In the article, “Cybercrime is now a booming industry,” the new Global Risks for 2012 report says that along with a steady increase in cyber attacks on businesses and governments around the globe, the top concern for illegal digital data sellers is maintaining trust with their customers.

According to an ethical hacker in India, the digital black market has become so competitive that entrepreneurial cyber criminals depend on their trustworthiness, along with free trials, discounted offers and money-back guarantees on stolen goods, to succeed in the shady underworld.

“Today, the main concern for the data sellers is to generate trust among their clients.”

Any legitimate business knows the importance of building and maintaining a high level of trust and confidence with their paying customers. Without it, we have no customers. Turns out, the cyber underground is no different. In order to sell stolen goods to their customers, cyber criminals, whose livelihood is based on creating a web of lies to steal other people’s information, also have to establish and preserve an upstanding reputation among their likeminded clients.

At iovation, we’ve always understood the power of reputation — both good and bad. In fact, our business is built on the experiences and expertise of more than 2,000 fraud analysts from leading brands worldwide, who have all contributed to our device reputation database of over 800 million unique devices, including PCs, laptops, smartphones, tablets and consoles.

Unlike anti-fraud solutions that rely on personally identifiable information (PII), iovation’s advanced device reputation technology focuses on the user’s device to identify and stop fraud in real time, as well as make quicker decisions on legitimate online orders and business transactions. By including a fraud prevention service like iovation’s ReputationManager 360 to any multi-layered security strategy, organizations don’t have to rely solely on potentially stolen or misrepresenting information provided by criminals to perpetrate fraud over the Internet.

While there’s no arguing that trust is essential for doing business — apparently between cyber criminals, as well — having a trusted resource like iovation to uniquely recognize known fraudulent devices, expose hidden fraud rings and identify good customers before the transaction takes place, can play a pivotal role in any business’s ongoing challenge to reduce online fraud rates.

While monetary gains are always the ends to the means for cyber thieves, the digital goldmine appears to be personal and financial information stolen from email accounts and bank accounts, as well as intellectual property, all of which hackers can sell on the cyber black market. Some additional points in the Global Risks for 2012 report included:

• Cybercrime, cyber-espionage and cyberwarfare are on the rise
• Credit card cloning is flourishing in India, conducted by Nigerians living in India who are using card data received from Russian underground forums
• Hackers are launching chance attacks on individual users and more targeted attacks on businesses and governments to exploit system security flaws
• Corporate source codes for products, intellectual property and defense data is extremely valuable to competitive organizations and governments
• Enterprises leveraging social media tools should consider the risks of employees accessing social media sites while on the corporate network

In the article, “Why Internet crimes go unpunished,” security expert Roger Grimes breaks down some interesting numbers around cybercrime, and how hackers are (to put it mildly) beating the odds. According to the FBI’s 2011 Internet Crime Report, of the more than 300,000 complaints that netted criminals $1.1 billion in 2010, law enforcement agencies convicted an average of one crook for every 50,635 victims. In other words, as Grimes eloquently states:

Steal someone’s identity and your odds of being caught are almost infinitesimal.

With all the hacks and fraud headlines 2011 will be remembered for, that’s definitely not the way we want to ring in the New Year. But as Grimes also warns, if we aren’t careful we could see history repeat itself as criminals not only continue defrauding computer users, but launch recycled attacks against the explosion of worldwide mobile device users, who could fall victim to the same old PC tricks.

While law enforcement certainly has its challenges in tracking down and prosecuting cyber criminals, nobody will argue that we can always be doing something on our part to help reduce the risk of fraud where the criminal is utilizing a computer, as well as emerging mobile platforms like smartphones and tablets.

Whether you’re an individual, small to mid-size business, or even a large international corporation, in many ways you’re sort of on your own in cyberspace. This is why taking matters into your own hands and implementing defense-in-depth fraud preventative strategies is so critical to protecting yourself, your employees and business from both evolving and old-school scams targeting every form of Internet-connected device that we use.

This is the time of year when most businesses are setting their budgets and determining business goals for 2012. While improving customer service and increasing revenues are certainly at the top of any CEO’s to-do list, mitigating costly fraud risks that can take a hefty bite out of annual profits (not to mention cause significant reputation damage) requires organizations to deploy effective security tools like iovation’s ReputationManager 360 solution to reduce the risk of fraud or abuse over all devices and platforms connecting to their online business environment.

In the article, “Mobile commerce played an integral part of the 2011 holiday season,” online retailers capitalized on the smartphone and tablet phenomenon by boosting their m-commerce promotions during the past holiday season. As a result, a company spokesperson at Gilt Groupe, a US-based shopping website, said mobile-only promotions contributed to 20% of all sales during November and December, with mobile traffic and sales increasing well over 100% in December 2011 compared to December 2010.

“Mobile continues to play a large role in driving Gilt’s business. And we continue to utilize mobile as a channel to reach both existing and new customers wherever they are.”

North America electronics retailer, Crutchfield Corporation, also saw triple-digit increases in mobile traffic and sales, a trend the Crutchfield’s director of e-commerce, Todd Cabell, believes will continue to climb in the new year.

“Mobile was certainly a bright spot this holiday season. It’s clear more and more customers are becoming comfortable using their mobile devices to research and purchase a wide variety of products. We anticipate continued growth in both the smartphone and tablet channels during 2012.”

As more consumers trust their mobile devices to purchase goods over the Internet, online merchants recognize the importance of including mobile in their cross-channel marketing efforts. At iovation, we see the mobile channel not only as an emerging sales channel, but a thriving one, for e-commerce. This is why our ReputationManager 360 fraud prevention tool recognizes, in real-time, all Internet-connected devices by type, including PCs, smartphones and tablets, that access retail websites.

By better understanding the devices connecting to their site, retail fraud managers can immediately accept, deny or pull for further review all transactions coming through their cross-channel sales mix. For retailer’s creating mobile-exclusive promotions that target smartphone and tablet users, this level of fraud protection is essential to the customer experience, profitability, and a merchant’s overall brand reputation.

If you are interested in learning more about how iovation protect online retail sites from fraudsters attempting all types of criminal or abusive behavior, we will be at the upcoming NRF Retail’s Big Show, January 16-18 in New York City.

We’d love it if you stopped by our booth #2820 to chat about any fraud issues your business is experiencing or anticipating, and to pick up your Virtual Crime Fighter t-shirt. By integrating iovation’s device reputation service on your account creation or checkout page, for example, we can help you stop cyber criminals—all without collecting any personally identifiable information (PII)—whether they are using a computer, tablet or mobile phone to access your site.

And while at the NRF Retail’s Big Show, one session that looks very interesting is “Emerging Technologies: Driving Businesses for Retailers, While Minimizing Risks from Fraudsters” at 2:00 pm on Tuesday.  The session is moderated by Evan Schuman, Editor of StorefrontBacktalk.com with speakers Joseph LaRocca, Sr. Asset Protection Advisor of the NRF and Bill Titus, Vice President of Loss Prevention at Sears Holding Corporation.  (See page 37 of the Show Guide).

In the recent article, “How to steal an identity in seven easy steps,” software developer, Herbert Thompson, shows us just how easy it is to collect personal information that allows fraudsters to gain access to somebody’s personal and financial online accounts. This is disturbing news, especially when you consider that roughly 40% of web users are ‘likely’ or ‘very likely’ to provide their personal information in one of six online scams, like the Ponemon Institute, commissioned by PC Tools, recently discovered after interviewing over 1,000 UK web users.  

Essentially, Thompson cites a number of online resources that criminals can tap into to gather personal information that increases their chances of cracking security questions and passwords required to access personal emails or financial accounts, including:

1. General Web Search: Searching someone’s name on a search engine such as Google can provide an assortment of information about a person including where they live and their social networking communities.
2. Personal Blog: Doing a keyword search on things like birthday, pets and mother’s maiden name can reveal personal data that users apply for questions relating to password reset and account login.
3. Public Websites: Public websites such as the DMV and state traffic court provide resources for obtaining information on traffic violators that could include things like birth date and vehicle type.
4. Resume/Job Seekers Webpages: Job seekers are constantly updating their work history and joining networking groups that disclose current home addresses, phone numbers, emails, where they’ve lived and their professional background.
5. Alumni Webpages: High school or college online social networking communities can make known somebody’s personal history, nicknames and other close friendships.

As you can see, online romancers aren’t the only ones susceptible to identity theft. This scenario essentially applies to anyone sharing personal information over the Internet.

While individuals need to always apply common sense before sharing personal information that really never goes away, so do the providers of these popular online environments. To ensure the safety of their legitimate users and maintain their reputable brand reputation, online dating and social networking sites need to deploy fraud detection tools that can stop known fraudsters before they enter their communities and root out fraud rings that are committing repeat fraud against good members.

iovation’s ReputationManager 360 does both. By identifying the user’s actual device, not the personally identifiable information (PII) they provide to create their profile, online communities can detect when a known fraudulent device is trying to enter their site, as well as expose bad devices and their associated accounts that are already active in the community. This unique level of device reputation intelligence enables Internet communities to improve their ability to deny fraudulent transactions before they happen and rid their trusted online communities of cyber criminals who are already perpetrating fraud or collecting personal information they can use later to break into personal or financial accounts.

According to the Politico article, “Free pass for dating site liars,” people can take comfort in knowing that they don’t have to worry about being prosecuted or hauled off to jail for telling a little white lie over the Internet. While this certainly makes sense, at the same time we’re still walking on shaky ground when it comes to online lies, falsifications, profile misinterpretations, or whatever you want to label it. The fact is, when it comes to identity fraud, fake accounts or other crimes on romance sites, lying is typically the basis for the crime. It sets the stage for deeper criminal activity that can cost victims both emotional and financial hardships, not to mention damage to the dating site’s reputation. 

In the recent blog, “Online Trust Remains Risky Business,” I discussed how most of us have at one time or another told some kind of little white lie on the Internet. Would this be cause for criminal prosecution? Probably not. However, if the intent is to steal or commit some type of crime against another person or business, the lie could be a violation of corporate policy covered by the Computer Fraud and Abuse Act (CFAA), which criminalizes “exceeding authorized access” of a computer.

While DoJ spokeswoman, Alisa Finelli, says it’s not the DoJ’s position that lying violates the CFAA, its current position is one that could be open for change.

“We understand the concern that is motivating these criticisms of the statute, and we are willing to work with Congress on legislative proposals in this area.”

While Congress works on legislation that clarifies what would be grounds for prosecution when it comes to lying on the Internet, to protect their members and online environments dating sites need to take action by deploying anti-fraud detection tools that help them identify risky behavior. At the moment, there may not be an actual online “lie detector” that can distinguish when a member is telling the truth or not, but there are tools available, such as iovation’s device identification service, that helps detect online scammers, spammers and bad actors attempting to mine the identity details of legitimate members.

In the article, “American Stranded in Ukraine in Online Dating Scam,” former write-in candidate for governor of Arizona, Cary Dolego, traveled to the city of Chernivti, Ukraine, eager to meet up with the woman he fell in love with online and one day hoped to marry. She never showed.

Turns out, Dolego was a victim of an online dating scam that stemmed from account takeover. Apparently, someone or some group hacked into a woman’s account on an international dating website and was communicating with Dolego on behalf of a woman named Yulia. While the woman later said the account on the dating site that Dolego had been corresponding with was hers, she claims she was not part of the scam.

While this and other similar stories continue to generate media attention about the potential dangers of online dating scams, many of the common tactics hackers use to commit fraud against good members of matchmaking sites could be avoided if the website’s fraud strategy didn’t rely so much on personally identifiable information (PII) to spot and stop fraud within their online social networks.

Unlike anti-fraud tools that collect and use PII to detect fraud online, iovation’s advanced device identification technology is not susceptible to the personal information that users are required to provide when creating new online dating profiles or accessing existing ones. By identifying the actual device used to open or access online accounts — not the user’s PII — iovation’s fraud prevention service provides dating and social networking sites real-time intelligence on more than 750 million known devices. This enables romance sites to instantly accept, deny or pull for further review suspicious transactions before they happen, as well as expose hidden associations between devices and accounts that PII-based fraud detection tools simply can’t do.

Because personal information gathered from social networking sites such as Facebook is what hackers use to open new online accounts or break into legitimate ones, dating sites need a fraud detection tool like iovation that goes beyond the user’s personal information. Without it, dating and social networking sites will remain vulnerable to profile misrepresentations, fake accounts, chargebacks, account takeovers and other online scams that fraudsters can think of using PII, which today is too easily accessible on the Internet.

As cyber criminals take advantage of various technologies to bypass businesses’ digital security efforts, any business that wants to succeed in today’s rapidly-changing business environment needs to have layered and effective security measures in place that allow them to know when they are dealing with a legitimate customer or a clever fraudster. 

In the article, “IT industry news: Identity fraud ‘a threat to businesses,’” Neil Munroe, chair of the Identity Fraud Consumer Awareness Group (IFCAG), said the growing threat of identity theft is not going away anytime soon. In other words, for businesses embracing new technology including mobile devices to offer customers multiple ways to purchase goods over the Internet, every company’s online payment process needs to have the proper protections in place if they are going to succeed and remain competitive.

The fact is fraud doesn’t stop, and in all likelihood, it never will. It merely changes methods.

While it’s true no single anti-fraud solution can stop every new type of fraud criminals can think up, iovation’s device reputation technology provides online businesses with a critical layer of fraud detection that identifies the user’s device in real-time, allowing them to stop a fraudulent transaction before it takes place. In doing so, merchants can better secure their payment processes by determining if online orders are coming from genuine customers or known fraudulent devices across any type of remote technology.  When placing iovation’s device check upfront in your fraud detection process, if the transaction is fraudulent, businesses can save money by not running subsequent and costly checks.

“It seems to me that if there was any logic to our language, trust would be a four-letter word.”

This clever, yet pertinent quote from the film, “Risky Business,” has always stuck with me. Today, it’s more relevant than ever when it comes to trusting someone in an online social environment.

As much as we would like to believe what other people say over the Internet, the bottom line is that most separate our real-life persona from our online persona to a certain degree. For some, it’s an outdated photo. For others, it’s embellishing the truth or telling a little white lie. When it comes to online trust, however, the most dangerous kind if personal misrepresentation are those who make a living at deceiving others for profit or personal gain. That’s right. I’m referring to online fraudsters.

By now, every online social community is aware of the countless types of malicious behavior that can take place within these environments. Even in remote communities where no financial transactions are exchanged, there are risks when building an online relationship with someone you’ve never met. That said, it’s not only important for individual users to keep up with the latest fraud tactics, but businesses that operate online communities should stay on top of evolving fraud trends and implement fraud preventative tools that recognize when a user on their website has committed fraud or any other type of unwanted behavior in the past.

In the article, “Online Romance Scams Dupe Thousands,” I was hit yet again with another memorable phrase that rings true to online dating fraud:

“Romance fraud is organized crime.”

For the many online communities including dating and networking sites that we protect every day, the potential fraud dangers that exist are likely not coming from a fraud network of one. While personifying a single user, the perpetrator is likely part of a larger group of organized criminals making coordinated efforts to defraud a particular organization. Working diligently to defeat a website’s line of defense, once the bad guys get in they create multiple accounts, sneak in their partners in crime, and put their best laid schemes to work.

The key to thwarting scams targeting online social communities and networking sites is recognizing all the players involved. iovation’s ReputationManager 360 anti-fraud solution leverages its device recognition technology to uniquely identify known devices used by bad actors and link the multiple fake accounts associated with those devices. iovation’s global shared database of more than 750 million devices is shared amongst iovation’s clients. Cyber criminals and scammers share information, so why shouldn’t businesses collaborate to keep the bad guys out?

Today, anyone seeking federal aid for the thousands of online courses can do so while maintaining their anonymity. Without the physical checkpoints traditionally used to cross-reference and validate that applicants are who they say they are, higher education online programs are being hit with what’s being dubbed financial aid fraud, or distance-education fraud.

In the recent New York Times article, “As Online Courses Grow, So Does Financial Aid Fraud,” financial aid scams have become a serious problem. In a number of high-profiled cases, distance-education fraud rings have stolen hundreds of thousands of dollars using various techniques. For example, a woman submitted applications on behalf of 23 unknowing prison inmates that she gathered information on while working in the prison’s education department. The applications were admitted and granted more than $450,000 in federal aid, including nearly $125,000 for books, transportation and living expenses.

Other fraud rings use “straw students” who have no intention of pursuing an education or are simply unaware applications are being filed in their name. With the vast majority of colleges and universities now offering online courses, Kathleen S. Tighe, inspector general for the Department of Education, said more needs to be done to stop financial aid fraud, including clamping down on identity verification.

“Without that money there would be significantly less incentive for this particular scam. We’ll do the best we can with our resources to investigate the allegations we receive, but there are actions that can be taken to help reduce the appeal of this quick-cash-for-little-effort scam.”

Identity verification processes that provide red flags for suspicious applications give higher education programs the ability to monitor and identify online transaction anomalies, velocities and geolocation information before federal aid is approved. For example, when a single computer is applying for multiple grants under different names, fraud preventative solutions like iovation’s ReputationManager 360 help online businesses spot and stop suspicious transactions in real-time without collecting or relying on any personally identifiable information (PII).

Having effective, fraud prevention tools in place provides a multi-layered approach to help identify and stop fraudulent transactions that are costing online businesses, including higher education programs, hundreds of thousands of dollars each year.

According to the article, “Cyber crime hit 431 million adults in 24 countries,” a recent Norton cybercrime report found online crime jumped 3% compared to its 2010 study, costing fraud victims more than $388 billion worldwide over the past year.

Eating up 35% of the global cybercrime bill were U.S. fraud victims, who spent $139 billion on cybercrime last year. That amounts to 141 victims per minute, an alarming statistic even for Norton’s consumer cybercrime expert, Helen Malani.

“We were astounded by the costs in terms of cash lost. The number came to more than $US388 billion globally. That’s more than the illegal drugs market in heroin, cocaine and marijuana. Cybercrime is an illegal underground economy and it needs to be taken seriously.”

According to the study, one of the biggest gains in cybercrime last year came in crimes against mobile devices, which are up 10% globally. No surprise there, considering the explosion of smartphones and tablets being used to connect to the Internet. Malani said the chief concern with mobile fraud is users inability to stay on top of security updates. She said only 20% of people accessing their mobile devices have installed the most up-to-date mobile security. With up to 80% of mobile devices improperly protected, this provides fertile ground for cybercrime activity.

Similar to any other legitimate economy, growth in the illegal underground marketplace is driven by innovation, and tapping into the next opportunity. For cyber crooks, it’s all about exploiting the latest technology before the security gaps are identified and closed.

For online businesses that allow users to access their websites and corporate networks via mobile devices, this is especially disconcerting. Operating without the tools to effectively detect when fraudulent devices are logging onto their sites and requesting transactions, organizations and their customers are vulnerable to evolving schemes such as credit card fraud, card-not-present (CNP) fraud, account takeover, phishing and identity theft.

Today, building a multi-layered fraud preventative strategy that includes device reputation technology is critical to identifying when an Internet-based device, whether it’s a PC, smartphone and tablet, is already registered or attempting to log onto a website. The device intelligence that iovation’s ReputationManager 360 provides in real-time allows online businesses to recognize when a remote device that has been used to commit fraud or abuse in the past and stop any illegal or unwanted activity before it happens.

With nearly 150 users (just in the U.S.) exposed to some type of fraud every minute, it’s time businesses gain an extra layer of protection needed to stop more advanced forms of online fraud and abuse. Performing real-time risk analysis on transactions from every country in the world, iovation has already flagged nearly 40 million fraudulent transactions for its B2B customers just this year.

To help European financial services leaders understand how to thwart these increasing risks, iovation is scheduling one-on-one meetings with Europe’s major financial institutions at the upcoming Financial Services Technology (FST) Summit, October 4-6, in Lisbon, Portugal. If you are interested in learning about the latest online fraud trends and best practices for fraud prevention in retail banking and commercial banking, please reserve some time for us to talk.

As the world’s leading provider of fraud preventative device reputation services, iovation helps businesses assess online transaction risks before they happen. Our active partnerships with leading credit issuers, foreign exchange service providers and banking clients around the globe are designed to stop account takeovers, ID theft, ACH or debit fraud, credit application fraud and more.

Having assessed risk on more than six billion online transactions, our experience and proven expertise at recognizing a wide variety of devices that touch financial services websites — including PCs to the latest mobile phones and Android tablets — plays an essential role for many of our financial services clients, who have layered device reputation with authentication.

Because today’s cyber criminals are better at evading most fraud detection defenses, iovation’s device reputation and risk profiling services assess risks posed by any Web-enabled device in real-time to help financial services identify fraudulent transactions and stop organized criminal rings while maintaining client satisfaction and minimizing friction and client support calls to sustain a competitive position in today’s challenging marketplace.

Should you be attending the European FST Summit, I look forward to meeting you there.  If you are not attending, but would like to meet while I am in the Lisbon area, please don’t hesitate to contact me.

This is why combating increasingly sophisticated fraud techniques requires online merchants to identify fraudulent orders faster and boost the efficiency of their fraud management functions, without increasing overhead. For one North America retailer whose fraud losses were eating into profits and affecting the customer experience, implementing the right fraud prevention service enabled them to drop annual fraud losses from a peak of $2 million to $180,000.

In our newly downloadable case study, “Online Retailer Uses New Fraud Detection Systems To Cut Fraud Loss Rates,” Forrester Research principal analyst, Andras Cser, shares how the online merchant was able to reduce fraud loss by $1.8 million after deploying iovation’s ReputationManager 360 along with our partner’s case management system.

Initially lacking the ability to configure its own business rules and review important order details in one place with its existing fraud management solution, iovation allowed the retailer to create versatile fraud detection rules and review complete order information from a robust, single-screen user interface. iovation’s Real IP technology also revealed the true IP addresses of the devices cyber criminals were using to perpetrate fraud so the merchant could identify high-risk activity relating to velocity, anomalies and detection of proxy in real-time to automatically flag suspicious orders for review or stop them in their tracks.

Recognizing fraudulent orders before they are approved and shipped is critical to reducing fraud rates, which is why iovation’s device reputation technology is essential for any online retailer’s fraud prevention strategy.

For banks around the globe, protecting customer accounts is becoming more challenging as cyber criminals work together to create more sophisticated attacks with the aim of defeating existing security measures. In fact, fraudsters have become so efficient at figuring out new ways to access critical data from a bank’s IT system that the article,“European banking industry lacks guidance to combat cybercrime,” suggests that the entire ecosystem — from government to banks — should take a cue from the criminals themselves.

Powered by the collaboration of over 2,300 IT, security and fraud professionals, spanning multiple industry’s worldwide, iovation’s globally shared fraud database allows subscribers to benefit from everybody’s hard work and experience fighting online fraud and abuse. For example, if a multinational bank flags a device for credit card fraud today, and that same device came to your website tomorrow, next week or next month, how valuable would that information be to you? That’s the power of device reputation.

One of the keys to stopping innovative fraudsters from compromising banks’ cyber defenses is utilizing a system of layered security. This is something the FFIEC has reinforced with a supplement to the original Authentication in an Internet Banking Environment guidance, along with updated supervisory expectations for customer authentication, layered security, and other controls for authorizing transactions for financial institutions that offer Internet-based products and services.

With just three months to go, banks still have time to prepare. Our white paper shows how financial institutions can easily meet the FFIEC guidance by January 2012, and exceed them to better protect their online banking environments from future cyber threats. The FFIEC white paper will help you:

• Learn the difference between simple device ID, complex device ID and device reputation

• Understand how to leverage complex device identification and device reputation together to exceed the FFIEC guidelines by January 2012

• See how one bank effectively leverages iovation’s device reputation at login/authentication to reduce friction

• Gain valuable insight on how to automatically and confidently map account-to-device relationships to identify fraudsters by subscribing to iovation’s living database of over 700 million unique devices

• Expose the true IP of any device regardless if it’s hiding behind a proxy

• Learn how banks can configure and weight business rules to trigger alerts relating to fraud histories, geolocation, velocity, anomalies, risk profiles and even the amount (or age) of experience the bank has with a device or a device-and-account pair

When any customer accesses a bank’s website through any type of Internet-connected device, iovation’s device reputation technology identifies the device to give banks an extra layer of protection without disrupting the customer’s experience. By exposing rings of collusion, iovation’s ReputationManager 360 fraud prevention solution provides the device intelligence financial institutions can use to shut down thousands of fraudulent accounts at once.

The presentation, “Selling Your Fraud Strategy Internally and Overcoming Challenges Deploying Third Party Tools,” will demonstrate how focusing on things like brand protection, company image, customer acquisition and retention, and boosting profits can strengthen your case when lobbying for fraud prevention projects that help reduce fraud rates and improve the health of your IT environment.

The iovation client presenting with Cory brings first-hand experience undergoing proper tool evaluation to determine which fraud tools to build in-house and which to purchase through a third party. The presentation will provide merchants that have online social aspects (user to user) with tips on how to compete against other internal revenue-generating projects. Specific points that will be covered include:

• How to match third-party tools with unique business problems

• How to decide which tools to buy and which to build in-house

• Why understanding the technical aspects of third-party tools can help you make correct decisions

• How to win budget and resources for fraud projects

• How a clean marketplace and user base contribute to your corporate brand and company health

If you are attending MRC Fall Platinum next week, be sure to set some time aside to attend this presentation.  If you’d like to talk about any specific fraud or abuse challenges that your online business is currently, I will be at Chicago meeting on Monday through Wednesday and would be happy to meet with you.

This casual, unwary approach toward security continues to boggle my mind, particularly in today’s highly volatile business environment. But while three-quarters of the small businesses polled said they are incorporating steps to protect their computer systems from fraudsters, Fred Graziano, head of the commercial and small business banking at TD Bank, said companies need to keep up with the latest available fraud preventative technologies and criminal tactics used by more sophisticated fraudsters.

“It’s encouraging to see that small business owners are taking steps to protect their business, but fraud protection should be a high priority and it pays to be vigilant. Given the influx of new digital technologies and operational tools available for small business owners, it’s increasingly important to learn about the latest trends and techniques used by criminals, and to be more diligent in defending against fraud.”

Graziano, along with TD bank’s director of corporate security and investigations, Robert Dunlop, offered some advice to small businesses about protecting their systems and customers from evolving fraud attacks, including:

Manage finances with secure online banking:

Closely monitoring all account activity payments and financial transfers in real time with automated fraud preventative tools helps businesses quickly identify any discrepancies and provides audit trails for all online transactions.

Protect computer systems and practice online awareness:

In Dunlop’s terms, “Being complacent about cyber protection can lead to the compromise of critical information and detrimental consequences for a business.” That about says it all.

Safely handle highly sensitive documents:

Properly storing and disposing sensitive hardcopy documents such as financial statements, credit card information and social security numbers is critical to reducing the risks of confidential data landing in the wrong hands.

Incorporate appropriate checks and balances:

A strong internal review and assessment process shows customers how serious you are about fraud and preventing criminals from perpetrating deceptive acts against your business and customers.

As small and medium-sized businesses (SMBs) struggle to make progress in stopping payments fraud, organizations of all sizes should evaluate their fraud prevention needs and prioritize accordingly. Businesses operating without proactive fraud preventative tools that effectively detect and stop new forms of financial fraud will continue to fall victim to scams that costs them thousands to millions in profits and cause irreversible damage to their corporate brands.

In the article, “North business loses $8k in online scam,” a company was recently cheated out of $8,000 by an international scam that included fraudulent credit cards and a bogus freight business. The company was duped after a customer requested its purchase to be shipped to Japan via a fake London-based freight company, where additional charges to have the product shipped were added to the bill. When the customer’s payment went through, the freight company emailed the online business saying it could not take credit card payments. It asked for a direct, non-refundable overseas cash transfer, which the business paid for. Because the initial transaction went through, over the next month the company made five additional shipping payments on similar orders, amassing $8,000.

With these and other shipping scams stealing hundreds of thousands of dollars from eCommerce companies each year, detective Pete Hayes is warning online businesses about such scams that threaten any business working online.

“Anyone in the retail business that deals with orders over the internet has to be aware. Some of the red flags that might be raised are the name Postex Air Express and if someone is asking for payment via a direct cash transfer through a credit union or similar.”

For online merchants, international eCommerce orders carry a higher risk. Accepting cross-border payments pose about a 2.5 times higher risk than domestic orders. While many of today’s screening tools focus on Address Verification Services (AVS) and IP geo-location information for specific countries and regions, they can be easily spoofed by fraudsters using anonymizing proxies and other methods to hide their true locations and identities.

With many security tools limited to geographic constraints or simply ineffective in equally screening domestic and international fraud, layering a fraud prevention service like iovation’s ReputationManager 360 as part of a business’s anti-fraud strategy is critical for detecting fraud regardless of the source or location of incoming online orders.

Instead of focusing exclusively on personal information or the user to screen transactions, iovation enables businesses to identify the device being used to screen for fraud across the Internet. Its device recognition technologies combined with real-time risk reporting and analytics help businesses around the globe identify any device (PC, smartphone or tablet) with a history of fraud such as chargebacks and shipping/re-shipping fraud, and expose hidden associations with online accounts to stop repeat offenders who may already be perpetrating fraud within a network. Doing so allows eCommerce merchants to greatly reduce fraud losses (and chargeback rates) and improve the efficiency of their fraud process and team.

In one case alone, iovation helped reduce an online retailer’s fraud losses by $1.8 billion. Read the case study by Forrester Principal Analyst, Andras Cser.

According to the Wall Street Journal article, “Hackers Shift Attacks to Small Firms,” as small businesses make the leap to computerized systems, they are becoming prime targets for cyber thieves.

Business owner Joe Agelastri, who runs a pair of magazine shops in the Chicago-area, found out the hard way. After cyber criminals planted a software program on his cash registers, which sent customer credit-card numbers to Russia, the breach cost him around $22,000, slicing his annual profits in half. Though somewhat puzzled, Agelastri is just one of a growing number of small business owners who have experienced firsthand how prolific a problem cyber fraud has become in the SMB community.

“We thought there would be very little chance that somebody would come into a business of our size to pull off something like this.”

According to former hacker and small business security consultant, Bryce Case Jr., the “too small to hack” mentality is what hackers take advantage of. Weaker security due to budgetary limitations, combined with the fact that in the same time it takes to hack a major company cyber thieves can undetectably steal data from dozens of small companies, is playing a key role in more small companies being targeted by cyber criminals. In Case’s words:

“the juice has become worth the squeeze. Even the pizza place has addresses, names and credit-card information.”

In fact, a 2010 study by the U.S. Secret Service and Verizon Communications Inc.’s forensic analysis unit that investigates attacks found that 63% of data breaches were within companies with 100 employees or less. The WSJ article also cites that Visa estimates that 95% of the credit-card security breaches it finds come from its smallest business customers.

The problem with small businesses that are operating with inadequate security in place is a single breach can potentially cost them their business. This isn’t the case for larger companies, who generally have the budget and experts on staff to protect their assets. If anything, stories like these are lessons for small businesses, who need to overcome the mentality that they are too small to hack and take appropriate measures to safeguard their customers and valuable business assets. After all, when it comes to hacking, cyber criminals don’t discriminate.

To show how layering iovation’s device reputation services with authentication technology offers a comprehensive defense-in-depth solution for exceeding the FFIEC’s new guidelines, we are hosting the upcoming webinar, “Ensuring Optimal Efficacy and Balance with Device Identification and Out-of-Wallet Questions.”

Along with Keir Breitenfeld, Senior Director at Experian Decision Analytics, I will be presenting what financial institutions need to know about how mitigating fraud risks while improving the overall customer experience, including:

1. How to achieve risk-based authentication with device reputation, authentication, scores and analytics — all while minimizing friction for the customer.

2. How to apply proportional treatment to your risk-based authentication efforts and dynamically manage credit and non-credit data questions, to fight fraud.

3. How to find optimal process points and question session configuration to strike the right balance between fraud prevention, customer experience, and cost.

4. The differences between simple device identification and complex device identification.

5. How leading financial institutions are collaborating using ‘device reputation’ today without sharing PII.

iovation’s ReputationManager 360 solution combines past and current behavior of more than 650 million devices with pattern recognition algorithms and pattern-learning processes to identify and re-recognize all devices logging onto a bank’s website in real time. It also allows financial institutions to see how these devices are connected to existing accounts already in the system. Doing so helps banks prevent fraudulent transactions before they happen, as well as root out fraud rings or re-occurring fraud activities that continue to take place right under their noses.

To hear how global banks are already leveraging device reputation to exceed the FFIEC guidance, register for our webinar taking place on Tuesday, July 26th, beginning at 10:00 a.m. PDT (1:00 p.m. EDT). If you have any questions in the meantime, feel free to email info@iovation.com.

Infographics: Hotel Credit Card Hacking © CreditDonkey

When travelers go online to research hotels to plan a vacation or business trip, things like proximity, cleanliness, amenities, and safety play a huge role in their decision-making process. But those priorities may be changing. With credit card fraud becoming more prevalent in the hotel industry, a hotel’s reputation in relation to online security and fraud risks may soon override many of the traditional considerations that consumers have for choosing hotel accommodations.

According to the article, “Hotel Guests More Likely to Be Credit Card Hacking Victims, CreditDonkey Illustrates Danger,” a study estimates that 38% of all credit card hacking involves hotels. That’s two-times more than the financial industry (19%), which surprises Charles Tran, founder of the credit card comparison website, CreditDonkey.

“We were surprised at the numbers showing that hotel visitors run the greatest risk of all for having their credit card information stolen.”

One of the reasons for these unexpected numbers may be the recession. Because the hotel industry has been hit so hard, many hotels and hotel chains have not adequately upgraded their computer security systems. This, along with the fact that travelers typically use credit cards to pay for their hotel stays, may explain why hotels have become prime targets for cyber criminals.

All of this could create a shift in priorities for travelers selecting a hotel. As a result, hotels need to make sure they implement effective anti-fraud security strategies that help reduce the risk of credit card fraud.

As cyber thieves get more sophisticated, hotels must deploy security tools that help them identify fraudulent activity before they happen. Fraud prevention tools like iovation ReputationManager 360 uses device reputations to identify in real-time when a device with a history of fraud or is associated with other known fraudulent accounts is attempting a transaction.

By recognizing or re-recognizing any type of Internet-connected device — whether it’s a PC, laptop, tablet or smartphone — before the transaction takes place, hotels can mitigate their risk of credit card fraud and other unwanted activities, all of which can have a significant impact on their brand reputation and, ultimately, their business revenues.

However, to ensure they stay one step ahead of today’s profit-driven fraudsters, banks need to use the most advanced, anti-fraud techniques to prevent criminals from gaining access to legitimate online bank accounts. Michael Grillo’s article, “Combating Online Banking Fraud – A Top 10 List,” provides a checklist of the essential fraud detection methods that all banks should consider to ensure they are doing everything they can to stop online fraud, including:

1. Apply multi-factor logon authentication for online banking systems – such as tokens with one-time password or Adaptive Authentication (risk-based authentication).
2. Utilize real-time analytics – monitor transactional behavior to determine whether activity is standard or anomalous for that customer. When high-risk activity is detected, action can be taken in real time or near-real time to stop the transfer of funds from the customer’s account. Funds can also be held until customer validation can take place (see #4 below).
3. Employ profiling – include non-financial information (IP address, login activities, and device characteristics) to build customer profiles which can be stored to monitor ongoing behavior.
4. Make use of out-of-band notification methods - utilize phone call, text message, e-mail, etc to confirm activity with customers before transactions can be completed.
5. Maintain anti-virus software – Be sure to recommend your customers keep it current on end-user machines. While not fool-proof, it can stop lesser forms of intrusion.
6. Maximize password management – Ensure password management best practices are enacted (e.g. change password every ninety days, minimum length, combination alpha-numeric, varying history, etc.).
7. Leverage dual approval and limit management capabilities in your online banking tool -End-users with transaction initiation or approval entitlements should not also have administrative rights.
8. Implement token management at ACH or Wire release – this approach provides another layer of authentication prior to finalizing the transaction.
9. Employ a prescriptive, layered approach to security – utilize security tools within your online banking solution (e.g. multi-factor authentication, limit management, etc) with a fraud prevention and detection solution (e.g. profiling, analytics, etc.)
10. Education – keep it simple but constant. Partner with your customers to ensure they are aware of today’s threats and know what tools are available today to protect themselves.

As the industry shares information about new types of fraud attacks, iovation’s ReputationManager 360 puts intelligence shared by over 2,000 fraud professionals around the globe to work. By leveraging our knowledge base of 650 million Internet-connected devices and their associations, financial services and other industries can immediately identify suspicious activities through configurable real-time, fraud detection mechanisms that include device identification, device reputation and risk profiling.

In addition to the daily monitoring of transaction anomalies, velocities, geolocation and proxy-busting technology, iovation helps leading online brands stop fraudulent transactions before they are processed, as well as roots out and rids their systems of repeat offenders and fraud rings that are unknowingly perpetrating a multitude of fraud and abuse activities over time.

According to the article, “Retailers are not protecting data security,” the report found that only 46% of EMEA retailers have actually put policies in place to deal with exchanges on blogs or social networks. That’s a scary thought when you consider the increase of online and mobile interactions that are taking place around the globe. 

Although cyber threats are a growing concern with online retailers, Christine Bardwell, EMEA research manager at IDC Retail Insights, said at this point there doesn’t appear to be a sense of urgency among retailers about protecting the security of their sensitive and propriety data. The report found that there remains a wide gap between good intentions and operational execution and implementation.

As organizations increasingly depend on mobile devices such as smartphones and tablets for accepting customer payments, they can’t afford to put themselves at risk of cyber criminals targeting various gateways they believe have the least amount of protection. They need the ability to monitor all mobile traffic coming to their website and non-intrusively identify devices to make quick and easy decisions on the growing volume of Internet transactions they are experiencing.

Through a shared, database of over 600 million device reputations including PCs, smartphones, tablets, PDAs and laptops, iovation’s ReputationManager 360 works behind the scenes to help online businesses monitor traffic on every type of device accessing their websites and applications. Online retailers simply customize their unique business rules that lead to an allow, deny or review of incoming transactions (within a fraction of a second) and stops fraud upfront before product is shipped or additional damage takes place.

For online dating sites’ security teams, identifying scammers can seem like the same tedious process. As they constantly sift through the tens of thousands of personal profiles, they’re looking for that one piece of information that can help them root out potential scammers.

While there are many ways fraud teams can identify online fraudsters, the real challenge in reducing online fraud and abuse is proactively identifying criminals before they can commit a crime. More often than not, fraud teams find themselves taking a reactive approach of responding or shutting down bad accounts only after a legitimate member has fallen victim to an online crime. This may help clean up bad accounts on their websites, but it doesn’t prevent crimes from happening in the first place.

According to the article, “Online Dating Sites Warn Users of Scams,” with Internet dating scams on the rise, the security that’s offered on romance sites is becoming a priority for people seeking love online. The article also said security is influencing which sites people choose to look for love on:

“New members will be gained, not because of the match making technology being implemented, but because of the security that the online dating site can provide both in terms of physical safety as well as personal information and privacy concerns.”

With security playing a greater role in both protecting its good members and attracting new ones, online dating sites need fraud preventative solutions that go deeper into identifying bad profiles and accounts on their sites. iovation’s ReputationManager 360 anti-fraud solution goes beyond looking at the person connecting to a website, as well as the personally identifiable information (PII) that criminals provide to create fake profiles and accounts.

Using the reputation of over 600 million devices including PCs, smartphones and tablets that connect to the Internet, iovation exposes devices with histories of negative behavior that have either created accounts or are associated with accounts on their websites. In doing so, online dating and other social networking sites can proactively identify and shut down fraudsters before any damage is done to their members and corporate reputations.

To reduce fraud rates, social networking sites are using their own social verification systems to determine whether the person at the other end of a Web transaction is actually who they say they are. According to the article, “How your social network can protect your credit card,” social networking sites like Facebook collect various pieces of information about a user’s personal network to identify a person and reduce fraudulent activities such as credit card fraud, account takeover and account hijacking within their network. But while the social networking giant and others prefer to keep their data to themselves, think about the possibilities this type of information could have in the fight against global fraud.

With so many credit card details and social security numbers now in the hands of organized cyber criminals, we need a broader mindset if we are going to truly stop the growing fraud problem that stretches across continents, technologies and industries.

By sharing intelligence on more than 600 million Internet-connected devices including PCs, smartphones and tablets, iovation’s ReputationManager 360 fraud prevention solution allows businesses across all industries to see if a device requesting an online transaction has a history of fraud, or is associated with known fraudulent accounts or devices, before the transaction takes place. With a nearly 30% device crossover rate between industries, we understand how important working together and sharing critical information is to fighting online fraud and abuse. This is how we are able to help our cross-industry customers stop 35 million online fraudulent transactions and activities a year.

Much like any legitimate user, fraudsters come in from computers or devices they’ve used before. Having the goods on bad guys’ devices enables businesses to decide whether to deny, accept, or pull for review any pending transactions to prevent credit card fraud and other unwanted behavior. As a result, businesses don’t have to write off future online transactions that are ultimately impacting their sales revenues and bottom line.

According to the article, “Hackers coming in through the front door,” more and more cyber criminals are creating virtual disguises that are indistinguishable from a legitimate customers, allowing them to make what appears to be valid online purchases right under a merchant’s nose. This type of deceptive fraud tactic not only impacts online merchants’ sales and profits, but is changing the way businesses protect their online retail environments.

It’s no secret that over the years cyber crime has been one of the biggest catalysts in the evolution of online security. As fraudsters find new ways to get around existing defenses, online businesses are forced to react to new criminal tactics. While anti-fraud techniques such as additional card verification, geo-location, device fingerprinting and velocity checks have upped the ante in the ongoing cat-and-mouse game between hackers and IT security professionals, simply slapping on additional detection tools doesn’t necessary create a stronger defense.

For example, increasing levels of sensitivity for fraud tests can actually lead to a rise in false positive rates, which can result in rejecting more good orders, accepting more bad ones, dwindling profits and damaged customer relationships. In fact, CyberSource’s 2011 UK Online Fraud Report found that merchants’ average order rejection rate has increased, along with the acceptance of fraudulent orders.

One of the keys to fighting more sophisticated fraud is implementing effective security tools that combine and cross-reference data with global data sources. When it comes to fraudulent disguises, iovation’s ReputationManager 360 uses a globally shared, fraud database of more than half a billion device reputations to identify all Internet-connected devices that have been used to perpetrate fraud or abuse, or are associated with fraudulent online accounts.

The ability to instantly recognize whether an online transaction is good or bad, without having to rely on the information provided by the user, is critical to stopping more complex fraud schemes. By identifying devices requesting transactions, online retailers can reduce fraud and confidently accept more good orders, which improves the overall customer experience and increases business profits.

In the Internet Retailer article, “Sony data breaches highlight the fraud risks online retailers face,” it was first disclosed that hackers made off with customers’ names, street addresses, email addresses and dates of birth. However, updated reports now say that up to 10 million credit cards may have been compromised.

While the theft of personal information can lead to more phishing email, fraudulent accounts, and a host of other social engineering schemes, David Montague, president of The Fraud Practice LLC, a consulting firm that specializes in card-not-present (CNP) and online fraud prevention, said the real threat to Internet retailers would be if the criminals stole credit and debit card numbers.

“When large numbers of credit card numbers are stolen, there are more available for sale and fraud attempts increase.”

In recent years, there has been so much theft of payment card numbers that retailers now have to consider every card number as suspect, said Forrest Research analyst, Jonathan Penn. To protect their businesses and customers from an array of fraudulent activity such as credit card fraud, phishing attacks, account takeovers and identity theft, Penn says that merchants should avail themselves of the latest innovative fraud-fighting solutions like Ethoca, which aggregates data about fraud from many retailers, and iovation, which compiles a database of computers associated with fraud.

This will not be the last that we will hear of breaches of this sort. In the past, identity thieves would “dumpster dive” and clone cards at restaurants or at pumps. Today, they steal millions of cards at a time from online retailers. The sad reality is that the vast majority of the victims of this crime most likely did everything right, and yet they are still going to bear the consequences of this breach.

As part of our effort to expand our device identification, device reputation and real-time risk mitigation services for online businesses in France, I am pleased to announce that Philippe Mazurier has joined iovation as Country Manager, heading up sales and business development and is based in Montpellier.

Philippe brings strong business relationships and deep, in-market experience that will be instrumental in helping us meet online fraud protection demands in this market. He understands the serious and damaging impacts that cybercrime has on online businesses.

As we continue to serve the French market, protecting e-commerce, financial services, gaming and online communities from fraud and abuse, having a seasoned veteran in authentication and fraud prevention services representing iovation will help us serve this market even better.

To arrange meetings with Philippe to talk about any fraud or abuse issues your company is experiencing, please email france@iovation.com or call +33 (0)6 69 79 12 33.

According to the Wall Street Journal article, “Cyber crime now an industry,” the average cyber criminal is not at all who we think he is. He’s not some socially awkward kid cooped up in a poorly lit basement causing havoc across the globe. That’s not to say there aren’t organized gangs causing worldwide headaches. There are. But, from a technical standpoint, the majority of those perpetrating online fraud and abuse are more like you and me.

Because readily available toolkits and easily accessible information have lowered the talent bar for cybercrime candidates, the skill sets required for today’s high-functioning and effective cyber criminals are as basic as they can get. With criminal factories producing attack kits, today’s criminals need little to no computer skills to get into the underworld business.

The recently released Verizon 2011 Data Breach Investigations Report found an interesting trend in the information cyber criminals are seeking to commit online fraud. Basically, usernames and password details have replaced credit card details, which have dropped in value in the black market from roughly $10 to ten cents, or less. Cyber criminals also use easily accessible personal information that they easily swipe from social networking websites like Facebook and LinkedIn to socially engineer their victims.

Either way you look at it, cybercrime has evolved from being perpetrated by computer-savvy, introverted whiz-kids to an industrial machine where the job requirements include as little as a computer and some cash.

With the computer the primary mechanism used to perpetrate online crimes, the more you know about the device requesting a transaction the better chance you have in defending your online business and customers from being victimized by such crimes. iovation’s fraud prevention service shares the reputations of 600 million devices including PCs, smartphones and tablets to assess risk on 8 million transactions each day to help organizations stop fraudulent transactions before they happen.

According to the article, “Securing Internet Payments,” 70% of all fraudulent credit card transactions originate from card-not-present (CNP) transactions. This has a substantial impact on the public’s confidence using their credit card for online transactions. Lacking the capability to prevent unauthorized transactions and associated fraud and abuse ultimately trickles down to Internet-based businesses’ bottom line revenues and profits.

Because e-commerce is expanding faster than conventional transactions, financial institutions, merchants and other organizations that depend on online payments to do business need to have effective fraud preventative tools in place to identify the cardholder before the remote transaction actually takes place. Doing this requires the ability to look beyond the credit card information provided by the individual requesting the transaction.

iovation ReputationManager 360 does this by checking the reputation of the actual device being used to request the online transaction against a database of more than 550 million unique devices, some of which have been used for fraud or are associated with other devices that have been involved with fraud or abusive behavior. This allows businesses to accept, deny or review transactions to stop criminals before they cause damage to the business or customers.

Using iovation’s configurable business rules engine, financial services organizations can automatically make decisions at transaction time. Here are just a few example rules that could be written. Of course, there is not a “one size fits all” model when it comes to business rules, so these are purely examples.

If you plan to attend NACHA Payments 2011 in Austin, Texas, April 3-6, and would like to learn more about how device reputation helps protect financial institutions from CNP fraud, chargebacks, identity theft, account takeovers, and other fraudulent activities, stop by our Booth #332. I will be there along with Don Megale and we both look forward to meeting you.

But what happens when industry perception is beyond your control? Can online businesses protect themselves from consumer perceptions of the industry as a whole? And what kind of impact can consumers’ fears of shopping online have on online merchants?

In the article, “Card Fraud: Consumer Fears Cut Into Sales,” a recent ACI Worldwide survey of more than 4,000 consumers in 14 countries found that concerns around credit card fraud are not only increasing, but can also impact sales. Some of the study’s key findings included:

50% of worldwide consumers worry about credit card fraud

58% believe card fraud is increasing

65% of U.S. consumers are concerned about using their cards online

Each one of these points can impact consumers’ shopping behaviors, resulting in sales and profit losses for online retailers. While these findings can help organizations better understand consumers’ fears with using their credit cards, the information can also prompt online businesses to take additional steps to build confidence in their brands and minimize any potential losses as a result of growing concerns of shopping on the Internet.

While businesses can and should continue to educate customers about the fraud preventative measures they have in place to ensure the safety and protection of their websites and payment processes, the best strategy to instilling consumer confidence in your brand is having a comprehensive, multi-layered defense that combines a number of complementary anti-fraud solutions to proactively identify and stop credit card fraud and card-not-present (CNP) fraud from occurring in the first place.

With total losses to Internet crime topping $599 million in 2009 (the latest annual statistics), educating others about the current state of fraud, evolving fraud tactics, high at-risk groups, and best practices to identify and prevent fraud, plays a critical role in helping consumers and businesses protect themselves from online fraud.

Fraud Prevention Month is also an indicator of how much still needs to be done for businesses to adequately protect themselves and their customers from today’s growing threats.

In the article, “One in five Canadian small firms insufficiently prepared to handle fraud,” a recent survey found 80% of Canadian small business owners believe their fraud-prevention strategies are enough to protect themselves from fraud. However, 17% responded that they are not prepared to handle new types of fraud tactics.

With cyber attacks becoming more widespread, the annual education and awareness campaign focuses on the growing concerns of online fraud. According to Gail Cocker, senior vice president of commercial banking at BMO Bank of Montreal, businesses that aren’t equipped to prevent evolving fraud tactics face increasing risk that could impact their business operations.

“Fraud is a direct threat to the success of our business customers. In today’s world, business owners must understand and manage multiple risks. Fraud is an operational risk that must be managed proactively.”

While education is key to raising the business community’s awareness of potential fraud risks, regularly assessing your fraud-prevention strategies is essential to making sure you are prepared for evolving fraud techniques that are continually seeking new ways to defraud your business and customers.

With regular events going on around the globe to help organizations protect their businesses and customers from more sophisticated cyber attacks and identity theft, the iovation team spent last week talking with 800 attendees at the 2011 Merchant Risk Council (MRC) e-Commerce Payments & Risk Conference, held at the Wynn Resort in Las Vegas. Take a look at the photos published on iovation’s Facebook page.

iovation provides device reputation and real-time risk evaluation solutions to help businesses representing retail, financial services, gaming and social networking determine the level of risk associated with their Internet transactions including PCs, tablets and smartphones. By performing device reputation checks on over 7.5 million daily online transactions for our customers, we help stop more than 150,00 online fraud and abuse attempts each day.

There is a great recent article in Government Info Security that examines this change titled appropriately, “The Evolution of Risk.” It gives a nice look at the role risk managers play in key strategic decisions and how stopping and analyzing the sources of fraud has been escalated in importance over the past couple of decades. The article looks at what it takes to be a Risk Manager today, and has this to say:

“The role demands new skills. Today’s risk management professionals really need to take a strategic view of managing risk to be relevant in achieving the organization’s expected outcome.”

One thing we at iovation feel is essential to a Risk Manager’s success is working with their risk management peers outside their company to stop fraud. It is simply no longer enough to work solely within your own data silo to stop fraud when the fraudsters use collaboration and communication so extensively. iovation facilitates the creation of thousands of Virtual Crime Fighters sharing device reputation data and working together to stop fraud at the companies they are responsible for.

Thousands of Risk Managers use iovation ReputationManager 360 every day to identify and shut down fraud.

If you’re planning to attend, please stop by booth #611 to tell us about any fraud or abuse issues your business is dealing with.

We’ll share with how iovation’s device identification, device reputation and real-time risk reporting service enables gaming businesses to service their customers more effectively by managing fraud and abuse. We help Massively Multiplayer Online Games and Virtual Worlds keep their players safe and mitigate risk such as chargebacks, code hacking, gold farming, account takeovers, policy violations, chat abuse and virtual asset theft.

iovation protects online gaming sites while protecting the identity and privacy of their players. We stop over 150,000 online fraudulent activities every single day. Most anti-fraud solutions fight fraud by looking at identity information or financial data, but our approach is completely different. We focus on the physical device (computer, tablet or mobile phone) that the player is using to connect to the online game or virtual world.

Our software-as-a service solution, ReputationManager 360, exposes the reputation of devices in real-time as they are connecting to gaming sites. In a fraction of a second we alert publishers whether or not they should proceed, or what level of risk there is in that interaction. iovation manages the reputations of more than half a billion unique devices that have touched our customers from literally every country in the world. What’s more, we help gaming sites understand how those devices and their accounts are related to expose fraudsters working together.

Our clients often begin their anti-fraud checks with a device reputation call to iovation, stopping problem players immediately and avoiding further checks and additional fees when the device is known to be associated with real fraud.

Here is an example of how SG Interactive (previously Ntreev) took immediate action against more than 1,000 fraudulent and problematic accounts after implementing our service.

While at GDC, please stop by iovation’s booth (#611) to say hello to Cory Swick, Greg Zito and Kristin Williams, and while there don’t forget to pick up your Virtual Crime Fighter t-shirt!

By taking data collected from 113 million servers globally that track cyber attacks like identity theft, phishing threats and fraud activity, the Cybercrime Index is a website that acts like a stock index, informing Internet users about the day’s biggest online threats.

Along with giving users up-to-date reports on malware activity, the Cybercrime Index is an educational tool that provides tips on how Internet users can avoid cybercrime, said Dan Nadir, senior director of consumer products at Norton.

“With the increasing sophistication of cyber threats and the staggering amount of money lost to cybercriminals, it’s important for people and businesses alike to think seriously about how they are protected online. We’re constantly trying to educate people around the dangers of online threats.”

While there’s certainly no substitute for education when it comes to keeping up with the latest trends in cybercrime, businesses in particular require fraud prevention tools and techniques that work together to effectively defend their virtual environments and customers from all types of online fraud and abuse attempts. Education and training, combined with highly effective and comprehensive security solutions like iovation’s ReputationManager 360, provide a stronger, multi-layered defense that today’s organizations need to protect their businesses from all forms of online crime, including the top threats of the day.

Through this partnership, Affirmative Technologies will offer customers iovation’s ReputationManager 360, which combines customizable business rules, risk profiles, and the shared experiences of more than 2,000 fraud analysts from leading brands worldwide, as a strategic component of its risk platform. By combining Affirmative Technologies expertise in electronic payments with our risk assessment and global device reputation solution, companies get an extra layer of security to authenticate users before they enter their secure websites.

When it comes to online payments, nothing is more important to businesses than preventing the bad guys from committing financial fraud. This partnership allows companies to verify good, bad and suspicious users before they can request a financial transaction, and in doing so, confidently accept online transactions faster and stop criminals from causing harm to their business and trusted customers.

As expanding businesses combat an array of online crimes such as credit card fraud, phishing, forgery and money laundering, our customers’ collective experiences are reported and shared in our database of over half a billion unique device reputations, which include computers, tablets and mobile phones.

Besedo’s clients can now become part of the thousands of security professionals who leverage iovation ReputationManager 360’s comprehensive checks that include the device’s history, associations with other accounts and devices, geolocation rules, device anomalies, and worldwide velocity indicators associated with thieves quickly trying to leverage stolen credentials. Deploying our anti-fraud services to their auction, classified, gaming and community clients help businesses identify fraud and abuse activities upfront to stop fraud more effectively and increase their customer retention through safer, more secure sites.

We look forward to partnering with Besedo to help their clients reduce fraud losses and better protect their online environments and brand reputations.

Last year more than 60 of iovation’s online betting, poker, sportsbook and casino customers reported and shared 350,000 fraud and abuse attempts through the ReputationManager 360 device reputation service, including the likes of William Hill, Entraction and WagerWorks. These experiences are shared along with our knowledge base of more than 500 million unique devices (computers, tablets and mobile phones) which online gaming sites leverage to gain insight into suspicious activity to prevent fraud before it happens.

Many fraudulent transactions can look like a single transaction to an online gaming site, but often times they’re not. By providing customers with a unique view of devices used by criminals to perpetrate online fraud and abuse, iovation gives gaming sites the ability to see if a normal-looking transaction is actually a coordinated attack across multiple sites. We detect these attacks through velocity triggers and shared experiences across our customer base to alert affected businesses and prevent potential attacks.

During the online gaming panel which takes place Thursday, March 3rd at the Sans Souci Ports Conventions Center, I will be sharing experiences I’ve had working closely with many of the world’s largest online gaming sites. I hope to see you there, and please stop by the iovation Booth #26, at get your Virtual Crime Fighter t-shirt!

Dr. Bernard Herdan, CEO of the National Fraud authority who runs Action Fraud, said fraudsters who take advantage of online dating sites are a particularly sinister bunch, who use clever tricks to gain the confidence and affections of legitimate site users before asking for money. He warned that nobody should ever send money to someone they’ve never met in person.

“These fraudsters are normally very attentive, ensuring there is regular contact via email, by text messages and telephone, as well as sending gifts, such as flowers. They take or create identities of generally good looking, upstanding members of society, such as successful business people or increasingly, as a US or UK soldier posted in the Middle East. Anyone using dating sites should be very cautious when getting to know someone, and never transfer money till you have met.”

Because Valentine’s Day is typically the busiest time for romantic courtships, online lonely hearts should be particularly cautious with new online romances. While the article provides several tips on how users can protect themselves to avoid online dating fraud, romance websites can also help in curbing threats by deploying effective security tools to help identify potential fraudsters that could be lurking within their virtual environments.

iovation’s ReputationManager 360 looks at information independent of what users provide online dating sites to give IT security professionals a unique insight into the devices (computers and mobile devices) that criminals use to create multiple profiles and accounts on their sites. This information exposes fraudulent devices and hidden device-account relationships to help romance sites identify and stop online fraud and abuse. To learn more, check out the whitepaper, “Online Dating: Keeping Your Members Safe from Online Scams and Predators.”

After being recognized by the international gaming and online dating communities in January as one of the top technologies for preventing fraud and increasing profitability, productivity and efficiency, we are extremely proud and honored to be recognized by industry leaders in e-Commerce as one of the most innovative fraud fighting tools for online or multi-channel retailers.

To be eligible for the awards, all entrants must be available for online or multi-channel retailers to use for the purpose of measuring, monitoring or mitigating one or more of the following: card-not-present fraud; advancing online data security; improving online payment processes; and advancing the MRC’s vision of making electronic commerce more efficient, safe and profitable.

This week, the Merchant Risk Council (MRC) announced that iovation ReputationManager 360 has been named a finalist for the 2011 MRC Emerging Technology Awards (also known as the METAwards). The awards are judged by a panel of merchants that include the likes of eBay, BestBuy.com, Go Daddy, HP, Microsoft, NCsoft, Tiffany & Co., Urban Outfitters, T-Mobile, among others. The judges recognize the most innovative and effective payment, fraud and security tools on the market. The METAwards are the MRC’s initiative to recognize the best available solutions on the market, and provide their merchant members a window into the future.

The awards will be announced at the upcoming the MRC Annual e-Commerce Payments and Risk Conference, March 23, in Las Vegas. If you are planning to attend the event, stop by our booth #217 and don’t miss our feature presentation on Thursday, March 24th at 11:00 am titled, “Circle of Fraud” with speakers Jim Houlihan of HSN, Michael Peterson of Dell, and Cory Swick of iovation.

While this and the other accolades we’ve received lately have been nothing short of overwhelming, we are extremely proud of being recognized by industry leaders and associations across multiple industries. Because we serve online retail, gaming, social community and financial services companies, the acknowledgements have been a testament to iovation’s ongoing commitment to make the Internet a safer place to interact and conduct business, as well as reinforces the positive impact we make in the everyday lives of our customers by protecting their online transactions to reduce fraud rates.

The 2011 Global Excellence Awards will be announced at an awards gala, February 16th, in San Francisco.

A recent survey conducted by the Information Security Media Group, “The Faces of Fraud: Fighting Back,” found that despite all the anti-fraud technologies banks have put in place to detect criminal activity, more than three-quarters (76%) of fraud incidents are detected by none other than their own customers. Other fraud detection points included:

48% – At the point of transaction
41% – Third-party notification
26% – At the point of origination
23% – During account audit/reconciliation

The survey also found credit/debit card fraud outpaced all other fraud types experienced by financial institutions in 2010, including:

82% – Credit/debit card 6
3% – Check 48% – Phishing/vishing
37% – ACH/wire (account takeover)
32% – Third-party POS skimming

So, how did these incidents impact financial organizations? The top non-financial losses suffered due to fraud incidents were:

45% – Loss of productivity
37% – Customer confidence and reputational loss
18% – Customer accounts (moved to other institutions)
12% – Regulatory or other compliance issues

All this seems to underscore the need for more effective fraud detection solutions. As the financial industry continues to see rampant growth of more advanced fraud threats that range from online payment and credit card scams to account takeover of legitimate bank accounts, financial institutions are hungry for new fraud detection tools that identify and help stop fraud before it impacts their business, or worse, reaches their customers.

In the article, “Report: Stolen data sold over online black market,” the security firm revealed that cyber criminals have set up shop online to buy and sell everything from stolen bank account information, credit card numbers and passwords to consulting and technical services around developing and operating fake online stores.

Impersonating hackers to gain entry into the online black market, PandaLabs researchers discovered an online catalog of an array of products and services that include:

• Credit card details – $2-$90
• Physical credit cards – $190+ cost of details
• Bank credentials – $80-$700 (with guaranteed balance)
• Online stores and pay platforms – $80-$1,500
• Designing and publishing of fake online stores – Pricing varied according to project

This is yet another prime example of how the bad guys are highly organized and have sophisticated operations that mimic traditional business techniques. Today’s cyber criminals are motivated by financial gain, and it’s operations like these that give other aspiring hackers the tools they need to defraud businesses over and over again. As criminals work together to increase their chances of success (not to mention strengthen their numbers), we, too, have to collaborate and deploy complementary anti-fraud defenses for stronger protection against more sophisticated forms of online fraud and abuse.

iovation has been providing fraud prevention and anti-money laundering services to the gaming industry for the past 6 years.

In 2010 alone, iovation screened nearly 2 billion transactions and stopped over 35 online fraud attempts. The IGA has recognized iovation’s fraud prevention service for the strong results it has provided to gaming operators such as William Hill, Entraction and WagerWorks. The IGA technology provider award recognizes innovative services that have helped gaming operators increase their profitability, productivity and efficiency.

In the case of WagerWorks, iovation has helped identify hundreds of fraudulent accounts that prevented tens of thousands of pounds in lifetime losses. With Entraction, the ability to stop repeat offenders reduced chargeback rates to nearly zero, providing a 5x return on investment with iovation.

The IGA awards will be announced at a January 24th ceremony that kicks off the annual ICE Totally Gaming Conference in London. If you plan to attend this year’s event, look us up at booth #5117 and learn more about how iovation protects online gambling sites from financial fraud, player collusion, bonus abuse and more.

As the travel and leisure industry continues to fight various consumer scams, having the right fraud prevention tools in place is essential to stopping criminal activity that directly impacts businesses and consumers. This partnership complements TWS’s continued commitment to help their online merchants boost profits and operate more effectively.

By having access to half a billion device reputations and their associated devices and accounts through iovation’s ReputationManager 360 fraud protection service, TWS’s client base has the ability to avoid fraud losses by preventing sophisticated online crimes and shutting down entire fraud rings that unknowingly exist within their network.

Led by a highly qualified team of technical and sales experts experienced in international commerce and technologies, TWS provides consulting services to the travel and leisure industry, and beyond. They will market and sell our fraud prevention services to online travel merchants looking to reduce fraud losses and protect their brand.

1. Combining Device ID with Velocity-based Rules Packs a Powerful Punch Against Online Fraud
Velocity-based rules have long been used by merchants to identify potentially fraudulent online behavior. Unfortunately, velocity checks alone are of limited value against sophisticated fraudsters who know how to assemble multiple accounts to look completely different. Combining device identification with velocity-based rules provides a powerful one-two punch for identifying suspicious activities and stopping fraud that operates under the radar of many fraud detection systems.

2. Fraud Prevention is Not About ‘Cookie or No Cookie’ – It’s About a Defense-in-Depth Approach
Effective fraud prevention is not about collecting cookies or not collecting cookies, and it’s not about relying on any single technology or approach. It’s about using a comprehensive, multi-layered and adaptive approach that provides real results for online businesses. iovation’s defense-in-depth approach includes native client device recognition for standalone applications downloaded by end-users, collaboration between native recognition clients and our web client, pattern matching to provide recognition when tags like browser and flash cookies have been cleared and multi-level risk analysis through configurable business rules.

3. Exposing Device History Reduces ‘Friendly Fraud’ Rate
For many online merchants, friendly fraud is a persistent problem. While MasterCard says 70% of all e-commerce chargebacks are identified as fraud, more and more cardholders are committing friendly fraud due to buyers’ remorse or financial hardships. iovation assesses risk on all incoming transactions and identifies whether the device being used has committed friendly chargebacks on other websites. By leveraging known intelligence and inference of risk while website visitors interact on a website, the business can set that transaction to “Review” or “Deny” when risk level thresholds are met.

4. Fraud Scoring and Weighted Business Rules For Effective and Efficient Decision Making
As more online retailers go global, merchants must take a proactive approach to protect their business environments from fraudulent orders and safeguard cardholder data. Fraud and risk scoring tools such as velocity behavior, IP address and device ID provides multiple data points beyond the actual card data to help merchants set parameters for scoring online transactions. As a result, online businesses make decisions faster, accepting good orders and denying bad ones without impacting the user experience.

5. Latest Crime Fighting Duo: Real-Time Risk and Device Reputation
As hackers perpetrate criminal activity across the Internet to steal people’s identities and use that information against organizations to commit all types of identity fraud, anti-fraud tools that work independently of each other are not as effective as solutions that work together by design. iovation’s risk mitigation service uniquely combines real-time risk evaluation and device reputation — two complementary transaction risk analysis features by nature — to provide a stronger, more powerful defense against more sophisticated and evolving cyber crimes.

I appreciate you taking the time to read this blog. I look forward to discussing the most important issues and activities that impact the security industry in 2011. And as always, if you have specific topics that you would like iovation to cover, please send those to info@iovation.com.

This is quite an honor for a team so dedicated to building and delivering solutions to help online dating sites protect their business and members from fraud and abusive behavior.

Released in the fall, ReputationManager 360 steps up the defense against online crime activity and abuse by combining customizable business rules, risk profiles, device anomalies, and the firsthand experience of 2,000 fraud analysts around the world.

eHarmony’s Director of Risk Management, Ella Grutman, states, “eHarmony continuously identifies and applies the latest and best fraud protection tools. iovation offers the most comprehensive and effective option to augment our current methods.”

It’s truly this type of third-party recognition, along with real-world results like helping another leading dating site stop 3,000 fraudulent profiles from being created every day, that validates the impact we are having in the online dating world, and makes us all really proud of what we do.

Voting for the 2011 Internet Dating Industry Awards is open to the public through January 4, 2011. To place your vote for iovation, just go to www.idateawards.com.

Raising consumers’ awareness of new holiday scams is also in the best interest of online businesses. Doing so can help prevent criminals from stealing consumers’ financial information and identities that they use to perpetrate identity fraud against businesses and financial institutions.

The following are some of Siciliano’s top scams that hackers are using this holiday season to trick consumers into divulging their personal and financial information:

With online sales expected to increase this holiday season, consumers and businesses need to be aware of what hackers are up to. Of course, online shoppers should always take extra precautions and use common sense when opening unsolicited emails. To mitigate online threats that use stolen information to create new fraudulent accounts or take over legitimate ones, organizations need to deploy security tools that go beyond the personal and financial data provided by the user. By identifying known fraudulent computers or mobile devices that are trying to access a website, iovation’s ReputationManager 360 helps companies prevent online criminal activity and improve the security of both online and mobile transactions.

With cybercrime more prevalent during the holiday rush, this got me thinking about what gifts would be at the top of fraud manager’s wish lists, and how iovation can help fulfill those holiday wishes. Here is my list of the top gifts fraud managers would like to see this holiday season:

1. Secure online and mobile transactions: Online and mobile payments are the lifeblood of many companies today. Having the right tools to secure both online and mobile transactions is critical to mitigating fraud risks. In addition to identifying computers accessing their online stores, iovation helps companies assess risk on all transactions from iPads, tablets, and mobile devices including iPhones, Android, Blackberries, and many other brands.

2. Multi-layered security defense (“defense-in-depth”): Any anti-fraud strategy that doesn’t work together with other defenses can leave weaknesses in the system that cybercriminals take advantage of to perpetrate fraud and abuse. Inclusion of iovation’s ReputationManager 360 solution helps provide a multi-layered security strategy that allows organizations to prevent attacks by coordinating multiple defense techniques that complement each other, filling in the gaps of existing anti-fraud tools.

3. Early recognition of bad guys through their devices: As fraudsters continuously provide false or stolen information to create multiple online profiles to apply for credit online and access websites, companies cannot expect to effectively catch criminals with tools that rely solely on the data provided by the user. iovation’s 4 billion device reputation checks enable businesses to identify devices with a history of online fraud or abuse to help businesses stop criminal activity such as credit card fraud, account takeovers and identity theft, no matter what information the user has provided.

4. Eliminating heavy burden of manual reviews: As the volume of online orders increases during the holidays, organizations need a way to reduce the number of orders they review. By accurately identifying devices with fraud history, as well as devices and accounts associated with fraudulent or abusive behavior, in real-time, iovation significantly reduces the number of suspicious online orders that need to be reviewed, easing the heavy burden of manual reviews.

5. Expediting legitimate, good orders: Of course, accepting more good orders from satisfied customers is the key to growing profits. Leveraging iovation’s device intelligence through the Device Reputation Authority database enables companies to gain the confidence they need to block bad orders and accept good orders faster through more precise risk management. As a result, organizations can better protect their good customers while increasing their operational efficiencies and overall business revenues.

Sure, we’d all like to sleep as quiet as a mouse come Christmas Eve. This holiday, iovation is providing online businesses with the protection they need to safeguard their IT environments so they can get a crime-free, good night’s sleep.

Many companies are working hard to deploy effective security tools to protect their own organizations’ IT environments as well as their valued customers from online threats. The goal is to find a balance and a cooperative strategy to implement anti-fraud protections and management techniques that work together, however in many cases these tools end up working independently of each other and are not as effective as solutions that work together by design.

Like any great crime fighting duo, iovation’s comprehensive ReputationManager 360 risk mitigation service combines real-time risk and device reputation — two complementary transaction risk analysis features by nature — to provide a stronger, more powerful defense against more sophisticated and evolving cyber crimes.

iovation’s shared Device Reputation Authority database of more than 450 million Internet-enabled devices including computers, tablets and mobile phones provides the data, analytics and reporting capabilities that organizations need to effectively and efficiently assess transaction risk and make instant decisions on all online requests. Combined with real-time risk evaluation, iovation enables organizations to:

• Identify suspicious activity in real-time
• Instantly know when a fraudulent device touches their website
• Quickly evaluate transaction risk based on fraud histories, anomalies and device profiles
• Deny bad orders and process legitimate orders faster

This proven crime fighting duo of real-time risk evaluation and device reputation is unique in the security industry. Combining this type of knowledge, expertise and speed can play a critical role in solving the online fraud challenges that many businesses face today.

According to the article, “Watch out for credit card hackers this Christmas,” Rob McAdam of Pure Hacking, an organization dedicated to helping businesses protect their information assets, said it’s just not large corporations that hackers are targeting during the holiday season, but mid-sized retailers are becoming more and more affected by security breaches involving credit cards.

“We are typically finding larger retailers that rely on reputable payment gateways and who have made data security a priority are no longer the main targets for fraud.”

As Cyber Monday is just days away, experts forecast online sales to break the $887 million spent last year. For many global merchants where holiday sales are already in full swing, iovation is actively involved helping them prevent fraud and keep chargebacks and related fees to a low.

Merchants are effectively leveraging iovation’s device reputation network (with over 450 million unique devices) to know whether those devices connecting to their websites have been involved in credit card fraud, shipping fraud, account takeovers, phishing and identity theft, and if the transactions coming from those devices are suspicious or considered to be high risk.