According to ComScore, a Virginia-based firm that tracks online shopping, consumers have already purchased over $19 billion worth of products online this holiday season. That’s an increase of 3% over last year. While that’s good news for online merchants, Mike Cronin points out in his article, ’Tis the season to be wary of online scams, that it also provides new opportunities for online scammers.

Much like online businesses, cyber criminals are working around the clock this time of year. But instead of sending out legitimate emails promoting online sales, fraudsters are sending out emails containing bogus links that closely resemble real retail websites. While their intent is to steal credit card information from unsuspecting online shoppers, the real victims in this crime will end up being online merchants. (more…)

There was a blog post recently on Wallet Pop titled “Online theft not the main cause for identity fraud.” In it, author Josh Smith does a good job calling out the differences between identity theft and identity fraud. In short, identity theft is when someone’s personal identity information has been stolen; identity fraud is when that stolen information is used to commit financial fraud or some other kind of crime. While the two are inevitably related to one another, they are not the same thing.

In the case of identity theft, it’s a common myth that malware, botnets, and other internet scams are to blame; however, Smith cites a study done by Travelers Insurance that actually shows that the majority (78%) of incidents of identity theft actually occur offline. This indicates that peoples’ fears may have been, at least in part, misplaced. Individuals would benefit from an increased awareness and vigilance in all aspects of their life, not just online.

This being said, there still remains the question of identity fraud: what happens once someone’s personal information has been compromised? This is where online businesses still need to be on high alert, because online sites (and not physical stores) will likely remain the No. 1 target of identity fraud. Here’s why:  (more…)

This week the U.S. House of Representatives is debating over whether online gambling should be regulated or simply prohibited. At the same time, the recent release of a study, commissioned by WiredSafety and conducted by Harvard professor Malcolm Sparrow, asserts that regulation, and not prohibition, would best mitigate the risks posed by online gambling. This line of thinking may be in part why implementation of the Unlawful Internet Gambling Enforcement Act (UIGEA) has been delayed, and why many are now discussing a separate bill, H.R. 2267, the Internet Gambling Regulation, Consumer Protection, and Enforcement Act.

(more…)

We have exciting news to share! Now that the nomination phase of the  first annual 2010 Internet Dating Industry Awards is complete, iovation has been named a finalist for the Best New Technology.  This award recognizes the best individual technology created by a vendor for dating or matchmaking sites. The award will be announced at the 7th Annual Internet Dating Conference. (more…)

Good news for online retailers came this weekend as reports showed that this year’s online sales during Black Friday were up 11% from last year, with U.S. shoppers ringing up $595 million worth of orders throughout the day. The bulk of the increases, not surprisingly, went to the largest stores. As the blog on the Wall Street Journal reports:

The retail sites for Amazon.com, Apple, Best Buy, Target and Wal-Mart each saw more than 4 million unique visits Friday, comScore said, with Amazon receiving the most traffic (up 28% from 2008). Apple, Best Buy and Wal-Mart sites also experienced double-digit traffic gains. According to Experian Hitwise, another Web monitoring firm, other e-commerce standouts included Sears, Staples and Dell.

These results are welcome news for retailers who have been concerned that fear of identity theft could have a noticeably negative impact on sales. Just last week SC Magazine predicted overall online spending to be down this year because of such fears. Luckily, so far, this does not appear to be the case. (more…)

The BBC News has posted a report that the Serious Organized Crime Agency (SOCA), based in the UK, is warning individuals to avoid online money-making schemes that turn them into unsuspecting “money mules.” The article explains:

Fraudsters are using a variety of bogus and legitimate recruitment channels to con job-hunters into thinking they have found genuine employment. But in each case the job comes down to asking the victim to receive relatively small amounts of money into their own account and then move them onwards to another bank.

The result is that unsuspecting individuals can become liable for stolen money being funneled through their accounts and end up suffering the consequences. As an essential component of many types of fraud, money laundering is a big problem because it enables criminals to move money around without being traced to the initial theft. This not only affects online banking, but it is also a problem anywhere money changes hands—like online casinos or auction sites. (more…)

When I talk with fraud managers, they often express concern that the benefits of a reputation-based system won’t be instantly apparent. While a reputation service inherently becomes more valuable over time as companies log their fraud experiences into the system, it’s worth pointing out that device recognition and device reputation provide a number of benefits that can have an immediate effect, such as the following:

• Expose relationships between transactions –Device recognition gives fraud management teams instant visibility into the relationships between all online transactions (fraudulent or not). This provides immediate value in assisting with investigations and resolving issues.
• Receive velocity alerts –The number of purchases, applications, account creations, etc. that originate from one user in a given period of time is highly indicative of fraudulent behavior. For example, wouldn’t it be valuable to know that in the span of one hour, ten credit card applications were all submitted by one person? Unfortunately, since most fraudsters use fake or stolen identities, this can be incredibly hard to detect—unless you focus on the device. With device recognition, you can monitor the velocity of transactions coming from a single device, regardless of the identities provided.

(more…)

Darin Glatt, application architect with iovation, was interviewed by the Chroma Coders Game Development Club at Casual Connect Seattle. Darin shares information on iovation’s online fraud protection service used by many leading MMOs.

Listen to the Podcast >

Interviewer: I’m here at Casual Connect and with me today is a special guest. Would you please introduce yourself?

Darin: Hi, I’m Darin Glatt. I’m the application architect for iovation.

Interviewer: What is iovation?

Darin: iovation provides a service for games and websites to help them fight fraud and abuse.

Interviewer: Is this credit card checks or what exactly is it? And how would a game use this service?

Darin: Well, actually it’s not credit card checks. We consider fraud just another kind of abuse on a website. We handle it all the same way. We do that with device recognition and device reputation. We provide a global database of devices, and we track their reputations so we can tell you, when you send us a transaction, what that device has been up to. (more…)

On the heels of our previous post about increased shipping fraud during the holidays, eWeek has just reported that click fraud is also anticipated to increase dramatically in the coming months:

“As we head into Q4 and the busiest season for online shopping and Internet use by those considered inexperienced users, click fraud will likely run rampant as scammers seek to tap into the increased attention, experts warned.”

Click fraud (which is when affiliate sites dishonestly increase online ad traffic in order to gain unearned revenue) is one of many types of fraud becoming more common with the use of botnets. In addition to click fraud, many other types of fraud—including spam, phishing attacks, and identity theft—are gaining in prevalence with the use of botnets. The result is that consumer PCs are under siege and individuals and businesses alike bear the cost. (more…)

Holiday shopping season is upon us; combine that with the current unemployment rate, and online fraud is likely to reach an all-time high this year. This correlation may not immediately make sense, since many people think Internet crime is only perpetrated by organized fraud rings and overseas master criminals, using botnets and committing identity theft.

But while that kind of fraud certainly does exist, there is another type of fraud that can be equally troublesome and, to some extent, even harder to combat: fraud committed by individuals using their own legitimate information. A very common example of this kind of crime is shipping fraud and it takes several different forms. Here are a few examples and tips on how companies can address this problem. (more…)

U.S. President Barak Obama has officially declared October as National Cyber Security Awareness Month and has addressed the Nation detailing the importance of our national infrastructure.

President Obama makes some important points indicating that our networks and IT infrastructure are important national assets and it is imperative to protect them. Acknowledging the growing strength of online spending, President Obama says, “The Internet and e-commerce are keys to our economic competitiveness.”

Cyber thieves are costing the U.S. and other countries billions of dollars in fraud losses every year; this is in addition to the significant impact that individuals suffer as a result of identity theft and the propagation of malware on personal computers. Obama calls on a public/private partnership to address this threat and secure our networks.

Regardless of your political leanings, providing a safe environment for online business is an important goal for our country and the rest of the world. There is no doubt that our online activities are under siege and jeopardized by an increasing cyber threat. Thwarting this threat and providing a safe environment for online businesses and individuals is a key mission for iovation and our customers.

We’ve just posted a new case study on the iovation website based on interviews we had with Crystian Terry, the director of Casino Operations for WagerWorks—a premier provider of online game content. In our discussions with Terry, bonus abuse surfaced as the number one challenge that he and his team faced. This unique type of fraud poses a serious threat to casino sites, with the potential to cost companies millions of dollars in revenue, and yet may not be widely understood outside the industry.

So, for those who don’t know, bonuses are a simple way to encourage either new or returning players to spend time (and money) on a casino site. Restrictions and limitations apply to such bonuses, but there are always those who will attempt to take advantage of the system at the expense of the online sites. Bonus abuse, especially when committed by sophisticated and organized groups, can add up to significant losses; imagine multiplying a 20% bonus by hundreds of accounts. (more…)

In the UK, identity fraud has been identified as one of the fastest growing crimes in 2009. In response to this alarming news, the UK government is kicking off a National Identity Fraud Prevention Week to try to raise awareness about the issue and focus on what individuals and businesses can do to protect themselves.

With a website devoted to the new campaign, it’s easy to take a quick look at some statistics about fraud in the UK, and some of them are quite frightening. While the information on the site is based on UK numbers, the concerns that those statistics raise are likely applicable in many countries, as identify theft is a world-wide problem. (more…)

The Merchant Risk Council (MRC) represents the largest and most influential constituency focused exclusively on making eCommerce more safe and secure. iovation is a proud sponsor of the Merchant Risk Council and brings you this interview and podcast with Executive Director, Tom Donlea.

Listen to the Podcast >

iovation: This is Scott Olson on behalf of iovation. I am here with Tom Donlea, the Executive Director of the Merchant Risk Council. Hi Tom.

Tom Donlea: Hi Scott.

iovation: Tom, as the Executive Director of the Merchant Risk Council, you lead this trade association made up of merchants, vendors, e-commerce management professionals, and law enforcement. I imagine this role gives you a great deal of insight into the key issues facing online merchants. After having just completed the Merchant Risk Council semi-annual platinum meeting and now preparing for the upcoming conference in March, is there one topic you would say is getting more attention than others?

Tom Donlea: Yes, Scott. I think for the MRC it has clearly been the economy. A lot of our merchants are increasingly focused on managing their costs and minimizing losses. They are getting a lot of pressure, so they are coming to the MRC with some very specific requests; three in fact. The first thing is they are looking for benchmarking data. They want to look at their costs, the resources they are using, and investments that they should put toward managing fraud risk. (more…)

While not often talked about, the malicious use of domain names is becoming a serious problem. Domain names provide a means to an end for criminals attempting all kinds of scams and online fraud. In phishing attacks, for example, a hacker-controlled domain name serves as the redirection point for a fake or infected site. In the case of botnet operations, a domain name replaces a unique IP address as the point of command and control, allowing fraudsters access to a much larger set of data with less risk of detection. (more…)