Some credit unions are turning to next-generation information security solutions such as Terbium Labs' Matchlight, a comprehensive, dark web data monitoring system to mitigate the hazards.

Recently, Terbium Labs announced that the $2.8 billion, Vernon Hills, Ill.-based Baxter Credit Union – a full-service financial institution providing SEG and community banking to members in all 50 states and Puerto Rico – selected Matchlight for continuous dark web data monitoring, fraud detection and information security-risk assessment.

“Fraud evolves constantly, and you can't afford a 'set it and forget it' mindset with your information security solutions,” Martin Hetzel, senior information security analyst at BCU, said. “To help protect the personal information of more than 200,000 members, we needed a proactive solution, one with the scale, speed and precision to quickly identify and rapidly counter information theft and fraud.”

Given the task to consider dark web threat intelligence in the February/March 2017 timeframe, Hetzel and Stacy Hogan, BCU fraud manager, explained their credit union's cybersecurity and fraud teams evaluated, researched and investigated services. BCU decided Matchlight was the best fit for the organization because of the platform's ease of use and data presentation. In addition, Terbium provided a dedicated analyst on the Terbium side.

“From a fraud perspective, we were excited to look into the space as we have a large network of other credit unions that we deal with from the fraud aspect,” Hogan pointed out.

Carbone noted BCU wanted a solution that would provide them with visibility in two keys areas:

• The information security use case. If they had a breach and needed to know if BCU data was out there, they could begin the remediation process as quickly as possible.

• The fraud use case. Because payment card fraud is intensifying, the credit union needs to determine immediately if their cards are for sale on the dark web.

Matchlight addresses both the fraud and information security use cases. “Our focus is helping companies find their data if it appears out in the dark web and that tends to be for fraud use cases and as well as for information security use cases,” Carbone emphasized, “which is why the BCU partnership was such a good fit because they came in looking for help on both sides of the threat.”

On the information security side, BCU generates one-way representations of the data they don't want to appear on the internet, like employee and member names, and they send only those data fingerprints to Matchlight.

On the fraud side, instead of looking at specific payment information of individuals, BCU searches for the sale of their payment card data so they could combat fraud such as changing how their algorithms work or addressing specific cards in need of deactivation.

According to Terbium, traditional threat intelligence relies on expensive, human analysis that makes it hard to know whether data or claims are real or fake and can miss important indicators that may be in hidden or undiscovered parts of the dark web. Matchlight enables organizations to automate and continuously monitor the dark web for compromised or stolen data in near real time. It doesn't rely on outside alerts, feeds or human analysis. It focuses on clients' actual data.

Carbone described Matchlight's data fingerprinting technology as creating a one-way digital signature of any type of data, enabling BCU to automatically search for its sensitive information without revealing the nature of the data to anyone – not even Terbium.

Carbone detailed two key elements on how Terbium Labs approaches shielding this sensitive information. The first is privacy protection using data fingerprinting technology. “Companies can put data under monitoring with us without needing to reveal what that data is.” The data fingerprinting is a one-way random representation of the data. This allows credit unions to monitor sensitive payment card or member data. The other element, a fully automated web crawler, provides the systematic browsing of the dark web quickly and in a scalable fashion. “We can bring this kind of much needed dark web intelligence to companies that are otherwise not in any position to hire large teams of analysts to read the dark web by hand.”

Designed to be as easy to use as possible, Matchlight clients can generate these fingerprints either locally in their browser using the web interface or utilize a software development kit for use offline. “In either case the original data never leaves the clients system,” Carbone said.

Additionally, customer specific reports help BCU security and fraud teams to continuously evaluate the organization's risk profile, including the data's location, its potential risk over time and how to remediate any exposure.

Carbone suggested credit unions like BCU need a solution like Matchlight to shorten data breach detection times that lead to incident response delays. “Terbium is shifting the balance of power, giving credit unions the tools to identify and rapidly counter information theft and fraud quickly, privately and affordably.”

This is important because what typically happens in a data breach is the threat actors gain access to a compromised system for some period and during that time can access many records (such as customer and payment card data). That information could subsequently appear for sale over the dark web, usually before an organization realizes it has a breach problem. Carbone warned, “The typical average time [for breach cognizance] is still over 200 days.” Given that delay, a fair amount of leaked data could end up for sale. Matchlight tries to bring this breach awareness time lag way down by alerting organizations immediately and allowing them to respond quickly.

“For every one of these high-profile data breaches that makes the news, there are many smaller ones that are too low-profile for the news to cover them but for the companies involved it still represents significant existential threat to their business,” Carbone emphasized.

Hetzel concurred, “Terbium's Matchlight gives us the intelligence, privacy and automation to continuously monitor our most critical data – all at an affordable price point.” He added, “From a security standpoint, it is more proactive, knowing threat intelligence is down there to see if someone is actively talking about BCU rather than waiting for something to happen.”

The BCU information security analyst explained, “One of the things that is overall lacking in the credit union space is those consistent threat intelligence feeds. Not to say that maybe they don't have threat intelligence out there, but are they looking at all channels of threat intel feeds? That's where [Matchlight] fits into our initiative. It's proactive intelligence.”