
read the article
Phishing fraudsters widen net
The number of banks targeted by phishing attacks sky-rocketed in March, according to new figures from the ‘war-room' of RSA Security, the security division of EMC.
The security outfit's Monthly Online Fraud Report found that 202 banks were struck by cyber-criminals last month, a “dramatic increase” on the 153 attacks recorded in February.
Some ten per cent of brands attacked were located in the UK, placing the country second in the rankings behind the US, which hosted a whopping 73 per cent of attacks.
Read the CRN article
Merchants Advancing Slowly on Data-Protection Efforts
Merchants are taking a harder look at complying with industry standards to safeguard credit card data, according to an RSA, the Security Division of EMC, study released April 16.
Of those surveyed, 68% have made moderate progress in complying with Payment Card Industry standards. Another 10% have made significant progress. About 47.5% of respondents said reported they are PCI compliant.
PCI standards were created by American Express, Discover Financial Services, JCB International Credit Card Co., MasterCard Worldwide, and Visa International in 2004 to protect customers’ credit card data through its lifecycle. The standard was most recently updated last September.
"The [PCI] guidance has very specific requirements," said Dave Howell, Solutions Manager at RSA, a security-technology vendor. "It’s very prescriptive, with more than 230 requirements."
Read the BankNet 360 article
Online security implementation is key to protecting brand: AOTS speakers
Cyber security is an issue facing all businesses online and implementing a security plan is key to protecting against online fraud, according to executives at the Authentication and Online Trust Summit.
In yesterday’s opening keynote panel called “How to Fry a Phish and Protect Your Brand Domain and Infrastructure,” executives discussed strategies to building a security system online. Shutdowns and browser e-mail blocking are vital to hosting a secure Web site because they will update the security of a site.
"A layered approach is key because fraudsters will often be able to penetrate one layer of your online identity," said Jens Hinrichsen, product marketing manager at RSA.
In addition, it is important to create a protective system when outsourcing e-mail. An e-mail provider should know how the brand is using communications and managing campaigns.
Read the DM News article
3M's Brand Protection and Authentication Product Line Bolstered by Leading Secure Serialization and Web Authentication Capability
Thanks to a new partnership agreement with the product and supply chain security company Verify Brand, 3M 's brand protection and authentication product line will offer customers the additional capability of confirming product authenticity, location and tracking of products via the Web using secure mass serialization technology.
The two companies will work together to combine 3M ' s extensive array of materials-based security solutions and Verify Brand ' s experience with its unique and patent-pending electronic product authentication solution. The agreement will allow 3M to sell, market and produce the Verify Brand platform of software products and services as an additional security layer to its customers across the globe.
The integrated and comprehensive solution enables brand owners to securely serialize their products using any method of carrying a unique code on a product, its label or package. Unique codes can be authenticated via the Web using a computer, call center, SMS or text messaging, bar code scanners or RFID tags. The solution also enables the authentication of materials security included on product labels or packaging. The technology also has additional benefits such as real-time tracking, alerts, field reporting, management of and response to unauthorized events, as well as ad hoc and scheduled reporting on authentication activity. This enables manufacturers to dramatically increase visibility into their supply chain and thereby more proactively address a multitude of supply chain issues, including counterfeiting, diversion, return and warranty fraud, manufacturing overruns, product recalls and field inventory management. The ability to authenticate products can also be marketed to consumers as an additional security feature.
Read the article
PayPal CISO outlines antifraud strategy
PayPal has 133 million customers that use its Internet-based money-transfer service, which handled US$37 billion in transactions last year. Michael Barrett, who is CISO at the eBay subsidiary, recently spoke with Network World senior editor Ellen Messmer about new approaches PayPal is taking to combat online fraud.
Almost every day I get a fake PayPal e-mail that's obviously a phishing scam. How do you deal with this phishing fraud or even use e-mail to communicate with PayPal customers?
There's a lot of spoofing of eBay.com and PayPal.com. We get e-mail from customers asking questions about this and other topics and we respond within 15 minutes. We use our own Web-based e-mail to communicate. The problem with phishing and spoofing generally is there's no magic bullet. So it's classic defense in depth.
How much fraud hits PayPal each year?
As a class of operational loss, it's 0.41 percent. In the industry, that's known as 41 basis points, which is pretty low. When our customers are victimized, their user ID and password are compromised, we compensate them.
What are some of your defensive strategies?
If the consumer actually never actually saw the phish e-mail, it's hard for the criminal to victimize you. We're working with people who make e-mail clients and the ISPs, such as Yahoo, MSN and AOL, on a technical strategy that says if the e-mail is not signed by us, drop it. We're having good discussions, but we have nothing to announce now.
Read the Computerworld article
Are 'Sealed' Websites Any Safer?
As consumers become more concerned about protecting their information online, more "secure" labels have emerged, each promising to serve as a "Good Housekeeping seal of approval" for Website security. Hacker Safe and ControlScan, for example, prove that a site has been vulnerability-scanned. The new Extended Validation SSL (EV SSL) moniker, championed by digital certificate vendors such as VeriSign and Cybertrust, help verify that a site is not a phish or a phony. (See Cybertrust Enters EV SSL Fray .)
And now ScanAlert is rolling its "Hacker Safe" seal into a service for enterprises, company executives say. Hacker Safe Enterprise is a fully managed service that includes vulnerability assessment, hands-on analysis, and support from ScanAlert's security experts.
VeriSign, whose VeriSign Secured Seal logo is displayed on over 65,000 Websites, and Cybertrust, are in the process of rolling out EV SSL. If a site is EV SSL-certified, its address shows up in green on newer browsers such as Internet Explorer 7.
But are sites with a Website seal really more secure?
Website operators say displaying these logos demonstrates that they have made a good faith effort to run a clean site, and that they are being proactive in securing their sites. "I know that by implementing [Hacker Safe], I'm still ten times more secure than without it," says Lynnette Montgomery, general manager of e-commerce for Levenger, a $75 million reading and writing tools retailer that offers its products online as well as through stores and paper catalogs. "It's more that you are covering your bases, trying to be the best you can be, honest and putting your best foot forward."
Montgomery says another attraction of the Hacker Safe seal is its potential to bring in new customers. "Most companies I spoke to [about Hacker Safe] increased their conversion rate," she says. And that provides an ROI for the security service: "If I receive a two percent increase in conversion of customers, that's almost $500,000 in additional sales," she explains.
Read the article in Dark Reading
VeriSign Combats Online Fraud with New Digital Brand & Fraud Protection Services
Services Help Companies Protect Revenue and Preserve Consumer Confidence by Proactively Responding to Phishing, Trademark Infringement and Counterfeiting Activities
VeriSign today (12 December, 2006) launched a suite of new Digital Brand and Fraud Protection services . The services help organizations detect, prioritize and rapidly respond to suspicious activities on Web sites, blogs, online user communities, and other sources that can damage brand equity and consumer confidence.
“Brand equity and reputation, which can be valued at billions of dollars for well known companies, can easily be compromised by online fraud, negative opinions, trademark infringement and improper logo usage,” said Mike Denning, vice president and general manager, VeriSign Digital Brand Management Services. “For the first time, companies can protect revenue and their brands by rapidly responding to incidents in near real time. Our new Brand and Fraud Protection Services provide marketing, legal and IT professionals with actionable brand protection and management solutions to detect and counter any unauthorized or improper online activity that could damage their brand image and lead to lost revenues.”
“Firms have to ensure that their brand integrity remains consistent both online and offline,” writes Mike Rasmussen, vice president, Forrester Research. “Malicious attacks or internal negligence can lead to compromised customer privacy, inconsistent company communications, or inaccurately published information that ultimately harms the firm's overall brand and online presence.”
With the proliferation of online fraud such as phishing and typo squatting, protecting brands online has become increasingly more important for enterprise companies. According to the Anti-Phishing Working Group (APWG), the number of distinct spoof Web sites rose 52 percent in October 2006 to a record-shattering of 37,444, up from 24,565 a month earlier.
Read the article