In the article, “Cybercrime is now a booming industry,” the new Global Risks for 2012 report says that along with a steady increase in cyber attacks on businesses and governments around the globe, the top concern for illegal digital data sellers is maintaining trust with their customers.

According to an ethical hacker in India, the digital black market has become so competitive that entrepreneurial cyber criminals depend on their trustworthiness, along with free trials, discounted offers and money-back guarantees on stolen goods, to succeed in the shady underworld.

“Today, the main concern for the data sellers is to generate trust among their clients.”

Any legitimate business knows the importance of building and maintaining a high level of trust and confidence with their paying customers. Without it, we have no customers. Turns out, the cyber underground is no different. In order to sell stolen goods to their customers, cyber criminals, whose livelihood is based on creating a web of lies to steal other people’s information, also have to establish and preserve an upstanding reputation among their likeminded clients.

At iovation, we’ve always understood the power of reputation — both good and bad. In fact, our business is built on the experiences and expertise of more than 2,000 fraud analysts from leading brands worldwide, who have all contributed to our device reputation database of over 800 million unique devices, including PCs, laptops, smartphones, tablets and consoles.

Unlike anti-fraud solutions that rely on personally identifiable information (PII), iovation’s advanced device reputation technology focuses on the user’s device to identify and stop fraud in real time, as well as make quicker decisions on legitimate online orders and business transactions. By including a fraud prevention service like iovation’s ReputationManager 360 to any multi-layered security strategy, organizations don’t have to rely solely on potentially stolen or misrepresenting information provided by criminals to perpetrate fraud over the Internet.

While there’s no arguing that trust is essential for doing business — apparently between cyber criminals, as well — having a trusted resource like iovation to uniquely recognize known fraudulent devices, expose hidden fraud rings and identify good customers before the transaction takes place, can play a pivotal role in any business’s ongoing challenge to reduce online fraud rates.

While monetary gains are always the ends to the means for cyber thieves, the digital goldmine appears to be personal and financial information stolen from email accounts and bank accounts, as well as intellectual property, all of which hackers can sell on the cyber black market. Some additional points in the Global Risks for 2012 report included:

• Cybercrime, cyber-espionage and cyberwarfare are on the rise
• Credit card cloning is flourishing in India, conducted by Nigerians living in India who are using card data received from Russian underground forums
• Hackers are launching chance attacks on individual users and more targeted attacks on businesses and governments to exploit system security flaws
• Corporate source codes for products, intellectual property and defense data is extremely valuable to competitive organizations and governments
• Enterprises leveraging social media tools should consider the risks of employees accessing social media sites while on the corporate network

In the article, “Why Internet crimes go unpunished,” security expert Roger Grimes breaks down some interesting numbers around cybercrime, and how hackers are (to put it mildly) beating the odds. According to the FBI’s 2011 Internet Crime Report, of the more than 300,000 complaints that netted criminals $1.1 billion in 2010, law enforcement agencies convicted an average of one crook for every 50,635 victims. In other words, as Grimes eloquently states:

Steal someone’s identity and your odds of being caught are almost infinitesimal.

With all the hacks and fraud headlines 2011 will be remembered for, that’s definitely not the way we want to ring in the New Year. But as Grimes also warns, if we aren’t careful we could see history repeat itself as criminals not only continue defrauding computer users, but launch recycled attacks against the explosion of worldwide mobile device users, who could fall victim to the same old PC tricks.

While law enforcement certainly has its challenges in tracking down and prosecuting cyber criminals, nobody will argue that we can always be doing something on our part to help reduce the risk of fraud where the criminal is utilizing a computer, as well as emerging mobile platforms like smartphones and tablets.

Whether you’re an individual, small to mid-size business, or even a large international corporation, in many ways you’re sort of on your own in cyberspace. This is why taking matters into your own hands and implementing defense-in-depth fraud preventative strategies is so critical to protecting yourself, your employees and business from both evolving and old-school scams targeting every form of Internet-connected device that we use.

This is the time of year when most businesses are setting their budgets and determining business goals for 2012. While improving customer service and increasing revenues are certainly at the top of any CEO’s to-do list, mitigating costly fraud risks that can take a hefty bite out of annual profits (not to mention cause significant reputation damage) requires organizations to deploy effective security tools like iovation’s ReputationManager 360 solution to reduce the risk of fraud or abuse over all devices and platforms connecting to their online business environment.

It’s been a busy year with a ton of new features and enhancements ranging from big to small. We thought we’d take a moment to share with you some of the highlights from 2011.

As with any technology, there are many, many things that go into a new feature including design, development, testing, documentation, integration and other operational requirements. We won’t go into that amount of detail here, but instead will focus on the primary achievements within each of the four principle areas of specialization at iovation, which include:

In the recent article, “How to steal an identity in seven easy steps,” software developer, Herbert Thompson, shows us just how easy it is to collect personal information that allows fraudsters to gain access to somebody’s personal and financial online accounts. This is disturbing news, especially when you consider that roughly 40% of web users are ‘likely’ or ‘very likely’ to provide their personal information in one of six online scams, like the Ponemon Institute, commissioned by PC Tools, recently discovered after interviewing over 1,000 UK web users.  

Essentially, Thompson cites a number of online resources that criminals can tap into to gather personal information that increases their chances of cracking security questions and passwords required to access personal emails or financial accounts, including:

1. General Web Search: Searching someone’s name on a search engine such as Google can provide an assortment of information about a person including where they live and their social networking communities.
2. Personal Blog: Doing a keyword search on things like birthday, pets and mother’s maiden name can reveal personal data that users apply for questions relating to password reset and account login.
3. Public Websites: Public websites such as the DMV and state traffic court provide resources for obtaining information on traffic violators that could include things like birth date and vehicle type.
4. Resume/Job Seekers Webpages: Job seekers are constantly updating their work history and joining networking groups that disclose current home addresses, phone numbers, emails, where they’ve lived and their professional background.
5. Alumni Webpages: High school or college online social networking communities can make known somebody’s personal history, nicknames and other close friendships.

As you can see, online romancers aren’t the only ones susceptible to identity theft. This scenario essentially applies to anyone sharing personal information over the Internet.

While individuals need to always apply common sense before sharing personal information that really never goes away, so do the providers of these popular online environments. To ensure the safety of their legitimate users and maintain their reputable brand reputation, online dating and social networking sites need to deploy fraud detection tools that can stop known fraudsters before they enter their communities and root out fraud rings that are committing repeat fraud against good members.

iovation’s ReputationManager 360 does both. By identifying the user’s actual device, not the personally identifiable information (PII) they provide to create their profile, online communities can detect when a known fraudulent device is trying to enter their site, as well as expose bad devices and their associated accounts that are already active in the community. This unique level of device reputation intelligence enables Internet communities to improve their ability to deny fraudulent transactions before they happen and rid their trusted online communities of cyber criminals who are already perpetrating fraud or collecting personal information they can use later to break into personal or financial accounts.

According to the Politico article, “Free pass for dating site liars,” people can take comfort in knowing that they don’t have to worry about being prosecuted or hauled off to jail for telling a little white lie over the Internet. While this certainly makes sense, at the same time we’re still walking on shaky ground when it comes to online lies, falsifications, profile misinterpretations, or whatever you want to label it. The fact is, when it comes to identity fraud, fake accounts or other crimes on romance sites, lying is typically the basis for the crime. It sets the stage for deeper criminal activity that can cost victims both emotional and financial hardships, not to mention damage to the dating site’s reputation. 

In the recent blog, “Online Trust Remains Risky Business,” I discussed how most of us have at one time or another told some kind of little white lie on the Internet. Would this be cause for criminal prosecution? Probably not. However, if the intent is to steal or commit some type of crime against another person or business, the lie could be a violation of corporate policy covered by the Computer Fraud and Abuse Act (CFAA), which criminalizes “exceeding authorized access” of a computer.

While DoJ spokeswoman, Alisa Finelli, says it’s not the DoJ’s position that lying violates the CFAA, its current position is one that could be open for change.

“We understand the concern that is motivating these criticisms of the statute, and we are willing to work with Congress on legislative proposals in this area.”

While Congress works on legislation that clarifies what would be grounds for prosecution when it comes to lying on the Internet, to protect their members and online environments dating sites need to take action by deploying anti-fraud detection tools that help them identify risky behavior. At the moment, there may not be an actual online “lie detector” that can distinguish when a member is telling the truth or not, but there are tools available, such as iovation’s device identification service, that helps detect online scammers, spammers and bad actors attempting to mine the identity details of legitimate members.

In the article, “American Stranded in Ukraine in Online Dating Scam,” former write-in candidate for governor of Arizona, Cary Dolego, traveled to the city of Chernivti, Ukraine, eager to meet up with the woman he fell in love with online and one day hoped to marry. She never showed.

Turns out, Dolego was a victim of an online dating scam that stemmed from account takeover. Apparently, someone or some group hacked into a woman’s account on an international dating website and was communicating with Dolego on behalf of a woman named Yulia. While the woman later said the account on the dating site that Dolego had been corresponding with was hers, she claims she was not part of the scam.

While this and other similar stories continue to generate media attention about the potential dangers of online dating scams, many of the common tactics hackers use to commit fraud against good members of matchmaking sites could be avoided if the website’s fraud strategy didn’t rely so much on personally identifiable information (PII) to spot and stop fraud within their online social networks.

Unlike anti-fraud tools that collect and use PII to detect fraud online, iovation’s advanced device identification technology is not susceptible to the personal information that users are required to provide when creating new online dating profiles or accessing existing ones. By identifying the actual device used to open or access online accounts — not the user’s PII — iovation’s fraud prevention service provides dating and social networking sites real-time intelligence on more than 750 million known devices. This enables romance sites to instantly accept, deny or pull for further review suspicious transactions before they happen, as well as expose hidden associations between devices and accounts that PII-based fraud detection tools simply can’t do.

Because personal information gathered from social networking sites such as Facebook is what hackers use to open new online accounts or break into legitimate ones, dating sites need a fraud detection tool like iovation that goes beyond the user’s personal information. Without it, dating and social networking sites will remain vulnerable to profile misrepresentations, fake accounts, chargebacks, account takeovers and other online scams that fraudsters can think of using PII, which today is too easily accessible on the Internet.

“It seems to me that if there was any logic to our language, trust would be a four-letter word.”

This clever, yet pertinent quote from the film, “Risky Business,” has always stuck with me. Today, it’s more relevant than ever when it comes to trusting someone in an online social environment.

As much as we would like to believe what other people say over the Internet, the bottom line is that most separate our real-life persona from our online persona to a certain degree. For some, it’s an outdated photo. For others, it’s embellishing the truth or telling a little white lie. When it comes to online trust, however, the most dangerous kind if personal misrepresentation are those who make a living at deceiving others for profit or personal gain. That’s right. I’m referring to online fraudsters.

By now, every online social community is aware of the countless types of malicious behavior that can take place within these environments. Even in remote communities where no financial transactions are exchanged, there are risks when building an online relationship with someone you’ve never met. That said, it’s not only important for individual users to keep up with the latest fraud tactics, but businesses that operate online communities should stay on top of evolving fraud trends and implement fraud preventative tools that recognize when a user on their website has committed fraud or any other type of unwanted behavior in the past.

In the article, “Online Romance Scams Dupe Thousands,” I was hit yet again with another memorable phrase that rings true to online dating fraud:

“Romance fraud is organized crime.”

For the many online communities including dating and networking sites that we protect every day, the potential fraud dangers that exist are likely not coming from a fraud network of one. While personifying a single user, the perpetrator is likely part of a larger group of organized criminals making coordinated efforts to defraud a particular organization. Working diligently to defeat a website’s line of defense, once the bad guys get in they create multiple accounts, sneak in their partners in crime, and put their best laid schemes to work.

The key to thwarting scams targeting online social communities and networking sites is recognizing all the players involved. iovation’s ReputationManager 360 anti-fraud solution leverages its device recognition technology to uniquely identify known devices used by bad actors and link the multiple fake accounts associated with those devices. iovation’s global shared database of more than 750 million devices is shared amongst iovation’s clients. Cyber criminals and scammers share information, so why shouldn’t businesses collaborate to keep the bad guys out?

iovation has seen first-hand mobile transactions increase by more than 300% annually. With merchants expecting more fraud as a percentage of sales from their mobile channel, I look forward to participating alongside with other leading mobile security authorities in the panel, “Mobile Security: Improving Systems to Mitigate Fraud,” at the Mobile Contactless Payment Innovations Summit in Chicago.

I will be joining Marc Washawsky, SVP Mobile Channel Executive at Bank of America, Kevin Gillick, Executive Director at GlobalPlatform, Jack Jania, SVP GM Secure Transactions at Gemalto, and moderator, James Wester, Editor of Mobile Payments Today, as we share with executives from retailers, banks, card issuers and payment networks insights on assessing risk and detecting fraudulent behavior from mobile devices, including smart phones and tablets. Some of the topics we will cover include: 

• The importance of mobile security
• Common perceptions customers have towards mobile devices
• Mobile standards, practices and identity issues
• The security and fraud implications for consumer vs. business devices
• The future of mobile security

Each year, iovation assesses billions of online transactions for our customers, most notably in financial services, online retail and online communities like social networks and dating sites. Of the mobile transactions we’ve assessed for risk to date, 35% were from Android devices, 32% from iPhones, 24% from iPads, and 9% have been from Blackberry and other mobile devices.

The mobile fraud panel will take place on Tuesday, October 18th, beginning at 11:15 a.m. at the W Hotel City Center, Chicago, Illinois. If you are attending this conference, I hope you can join us for this very important presentation.

We all know that the top priority for any IT fraud team is to ensure their good customers can safely and easily communicate and do business within their online environment. However, because many business websites have networking communities that bring likeminded individuals together to socialize, the potential for users or criminals to act inappropriately towards others can create problems that can impact the user experience.

For the verticals we serve, including online dating and Internet gaming and gambling websites, the social interaction that goes on between their members is core to their business and daily revenue stream. If somebody gets out of line or breaks corporate policy, it not only impacts the user’s experience, but can put the organization’s reputation at risk.

If any online business fails to maintain the trust and confidence of their paying subscribers, those customers can simply take their business elsewhere. This is why online romance sites and Internet gaming environments need to be aware of the impact member abuse can have on their bottom line.

One of the challenges of protecting networking sites from abusive behavior is stopping it before it happens. But how? While most anti-fraud measures still focus on the person connecting to a site, iovation’s ReputationManager 360 solution checks the device being used to log onto a site or request transactions against a dynamic database of more than 700 million unique devices and their reputations to give businesses deeper insight to those connecting to their network. Understanding when a device on your network — whether it’s a PC, smartphone or tablet — has been used to perpetrate abusive or fraudulent behavior on another site is valuable information fraud teams can use to prevent unwanted behavior against their members.

The bottom line is, when it comes to online services, consumers have more choices than ever. If their trust and confidence has been violated as a result of online fraud or abuse, they can walk away at any time. Organizations leveraging device reputation technology to protect their social communities have an additional layer of intelligence needed to prevent both fraudulent and abusive behavior before it impacts the user experience or results in a financial loss.

“Social fakes” are invented profiles on social media (often referred to as profile misrepresentation), which can be used to harass or mock victims anonymously. But the more lucrative fake profile is one that imitates a legitimate business, damaging that business’s online reputation.

The impostors’ ultimate goal? Spam leading to scams.

Social-web security provider Impermium published the results of their recent analysis of the cost of social spam. “Online ID signup fraud” is an emerging trend, with fraudulent accounts ranging from a low of 5% to 40% of users. “Scammers are registering accounts by the millions as they perpetrate fake “friend requests,” deceptive tweets, and the like, while the black market for bulk social networking accounts is growing exponentially.”

They also warned about social web abuse, describing current “sleeper cells” as “a ticking time bomb.” Last month, more than 30,000 fraudulent accounts coordinated an attack, in which attackers submitted more than 475,000 malicious wall posts in one hour. According to Impermium, “Even accounts you’ve had for years could be lying in wait for just the right moment.”

Multiple issues stem from fake accounts, such as brand damage for both the website and its users, scams being perpetrated on existing or potential customers, and for social networking websites, an inflated, incorrect summation of active subscribers—to name a few.

Social media sites can use iovation’s device reputation service to help identify fraudsters at account setup. When a device (or related group of devices) signs up for more than your allotted number of accounts, you can receive alerts on this behavior. When multiple countries are logging into the same accounts within a specified timeframe, you can set alerts on this activity. When users are constantly changing their device attributes between multiple online registrations (to look like new, legitimate consumers), you can know this immediately—and automatically deny the new accounts outright or send them to your fraud review queue. If 1,000 accounts were just set up from the same machine, one after another, wouldn’t you want to know that while it’s happening so you can do something before the scams start?

Rather than relying on information provided by the user, which may not be honest or accurate, device reputation technology goes deeper, identifying the computer being used to register an account. This exposes negative behaviors right away, allowing a website operator to deny access to threatening accounts before your business reputation is damaged and your users are abused.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses hackers hacking social media on Fox Boston. Disclosures

In the article, “Fraudster used Facebook to hack bank accounts,” cyber criminal Iain Wood spent 18 hours a day online collecting information posted by his neighbors on social networking sites including Facebook to figure out passwords that would defeat online banking security checks. Prior to getting caught by police, he managed to steal more than £35,000 (approx. $55,000 USD) over a two-year period.

This is just a small example of how a single hacker can stage an ongoing crime spree that impacts individual users and their banks. Prosecutor, Neil Pallister, said Wood followed and befriended several neighbors online to obtain enough personal information that helped him break into their online bank accounts.

“He would make friends with people on Facebook and got their usernames. He would try it on the bank websites, on the basis people use the same passwords. If that did not work he would fill in the security information, which he got from Facebook and Friends Reunited.”

With this type of criminal behavior taking place every day, online banks can no longer afford to rely on personal information to validate customers and detect fraud. Today, knowledge-based security defenses are leaving online businesses and their customers vulnerable to schemes that allow fraudsters to easily answer security questions and de-code passwords. Now more than ever financial institutions need to deploy security tools that go beyond the data provided by customers to access their accounts. Businesses need the ability to identify the actual device used to access online accounts to see when someone is using stolen or false information to fraudulently access another person’s account.

The fact is, fraudsters will continue to gather personal information from the Internet to fool even the latest security tools. While these fraud practices may be impossible to stop, a multi-layered security approach that includes iovation’s ReputationManager 360 allows online businesses to look beyond personally identifiable information (PII) and see when any type of Internet-connected device (PC, smartphone or tablet) with a history of fraud or abuse logs onto a website or tries to access an account using personal information. This is why having deeper insight into online transactions, without relying on the information a user provides, is essential for protecting online businesses and their customers from today’s more sophisticated, knowledge-based fraud schemes.

The Westin Building is easily the best connected facility in the Northwest United States. Via our patch panel in the meet-me-room we can rapidly connect to dozens of global telecommunications carriers serving the US, Asia, Canada, Europe, and the rest of the world with a simple fiber optic jumper cable. This facility is also home to the Seattle Internet Exchange on which we are a member.

If you are an iovation customer and would like to directly connect to us within this facility or across the SIX please contact me.

From an infrastructure point of view, keeping the iovation service online at all times and keeping the “bad guys” from harming our customers is always Job #1. To do this, we employ many levels of redundancy, both within a given facility, and between multiple facilities. As with any data center, this starts with the electrical power feeding the facility. Every piece of iovation equipment is fed from dual power sources which are completely redundant all the way back to the power utility. It should also be noted that power failures in Seattle are nearly nonexistent as the grid is extremely robust (fed largely by hydro-power).  

Here you can see the generator bank backing up our “A” side power bus:

Here you can see the generators backing up our “B” side power bus:

After the generators, the power flows through a pair of “Automated Transfer Switches” that will cutover from “utility” power to “generator” power should their be a disturbance on the power grid. Unfortunately, I don’t have a picture of these transfer switches handy, but here is a picture of the main electrical switchgear that is downstream of the transfer switches for both the “A” side bus and the “B” side bus.

After the main switchgear, the power is fed into a pair of 500KVA UPS units (again, completely separate “A” side and “B” side units) which provide super-clean output power at all times due to their double-online-conversion design. They also provide battery back up during power outages until the generators start up and take the load:

From the UPS units, the power is sent out at 480 volts to step-down transformers located on the data center floor (the black cabinet in the middle of the picture is one of the two that feed iovation):

After being stepped down to 208 volts, iovation receives one three phase 225 amp power feed from the “A” side power bus and another 225 amp power feed from the “B” side power bus into a pair of RPP panel units (circuit breakers):

From these RPP panel units we provide every cabinet with one 208v 30amp 3 phase connection from the “A” unit and another from the “B” unit. All power capacity planning is done with the assumption that we can lose either the “A” side or “B” side power and everything will just seamlessly shift over to the still-functioning power leg without any impact.

So that should provide a pretty good overview of our power infrastructure, now let’s talk about cooling for a bit. While the Westin Building has numerous redundant evaporative cooling towers, here is a snapshot of a few of them:

I don’t have a picture handy, but needless to say, the cooling loop system has fully redundant pumps for water circulation. Here you can see a very important feature of the cooling system – The Westin Building stores thousands of gallons of emergency water on site to keep their cooling system operational even in the event of a water utility outage:

Here you can see an example of the many redundant cooling units that actually provide cool air to our servers by moving heat from the air into the cooling loop. There are a pair of these units dedicated to the iovation cage (not shown):

And last but not least, here is a picture of the iovation cage (though this was taken before all the servers were installed):

I could continue on about the layers of fire protection systems, multi-factor access control, 24×7 engineering and security staff, etc, but perhaps those will be topics for future blog posts. We here at iovation are very excited about the addition of this facility to our tool set as it allows us to scale up to handle ever increasing customer demand while continuing to provide the highest level of service to our clients.

As always, please send me an email if you have any questions!

-Eric
Sr. Infrastructure Architect

“We are proud to be a new entrant to the Portland Business Journal’s Top 100 list and look forward to being a regular member of this outstanding group of companies. We fully intend to move up the list in the coming years as our growth continues to accelerate,” said Doug Shafer, CFO at iovation Inc. “We are very excited about the growth opportunities in all of the key vertical markets that we serve across the globe.”

In any economy — but even more so in today’s slow economic recovery — the key to business growth is all about customer satisfaction. Driven by a “customer first” mentality, we provide much-needed fraud protection services to online businesses around the globe. This powerful combination has played a central role in not only earning new business, but also achieving a 96% customer retention rate.

For any fraud prevention company, knowing you are delivering highly innovative and effective fraud-fighting solutions that are improving the safety and financial well-being of your customers and business partners makes all the difference. That’s what makes us tick at iovation. And we couldn’t have done this without the hard work and dedication of our amazing team, partners and customers. Thanks for working with us to make the Internet a safer place.

Scammer grammar and general awkwardness make these scams relatively easy to detect. But when a scammer is local, the ruse becomes more insidious and effective.

The Toronto Sun reports that a man in Hamilton, Ontario faces “60 charges for allegedly selling thousands of dollars worth of non-existent tickets to concerts and sporting events, mostly at venues in Toronto.” The suspect “allegedly used Craigslist to sell tickets to pop concerts like Lady Gaga, Taylor Swift and Justin Bieber, or sporting events like Wrestlemania.”

As in most Craigslist scams, the perpetrator had the victims wire money to him, and in this case it was to a local account, which reduced suspicions. He told victims they would get a shipping confirmation number once the money was received, but of course, this was entirely bogus.

At the top of every post, Craigslist reminds you, “Avoid scams and fraud by dealing locally!” But they may not consider that scammers can deal locally, too. My suggestion is to always meet the seller with cash in hand, or simply buy tickets directly from the venue or venue’s website.

Craigslist and auction sites could better protect end users and prevent the majority of these scams by using readily available and proven fraud detection tools on the market. They could easily round up accounts opened by scammers by tracking them back to the computers, tablets and smart phones that opened them up in the first place by using device reputation management. And when those computers try to open more accounts under more stolen identities, the accounts are automatically denied upfront—at the “account creation” stage.

Craigslist could easily employ customized business rules to identify high-risk activity such as those offered by iovation’s ReputationManager 360 anti-fraud service.  For example, if someone posted a local offer, iovation could expose to the business when users are hiding behind proxies to make them appear as if they were in the local region.  If they are selling a used car supposedly in Irvine, California and they are going through the work to mask their IP and make it “look” like they are in Irvine, but their real IP is exposing that they are in Ghana, wouldn’t that be a red flag?  When this happens, the business could automatically deny the attempt in a fraction of a second, or at a minimum send it to a review queue so that fraud analysts can take a closer look before exposing a scammers’ offer to the public.

In general, with today’s sophisticated fraud prevention technologies and techniques, scammer accounts could and should easily be stopped at the front door (while attempting to set up a new account) — before ads are placed, before ads are read by the public, and before tens to hundreds of visitors act on the ad by engaging in conversation with a cyber criminal who wants to steal their money.

Imagine the scale of bad accounts that could be shut down instantly.  Sophisticated fraud rings could be identified within the business’s network and thousands of fraudulent accounts shut down, making Craigslist and other auction sites a much safer place for the public to look for desired products and services.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses scambaiting on Fox News. (Disclosures)

For online dating sites’ security teams, identifying scammers can seem like the same tedious process. As they constantly sift through the tens of thousands of personal profiles, they’re looking for that one piece of information that can help them root out potential scammers.

While there are many ways fraud teams can identify online fraudsters, the real challenge in reducing online fraud and abuse is proactively identifying criminals before they can commit a crime. More often than not, fraud teams find themselves taking a reactive approach of responding or shutting down bad accounts only after a legitimate member has fallen victim to an online crime. This may help clean up bad accounts on their websites, but it doesn’t prevent crimes from happening in the first place.

According to the article, “Online Dating Sites Warn Users of Scams,” with Internet dating scams on the rise, the security that’s offered on romance sites is becoming a priority for people seeking love online. The article also said security is influencing which sites people choose to look for love on:

“New members will be gained, not because of the match making technology being implemented, but because of the security that the online dating site can provide both in terms of physical safety as well as personal information and privacy concerns.”

With security playing a greater role in both protecting its good members and attracting new ones, online dating sites need fraud preventative solutions that go deeper into identifying bad profiles and accounts on their sites. iovation’s ReputationManager 360 anti-fraud solution goes beyond looking at the person connecting to a website, as well as the personally identifiable information (PII) that criminals provide to create fake profiles and accounts.

Using the reputation of over 600 million devices including PCs, smartphones and tablets that connect to the Internet, iovation exposes devices with histories of negative behavior that have either created accounts or are associated with accounts on their websites. In doing so, online dating and other social networking sites can proactively identify and shut down fraudsters before any damage is done to their members and corporate reputations.

To reduce fraud rates, social networking sites are using their own social verification systems to determine whether the person at the other end of a Web transaction is actually who they say they are. According to the article, “How your social network can protect your credit card,” social networking sites like Facebook collect various pieces of information about a user’s personal network to identify a person and reduce fraudulent activities such as credit card fraud, account takeover and account hijacking within their network. But while the social networking giant and others prefer to keep their data to themselves, think about the possibilities this type of information could have in the fight against global fraud.

With so many credit card details and social security numbers now in the hands of organized cyber criminals, we need a broader mindset if we are going to truly stop the growing fraud problem that stretches across continents, technologies and industries.

By sharing intelligence on more than 600 million Internet-connected devices including PCs, smartphones and tablets, iovation’s ReputationManager 360 fraud prevention solution allows businesses across all industries to see if a device requesting an online transaction has a history of fraud, or is associated with known fraudulent accounts or devices, before the transaction takes place. With a nearly 30% device crossover rate between industries, we understand how important working together and sharing critical information is to fighting online fraud and abuse. This is how we are able to help our cross-industry customers stop 35 million online fraudulent transactions and activities a year.

Much like any legitimate user, fraudsters come in from computers or devices they’ve used before. Having the goods on bad guys’ devices enables businesses to decide whether to deny, accept, or pull for review any pending transactions to prevent credit card fraud and other unwanted behavior. As a result, businesses don’t have to write off future online transactions that are ultimately impacting their sales revenues and bottom line.

Auction fraud refers to fraudulent transactions on online auctions. Either a product advertised for sale is misrepresented, or purchases are never delivered at all.

The IC3’s annual report explains, “Historically, auction fraud has been the leading complaint reported by victims, with a high of 71.2 percent of all referrals in 2004. However, in 2010, auction fraud represents slightly more than 10 percent of referrals. This demonstrates the growing diversification of crimes related to the Internet.”

In other words, auction fraud is still profitable for scammers, and they’ve also discovered many new techniques for scamming consumers.

IC3 advises consumers against conducting online transactions with anyone who exhibits the following suspicious behavior:

• The seller creates an online auction as though he resides in the United States, but responds to buyers with an email claiming he’s outside the United States for business reasons or a family emergency. Or, the seller posts the auction under one name, but asks for payment to be transferred to a different name.
• The seller requests payment via Western Union, MoneyGram, or bank-to-bank wire transfer. This makes the money virtually unrecoverable once the victim discovers the scam. Any transaction involving a money transfer control number (MTCN) may indicate fraud.
• The seller poses as an authorized dealer or factory representative in a country where there are no such dealers.
• The buyer asks for a purchase to be shipped to another via a particular method in order to avoid customs or taxes.
• The buyer uses a credit card for which the billing address does not match the shipping address. Always secure the cardholder’s authorization before shipping any purchased items.

Online classified and auction websites could prevent fraud and protect their users by incorporating device reputation management. One anti-fraud service getting lots of attention for its fast and effective results is iovation’s ReputationManager 360. This service incorporates device identification, device reputation, and real-time risk profiling. It is used by hundreds of online businesses to prevent fraud and abuse by analyzing the computer, smartphone, or tablet connecting to their online properties.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses scammers and thieves on The Big Idea with Donny Deutsch. (Disclosures)

FedEx can and should deny suspicious online transactions. Moneygram and Western Union could also make some effort to deter scammers. It’s hard to weed out the bad guys, but there are technologies that help.

What kind of scam am I talking about? A good friend recently called to ask what I know about check scams. He had received a $2,400 check from a major chemical company via FedEx. He had no idea why, but mentioned that he had placed an add on Craigslist, asking $150 for an item he wished to sell, and that a deaf woman had called him through a translating service and offered to FedEx a check.

I explained that this is advanced fee fraud, or a shipping scam, and that he will undoubtedly receive an email demanding that the difference be paid to shippers.

Maybe the scammer pretended to be deaf, using the translator service as a third party to scramble the caller’s location. Or maybe the buyer really was a deaf woman.

But why send a check for $2,400, and why from a chemical company? Probably because it was the only seemingly legitimate check the scammer had printed up at the time, and it’s a nice score if he sends back the $2,250 difference.

My buddy was flabbergasted to think that anyone would fall for such a scam, and insisted that if someone came to his house to pick up the purchased item and demanded he pay the purchaser $2,250, he’d punch them in the face.

Shortly after getting off the phone with me, he received this email:

“Hello Dean,

How are you doing today?

The check has been delivered via Fedex,Thanks for your honesty towards this transaction so far.Well, the overpayment is meant to cover the cost of shipment for the item alongside my other properties including tax and insurance plus the movers and agent fees.

Please deposit the check today so that it clears tomorrow after the check has cleared,All you have to do is go the bank and have the rest of the money withdrawn in cash and have it sent to the movers via money gram

Here’s the movers information below.

Name : Jason Shambaugh

Address : 2330 Contra Costa Blv

City : Pleasant Hill

state : CA

Post code : 94523

Do let me know your schedule for the week regarding pickup as i have some other properties to be moved alongside the item. Please do act accordingly as agreed after deducting your money for the item, make the rest fund available to the movers via money gram Money Transfer at any of their outlet around you or check on www.moneygram.com{click find us} and check for their outlets around and get back to me with the transfer details below (as it appears on the receipt) so i can contact the movers for the pick-up at your location ….Deduct the money gram money transfer charges from my fund also $50 for yourself (meant for any hassle or run around).

1}Sender’s name and address

2}Reference number {which is the 8 digits number on the Money Gram receipt}

3}Actual amount sent after the fee had been deducted

Hope i can trust you with the overpayment? Your Honesty and transparency will be appreciated”

The email also included the FedEx tracking information, with my friend’s address. Looking up the shipping address on Google maps reveals an office building, which most likely has some vacancies. The scammer probably has some connection to the building, allowing for anonymous shipments.

Craigslist could easily prevent the majority of these scams easily by using device reputation management. Many Craigslist scammers based in Ghana, Nigeria, Romania, Korea, Israel, Columbia, Argentina, the Philippines, and Malaysia spend their days targeting consumers in the developed world. But real-time device reputation checks, such as those offered by iovation, can detect computers that have been used for auction fraud and expose all of the accounts associated with the suspicious device or group of devices. This provides Craigslist and other websites with the opportunity to instantly shut down sophisticated fraud rings and thousands of fraudulent accounts.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses scambaiting on Fox News. (Disclosures)

My first passion has always been personal security as it relates to violence prevention. I got into this business 20 years ago as a result of violence in my own life, and began to write, speak and train in self-defense. Things are no different today, except that there are now many more ways for bad guys to ensnare their victims.

Studies show online dating and matchmaking services are growing, even in a recession. Many single men and women are signing up and attending speed-dating sessions than ever before. There are a couple of reasons for the increase in online dating’s popularity. First, it is cheaper to join a service than to spend money on countless bad blind dates. Second, in turbulent times, people want the comfort of a romantic partner. Having a companion to share in the fear, uncertainty, and doubt can help people vent and find relief.

Protect yourself from online dating scams and risks.

1. Educate yourself about self-defense techniques and personal security. Watch instructional videos or take a course. The single most effective self-defense offering on the planet is a program called “Impact Model Mugging,” which you can find nearby with an online search. Taking this course is worthwhile, even if you have to drive 500 miles, and bring your children. In this case, knowledge certainly is power.

2. You’ve probably heard this advice before but it merits repeating. Drive yourself to meet your date in a public, populated location, and continue to do this for the first several dates. Get to know the energy of your potential mate, learn what makes them tick, before offering your trust. Be alert for unhealthy behaviors. If they are easily irritated or make offensive jokes, move on.

3. Do not drink alcohol when meeting someone from the Internet, even with a meal. Alcohol lowers inhibitions and leads us to accept inappropriate behavior. Don’t accept drinks from anyone unless you see the drink being poured and it goes straight to your hands. Slipping drugs in drinks happens every day.

4. Be direct about splitting the bill for dinner. While this may seem extreme to some, studies show that a large percentage of men still feel that after buying a woman dinner, she “owes” him sex.

5. Get information about your date. Ask all the questions: name, address, previous address, home phone number, cell phone, place of birth, birth date, workplace, license plate, and if you can squeeze it out of them, I kid you not, get their Social Security number.

6. Do your own sex offender checks. Do background checks, Use Google and Facebook. Vet your potential mate thoroughly, since determining who you might marry is about as important as any life decision can be.

Online dating services must also take on a certain level of responsibility for members’ personal security. One option is to take advantage of new technologies such as device reputation management, which identifies user devices and analyzes their history, allowing websites to ban users whose device history indicates that they pose a threat to other users.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses dating security on E! True Hollywood Story. (Disclosures)

In New Zealand, weird can be defined as a 28-year-old Auckland woman who created and used several fake online profiles depicting young, pretty women to befriend unsuspecting high school boys.

I can definitely see my 16-year-old self falling for this.

Sometimes, after creating a fake Facebook profile, the woman would use her other online personas to break the news that her fictitious creation had been killed, referring her high-school friends to a tribute website where they could leave messages mourning the dead young woman. So far, around 40 of this scammer’s young victim’s have been identified.

What a bizarre prank, playing on the emotional wellbeing of a kid!

Making it even more macabre, the scammer borrowed profile pictures of real Facebook users, as well as pictures of their children, friends, and family, and created memorial videos eulogizing them. Posing as the mother of one of her creations, she informed one boy that her daughter was in the hospital after a suicide attempt.

The woman committing these acts is either extremely disturbed or extremely intelligent. Either way, it’s very creative and probably prone to copycats. This woman should be banned from the Internet entirely.

Social media sites could go a long way in terms of protecting their users by incorporating device reputation management. Once a user has been banned, device reputation allows websites to analyze the history of that user’s computer or other device, which may have been used for spam, phishing attempts, predatory behavior, profile misrepresentation, or even credit card fraud.  Device reputation alerts businesses to suspicious behavior, uncovers the device’s true location, and exposes hidden relationships to other high-risk accounts and devices.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses social media scams on CNN. (Disclosures)

Will this prevent sex offenders creating Match.com profiles? No. Will this prevent sex offenders from abusing women they meet on the site? Of course not.

Is it necessary for Match.com to seek out and remove sex offenders? Of course it is. Even though there may be some false positives, even though it’s an imperfect system, it adds a layer of protection that will certainly vet out a bad apple or two, or thousands.

When someone subscribes to a dating site and begins the search for a mate, there is an implied assumption that Match.com has somehow validated other users. While that is definitely not the case, the reality is that new users are approved based on having a working credit card.

Going forward, sex offender registry checks will help, but anyone who meets dates online needs to realize that they are essentially on their own, and that no website can be with you on a date, protecting you from a sex offender.

Dating websites can try to prevent sex offenders from reregistering by recognizing and banning the email addresses or credit cards of unwanted users, but these are imperfect and less than effective security measures.

Dating websites could incorporate another layer of protection, such as vetting the computer used to create the profile in the first place. Device reputation management spots online evildoers in a fraction of a second, by examining the computer, smartphone, or tablet used to connect to the dating website or social network. If a device is associated with unwanted behavior, such as spam, online scams, fake profiles, bullying, or predatory behavior from a previous ban, the website can reject the new account or transaction.

Arguably, dating sites should not have to do any of this, but implementing new layers of security is the appropriate response to an unfortunate tragedy. Let’s hope dating sites get better at policing their members.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses dating security on The Tyra Show. (Disclosures)

The Visionary section of the Magic Quadrant recognizes security vendors whose products are easy to implement and have successfully reduced online fraud for their customers.  According to Gartner’s description:

The Visionaries’ products are relatively easy to implement (when compared with many of their competitors) and have achieved very good results in reducing online fraud for their clients, often using software-as-a-service (SaaS)-based models. Often, they are more innovative than their competitors and tend to offer superior customer service, which they can afford to do, given their smaller customer base and their dedication solely to fraud detection.

Our revolutionary device reputation technology uniquely identifies and re-recognizes individual devices, including computers, smartphones and tablets, that log onto business websites and checks it with our shared global fraud and abuse database to help customers assess the transaction risk based on the likelihood that the device will commit online fraud or abuse.

In fact, Gartner’s description of Web fraud detection nearly describes what iovation’s ReputationManager 360 fraud prevention solution does to a tee: detects account takeover, detects fraudulent accounts created by a stolen or fictitious identity, and detects the use of a stolen financial account when making a financial transaction.

“We’ll stop over 50 million fraud attempts this year as we continue on our mission to make the Internet a safer place”, said Greg Pierson, founder and CEO of iovation. “We are honored to be positioned by Gartner as a Visionary and recognized in the web fraud detection market. We take pride in providing superior customers service and delivering meaningful results in the fight against online fraud and abuse.”

Spoofed websites are generally created in order to phish for consumers’ personal information, or to accept credit card payments for products or services that will never be delivered.

In the case of the nonexistent University of Redwood, it’s entirely possible the website served as the front for a diploma mill.

Diploma mills were born alongside legitimate, accredited online universities. Diploma mills issue degrees that can be used to fraudulently obtain employment, promotions, raises, or bonuses. They can also be used as fake identification, to gain employment under an invented name, impersonate a licensed professional, or use fake documents to obtain a genuine ID with fraudulent information.

Diploma mills model themselves after accredited institutions, right down to the .edu web address. They may even incorporate part of an existing university’s name or logo into their own, or mimic an Ivy League school’s color scheme or website design.

Just like a legitimate school, a diploma mill may actually require students to purchase books, do homework, and take tests. Unlike a legitimate school, the diploma school may make passing a foregone conclusion. In many cases, students can simply purchase a diploma, no questions asked. Many of these organizations are nothing more than glorified print shops.

Before plunking down a dime on any learning institution, do your research. There are websites that publicly expose diploma mills, and the U.S. Department of Education recommends that you consult their database as well as additional sources of qualitative information.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses identity theft for the National Speakers Association. (Disclosures)

Social engineering is the act of manipulating people into performing certain actions or divulging confidential information. Essentially it’s a fancier, more technical form of lying.

Combine naiveté with predators who use social engineering to manipulate their victims, and you get stories like this one, about an Illinois man who sent more than $200,000 to an “online girlfriend,” who didn’t actually exist. The man believed he had been in a relationship with the fictional woman for more than two years when he called police to report that she had been kidnapped in London. He then explained that over the course of the relationship, he had wired money to bank accounts In Nigeria, Malaysia, England, and the United States at his supposed girlfriend’s request.

It’s not as difficult as you might imagine to get swindled out of your money this way. Everyone wants to love and to be loved, and everyone likes to think they’re too smart to get scammed. The scammer’s advantage is his ability to appeal to a victim’s loneliness, which often trumps common sense and facilitates bad decision-making.

More than 40 million people subscribe to online dating services, and millions of those subscribers develop intimate, albeit virtual relationships with anonymous strangers. The most vulnerable users are often those who married young, divorced, and are now in their late 40s or early 50s, facing a new chapter of their lives. This dramatic life transition can foster a degree of loneliness and uncertainty that is extremely difficult to overcome without support from others.

Dating sites could protect users by incorporating another layer of protection, such as device reputation management, which would analyze the computers, smartphones, and tablets used to create new accounts. By examining the device used to connect to one’s website, the website’s operator can reject new accounts or transactions from users with a history of running online scams and spamming in other online communities.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses dating security on E! True Hollywood Stories. (Disclosures)

Like a roller coaster, online dating can be fun and exciting, or it can be nauseating. Most dating veterans have been there, done that, with a few regrets and lots of lessons learned. While you may have already experienced a lot, you have yet to see it all.

It’s essential to be able to distinguish a conscious, healthy search for a mate from one that is potentially destructive.

Water seeks its own level, as the saying goes, which means that unhealthy and insecure people tend to find one another, which leads to destructive relationships. What’s worse is that insecure people are often unconsciously drawn to dangerous and sometimes violent mates.

Emotionally healthy, mindful people refuse to settle for unsuitable mates. People who are secure and self-aware tend to be more capable of recognizing threats to their personal security. When a person or situation triggers their suspicions, they trust their instincts and remove themselves from potential danger, cutting their losses and chalking it up to a learning experience.

Scammers take advantage of the insecure by telling them what they want to hear. They often mirror the tone and demeanor of the person with whom they are communicating. Beware of anyone who seems to echo who you are and what you want.

If more dating websites incorporated device reputation management to check for suspicious computer history, and investigated the behavioral characteristics consistent with fraudulent use, they’d be able to deny criminals the first time they tried to sign up.

If you use an online dating service, be on guard for scams. Stick to legitimate, well-known websites, and get referrals from friends who have successfully met romantic partners online. When creating your dating profile, take care to consider the image you want to project. Never post personal information, including your full name, address, or phone number. To vet potential dates, check whether the information in their online dating profiles matches other information available online. If a potential date asks you for a loan or any financial information, immediately report them to the dating website.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses dating safely onThe Tyra Show. (Disclosures)

As part of our effort to expand our device identification, device reputation and real-time risk mitigation services for online businesses in France, I am pleased to announce that Philippe Mazurier has joined iovation as Country Manager, heading up sales and business development and is based in Montpellier.

Philippe brings strong business relationships and deep, in-market experience that will be instrumental in helping us meet online fraud protection demands in this market. He understands the serious and damaging impacts that cybercrime has on online businesses.

As we continue to serve the French market, protecting e-commerce, financial services, gaming and online communities from fraud and abuse, having a seasoned veteran in authentication and fraud prevention services representing iovation will help us serve this market even better.

To arrange meetings with Philippe to talk about any fraud or abuse issues your company is experiencing, please email france@iovation.com or call +33 (0)6 69 79 12 33.

According to the Wall Street Journal article, “Cyber crime now an industry,” the average cyber criminal is not at all who we think he is. He’s not some socially awkward kid cooped up in a poorly lit basement causing havoc across the globe. That’s not to say there aren’t organized gangs causing worldwide headaches. There are. But, from a technical standpoint, the majority of those perpetrating online fraud and abuse are more like you and me.

Because readily available toolkits and easily accessible information have lowered the talent bar for cybercrime candidates, the skill sets required for today’s high-functioning and effective cyber criminals are as basic as they can get. With criminal factories producing attack kits, today’s criminals need little to no computer skills to get into the underworld business.

The recently released Verizon 2011 Data Breach Investigations Report found an interesting trend in the information cyber criminals are seeking to commit online fraud. Basically, usernames and password details have replaced credit card details, which have dropped in value in the black market from roughly $10 to ten cents, or less. Cyber criminals also use easily accessible personal information that they easily swipe from social networking websites like Facebook and LinkedIn to socially engineer their victims.

Either way you look at it, cybercrime has evolved from being perpetrated by computer-savvy, introverted whiz-kids to an industrial machine where the job requirements include as little as a computer and some cash.

With the computer the primary mechanism used to perpetrate online crimes, the more you know about the device requesting a transaction the better chance you have in defending your online business and customers from being victimized by such crimes. iovation’s fraud prevention service shares the reputations of 600 million devices including PCs, smartphones and tablets to assess risk on 8 million transactions each day to help organizations stop fraudulent transactions before they happen.

While we know fraudsters can’t resist a sure thing, Craig Scroggie, vice president and managing director of Symantec in the Pacific region, said most of the time consumers turn a deaf ear to such warnings until it is too late. In the article, “Cybercrime to hit tablets,” Scroggie, who has warned consumers about potential threats to email, fake websites and computers in the past, is at it again. This time he says the proliferation of smartphones and tablet devices will soon face the same type of attacks PC owners have long suffered.

According to Symantec’s Internet Security Threat Report, there were 163 known vulnerabilities in mobile operating systems in 2010, a 42% increase compared to the 115 in 2009. More attacks on mobile devices can be attributed to a couple of things, most notably more people using the devices for mobile computing and Web surfing, and the fact that users are less security-savvy about malware on mobile devices.

With the major mobile platforms now ubiquitous enough to attract hackers, like clockwork, we’re seeing the same criminal pattern take its course. As a result, Symantec expects attacks on these platforms to increase in 2011. The report also found that despite having security measures in place, 45% of respondents said security was still one of the top obstacles in smart devices.

From the iovation perspective, we’re seeing increasing traffic across our subscribers from mobile devices, predominantly from smart phones, with iPhone and Android devices leading the pack. While there is fraud originating from mobiles, it’s still a relatively small fraction of the overall fraud we catch every day. It will be interesting to watch the shift as mobiles begin to overtake laptop and desktop devices as the platform of choice for everyone, fraudsters included.

CNET broke down Twitter’s recent blog post, which celebrates their significant numbers: “It took three years, two months, and one day for Twitter to hit 1 billion tweets; now, a billion tweets are posted in the course of a week. An average of 460,000 new accounts were created per day over the past month, and an average of 140 million tweets were posted per day. Twitter now has 400 employees, 50 of whom have been hired since January.”

Spammers, scammers, and thieves are paying attention.

Techland reports, “At least 10,000 Twitter users fell for a scam that spread like wildfire across the social networking site early today. Quick action by link shortening service bit.ly – as well as thousands of people retweeting warnings – brought the scam attack under control in a few hours.”

Common Twitter scams include:

Hijacked Accounts: Numerous Twitter accounts have been hacked, including those of President Obama and, recently, Ashton Kutcher. Kutcher’s account was most likely “Firesheeped,” which can occur when a wireless device is used to access an unsecured site.

Social Media Identity Theft: Hundreds of imposter accounts are set up every day. Sarah Palin, St. Louis Cardinals coach Tony LaRussa, Kanye West, The Huffington Post, and many others have been impersonated by fake Twitter accounts opened in their names.

Worms: Twitter has been plagued by worms, which spread messages encouraging users to click malicious links. When one user clicks, his account is infected and used to further spread the message. Soon his followers and then their followers are all infected.

Phishing: Hacked Twitter accounts are used to send phishing messages, which instruct users to click links that point to spoofed sites, where users will be prompted to enter login credentials, putting themselves at risk of identity theft.

Social media sites could go a long way in protecting their users by incorporating device reputation management. Rather than accepting information provided by an anonymous user, device reputation allows social sites to leverage knowledge about a device’s history—which could include spam, phishing attempts, predatory behavior, profile misrepresentation and even credit card fraud. Device reputation alerts businesses to suspicious behavior exhibited while bad actors are on their websites, uncovers the device’s true location, and exposes hidden relationships to other high-risk accounts and devices.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses social media hacking on Fox Boston. (Disclosures)

Jobseekers’ desperation for employment makes them vulnerable to work-from-home scams and fake job listings.

The Federal Trade Commission recently announced that it has ”stepped up its ongoing campaign against scammers who falsely promise guaranteed jobs and opportunities to ‘be your own boss’ to consumers who are struggling with unemployment and diminished incomes as a consequence of the economic downturn.”

Criminals take advantage of increasing unemployment with fake job listings, designed to trick applicants into disclosing their Social Security numbers. Some scammers who more closely resemble legitimate companies make millions by blanketing classified advertisements across the country, roping people in with false promises.

One company offered to help workers start their own Internet business and earn up to $10,000 a month, ultimately defrauding victims out of $40 million in fees. Another advertised fake sales jobs on CareerBuilder.com and charged applicants for background checks. In another instance, scammers made false claims about the earnings potential of stuffing circulars into envelopes. Another scam advertised an angel pin assembly kit, with which one could supposedly earn up to $500 per week, no experience, special tools, or sewing skills required. The worst scam offered to help consumers recover money lost to other scammers, for a fee of up to $499.

If a job description doesn’t sound like something you would see printed on a business card, or if you are asked to front money, it’s a scam.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses money mules and job scams on Fox News. (Disclosures)

On Monday, we were named by AlwaysOn and industry experts as one of the 2011 OnDemand Top 100 winners, which recognizes leadership and game-changing approaches and technologies likely to disrupt existing markets and entrenched players. iovation was chosen for our unique ability to detect online fraudulent activity in real-time and keep our clients’ businesses and customers safe.

By leveraging our knowledge base of half a billion device reputations to prevent fraud loss and protect our customers, iovation helps many of the world’s leading brands representing financial services, retail, travel, dating, social network and gaming industries stop 150,000 online fraudulent activities each day.

But we couldn’t do this alone. This is a highly collaborative effort. We work with more than 2,000 fraud analysts worldwide, who report and share their unique fraud experiences through our Device Reputation Authority database. The information we share on Internet devices (computers, smartphones and tablets) and their associated online accounts provides our clients with upfront intelligence they can use to recognize who is attempting to make fraudulent payments or request suspicious transactions so they can proactively stop fraud or abusive activities before they happen.

I’d like to again thank the AlwaysOn editorial staff and other industry peers for recognizing the hard work and dedication that we and all of our partners are doing to make a difference in the anti-fraud landscape.

In order for the business rules engines to be productive, the rules they operate on need to reflect the particular risks the organization faces. When it comes to customizing business rules, this is not a “one size fits all” model. Giving a retailer, financial institution, or gaming company the ability to easily create and manage rules that are run against their transactions requires a tool that makes it simple to see, add, edit, and experiment with rules.

The iovation business rules editor provides great flexibility in managing the set of rules to be reviewed for transactions such as login, account creation, account change, and checkout. Rule sets are the collections of rules for each end-customer touch point. Rules can be added with a familiar drag-and-drop, enabled and disabled with one click, parameters can be adjusted, and lists of common items can be managed and included. An example of a list is a ‘risky ISP list’, where the user can create a list of risky ISPs and use that same list in multiple rules. If the list changes, all rules leveraging that list will be immediately updated. New rules can be evaluated without impacting scoring results by giving them a zero weight and tracking how frequently they are triggered.

The iovation rules editor provides additional flexibility to help you keep up with the evolution of fraud while protecting your business.

With total losses to Internet crime topping $599 million in 2009 (the latest annual statistics), educating others about the current state of fraud, evolving fraud tactics, high at-risk groups, and best practices to identify and prevent fraud, plays a critical role in helping consumers and businesses protect themselves from online fraud.

Fraud Prevention Month is also an indicator of how much still needs to be done for businesses to adequately protect themselves and their customers from today’s growing threats.

In the article, “One in five Canadian small firms insufficiently prepared to handle fraud,” a recent survey found 80% of Canadian small business owners believe their fraud-prevention strategies are enough to protect themselves from fraud. However, 17% responded that they are not prepared to handle new types of fraud tactics.

With cyber attacks becoming more widespread, the annual education and awareness campaign focuses on the growing concerns of online fraud. According to Gail Cocker, senior vice president of commercial banking at BMO Bank of Montreal, businesses that aren’t equipped to prevent evolving fraud tactics face increasing risk that could impact their business operations.

“Fraud is a direct threat to the success of our business customers. In today’s world, business owners must understand and manage multiple risks. Fraud is an operational risk that must be managed proactively.”

While education is key to raising the business community’s awareness of potential fraud risks, regularly assessing your fraud-prevention strategies is essential to making sure you are prepared for evolving fraud techniques that are continually seeking new ways to defraud your business and customers.

With regular events going on around the globe to help organizations protect their businesses and customers from more sophisticated cyber attacks and identity theft, the iovation team spent last week talking with 800 attendees at the 2011 Merchant Risk Council (MRC) e-Commerce Payments & Risk Conference, held at the Wynn Resort in Las Vegas. Take a look at the photos published on iovation’s Facebook page.

iovation provides device reputation and real-time risk evaluation solutions to help businesses representing retail, financial services, gaming and social networking determine the level of risk associated with their Internet transactions including PCs, tablets and smartphones. By performing device reputation checks on over 7.5 million daily online transactions for our customers, we help stop more than 150,00 online fraud and abuse attempts each day.

With identity theft the clear leader of consumer complaints over the past decade, what I found most surprising is that impostor scams — the means of deceptively assuming another identity (either that of an individual or of an organizational entity) — only cracked the FTC’s Top 10 most complained-about consumer issues for the first time last year, coming in at No. 6 with over 60,000 complaints.

With impostor scams, fraudsters earn trust with their victims by impersonating anything from credible, trustworthy businesses to consumers applying for credit or purchasing items over the Internet. Whether fraudsters are attempting to defraud individuals or socially engineer businesses, identifying cleverly concocted impostor scams requires the ability to see beyond the information provided by criminals.

For online businesses, this means looking beyond the personally identifiable information (PII) supplied by individuals. Unlike most anti-fraud tools that rely on PII to identify customers logging onto websites or requesting online transactions, iovation’s ReputationManager 360 identifies the devices being used to defraud or abuse others online. Leveraging the world’s largest device reputation database that shares intelligence on more than 500 million devices and their associations, iovation provides information that online businesses can use for protection against the growing threat of impostor scams.

But Râmnicu Vâlcea is different. Wired describes the odd contrast between flapping clotheslines and the luxury Mercedes-Benz dealership in this small Romanian town, where young men in expensive jewelry drive luxury cars, all paid for with money from eBay scams, Craigslist scams, advanced fee scams, ATM skimming, phishing, infiltrating databases, new account fraud, and account takeover fraud.

Early scams were obvious but successful. English is a second language to Romanian scammers, so over the past decade, consumers caught on to the broken English and typos typical of phishing emails or classified scams. Romanian scammers responded by hiring English speakers to clean up their communication and give them an appearance of legitimacy.

Over time, U.S. authorities and corporations who were being defrauded caught on to Romania being the hub of organized computer crime, and so began flagging wire transfers, product shipments, and credit card orders. In response, scammers developed a distribution chain involving “mules,” who often ship products or collect money in countries like the United Kingdom, in order to avoid authorities monitoring Romanian IP addresses.

There are sophisticated anti-fraud companies that work around the clock to stay ahead of scammers to make the Internet a safer place to conduct business and interact. One such company is iovation. They have a highly effective fraud protection service called ReputationManager 360 offering device reputation management to determine if a PC, smartphone, or tablet has been used to commit fraud, regardless of the country of origin. Their device reputation management is the only solution that leverages the shared experience of global brands across numerous industries, with thousands of fraud professionals from major online brands reporting and sharing fraud and abuse attempts each day.

There’s no body language, no intonation in one’s voice, and no emotional connection to the other person. It’s harder for a person’s sixth sense to connect with an avatar.

The Internet provides a great cover for predators.

In Connecticut, State Representative Mae Flexer introduced a bill designed to make online dating safer. “Sexual predators now have a new tool to find victims — Internet dating websites,” she told the General Law Committee.

And in Texas, State Representative Diane Patrick, is proposing that online dating sites be required to disclose to members whether or not background checks are done, which she believes would make online dating safer.

Online dating sites argue that people should use common sense, and point out that not all background checks are entirely accurate. What if the person’s profile is made from stolen information in the first place? The fact is, online dating sites are selling a lot more than an opportunity to connect. They market to the public, inviting them to find love using their website. And they give users an air of legitimacy by default. Posting a profile on a mainstream dating site implies a certain level of credibility.

Background checks would be a good start, and can often provide someone with all they need to make an informed decision. But they may also create a false sense of security and cannot be relied upon completely, especially when people lie about their identity.

Dating sites could incorporate another layer of protection, such as checking the computer used to create the profile in the first place. Device reputation spots online evildoers in a fraction of a second, by examining the computer, smartphone, or tablet used to connect to the dating website or social network. If a device is associated with unwanted behavior, such as spam, online scams, fake profiles, bullying or predatory behavior, the website can reject the new account or transaction. If the computer or smart phone passes the first test of not being associated with unwanted behavior, further identity and background checks would be performed. If the device does not pass, there is no need to pay for further checks.

According to Jon Karl, Vice President of Marketing at iovation Inc., “We stop 150,000 online fraudulent activities every single day. At one of our international dating clients’ websites, one out of five profiles created are found to be fraudulent. We help protect their brand and keep their members safe by identifying the bad actors upfront before they have a chance to come in contact with legitimate members.”

That being said, it would be a good and prudent practice for any online dating site to further vet and screen users. It won’t keep all the bad apples out, but it will significantly reduce those who are currently using the system for no good.

There is a great recent article in Government Info Security that examines this change titled appropriately, “The Evolution of Risk.” It gives a nice look at the role risk managers play in key strategic decisions and how stopping and analyzing the sources of fraud has been escalated in importance over the past couple of decades. The article looks at what it takes to be a Risk Manager today, and has this to say:

“The role demands new skills. Today’s risk management professionals really need to take a strategic view of managing risk to be relevant in achieving the organization’s expected outcome.”

One thing we at iovation feel is essential to a Risk Manager’s success is working with their risk management peers outside their company to stop fraud. It is simply no longer enough to work solely within your own data silo to stop fraud when the fraudsters use collaboration and communication so extensively. iovation facilitates the creation of thousands of Virtual Crime Fighters sharing device reputation data and working together to stop fraud at the companies they are responsible for.

Thousands of Risk Managers use iovation ReputationManager 360 every day to identify and shut down fraud.

Social media identity theft occurs for a number of reasons.

1. An online impersonator may attempt to steal your clients or potential clients.
2. Impersonators may squat on your name or brand, hoping to profit by selling it back to you or preventing you from using it.
3. Impersonators who pose as legitimate individuals or businesses can post infected links that will infect the victim’s PC or network with a virus that gives hackers backdoor access.
4. Impersonators sell products or services and offer deals with links to spoofed websites in order to extract credit card numbers.
5. An impersonator poses as you, and even blogs as you, in order to damage your name or brand. Anything the impersonator writes that is libelous, defamatory, or just plain wrong hurts your reputation and can even make you the target of a lawsuit.
6. Impersonators harass you or someone you know, perhaps as revenge over a perceived slight.
7. An impersonator steals a name or brand that has leverage, such as an employee, celebrity, or Fortune 500 company, as a form of social engineering, in order to obtain privileged access.
8. An impersonator poses as a government entity in order to gain access to sensitive data and commit new account fraud.
9. An impersonator may be obsessed with you or your brand and simply want to be associated with you.
10. An impersonator might parody you or your brand by creating a tongue-in-cheek website that might be funny and obviously spoofed, but will most likely not be funny to you.

Social media sites could go a long way in protecting their users by incorporating device reputation management.  Rather than looking at the information provided by the user (which in this case could be an impersonator), go deeper to identify the computer being used so that negative behaviors are exposed early and access to threatening accounts are denied before your business reputation is damaged and your users abused.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses social media Facebook scammers on CNN. Disclosures.

As expanding businesses combat an array of online crimes such as credit card fraud, phishing, forgery and money laundering, our customers’ collective experiences are reported and shared in our database of over half a billion unique device reputations, which include computers, tablets and mobile phones.

Besedo’s clients can now become part of the thousands of security professionals who leverage iovation ReputationManager 360’s comprehensive checks that include the device’s history, associations with other accounts and devices, geolocation rules, device anomalies, and worldwide velocity indicators associated with thieves quickly trying to leverage stolen credentials. Deploying our anti-fraud services to their auction, classified, gaming and community clients help businesses identify fraud and abuse activities upfront to stop fraud more effectively and increase their customer retention through safer, more secure sites.

We look forward to partnering with Besedo to help their clients reduce fraud losses and better protect their online environments and brand reputations.

Banks understand this, which is why they’re pushing mobile payment apps that are designed to make mobile banking and mobile payments faster and easier for their customers directly from their smartphones and tablets. However, because mobile transactions between banks, merchants and mobile devices aren’t as closely guarded as they are over the Internet, cyber criminals are taking advantage of this vulnerability by targeting banks and online businesses with their mobile devices.

The recent article, “Theft gangs using smartphones to steal bank card numbers,” provides another example of how Web services and new mobile devices are being used by criminals to commit financial fraud. While the rise in identity fraud is leading banks and other financial institutions to consider security tools that help protect them and their customers from mobile transaction fraud, Donald Malloy, business development manager for NagraID Security, said U.S. banks haven’t been too receptive to security measures that require customers to take additional steps such as more passcodes to authorize transactions because this creates an extra inconvenience when making a purchase.

“In the past couple years, with the recession, the banking world has not been willing to invest in any new technologies, but that’s changing now. As fraud grows, banks are realizing that they need to come forward and adopt something that’s going to help them in the future.”

Of course banks want to show their customers they are taking extra steps to detect and prevent all types of fraud. But they want to do so without impacting the customer experience. iovation allows the Banks to do both.

Whether users are accessing your Web site through a PC or any type of mobile device including a smartphone, tablet, or a laptop connected to the web by a wireless network, iovation’s ReputationManager 360 identifies all devices coming into a site and provides critical device reputation intelligence that allows banks and other financial institutions to determine the risk of a transaction (and if they want to allow, deny or review it) based on results of their customized business rules. All this takes place behind the scenes to provide banks with an extra layer of protection without disrupting the user experience.

I like to expose the flaws in our systems, to find what makes us vulnerable. Much of my “research” (or my “antics,” as some would say) is prompted by my desire to learn more about the scumbags of society, who prey on others. So I sign up for online dating sites, create a profile as a woman, and wait for men to contact me. My research has led me to discover some particularly shady methods scammers use to target emotionally vulnerable victims. The most common is an advanced fee scam involving a wire transfer.

A divorced mother of three in Britain was taken for £80,000 by a scammer posing as a US soldier. It began when a man who called himself Sergeant Ray Smith introduced himself on a dating website. Soon they were chatting and emailing regularly, and then he was calling her on the phone and asking her to wire him money.

Twenty years ago, online dating wasn’t even a thought. Ten years ago, it was weird. Five years ago, it was new and exciting. Today, it’s as normal as milk and bread. If you are looking for a mate online, you will eventually find someone. Most of my friends who’ve tried it were successful. But by the time a new technology becomes normalized, scammers, who are usually ahead of the curve, are lying in wait. As online dating gradually gained popularity and acceptance, scammers were coming up with ways to take advantage and perfecting their craft. And now it’s a full-time job for them. They know all the new scams and come up with better ways of executing the old ones.

It blows me away that these scams are even possible. In many cases, the same scammers maintain multiple profiles on different dating sites, and the dating sites do almost nothing to prevent or police this.

We caught up with anti-fraud provider iovation to see what dating sites around the world were reporting about fraudster activities.

In the last 90 days, 230,000 fraud and abuse attempts were reported to iovation from dating sites alone, including:

• Spamming – 90,000
• Scams and solicitations – 30,000
• Inappropriate content – 20,000
• Chat abuse – 17,000
• Profile misrepresentation – 15,000
• Credit card fraud – 14,000
• Identity mining / phishing attempts – 12,000

iovation has many more categories specific to dating, including bullying, account takeovers, under age members, and so on. What’s unique to their globally shared system is that their clients can choose what to take action on or not. For example, a dating site may choose to not care about cheating in online gaming sites, but set up rules to trigger multiple account creations looking for profile misrepresentation. Dating sites can specify which type of behavior to protect their users from.

If more sites incorporated device reputation checks for suspicious computer history and investigated for characteristics consistent with fraudulent use, they’d be able to deny criminals, often before the first time they tried to sign up.

Dr. Bernard Herdan, CEO of the National Fraud authority who runs Action Fraud, said fraudsters who take advantage of online dating sites are a particularly sinister bunch, who use clever tricks to gain the confidence and affections of legitimate site users before asking for money. He warned that nobody should ever send money to someone they’ve never met in person.

“These fraudsters are normally very attentive, ensuring there is regular contact via email, by text messages and telephone, as well as sending gifts, such as flowers. They take or create identities of generally good looking, upstanding members of society, such as successful business people or increasingly, as a US or UK soldier posted in the Middle East. Anyone using dating sites should be very cautious when getting to know someone, and never transfer money till you have met.”

Because Valentine’s Day is typically the busiest time for romantic courtships, online lonely hearts should be particularly cautious with new online romances. While the article provides several tips on how users can protect themselves to avoid online dating fraud, romance websites can also help in curbing threats by deploying effective security tools to help identify potential fraudsters that could be lurking within their virtual environments.

iovation’s ReputationManager 360 looks at information independent of what users provide online dating sites to give IT security professionals a unique insight into the devices (computers and mobile devices) that criminals use to create multiple profiles and accounts on their sites. This information exposes fraudulent devices and hidden device-account relationships to help romance sites identify and stop online fraud and abuse. To learn more, check out the whitepaper, “Online Dating: Keeping Your Members Safe from Online Scams and Predators.”

The drop in account takeover may be due in part to a few different things.

Less breaches. There was a drop in data breaches from 221 million records in 604 breaches during 2009 to 26 million records breached in 404 reported breaches during 2010. Criminal hacker Albert Gonzalez and his gang were responsible for many of those hacked records and he and many of his cohorts are now in jail.

PCI standards. All those responsible for accepting credit cards are now under strict Payment Card Industry Standards rules and regulations that require a level of security that took about 5 years to implement. Today many of those merchants are doing a much better job of protecting data.

Device reputation management. Technology that checks an Internet transaction by looking at the PC, smartphone or tablet to see if it has a history of bad behavior or is high risk based on device characteristics and behavior. iovation is one such company that has blocked 35 million fraudulent transactions of this sort just last year.

Javelin reports “When examining account takeover trends, the two most popular tactics for fraudsters were adding their name as a registered user on an account or changing the physical address of the account. In 2010, changing the physical address became the most popular method, with 44 percent of account takeover incidents conducted this way.”

If device reputation was integrated at the “profile update / account update” website integration point, a flag would go up when:

It’s no secret that it’s often a few bad apples that upset the bunch. Here’s where the 90/10 rule applies. 90% of people are honest whereas maybe 10% aren’t. And it’s the 10% that do 90% of the stealing. Device reputation knows who is good and who isn’t. Identity thieves are stopped cold and can’t use the hacked data to commit fraud.

New account fraud refers to financial identity theft in which the victim’s personal identifying information and good credit standing are used to create new accounts, which are then used to obtain products and services. Stolen Social Security numbers are often used to commit new account fraud.

Since the thief typically submits a different mailing address when applying for new accounts, the victim never receives the bills and may remain unaware of their existence until creditors come seeking payment for debts the thief has accumulated in the victim’s name.

Variations on new account fraud include:

Utility fraud, in which the identity thief opens new utility accounts, such as gas, electric, phone, or cable, in the victim’s name, accounts for as much as 20% of all instances of identity theft.

Loan fraud accounts for approximately 10% of instances of identity theft. In order to obtain a loan of any kind, applicants are nearly always required to provide a Social Security number.

Credit card fraud is the most lucrative type of new account fraud, and the most prevalent, accounting for almost half of all identity theft cases. Simply put, identity thieves love credit cards because they are the easiest accounts to open, and they can quickly be turned into cash.

The availability of instant credit means instant identity theft. Identity thieves froth at the mouth when they obtain personal identification information and are in range of a major retailer.

An identity theft protection service can help mitigate the risk of new account fraud by monitoring your credit for new account activity, as well as by monitoring the Internet for your personal information.

One cool company that’s watching your back is iovation. iovation spots cyber criminals by analyzing the device reputation of the computers they use to connect to a website. They investigate for suspicious history and check for characteristics consistent with fraudulent users. And the best part is that iovation can prevent a criminal from using stolen data to open a new account in the first place.

According to Scott Waddell, Vice President of Technology at iovation Inc., “iovation sees identity thieves carry out their attacks in very short-time windows to exploit their newly stolen credentials. What might typically look like one transaction to a single business is often a shotgun attack across our globally shared view. One device may be opening a new credit card account, then going to an online retailer, then applying for instant credit all within minutes, and iovation can detect that through velocity triggers and shared experience across subscribers to alert the affected businesses and thwart the attacks. That’s great for the protected businesses and for the consumers who would otherwise be dealing with fraudulent charges made under their identities.”

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses Social Security Numbers as National IDs on Fox News. (Disclosures)

In the physical world, as the saying goes, “You are only as good as your word.” And when somebody says one thing and does another, we no longer trust them.

Online, people say and do things they never would in the real world. Internet anonymity fuels bad behavior. Websites’ comments sections are filled with vitriol that you’d never hear real people utter. Pedophiles who’d never approach a child on the street contact kids over the Internet. Sex offenders avoid the stigma of their label on dating sites and social media. Scammers create accounts in order to con people and businesses into forking over money. And identity thieves use your personal information to fill out online applications for credit.

All of this is made possible by the anonymity of the Internet.

As fraudsters develop more sophisticated schemes and collaborate in elaborate fraud rings, the threat of cybercrime increases. Online businesses are getting hit hard by fraud and abuse, and it’s critical that fraud protection solutions save them from significant losses and damaged reputations.

A device reputation service checks for suspect history, but also investigates for characteristics consistent with fraudulent users. And the best part is that it denies criminals, often even before their first attempt.

According to Greg Pierson, Founder and CEO of iovation, “Device reputation helps prevent identity thieves from monetizing the credentials that they have stolen. At the same time we are protecting online businesses, we’re also protecting the consumer.”

Device-based fraud management and a shared device reputation infrastructure play a critical role in identifying online fraud and abuse. Neglecting to take advantage of these tools severely limits a business’s ability to prevent fraud.

On Super Sunday weekend much of the scamming taking place is designed to separate the public from their money using the Big Game as the lure. People are seeking information on the Game and are being tackled by criminals who steal the ball.

The promise of cheerleader-filled videos along with downloadable player pictures or even Big Game memorabilia will dominate the scamverse.

Don’t get taken:

Ticket scams abound: Auction sites and Craigslist are ground zero for Scammers who buy up a few expensive tickets and, because many tickets are printed at home, the scammer just makes copies and resells the fakes to desperate buyers online or at the game.

Social media scamming: Bad guys who pose as legitimate individuals or businesses offering up Super Sunday media and post infected links that will infect the victim’s PC or network with a virus that gives hackers backdoor access.

Search poisoning: Scammers lure victims to their scam sites via search engines. When a website is created and uploaded to a server, search engines index the scam sites as they would any legitimate site. Doing a Google search can sometimes lead you to a website designed to steal your identity.

Zombie PCs: A botnet is a group of Internet-connected zombie personal computers that have been infected by a malicious application, which allows a hacker to control the infected computers without alerting the computer owners.

Scott Waddell, Vice President of Technology at iovation states, “Criminals will lure Internet users to malicious sites where malware can compromise their computers, making their systems ‘zombies’ in a global botnet. Identity data on these systems can be stolen and remote fraudsters can monitor the systems to compromise online accounts.”

Solutions like iovation’s ReputationManager 360 can identify fraudulent use of stolen accounts through geolocation rules, velocity indicators associated with identity thieves trying to quickly leverage stolen credentials, and the shared reputation view across more than 2,000 fraud fighting professionals strengthening the system every day.

After being recognized by the international gaming and online dating communities in January as one of the top technologies for preventing fraud and increasing profitability, productivity and efficiency, we are extremely proud and honored to be recognized by industry leaders in e-Commerce as one of the most innovative fraud fighting tools for online or multi-channel retailers.

To be eligible for the awards, all entrants must be available for online or multi-channel retailers to use for the purpose of measuring, monitoring or mitigating one or more of the following: card-not-present fraud; advancing online data security; improving online payment processes; and advancing the MRC’s vision of making electronic commerce more efficient, safe and profitable.

This week, the Merchant Risk Council (MRC) announced that iovation ReputationManager 360 has been named a finalist for the 2011 MRC Emerging Technology Awards (also known as the METAwards). The awards are judged by a panel of merchants that include the likes of eBay, BestBuy.com, Go Daddy, HP, Microsoft, NCsoft, Tiffany & Co., Urban Outfitters, T-Mobile, among others. The judges recognize the most innovative and effective payment, fraud and security tools on the market. The METAwards are the MRC’s initiative to recognize the best available solutions on the market, and provide their merchant members a window into the future.

The awards will be announced at the upcoming the MRC Annual e-Commerce Payments and Risk Conference, March 23, in Las Vegas. If you are planning to attend the event, stop by our booth #217 and don’t miss our feature presentation on Thursday, March 24th at 11:00 am titled, “Circle of Fraud” with speakers Jim Houlihan of HSN, Michael Peterson of Dell, and Cory Swick of iovation.

While this and the other accolades we’ve received lately have been nothing short of overwhelming, we are extremely proud of being recognized by industry leaders and associations across multiple industries. Because we serve online retail, gaming, social community and financial services companies, the acknowledgements have been a testament to iovation’s ongoing commitment to make the Internet a safer place to interact and conduct business, as well as reinforces the positive impact we make in the everyday lives of our customers by protecting their online transactions to reduce fraud rates.

The 2011 Global Excellence Awards will be announced at an awards gala, February 16th, in San Francisco.

Basically “just like that” the up to 1000 fraud checks they receive every hour out of Egypt dropped to zero. At first glance one would think there was some type of meltdown or maybe Egyptian scammers all of a sudden decided to get a job.

Normally, iovation would see thousands of queries from Egyptian customers interacting with businesses of all types, including social networks, online dating sites, online gaming sites, banks and retailers. Then at about 6:00 pm Eastern time, nothing.

“We’ve got a unique view of the Internet at iovation. Our service experiences the interaction of unique computers and mobile devices from every nation on earth, across a broad swath of Internet commerce,” says VP of Corporate Development, Jon Karl. “When we’re seeing Egypt’s Internet fall off a cliff, it’s at a more precise individual user level rather than just through aggregated online traffic. While transactions from Egypt represent a very small percentage of the queries to iovation’s service, it has a ripple effect that’s felt by a wide variety of our customers.”

NPR reports “Egypt has apparently done what many technologists thought was unthinkable for any country with a major Internet economy: It unplugged itself entirely from the Internet to try and silence dissent. Experts say it’s unlikely that what’s happened in Egypt could happen in the United States because the U.S. has numerous Internet providers and ways of connecting to the Internet. Coordinating a simultaneous shutdown would be a massive undertaking.”

And while experts say it is unlikely in the U.S., a bill is in fact being proposed to unplug the Internet. “Legislation granting the president internet-killing powers is to be re-introduced soon to a Senate committee, the proposal’s chief sponsor told Wired.com.” Scary stuff.

iovation, is headquartered in Portland, Oregon, and has pioneered the use of device reputation to stop online fraud and abuse. The software-as-a service used by online businesses assesses risk of Internet transactions all over the world and recognizes if a device such as a PC, tablet or smartphone has a history of fraudulent behavior. This helps organizations make educated decisions if they want to do business with the person using the device.

With iovation ReputationManager 360, Japanese businesses are able to leverage the reputation of devices inside and outside of their network to:

• Expose relationships between accounts and transactions that are otherwise being hiddenKnow when a device or group of devices on their website previously defrauded or caused other problems for another business, even when all other fraud checks returned no risk
• Expose relationships between accounts and transactions that are otherwise being hidden
• Know when a device or group of devices on their website previously defrauded or caused other problems for another business, even when all other fraud checks returned no risk
• Combat both direct financial fraud and abuse-related incidents such as chat abuse, spam, promotion abuse, policy violations, profile misrepresentation, code hacking and phishing attempts
• Identify high-risk devices based on device characteristics and behavior analytics

For Japanese businesses looking to integrate fraud prevention services to reduce fraud losses, increase operational efficiencies and protect online customers, here is the contact for Info Innovation Japan.

Info Innovation Japan Inc.
1-3-6 Kitaaoyama Minato-Ku
Tokyo 107-0061 JAPAN
Phone: +81-3-3470-2239
Email: info@iovj.co.jp