A recent fraud study conducted by Javelin Strategy & Research and LexisNexis confirmed what we already knew: identity fraud is on the rise, and so are the losses that online merchants face. What we learned from the report, however, is that the impact on retailers is much worse than originally thought.

Based on the study results released by LexisNexis, U.S. retailers incurred losses of $191 billion in 2008 due to identity theft, stolen merchandise and fees associated with chargebacks. Even more alarming is the fact that, between the three primary groups surveyed—merchants, financial institutions and consumers—the cost of fraud to retailers is almost 10 times greater than the losses absorbed by financial institutions and 20 times greater than the losses suffered by individual consumers. Read the rest of this entry »

After a three-year investigation by the FBI and the UK’s Serious Organized Crime Agency (SOCA), British authorities announced they have arrested the sophisticated network of cyber criminals behind DarkMarket, one of the world’s top criminal websites. The site, which operated out of an unassuming London Internet café, was an international cyber supermarket for stolen credit card and bank account information that officials say has cost the banking industry tens of millions of dollars. Read the rest of this entry »

How much money has the world lost to e-crime so far? … A trillion dollars. That’s the estimated annual cost of e-crime worldwide, according to a recent article, “National online-fraud helpline to launch in April.” Despite the staggering losses attributed to online crime, victims of such crimes—both individuals and businesses—have not had a simple option for reporting them. Hopefully this is about to improve, with the UK’s new Action Fraud helpline, one of the first attempts at streamlining a call-in process for victims to report online crime.

I commend the National Fraud Reporting Centre (NFRC) for getting the hotline going. The helpline will allow individuals and small businesses to report cyber crime to a central agency, simplifying what would otherwise be a confusing process involving potentially several different government ag encies. A similar effort in the U.S., the Internet Crime Complain Center (IC3), currently allows individuals to file complaints of internet fraud through its website. Read the rest of this entry »

Velocity-based rules have long been used by merchants to help identify potentially fraudulent online behavior. Typically, velocity-based rules function by looking at commonalities in personal information, across accounts and transactions. For example, a warning may be set off if multiple accounts, or multiple orders, all have different names but the same shipping address. Another example might be if multiple accounts were all set up using the same password.

Unfortunately, these kinds of velocity checks are of limited value against more sophisticated fraudsters who have the information, the technology, and the general savvy to set up multiple accounts that all, on paper, look completely different—different names, different credit card numbers, different shipping addresses, different IP addresses. Read the rest of this entry »

We’re going into 2010 with a lot to be excited about, including the announcement of our new VP of Technology, Scott Waddell.  Scott joined iovation in April 2008 as our Director of Research, a role to which he has brought amazing insight and innovation.  I love his ability to keep sight of a strategic vision while being pragmatic about getting there.  Starting this month, he’s taking over the helm of our entire technology organization and we’re confident he will continue our positive momentum into the new year and beyond.

To provide a bit of an introduction, Scott has nearly two decades of technology experience with an emphasis on security.  Before joining iovation, he spent a number of years at Cisco, serving in a variety across engineering, network security and research. Prior to that, Scott co-founded WheelGroup, a network security company that was later acquired by Cisco.  He also served as a charter member of the Air Force Information Warfare Center, pioneering tools and techniques for automated vulnerability assessment and incident response.

Due to his wealth of experience and the clear contributions he has already made to our business, everyone on our executive team and board of directors agrees that Scott is absolutely the right person to lead our technology team.  We’re fortunate to have someone who is extremely knowledgeable, passionate, dedicated, and already familiar with what we do. No one would be in a better position to help strengthen our core technologies and work on building new services to leverage our unique knowledge of the reputation of hundreds of millions of computers.

Here’s to building great teams.  Happy New Year!

Well it’s been a good year for our blog. We’ve tried to address a number of topics all relevant to helping businesses fight online fraud. As the year wraps up, I thought it would be a good time to summarize some of the themes from the year and highlight some of our posts. While we touched on a number of topics, a few main themes remained consistent:

Device reputation is an important component of best practice fraud management – 2009 was a difficult year for business, but one trend that emerged was an increased visibility into how valuable device fingerprinting and reputation solutions can be as part of any sophisticated fraud prevention architecture. Some of our articles on this topic:

• The First Five Benefits You Will See From Device Reputation
• Not All IP Addresses are Created Equally
• Device Fingerprinting Techniques – Several Choices

Online retailers are under attack – Online retailers continue to find themselves under attack and we touched on this topic a number of times this year. Here are some of the highlights:

• Online Merchants Are the Real Victims of Identity Theft
• Interview with Merchant Risk Council Executive Director, Tom Donlea
• Fighting Friendly Fraud With Device Reputation

Online games continue to attract attackers – Massively Multiplayer Online (MMO) games continue to be a favorite target of hackers. Financial fraud coupled with theft of accounts, virtual assets and exploitation of in-game economies through gold farming all pose serious threats to the online gaming industry. Some of the highlights: Read the rest of this entry »

Yesterday, President Obama took an important step toward putting cyber security front and center by appointing Howard Schmidt as cyber security coordinator. Not only will this significantly aide in advancing the current administration’s cyber security initiatives—it’s also a critical step forward in the private sector’s fight against cyber crime.

Given the impact that cyber crime has on our economy, online businesses especially have a lot riding on the success of these government initiatives. A recent report from LexisNexis estimates that U.S. businesses lose $191 billion annually from computer related crimes. This is why Mr. Schmidt’s combined experience in both government and the private sector will hopefully be an important asset, allowing him to simultaneously understand the issues currently facing businesses and be able to cut through the red tape on Capitol Hill to make real change happen. Read the rest of this entry »

There was a time when spam wasn’t considered dangerous; it was merely obnoxious. Unfortunately, it seems that time is quickly coming to an end. For example, take the recent article on CNN.com: “Cyber crime poses threat to e-commerce.” The article—about increasing trends in online spam and related fraud—cites a statistic from antivirus-software provider Symantec which claims that the percentage of spam that contains malicious software has increased 900% over last year.

Additionally, as perpetrators of online crime get smarter and savvier, it’s becoming increasingly difficult to distinguish between legitimate email and spam. Especially during the holidays—a busy time for fraudsters, as we’ve already discussed—there are plenty of opportunities to take advantage of the upswing in online shopping for Christmas. For example, take a look at the top 10 subject lines for seasonal spam, as reported in the December issue of Symantec’s monthly report, State of Spam:

1. Sales Receipt from Amazon
2. Sales Order from walmart.com
3. Incredible sale for luxury goods
4. Re: what she wants for Christmas
5. Give her luxury this holiday season
6. Bling yourself up this Christmas
7. Get the perfect gift for Christmas
8. Impress your friends this holiday season
9. Xmas on-line cookies
10. Time limited Christmas promotion

Read the rest of this entry »

If you’re curious to know what’s topping people’s wish lists this holiday season, just take a look at online sales. No big surprise, electronics are where it’s at. Based on information provided by fraud prevention experts (and iovation partner) Retail Decisions (ReD), the top-ten list of products sold online during Black Friday was dominated by GPS systems, televisions, digital cameras and video game consoles.

Besides providing statistics on what online purchases people were spending their hard-earned money on during Black Friday, ReD also noted that online criminals were out in force, busy spending other people’s money. “Whilst online retailers witnessed a huge upturn in sales this Black Friday, fraudsters are also ’spending’ more, with an average value of $248 per transaction online, 23% more than the average genuine customer,” said ReD’s CEO, Carl Clump. Read the rest of this entry »

According to ComScore, a Virginia-based firm that tracks online shopping, consumers have already purchased over $19 billion worth of products online this holiday season. That’s an increase of 3% over last year. While that’s good news for online merchants, Mike Cronin points out in his article, ’Tis the season to be wary of online scams, that it also provides new opportunities for online scammers.

Much like online businesses, cyber criminals are working around the clock this time of year. But instead of sending out legitimate emails promoting online sales, fraudsters are sending out emails containing bogus links that closely resemble real retail websites. While their intent is to steal credit card information from unsuspecting online shoppers, the real victims in this crime will end up being online merchants.

The reason for this is what’s known as a chargeback—a truly dirty word for anyone in online retail. It works like this: once an individual whose credit information has been stolen discovers a fraudulent purchase on his or her account, she contacts the bank to report the fraudulent charge. The charge is then refunded to the individual, and charged back to the online merchant. Read the rest of this entry »

There was a blog post recently on Wallet Pop titled “Online theft not the main cause for identity fraud.” In it, author Josh Smith does a good job calling out the differences between identity theft and identity fraud. In short, identity theft is when someone’s personal identity information has been stolen; identity fraud is when that stolen information is used to commit financial fraud or some other kind of crime. While the two are inevitably related to one another, they are not the same thing.

In the case of identity theft, it’s a common myth that malware, botnets, and other internet scams are to blame; however, Smith cites a study done by Travelers Insurance that actually shows that the majority (78%) of incidents of identity theft actually occur offline. This indicates that peoples’ fears may have been, at least in part, misplaced. Individuals would benefit from an increased awareness and vigilance in all aspects of their life, not just online.

This being said, there still remains the question of identity fraud: what happens once someone’s personal information has been compromised? This is where online businesses still need to be on high alert, because online sites (and not physical stores) will likely remain the No. 1 target of identity fraud. Here’s why:  Read the rest of this entry »

This week the U.S. House of Representatives is debating over whether online gambling should be regulated or simply prohibited. At the same time, the recent release of a study, commissioned by WiredSafety and conducted by Harvard professor Malcolm Sparrow, asserts that regulation, and not prohibition, would best mitigate the risks posed by online gambling. This line of thinking may be in part why implementation of the Unlawful Internet Gambling Enforcement Act (UIGEA) has been delayed, and why many are now discussing a separate bill, H.R. 2267, the Internet Gambling Regulation, Consumer Protection, and Enforcement Act.

Read the rest of this entry »

We have exciting news to share! Now that the nomination phase of the  first annual 2010 Internet Dating Industry Awards is complete, iovation has been named a finalist for the Best New Technology.  This award recognizes the best individual technology created by a vendor for dating or matchmaking sites. The award will be announced at the 7th Annual Internet Dating Conference. Read the rest of this entry »

Good news for online retailers came this weekend as reports showed that this year’s online sales during Black Friday were up 11% from last year, with U.S. shoppers ringing up $595 million worth of orders throughout the day. The bulk of the increases, not surprisingly, went to the largest stores. As the blog on the Wall Street Journal reports:

The retail sites for Amazon.com, Apple, Best Buy, Target and Wal-Mart each saw more than 4 million unique visits Friday, comScore said, with Amazon receiving the most traffic (up 28% from 2008). Apple, Best Buy and Wal-Mart sites also experienced double-digit traffic gains. According to Experian Hitwise, another Web monitoring firm, other e-commerce standouts included Sears, Staples and Dell.

These results are welcome news for retailers who have been concerned that fear of identity theft could have a noticeably negative impact on sales. Just last week SC Magazine predicted overall online spending to be down this year because of such fears. Luckily, so far, this does not appear to be the case. Read the rest of this entry »

I wanted to take a moment this Thanksgiving week to offer up my own personal thanks to everyone involved in making iovation a success and to all those who work with us to combat online fraud and abuse. Our customers, partners and employees have all played an important role helping us finish the year strong. We’re poised for an amazing year in 2010 and looking forward to all that we will accomplish together.

It is amazing to me to look back and see how much we have accomplished in just a few years. Through collective hard work and the loyal support of our customers, we have become leaders in device reputation and device fingerprinting solutions. We now protect over 300 websites and have profiled over 180 million computers. We perform over 4.0 million device reputation checks and stop over 30,000 fraudulent transactions every single day.

Thanks to everyone who is working together to protect online commerce and fight online fraud. We couldn’t have done it without you.

Happy Thanksgiving to you and your family.

Greg