Microsoft leads program to help respond to data theft more quickly

Microsoft is spearheading an initiative designed to “provide a trusted way for researchers to report stolen credit card numbers and other data they’ve found in the dark corners of the Internet,” according to The Globe and Mail.

As it is, when a researcher locates stolen data, it can be difficult to convince a bank or other institution that the data is authentic. This lost time can determine the difference between someone’s identity being used for fraud and stopping a fraud before it occurs.

When researchers locate card numbers for sale or trade, Dan Clements says CardCops, which specializes in hunting stolen payment cards online, says, “We send it to everybody immediately. We send it to companies, the government, the consumer—it’s a blitzkrieg. That way they have all the intel and can act accordingly.’ The company’s former president admitted it’s somewhat of a scattershot, but “It’s the only way you can assure that we’ve done our job. But we have no way of knowing it’s effective.”

Dan suggested the speed of the new program (specifically, how quickly it leads to notifications for affected companies and victims) will be key to whether it is successful.

Merchants and online gambling businesses have tried similar programs in the past. But the programs fell apart, partly because the companies didn’t work well together without a middleman, Dan explained said.

This program is being managed by the National Cyber-Forensics and Training Alliance, a not-for-profit organization focused on cybercrime. Other organizations that are participating include the American Bankers Association and eBay. And more banks, retailers and Internet security firms will be added as the program evolves.

“When these kinds of credentials are stolen, they may not get used immediately,” said Nancy Anderson, Microsoft’s deputy general counsel. “So the goal here is to get the information to the institutions quickly, quickly, quickly, so the appropriate action can be taken before the damage is done.”

Dan admitted a weakness of Microsoft’s program: it won’t allow people to anonymously submit what they’ve found, which could “discourage whistleblowers from coming forward.”

One thing everyone can agree on, though, is that online payment card protection is absolutely vital as the modern world shifts to doing the majority of their private financial transactions over the internet.