New Fraud Alert Service LaunchedMicrosoft Behind New Program to Flag Stolen Account Info
The Internet Fraud Alert service, announced by the software giant on June 17, is designed to offer a trusted and effective mechanism for participating researchers to report stolen account credentials discovered online, including username and password login information for online services or compromised credit card numbers.
Through a centralized alerting system powered by Microsoft technology developed specifically for this program, Internet Fraud Alert will quickly inform companies about compromised credentials, allowing them to take the appropriate action to help protect their customers.
'911' for Breached Data Reporting
The new program is a positive move for fraud reporting, observers says.
"It's a good example of repatriating customer data to the hands of the orgs that need to deal with problems inherent with customer data losses," says Peter Cassidy, secretary general of the Anti-Phishing Working Group, an international consortium of business, trade groups and governments.
"It's almost a fire drill these days when a researcher or someone finds breached customer data, with people asking, 'Who do they turn it over to? Who do I call? What's the 911 number when you find breached data?' Cassidy says. "It is amazing that it has taken us this long to develop this much needed service. Now that it is here, everyone should be availed to it."
The program will serve the much-needed purpose of enabling security researchers and investigators to systematically share information with service providers, retailers, financial institutions and governments about incidents where compromised account credentials have been discovered. Up to now, when the security community uncovered compromised credentials stemming from phishing attacks, for example, there has been no simple mechanism to warn the service provider or bank about the exposed credentials.
Phishing and malicious code attacks pose a serious threat to consumer identity and account credentials. In 2009, the Anti-Phishing Working Group received more than 410,000 unique phishing e-mail reports, and recent data from the group show that the number of brands being exploited by phishers is at an all-time high.
Transparent to CustomersThe recovered credentials will be handled in a secure manner. The way this program is structured, says Doug Johnson, vice president of risk management policy at the American Bankers Association, "No matter where the credentials are found, they will make it back to the bank or issuing organization. The entire process will be fairly transparent to the customer."
While it will first be focused on getting retail customer credentials back into the hands of banks, the service may also run across other credentials from businesses and municipalities as well.
Microsoft developed the program along with the National Cyber-Forensics and Training Alliance (NCFTA), Accuity, the American Bankers Association, Anti-Phishing Working Group, Citizens Bank, eBay Inc., Federal Trade Commission, National Consumers League and PayPal NCFTA will run the program's service on behalf of the organizations that sign up for it.
More information about the Internet Fraud Alert can be found here.