SOURCE: ThreatMetrix


February 15, 2011 06:00 ET

ThreatMetrix Takes a Stand: FTC Should Consider Revising Consumer Privacy Legislation to Exclude Cyber Security

In Response to the Proposed FTC Legislation Initiated in Effort to Protect Consumer Privacy, ThreatMetrix Outlines Potential Consequences Related to Company Efforts to Protect Themselves and Consumers Against Online Fraudsters

LOS ALTOS, CA--(Marketwire - February 15, 2011) -  ThreatMetrix™, the fastest growing cloud-based provider of fraud prevention solutions that do not require personally identifiable information (PII), has voiced a response to the proposed FTC legislation that addresses behavioral advertising.

While the Preliminary Report does in fact recognize the unique role of data collection for fraud detection, noting that it is a commonly accepted practice, ThreatMetrix suggests that companies engaged in cyber security should be excluded from the Framework proposed by the FTC.

"The importance of cyber security, and the nature of the data collected, requires that it be treated differently than the treatment accorded consumer data collected for behavioral advertising purposes," said Reed Taussig, president and CEO, ThreatMetrix.

ThreatMetrix cites four reasons why such companies should not be covered under this Framework:

  • Data is typically not sensitive consumer information: Aside from personally identifying electronic mail addresses, much of the data used in cyber security is typically not, in and of itself, sensitive consumer data.

  • Fraud detection is a "commonly accepted practice": The Preliminary Report recognizes that fraud detection is part of "commonly accepted practices" for which consent is not required, recognizing the less sensitive nature of such information, and the importance of cyber security, from a consumer protection standpoint.

  • Disclosure of data may make electronic commerce less secure: Detailed disclosure of data use and collection for security purposes may make electronic commerce less secure and thereby reduce consumer welfare.

  • Propositions in the Framework could hamper cyber security: Because the FTC, as part of the Framework, is suggesting that companies incorporate data security practices into their operations, security companies should not be hampered by the need to provide detailed disclosure concerning their data use and collection practice. The FTC's record in security-related prosecutions is testament to the need to create regulations that encourage, rather than hamper, cyber security.

"Ultimately, companies need to increase the transparency of their data practices," said Taussig. "This involves improved privacy notices, reasonable access to consumer data as well as some material changes."

Given the complexity of the issues raised in the Preliminary Report, at the request of several organizations the FTC extended public commentary from January 31 to February 18.

For more information about ThreatMetrix's viewpoint, visit:

About ThreatMetrix
ThreatMetrix helps companies stop web fraud and enable e-commerce in real-time so they can significantly reduce online fraud, acquire more customers faster, reduce costs, and increase customer satisfaction. The ThreatMetrix Fraud Network helps online businesses verify new accounts, authorize payments and transactions and authenticate user logins in real-time without relying on personally identifiable information (PII). ThreatMetrix profiles the device used in an online transaction so companies can determine whether the users are fraudsters or customers. ThreatMetrix device profiling goes beyond browser fingerprinting to identify the device, bypass proxies and detect the use of botnets. ThreatMetrix' simple and cost-effective software-as-a-service (SaaS) approach to implementation enables companies to get results in hours or days, rather than weeks or months. The company serves a rapidly growing customer base around the world across a variety of industries including social networks (dating, gaming), financial services, e-commerce, affiliate marketing and payments. For more information, visit or call 1-650-625-1451.

© 2011 ThreatMetrix. All rights reserved. ThreatMetrix, ThreatMetrix SmartID, ThreatMetrix ExactID, and the ThreatMetrix logo are trademarks or registered trademarks of ThreatMetrix in the United States and other countries. All other brand, service or product names are trademarks or registered trademarks of their respective companies or owners.

Contact Information