We’re going into 2010 with a lot to be excited about, including the announcement of our new VP of Technology, Scott Waddell.  Scott joined iovation in April 2008 as our Director of Research, a role to which he has brought amazing insight and innovation.  I love his ability to keep sight of a strategic vision while being pragmatic about getting there.  Starting this month, he’s taking over the helm of our entire technology organization and we’re confident he will continue our positive momentum into the new year and beyond.

To provide a bit of an introduction, Scott has nearly two decades of technology experience with an emphasis on security.  Before joining iovation, he spent a number of years at Cisco, serving in a variety across engineering, network security and research. Prior to that, Scott co-founded WheelGroup, a network security company that was later acquired by Cisco.  He also served as a charter member of the Air Force Information Warfare Center, pioneering tools and techniques for automated vulnerability assessment and incident response. (more…)

I wanted to take a moment this Thanksgiving week to offer up my own personal thanks to everyone involved in making iovation a success and to all those who work with us to combat online fraud and abuse. Our customers, partners and employees have all played an important role helping us finish the year strong. We’re poised for an amazing year in 2010 and looking forward to all that we will accomplish together.

It is amazing to me to look back and see how much we have accomplished in just a few years. Through collective hard work and the loyal support of our customers, we have become leaders in device reputation and device fingerprinting solutions. We now protect over 300 websites and have profiled over 180 million computers. We perform over 4.0 million device reputation checks and stop over 30,000 fraudulent transactions every single day.

Thanks to everyone who is working together to protect online commerce and fight online fraud. We couldn’t have done it without you.

Happy Thanksgiving to you and your family.

Greg

Ellen Messmer of Network World had an interesting post recently listing America’s 10 most wanted botnets.  These ten alone are responsible for an estimated 12.4 million infections in the United States.

Botnets are an increasingly difficult problem to address and are becoming an important part of the Fraud as a Service value chain.  There are a number of uses for botnets but Messmer’s post supports that the three primary threats are theft of data, propagation of spam or malware, and execution of coordinated denial of service attacks.

With respect to online fraud, the first threats are the most concerning and are directly related to each other. Distribution of spam and malware is usually a means to an end of stealing personal data which can easily be monetized in the cyber black market. The number of effective botnets is growing. What this means to online businesses is that comprehensive databases of credit and identity information are readily available and getting cheaper, allowing fraudsters easy access to stolen identities. The result is that fraud management systems relying entirely upon identity checks are becoming less effective and need to be accompanied by a solution based on information independent of identity. This is where device reputation systems excel and provide the perfect complement to existing fraud management tools and processes. (more…)

We recently announced an amazing achievement and this is a proud moment for everyone at iovation. Since our inception, we have processed over 2.0 billion real-time device reputation inquiries for our subscribers.

Over two billion times, our subscribers have used one of our device printing technologies while interacting with end-users and then reached out to our service with device printing data plus their unique account or transaction identifier. In real-time (sub-second response times) our service then follows business rules that are unique to each subscriber and leverages terabytes of information in our global fraud database, the Device Reputation Authority (DRA).  We can tell subscribers if they have ever seen a given device and if any related accounts and devices have a history of fraud or abuse at their site. We can also tell subscribers if any related devices are associated with fraud or abuse at other subscriber sites. (more…)

In a class action lawsuit involving Microsoft, a U.S District Court judge ruled that IP addresses are not personally identifiable information (PII). In my original post, I made reference to the often passionate and sometimes controversial balance between online security and privacy. (more…)

In a class action lawsuit involving Microsoft, a U.S District Court judge ruled that IP addresses are not personally identifiable information (PII). In response to my first post,  few people actually read the order by Judge Richard Jones. I received an email from someone stating that the judge was dead wrong in stating that IP addresses identify computers. (more…)

In a class action lawsuit involving Microsoft, a U.S District Court judge ruled that IP addresses are not personally identifiable information (PII). If you read my first post on this issue, you know that I support this decision and believe that IP addresses should be treated as very weakly associated with identity. (more…)

In a class action law suit involving Microsoft, a U.S District Court judge ruled that IP addresses are not personally identifiable information (PII).  This will undoubtedly contribute to the important, often passionate and sometimes controversial balance between online security and privacy.  There will be countless threads pointing out the legal and technical reasons that an IP address is not personal information.  There will be valid points here.  And there will be countless more threads on what can be done with IP addresses alone and how IP addresses can be used in combination with other types of information for target marketing, behavior analysis and even identifying specific individuals.  There will be valid points here too. (more…)

There is a good article on the Internet Retailer site today titled “Fear of debt and fraud change the way online shoppers pay.“ Essentially, online shoppers are looking for the sites they trust the most and are moving to alternative payment vehicles that do not require them to enter their credit card information. According to the article, thirty-seven percent of online shoppers are using their credit cards less, while only ten percent indicate they are using credit cards more. Meanwhile, alternative payment vehicles like PayByCash, Bill Me Later, and PayPal are undergoing rapid growth.

In addition to being good news for the companies who offer alternative payment types, this information also signifies an important development in the realm of fraud prevention. With fewer shoppers using credit cards online, traditional fraud-management tools that rely upon that personal and credit information are going to become less effective. The Internet Retailer article quotes extensively from CyberSource’s most recent fraud report: a report that indicates that device fingerprinting solutions, like iovation ReputationManager™, are at the top of the list for planned implementation in 2009. The trend of online consumers away from payment options that require personal and credit information will only make augmenting fraud prevention with device fingerprinting solutions more important.