Compliance Management, Threat Management, Malware, Phishing, Privacy

New fraud service serves as repository for stolen data

Microsoft has joined forces with the National Cyber Forensics Training Alliance (NCFTA) to launch a portal designed to immediately alert companies if credentials or credit card numbers belonging to their customers have been discovered online.

The Internet Fraud Alert system, unveiled Thursday, has two capabilities.

First, it will provide approved researchers and law enforcement with the ability to report compromised accounts they may stumble upon as they trawl the darker corners of the internet, said Ron Plesco, president and CEO of the Pittsburgh-based NCFTA. Second, companies, such as banks, retailers, social networking sites and email providers, can register with the service so they are notified if stolen data belonging to their customers — typically discovered in remote database servers — is uploaded to the portal.

The program was conceptualized because currently there is no formalized way to warn organizations if credentials or card numbers they issued are exposed on the internet, Plesco said.

Microsoft built and donated the technology, which both matches the data with the victim organization and enables the alerting.

"It's part of our broader efforts to address cybercrime," Tim Cranton, associate counsel at Microsoft's Digital Crimes Unit, told on Thursday.

The portal closes the time gap between when the credentials and card numbers, possibly swiped in a phishing attack or a hacking, are posted on the web and when they are used for fraudulent purposes, Cranton said.

Law enforcement also stands to benefit. The researcher who discovers the hijacked account information, or the victimized entity, can choose to loop in authorities with what can prove to be valuable evidence in an investigation, he said.

"Now, law enforcement can go back and say, 'Oh look, here's really where the attack occurred that caused your identity to be stolen, and here's 1,000 other people who suffered the same attack,'" Cranton said.

The portal will rely on information discovered by partners, such as the Anti-Phishing Working Group, American Bankers Association, PayPal, eBay and the Federal Trade Commission, Plesco said.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.