New Fraud Alert Service Launched

Microsoft Behind New Program to Flag Stolen Account Info
New Fraud Alert Service Launched
A new service developed by Microsoft aims to give banking institutions a faster way to know when a customer's account has been compromised.

The Internet Fraud Alert service, announced by the software giant on June 17, is designed to offer a trusted and effective mechanism for participating researchers to report stolen account credentials discovered online, including username and password login information for online services or compromised credit card numbers.

Through a centralized alerting system powered by Microsoft technology developed specifically for this program, Internet Fraud Alert will quickly inform companies about compromised credentials, allowing them to take the appropriate action to help protect their customers.

'911' for Breached Data Reporting

The new program is a positive move for fraud reporting, observers says.

"It's a good example of repatriating customer data to the hands of the orgs that need to deal with problems inherent with customer data losses," says Peter Cassidy, secretary general of the Anti-Phishing Working Group, an international consortium of business, trade groups and governments.

"It's almost a fire drill these days when a researcher or someone finds breached customer data, with people asking, 'Who do they turn it over to? Who do I call? What's the 911 number when you find breached data?' Cassidy says. "It is amazing that it has taken us this long to develop this much needed service. Now that it is here, everyone should be availed to it."

The program will serve the much-needed purpose of enabling security researchers and investigators to systematically share information with service providers, retailers, financial institutions and governments about incidents where compromised account credentials have been discovered. Up to now, when the security community uncovered compromised credentials stemming from phishing attacks, for example, there has been no simple mechanism to warn the service provider or bank about the exposed credentials.

Phishing and malicious code attacks pose a serious threat to consumer identity and account credentials. In 2009, the Anti-Phishing Working Group received more than 410,000 unique phishing e-mail reports, and recent data from the group show that the number of brands being exploited by phishers is at an all-time high.

Transparent to Customers

The recovered credentials will be handled in a secure manner. The way this program is structured, says Doug Johnson, vice president of risk management policy at the American Bankers Association, "No matter where the credentials are found, they will make it back to the bank or issuing organization. The entire process will be fairly transparent to the customer."

While it will first be focused on getting retail customer credentials back into the hands of banks, the service may also run across other credentials from businesses and municipalities as well.

Microsoft developed the program along with the National Cyber-Forensics and Training Alliance (NCFTA), Accuity, the American Bankers Association, Anti-Phishing Working Group, Citizens Bank, eBay Inc., Federal Trade Commission, National Consumers League and PayPal NCFTA will run the program's service on behalf of the organizations that sign up for it.

More information about the Internet Fraud Alert can be found here.


About the Author

Linda McGlasson

Linda McGlasson

Managing Editor

Linda McGlasson is a seasoned writer and editor with 20 years of experience in writing for corporations, business publications and newspapers. She has worked in the Financial Services industry for more than 12 years. Most recently Linda headed information security awareness and training and the Computer Incident Response Team for Securities Industry Automation Corporation (SIAC), a subsidiary of the NYSE Group (NYX). As part of her role she developed infosec policy, developed new awareness testing and led the company's incident response team. In the last two years she's been involved with the Financial Services Information Sharing Analysis Center (FS-ISAC), editing its quarterly member newsletter and identifying speakers for member meetings.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.co.uk, you agree to our use of cookies.