For many online merchants, friendly fraud is a persistent problem. Without the right security tools in place, it is difficult to identify whether or not a customer is committing fraud.

According to the article, “Friend and Foe? Combating E-Commerce ‘Friendly Fraud’,” financial cybercrime against card-not-present (CNP) retailers can take many forms. While MasterCard says 70% of all e-commerce chargebacks are identified as fraud, more and more cardholders are committing friendly fraud due to buyers’ remorse or financial hardships. Although merchants are doing everything they can to reduce refund rates – from conducting operational assessments, marketing data analysis, and adopting a payer authentication program – they still don’t have the information needed to proactively identify and prevent friendly fraud before it happens.

While some merchants feel friendly fraud is impossible to prevent, there are solutions available that enable online businesses to proactively identify computers that have a habit of committing friendly chargebacks.

iovation ReputationManager 360 will assess risk on incoming transactions and identify whether the device being used has committed friendly chargebacks on other websites. By leveraging known intelligence and inference of risk while website visitors interact with a business’s website, they can “deny” incoming transactions when risk levels thresholds are met.

When businesses choose to “review” transactions associated with friendly chargeback histories, they will research the transaction, account or device within the ReputationManager portal. Here they will see all the other subscriber evidence related to that particular customer.

In the unfortunate event that a merchant is hit with a friendly chargeback, they will then place evidence against that account to avoid repeat offenses such as additional fraudulent orders. Merchants choose between 32 different types of fraud or abuse when placing evidence in the ReputationManager portal.

Utilizing device reputation as a best practice for fraud protection is critical to reducing fraud losses and boosting profitability, gaining operational efficiencies with the fraud prevention process, and ensuring that good customers have a safe and positive experience while interacting on your website.

When it comes to managing risk for online transactions, we get a lot of questions about how our approach compares to other commercial solutions. Establishing business rules and risk scoring in combination with device reputation ranks high among topics of interest. Simply put, iovation uses the device and transaction data available to any vendor, and combines it with the strongest database of historical device risk data available on the market today.

Risk scoring, when you boil it down, is the simple process of taking the data you have available about a given transaction and the device requesting that transaction, and measuring characteristics that would lead you to believe that it is either valid or risky. Most device-based risk scores, including those offered by iovation, incorporate common types of risk elements in their scoring. These may include:

• Velocity-based Rules – Measuring device activity in a given time frame
• Transaction Anomalies – Device characteristics that indicate the device is masking its identity, such as using an anonymizing proxy, or disabling technologies like flash

What sets iovation apart is the growing network of businesses it protects that leverage and contribute to the Device Reputation Authority (DRA). This database of over 350 million device reputations is queried more than 5 million times per day by iovation clients.

The Device Reputation Authority contains historical information about specific fraud and abuse occurrences by the device used. We use this information to further assess transaction risk for our customers in the following unique ways:

• Global Account Associations – Looking at extended relationships between devices and shared accounts that are evident in fraud rings and targeted fraud
• Factual Evidence of Fraud – Whether the information comes from a close partner, a peer, or a company in a completely unrelated industry, direct evidence of fraud on a given device is one of the strongest correlations to transaction risk a customer can have.
• Profile Risk – Profiling harnesses the power of shared factual evidence in the reputation system to measure the similarity of the device in the current transaction to those devices that have been seen across iovation subscriber sites in the past. A high ratio of known bad devices in the set of similar devices is a very strong risk indicator.

These three risk elements are tremendously valuable to our customers who find over time that either factual evidence or profile risk are so strongly correlated with fraud that it can cut their review time down substantially for those transactions.

In the world of risk scoring, cloud services, and crowdsourcing, it is proven that leveraging information from larger affinity groups provides unmatched effectiveness. When a company is combating highly sophisticated fraudsters determined to defeat their defenses, what risk analyst wouldn’t want to know that a device trying to create an account or make a purchase had previously been flagged for fraudulent activity? Adding this data to risk scores increases their ability to shine light on fraud that might otherwise remain hidden.

When it comes to online dating scams, we all like to believe we learn from our own, and others, experiences. But according to new statistics on Romancescams.org, a website dedicated to fighting online romance scams, the average loss per person involved in a romance scam has climbed to a staggering $11,500. That’s up from a 2007 report where the advocacy group cited the average loss per victim was $7,900.

According to the article, “Website offers forum on avoiding romance scams,” fraudsters continue to successfully scam unsuspecting lonely hearts by using stolen credit cards to join online dating sites and set up fake profiles. From there, they quickly lure their victims off the dating sites and onto more personal lines of communications such as instant messaging and email before romance sites can discover the stolen credit card and pull their fake profiles. Read the rest of this entry »

iovation will be presenting at the Ticket Summit on July 16 at the Venetian Hotel Resort Casino in Las Vegas. Ticket Summit brings together leaders in the ticketing community and affiliates to network and discuss the latest advancements, methods and technologies in the secondary ticketing industry.

I am looking forward to presenting fraud solutions that online ticketing companies can use to identify and prevent online ticket scams that typically result in chargebacks, increased fees and other fraud losses for agents, box office managers and event promoters.

iovation has had great success in decreasing online fraud and abuse in the ticketing community with customers like New Era Tickets, who saw a 98% reduction in total fraud losses with iovation’s services.

Here are the session details:

Panel: Innovations in Ticketing
When: July 16, 2010, 9:30– 10:50 a.m. PDT
Where: The Venetian Resort Hotel Casino, Marco Polo 706, Las Vegas

If you are attending the show, please stop by the iovation exhibit (Booth V) and get your “Virtual Crime Fighter” t-shirt!

The White House’s new plan for strengthening authentication and identity verification on the web is a good first step for securing identities in online transactions and creating a trusted digital environment. In the draft strategy, entitled the “National Strategy for Trusted Identities in Cyberspace” (NSTIC), the government calls for an Identity Ecosystem, an online environment where individuals, organizations and devices trust each other because authoritative sources establish and authenticate their digital identities. Read the rest of this entry »

With fraudsters better at hiding their true identities, it’s getting more and more difficult to know which online transactions to trust and which to reject. Would if you could confidently identify good transactions from the bad ones before they occurred? How valuable would this intelligence be in your ongoing efforts to reduce the risk of online fraud or abuse?

Join us for a live webinar, “Detecting High-Risk Transactions,” on Tuesday, July 20th. Learn how you can proactively assess risky transactions to better protect your business from more sophisticated schemes and elaborate fraud rings. Along with discussing the various techniques today’s cyber criminals use to hide their identities, you’ll learn more about the top 5 methods of detecting transaction risk, including:

Transaction Anomaly — Check mismatches, proxies and disabled components.
Velocity Rules — Know when activity counts have been met or exceeded.
Profile Risk — Check against aggregate profiles of risky accounts or devices.
Factual Evidence — Identify when known bad devices touch your website.
Account Associations — Identify and shut down fraud rings for good.

Register today at iovation.com/risk-mitigation.

We look forward to a very insightful, interactive discussion.

While friendly fraud is nothing new, according to an industry study it remains a prevalent problem throughout the online retail community. In the article, “Merchants’ Battle Against Friendly Fraud Will Be A Protracted One — Across Two Fronts,” LexisNexis found that friendly fraud accounted for more than one-third of the total fraud losses for online-only merchants in 2009, costing them .4% of their total annual revenue. While that number dropped slightly for the largest e-commerce merchants to about 24% of their total fraud losses, it still represented a significant amount of lost revenue last year.

Definition of friendly fraud: Any transaction, contested by a customer, where the merchant suspects that the customer or a personal associate (child, spouse) legitimately authorized the transaction in question. Read the rest of this entry »

iovation is announcing a new partnership with Failsafe Payments, a leading merchant service provider that connects online merchants with worldwide banks, payment processors, shopping carts, and e-commerce payment alternatives.

I recently sat down with Failsafe’s chief operating officer, Patrick Sallnert, to discuss some of the top online payment challenges facing today’s merchants, its integrated e-commerce platform, Certo Payment Gateway, and how our partnership will help provide safe and secure online payment services for merchant customers.

Max Anhoury: We are very excited to be partnered with Failsafe Payments and your Certo Payment Gateway. Would you please tell our readers about Failsafe Payments and how it got started?

Patrick Sallnert: Failsafe Payments was created in 2007 as a regular billing company by a very experienced team within e-payments. Our goal early on was to make it easy for merchants to find suitable billing solutions along with an easy API or payment page integration along with excellent customer support. In 2008, we established Failsafe Payments North America with an office in Cleveland, Ohio, and it was around this time I started to think about the product that would later become Certo Payment Gateway. Read the rest of this entry »

Despite all the warning signs and expert advice on how to avoid online dating scams, singles looking for partners online continue to be duped out of hundreds of millions of dollars each year. According to the article, “Online lonely-hearts scam is costing Britons millions of pounds,” online romance fraud has become so prevalent in Britain that the Serious Organised Crime Agency (Soca) is sending officers from its anti-kidnap and extortion units to help train police in areas where many of the mass-marketing romance scams originate, Nigeria and Ghana.

Romance scams have been around much longer than online dating sites. While the Internet has increased people’s chances of finding partners, it also provides a level of anonymity that enables fraudsters to hide their true identities to perpetrate any number of fraudulent or abusive activities against individuals and online dating providers. Read the rest of this entry »

Along with the enormous success of mobile phone sales, wireless carriers and resellers have to contend with a variety of issues around theft and fraud. Working closely with several carriers and resellers, we’ve seen four primary fraud threats that financially impact carrier business. They include:

1. Account creation / application fraud – In this case, a fraudster uses a stolen identity to apply for an account online to order phones and services.  After initiating a shipping scheme to obtain the goods, the fraudster runs up the phone bill until the carrier or identity theft victim uncovers the charges.Much like credit issuers, carriers perform comprehensive identity and financial background checks on applicants, however, the checks are on the identity theft victim.  By adding a device check at the front of the process (which looks at the computer or Internet-enabled device being used), carriers can quickly identify suspicious activity such as when the same computer initiates multiple applications under various identities, or if the computer being used has been involved in previous fraudulent activity. Read the rest of this entry »

As we continue to learn more about how cyber criminals operate, online businesses continue to seek out effective countermeasures against organized fraudsters committing fraud and abuse. Trying to fight fraud alone can be a losing battle. No matter how much information your business has collected to stop criminals, there is a growing number of sophisticated fraudsters out there who are constantly changing their identities and the profile of their computers, to perpetrate fraud across a multitude of verticals.

One of the most effective ways to defend your enterprise is by working together and sharing information with other fraud teams across multiple industries. Interacting with a centralized, global network of fraud intelligence arms you with information upfront to minimize your chances of having to take that first hit. Read the rest of this entry »

Understandably, many sessions at this year’s LOGIN Conference in Seattle centered around game world monetization and payment types. Gaming businesses have a number of monetization models to choose from, including free-to-play, subscription, virtual goods, sponsored branded goods, virtual goods catalog/store front, virtual goods trading, crafting virtual goods, mini games, in-game competitions, and even in-game media assets—such as billboards or sponsored branded events.

To make things even more interesting, there are also different currencies. While the main currency remains to be real-world money as you might expect, secondary currencies include things like player experience, activity and achievement (in other words, gaining points for advancing levels within a game). Read the rest of this entry »

I just returned from LOGIN 2010 and wanted to share a few things that I thought were interesting, and might actually be meaningful to you.  Between the opportunity to involve games into people’s work life, the growing choices of monetization and payment types, and the ongoing fight against cyber criminals and in-game abuse, we at iovation are very excited to be engaged in this fascinating industry.

For this multi-part blog series, here’s my first topic of interest from LOGIN Seattle.

Part I:  Playing at Work.

The next frontier for the application of virtual worlds and game environments could actually be in the workforce. Considering work activities and putting them in a game-like environment with scores, levels, rewards, visibility and recognition could really be something in the future. Read the rest of this entry »

While online payments is the fastest growing segment of retail and payments, it also continues to be one of the riskiest. As cyber criminals step up their game and adapt new techniques to defraud online and card-not-present (CNP) merchants, payment providers and online retailers must take steps to protect their networks from organized fraud rings. Read the rest of this entry »

As many of the online game industry’s most respected leaders and innovators convene in Seattle next week for the LOGIN Conference, we look forward to seeing familiar faces and meeting new friends at this year’s event.

As always, the show will feature some of the industry’s top names sharing their ideas about advancements in technology and design, the future of digital games, and how online games and virtual worlds are helping solve real-world business issues.

iovation has a particular interest in this show because we actively protect over 20 gaming clients and their legitimate players from all forms of fraud and abuse. Each day, our device reputation technology helps more than 75 individual online games identify bad players in their virtual environments — and keep them from returning — to build a safer and more trusting online gaming experience for their good customers. Read the rest of this entry »