Microsoft Works On New Project - Internet Fraud Alert

A new global cybersecurity project named Internet Fraud Alert, aims to fast track the reporting of stolen consumer data. It includes username and password login information for online services, credit card numbers, and other things researchers find online. The service goes to alert banks and online services when accounts they oversee are compromised.

This technology was developed by Microsoft behind the website and donated to the National Cyber-Forensics and Training Alliance (NCFTA), a nonprofit organization that trains law enforcement agents, academics, and other groups to a combat cybercrime. The new project is supported by several companies and organizations including Accuity, the American Bankers Association, Anti-Phishing Working Group, Citizens Bank, eBay, the Federal Trade Commission, National Consumers League, and PayPal. It is usually very difficult for people to discover vast amounts of stolen credentials stashed on servers and sites such as Pastebin.com to bring it to the attention of the appropriate authorities. Many organizations don't bother to make reporting stolen data easy, and even then, it can be difficult to convince a bank or law enforcement that the information found is legitimate. This wasted time could mean the difference between someone's identity being used for fraud and stopping that before it occurs.

Internet Fraud Alert is a single secure location where researchers can systematically report stolen account credentials and personal information. The service can then match large caches of stolen passwords and payment card numbers with the organizations responsible for the compromised accounts and alert proper service providers, retailers, financial institutions, and law enforcement. It isn't all good though, one of the weaknesses of Microsoft's program is that anonymous submissions aren't allowed. It's possible that corporate whistleblowers will not come forward if they are worried they will get fired or worse. The success of the new service will probably all depend on how quickly affected institutions and consumers are notified.