A U.S. court recently ruled that banks and financial institutions will not only be held liable for fraudulent losses from business accounts, but also bear the responsibility for protecting customers through the use of fraud detection mechanisms. This decision in no way, shape or form will change the way banks already go about detecting fraud by looking at everything from IP addresses, geolocation, velocities and anomalies that could tip off fraud professionals about potentially suspicious online transactions and other high-risk activity.

However, to ensure they stay one step ahead of today’s profit-driven fraudsters, banks need to use the most advanced, anti-fraud techniques to prevent criminals from gaining access to legitimate online bank accounts. Michael Grillo’s article, “Combating Online Banking Fraud – A Top 10 List,” provides a checklist of the essential fraud detection methods that all banks should consider to ensure they are doing everything they can to stop online fraud, including: (more…)

For the first time in six years, the Federal Financial Institutions Examination Council (FFIEC) has issued new guidelines for banks to protect financial transactions targeted by today’s sophisticated cyber criminals.

In the recent Network World article, “Federal agency issues new security rules for financial institutions,” the FFIEC is instructing financial institutions to deploy layered security systems and recommends they update their risk assessments to detect anomalies and effectively respond to suspicious activity as more profit-driven hackers focus on business computers to perpetrate fraudulent online transactions.

According to the IC3 Annual Internet Crime Reports:

Cyber crime complaints have risen substantially each year since 2005, particularly with respect to commercial accounts.  Fraudsters are responsible for losses of hundreds of millions of dollars resulting from online account takeovers and unauthorized funds transfers.

The new rules instruct banks and financial institutions to focus their network defenses on layered security that involves fraud monitoring, dual customer authorization through different access devices, out-of-band verification, and technologies that limit the fraudulent transactional use of an account.

According to Scott Waddell, Vice President of Technology at iovation, who has been helping the nation’s largest financial institutions and credit issuers implement layered defense programs for years:

We’re glad to see the FFIEC guidelines catching up to the device reputation best practices that our customers enjoy. Complex device recognition, reputation, and real-time risk assessment are powerful additions to any bank’s fraud-fighting arsenal.    (more…)

It has been a while since my last blog post as the infrastructure team at iovation has been hard at work building out our latest data center in the Westin Building located in Seattle. This new data center is situated in a brand new state-of-the-art facility within the Westin Building which I am going to walk you through here today. We find that in the SaaS industry the quality of provider’s facilities varies widely (and is very opaque) and so we are going to do our best to be transparent here by using photos liberally.

The Westin Building is easily the best connected facility in the Northwest United States. Via our patch panel in the meet-me-room we can rapidly connect to dozens of global telecommunications carriers serving the US, Asia, Canada, Europe, and the rest of the world with a simple fiber optic jumper cable. This facility is also home to the Seattle Internet Exchange on which we are a member.

If you are an iovation customer and would like to directly connect to us within this facility or across the SIX please contact me.

From an infrastructure point of view, keeping the iovation service online at all times and keeping the “bad guys” from harming our customers is always Job #1. To do this, we employ many levels of redundancy, both within a given facility, and between multiple facilities. As with any data center, this starts with the electrical power feeding the facility. Every piece of iovation equipment is fed from dual power sources which are completely redundant all the way back to the power utility. It should also be noted that power failures in Seattle are nearly nonexistent as the grid is extremely robust (fed largely by hydro-power).   (more…)

While everyone here at iovation is ecstatic about making the Portland Business Journal’s 2011 list of the Top 100 fastest-growing privately held companies, none of this would have been possible without the outstanding customer service our employees have provided through the years. (more…)

When Jim Smith opens a credit card account, he doesn’t have to pay the bill. That’s because Jim Smith is committing new account fraud by using Fred Jones’s name and Social Security number.

All Jim Smith needs is some basic information about Fred Jones, much of which is available in the phonebook, in his trash, in discarded files in the bank’s dumpster, or on social media sites. Maybe Fred also happens to work with Jim, and Jim has direct access to Fred’s files. (more…)

All merchants who accept credit cards are now subject to strict Payment Card Industry standards, rules, and regulations, which require a level of security that took about five years to finally implement.

PCI exists to increase credit card security and, among other goals, to stave off government intervention. While significant effort has been made to improve the security of credit card data processing, adequate attention has yet to be given to the identification, authentication, and accountability of cardholders. (more…)

With so much personal information easily accessible over the Internet, why would cyber criminals go to the trouble of cracking codes or breaking through virtual back doors of retail websites when they can simply pose as legitimate customers and walk right through the front door?

According to the article, “Hackers coming in through the front door,” more and more cyber criminals are creating virtual disguises that are indistinguishable from a legitimate customers, allowing them to make what appears to be valid online purchases right under a merchant’s nose. This type of deceptive fraud tactic not only impacts online merchants’ sales and profits, but is changing the way businesses protect their online retail environments. (more…)

An excellent way to improve one’s level of security intelligence is to follow the writings of Robert X. Cringley, one of my favorite technology know-it-alls.

Anyway, Cringley’s credit card was recently hacked. And if his card can be hacked, anyone’s can. Like many cardholders, Cringley received a notification from his credit card company’s fraud department, informing him that his card data was being used overseas, on an online dating website.

A scammer used Cringley’s credit card number to create a fake profile, posing as a woman named Katya to lure desperate, unsuspecting men into dating scams. (more…)

I’m very proud to announce that iovation was recently positioned in the Visionary Quadrant of Gartner’s 2011 Magic Quadrant for the Web Fraud Detection. For a security provider who’s been helping customers across many industries prevent online fraud since 2004, we are pleased to receive this position in the analyst firm’s annual report.

The Visionary section of the Magic Quadrant recognizes security vendors whose products are easy to implement and have successfully reduced online fraud for their customers.   (more…)

I couldn’t be more thrilled upon learning about iovation being named as a finalist for the 2011 Red Herring Top 100 North American Award. It’s a real honor to be in the company of North America’s best high technology innovators, who are making significant impacts in the respective markets they serve.

Being recognized as a finalist for this prestigious award, which looks at technological innovation, financial performance, execution of strategy and management strength of private technology ventures, is a testament to our continued success in protecting the world’s largest brands from online fraud and abuse like credit card fraud, account takeover, chargebacks, money laundering and identity theft, to name a few.
(more…)

iovation’s Director of Product Management, Andy Mallinger, will be presenting top methods for detecting high risk transactions at the CUTech Spring Forum this Wednesday, May 11th.

CUTech is a credit union technology and research company that brings new technologies and value-added services to the nation’s most progressive credit unions to strengthen their position within the financial services industry.

Financial services is a very important sector for iovation as it has protected over 5 billion transactions worldwide from fraud such as identity theft, credit card fraud, ACH or debit fraud, account takeovers and credit application fraud. As with other financial services customers, credit unions can leverage iovation’s fraud detection service to assess risk in real-time by checking the reputation of the device (computer, tablet or smartphone) being used to interact with the credit union’s website. (more…)

1. Data Breaches: Businesses suffer most often from data breaches, making up 35% of total breaches. Medical and healthcare services are also frequent targets, accounting for 29.1% of breaches. Government and military make up 16.2%, banking, credit, and financial services account for 10.5%, and 9.2% of breaches occur in educational institutes.

Even if you protect your PC and keep your critical security patches and antivirus definitions updated, there is always the possibility that your bank or credit card company may be hacked, and your sensitive data sold for the purposes of identity theft.

2. Social Engineering: This is the act of manipulating people into taking certain actions or disclosing sensitive information. It’s essentially a fancier, more technical form of lying.

At 2010’s Defcon, a game was played in which contestants used the telephone to convince company employees to voluntarily cough up information they probably shouldn’t have. Of 135 “targets” of the social engineering “game,” 130 blurted out sensitive information. All five holdouts were women who gave up zero data to the social engineers. (more…)

iovation is very excited to participate in the ETA Annual Meeting and Expo, held at the San Diego Convention Center next week. If you are planning to attend, please stop by iovation’s booth #1205 and get your Virtual Crime Fighter t-shirt and hear how we protect financial services businesses from credit card fraud, credit application fraud, account takeovers and other abuses.

ETA will be filled with the latest products and services related to every element of the electronic payments industry, plus all of the major players from around the world including ISOs, processors, financial institutions, value-added resellers and security/encryption services.

Keynotes will be delivered by Steve Wozniak, co-founder of Apple Computer and Senator Christopher Dodd. Senator Dodd is best known in the electronic payments industry as the former chair of the Senate Banking Committee and, along with Rep. Barney Frank, the principal author of the Dodd-Frank Wall Street Reform and Consumer Protection Act, the law which was the vehicle for the Durbin amendment on debit card fees and created the Consumer Financial Protection Bureau. He also helped write the Sarbanes-Oxley Act, which strengthened accounting and management standards for publicly held companies. (more…)

Cyberspace has become as essential to the function of daily modern life as we know it, as blood is to the function of our bodies. And I don’t believe that’s an overstatement. If the Internet suddenly vanished, there would be deaths as a result.

Our dependency on the Internet has long since passed the point of turning back, and I think we’ve made a mistake in that approach. Fortunately, it’s extremely unlikely that the Internet will go down entirely.

The U.S. and most other developed countries are thoroughly electrically and digitally dependent. Critical infrastructures, including drinking water, sewer systems, phone lines, banks, air traffic, and government systems, all depend on the electric grid. After a major successful attack, we’d be back to the dark ages in an instant. No electricity, no computers, no gasoline, no refrigeration, no clean water. Think about what happens when the power goes out for a few hours. We’re stymied. (more…)

Every day iovation assesses risk on more than 7.5 million transactions for the online customers that we protect around the globe. France ranks third by country, just behind the United States and United Kingdom, in the total volume of Internet traffic from any country that we protect. As you would imagine, France is a very important market for us. It is growing and as we continue to expand our international footprint, France will play a vital and strategic part in our growth.

As part of our effort to expand our device identification, device reputation and real-time risk mitigation services for online businesses in France, I am pleased to announce that Philippe Mazurier has joined iovation as Country Manager, heading up sales and business development and is based in Montpellier.

Philippe brings strong business relationships and deep, in-market experience that will be instrumental in helping us meet online fraud protection demands in this market. He understands the serious and damaging impacts that cybercrime has on online businesses.

As we continue to serve the French market, protecting e-commerce, financial services, gaming and online communities from fraud and abuse, having a seasoned veteran in authentication and fraud prevention services representing iovation will help us serve this market even better.

To arrange meetings with Philippe to talk about any fraud or abuse issues your company is experiencing, please email france@iovation.com or call +33 (0)6 69 79 12 33.