As we all know, the Internet has done wonders for many businesses and for the global economy as a whole. Unfortunately, the same technology that revolutionized the way we communicate with each other has also created a fertile environment for inventive criminals.

Online crimes like credit card fraud and identity theft continue to cost businesses and individuals billions of dollars each year, and President Obama has now rattled his sabres about making it a top priority to fight cybercrime. In a recent International Business Times article, “Obama: Online Fraud Costs The Average Victim 130 Hours, $631,” we find that the Obama administration’s National Strategy for Trusted Identities in Cyberspace (NSTIC) aims at developing a program to ensure the safety and security of transactions over the Internet. (more…)

It’s a trend that has stood the test of time. Whenever something is a hit with consumers, everybody wants a piece of it. The same is true for cyber criminals, who are basically opportunists that operate on the wrong side of the law. Every time a new technology or social networking service hits a cord with the mainstream, hackers aren’t far behind.

While we know fraudsters can’t resist a sure thing, Craig Scroggie, vice president and managing director of Symantec in the Pacific region, said most of the time consumers turn a deaf ear to such warnings until it is too late. In the article, “Cybercrime to hit tablets,” Scroggie, who has warned consumers about potential threats to email, fake websites and computers in the past, is at it again. This time he says the proliferation of smartphones and tablet devices will soon face the same type of attacks PC owners have long suffered. (more…)

With fraud more pervasive than ever, one would think organizations and their financial institutions are taking every precaution to prevent malicious activities like corporate account takeover and fraud. But a recent study found that over the past year, there has been little to no improvement in small and medium-sized businesses’ ability to prevent fraudsters from stealing money from small business accounts that have been compromised.

In the article, “Independent Study Reveals Corporate Account Takeover Fraud Continues to Plague SMBs and Banks,” the 2011 Business Banking Trust Study found that SMBs have struggled to make progress in stopping payments fraud as 56% of businesses said they had experienced fraud within the last 12 months. While 61% said they were victimized more than once over that period, 75% of businesses participating in the study said they experienced online account takeover and/or online fraud.

With mobile banking growth rates on the rise, these findings are alarming to Dr. Larry Ponemon, chairman and founder of the Ponemon Institute, which commissioned the study. With 38% of respondents saying they access their company’s banking accounts from mobile devices such as smartphones and tablet PCs compared to 23% in 2010, Ponemon doesn’t anticipate things turning around for SMBs anytime soon.. (more…)

As an online fraud prevention company, our goal at iovation is simple: To protect our clients from harmful online activity that can negatively impact their business and customers. Improving our clients’ businesses by greatly reducing fraud and abuse rates is the ultimate reward. Being recognized by our peers is just icing on the cake. This week, we were proud to announce that we had our cake and ate it, too.

On Monday, we were named by AlwaysOn and industry experts as one of the 2011 OnDemand Top 100 winners, which recognizes leadership and game-changing approaches and technologies likely to disrupt existing markets and entrenched players. iovation was chosen for our unique ability to detect online fraudulent activity in real-time and keep our clients’ businesses and customers safe. (more…)

As Internet advancements change the competitive landscapes of industries across the globe, fraud prevention mechanisms are essential to filter online payments and flag or stop suspicious transactions.

According to the article, “Securing Internet Payments,” 70% of all fraudulent credit card transactions originate from card-not-present (CNP) transactions. This has a substantial impact on the public’s confidence using their credit card for online transactions. Lacking the capability to prevent unauthorized transactions and associated fraud and abuse ultimately trickles down to Internet-based businesses’ bottom line revenues and profits. (more…)

When it comes to building and maintaining a strong online reputation, organizations know that perception is reality. That’s why many Internet-based companies are proactively taking additional security measures to ensure the safety of their customers and websites. It’s a key strategy for preserving a safe and reputable brand reputation.

But what happens when industry perception is beyond your control? Can online businesses protect themselves from consumer perceptions of the industry as a whole? And what kind of impact can consumers’ fears of shopping online have on online merchants? (more…)

Fraud prevention requires layers of defense. Mature fraud organizations often have several layers that interrogate the transaction details such as name, address, and credit card details, device reputation that starts with device identification, and risk scoring on rules developed over time to detect fraud attempts as well as predict new types of attacks.

In order for the business rules engines to be productive, the rules they operate on need to reflect the particular risks the organization faces. When it comes to customizing business rules, this is not a “one size fits all” model. Giving a retailer, financial institution, or gaming company the ability to easily create and manage rules that are run against their transactions requires a tool that makes it simple to see, add, edit, and experiment with rules.

The iovation business rules editor provides great flexibility in managing the set of rules to be reviewed for transactions such as login, account creation, account change, and checkout. Rule sets are the collections of rules for each end-customer touch point. Rules can be added with a familiar drag-and-drop, enabled and disabled with one click, parameters can be adjusted, and lists of common items can be managed and included. An example of a list is a ‘risky ISP list’, where the user can create a list of risky ISPs and use that same list in multiple rules. If the list changes, all rules leveraging that list will be immediately updated. New rules can be evaluated without impacting scoring results by giving them a zero weight and tracking how frequently they are triggered.

The iovation rules editor provides additional flexibility to help you keep up with the evolution of fraud while protecting your business.

Raising the awareness of fraud and emerging fraud trends is in the best interest of everyone, particularly those who purchase, sell and communicate with others on the Internet. For this year’s Fraud Prevention Month, the annual education and awareness campaign focused on the growing concerns of online fraud.

With total losses to Internet crime topping $599 million in 2009 (the latest annual statistics), educating others about the current state of fraud, evolving fraud tactics, high at-risk groups, and best practices to identify and prevent fraud, plays a critical role in helping consumers and businesses protect themselves from online fraud.

Fraud Prevention Month is also an indicator of how much still needs to be done for businesses to adequately protect themselves and their customers from today’s growing threats. (more…)

The Federal Trade Commission (FTC) recently reported that for the 11th straight year, identity theft was the leading complaint among consumers. In the article, “Identity theft and impostor scams among consumer complaints last year, FTC says,” over 250,000 (19%) of the 1.3 million complaints filed to the FTC in 2010 were related to identity theft. While there are many weaknesses in the protection of personal data, many speculate that the Internet has played a huge role in exacerbating this problem.

With identity theft the clear leader of consumer complaints over the past decade, what I found most surprising is that impostor scams — the means of deceptively assuming another identity (either that of an individual or of an organizational entity) — only cracked the FTC’s Top 10 most complained-about consumer issues for the first time last year, coming in at No. 6 with over 60,000 complaints.

With impostor scams, fraudsters earn trust with their victims by impersonating anything from credible, trustworthy businesses to consumers applying for credit or purchasing items over the Internet. Whether fraudsters are attempting to defraud individuals or socially engineer businesses, identifying cleverly concocted impostor scams requires the ability to see beyond the information provided by criminals.

(more…)

When Google launched Doodle-4-Google, in which children can compete to design Google’s homepage logo, they requested contestants’ Social Security numbers in an effort to prevent duplicate entries.

Americans have become accustomed to handing over the last four digits of their Social Security number as a password or identifier for various accounts and applications. But with the development of new technologies that have cracked the code for the distribution of Social Security numbers, the last four digits have become as sensitive and valuable as the first five.

The coder or marketer at Google who believes it’s reasonable to request the last four digits of children’s Social Security numbers is probably someone who readily shares his or her own number, which is not a good idea.

Researchers at Carnegie Mellon University have developed a reliable method to predict Social Security numbers using information from social networking sites, data brokers, voter registration lists, online white pages, and the publicly available Social Security Administration’s Death Master File.

The New York Times reports, “Computer scientists and policy experts say that such seemingly innocuous bits of self-revelation can increasingly be collected and reassembled by computers to help create a picture of a person’s identity, sometimes down to the Social Security number… So far, this type of powerful data mining, which relies on sophisticated statistical correlations, is mostly in the realm of university researchers, not identity thieves and marketers.” (more…)

Scammers and hackers often originate from Ghana, Nigeria, Romania, Korea, Israel, Columbia, Argentina, Philippines, Malaysia, and, of course, China and the good old USA. These developing countries breed MIT-like hackers who spend all their days targeting consumers and Internet users like you and me.

But Râmnicu Vâlcea is different. Wired describes the odd contrast between flapping clotheslines and the luxury Mercedes-Benz dealership in this small Romanian town, where young men in expensive jewelry drive luxury cars, all paid for with money from eBay scams, Craigslist scams, advanced fee scams, ATM skimming, phishing, infiltrating databases, new account fraud, and account takeover fraud.

Early scams were obvious but successful. English is a second language to Romanian scammers, so over the past decade, consumers caught on to the broken English and typos typical of phishing emails or classified scams. Romanian scammers responded by hiring English speakers to clean up their communication and give them an appearance of legitimacy.

Over time, U.S. authorities and corporations who were being defrauded caught on to Romania being the hub of organized computer crime, and so began flagging wire transfers, product shipments, and credit card orders. In response, scammers developed a distribution chain involving “mules,” who often ship products or collect money in countries like the United Kingdom, in order to avoid authorities monitoring Romanian IP addresses.

There are sophisticated anti-fraud companies that work around the clock to stay ahead of scammers to make the Internet a safer place to conduct business and interact. One such company is iovation. They have a highly effective fraud protection service called ReputationManager 360 offering device reputation management to determine if a PC, smartphone, or tablet has been used to commit fraud, regardless of the country of origin. Their device reputation management is the only solution that leverages the shared experience of global brands across numerous industries, with thousands of fraud professionals from major online brands reporting and sharing fraud and abuse attempts each day.

Being a sales leader at iovation is an exciting and interesting job. I get to work with companies across a wide spectrum of industries spanning from the traditional, like financial services and retail, to the unique and new – such as gaming, community sites and gambling. On a daily basis, I get to talk with experienced professionals who are focused on a problem that is fundamental to preserving their company’s profitability and viability. One thing I’ve found in these discussions, is that when it comes to stopping fraud and managing risk they have a lot in common. Risk is no longer simply about meeting compliance guidelines, it’s an essential element of online businesses’ strategy.

There is a great recent article in Government Info Security that examines this change titled appropriately, “The Evolution of Risk.” It gives a nice look at the role risk managers play in key strategic decisions and how stopping and analyzing the sources of fraud has been escalated in importance over the past couple of decades. (more…)

A recent Norton study estimates that cybercrime will cost Britain £1.9 billion in 2011. That’s an average cost of £103 per victim of online crimes. This information is based on the security firm’s new Cybercrime Index, which displays online threat levels in various countries.

By taking data collected from 113 million servers globally that track cyber attacks like identity theft, phishing threats and fraud activity, the Cybercrime Index is a website that acts like a stock index, informing Internet users about the day’s biggest online threats. (more…)

With today’s cyber criminals more financially motivated, organizations need ways to better protect sensitive areas of their websites that process electronic payments. To handle the volumes and high availability requirements of demanding financial institutions, iovation has partnered with Affirmative Technologies, which provides a suite of Automated Clearing House (ACH) services and other risk management and verification solutions to its financial clients.

Through this partnership, Affirmative Technologies will offer customers iovation’s ReputationManager 360, which combines customizable business rules, risk profiles, and the shared experiences of more than 2,000 fraud analysts from leading brands worldwide, as a strategic component of its risk platform. By combining Affirmative Technologies expertise in electronic payments with our risk assessment and global device reputation solution, companies get an extra layer of security to authenticate users before they enter their secure websites. (more…)

In a relatively short period of time, mobile devices have changed the way people access the Internet. So much so that mobile web traffic is expected to overtake desktop access by 2015.

Banks understand this, which is why they’re pushing mobile payment apps that are designed to make mobile banking and mobile payments faster and easier for their customers directly from their smartphones and tablets. However, because mobile transactions between banks, merchants and mobile devices aren’t as closely guarded as they are over the Internet, cyber criminals are taking advantage of this vulnerability by targeting banks and online businesses with their mobile devices.

The recent article, “Theft gangs using smartphones to steal bank card numbers,” provides another example of how Web services and new mobile devices are being used by criminals to commit financial fraud. While the rise in identity fraud is leading banks and other financial institutions to consider security tools that help protect them and their customers from mobile transaction fraud, Donald Malloy, business development manager for NagraID Security, said U.S. banks haven’t been too receptive to security measures that require customers to take additional steps such as more passcodes to authorize transactions because this creates an extra inconvenience when making a purchase. (more…)