As an online fraud prevention company, our goal at iovation is simple: To protect our clients from harmful online activity that can negatively impact their business and customers. Improving our clients’ businesses by greatly reducing fraud and abuse rates is the ultimate reward. Being recognized by our peers is just icing on the cake. This week, we were proud to announce that we had our cake and ate it, too.

On Monday, we were named by AlwaysOn and industry experts as one of the 2011 OnDemand Top 100 winners, which recognizes leadership and game-changing approaches and technologies likely to disrupt existing markets and entrenched players. iovation was chosen for our unique ability to detect online fraudulent activity in real-time and keep our clients’ businesses and customers safe. (more…)

Fraud prevention requires layers of defense. Mature fraud organizations often have several layers that interrogate the transaction details such as name, address, and credit card details, device reputation that starts with device identification, and risk scoring on rules developed over time to detect fraud attempts as well as predict new types of attacks.

In order for the business rules engines to be productive, the rules they operate on need to reflect the particular risks the organization faces. When it comes to customizing business rules, this is not a “one size fits all” model. Giving a retailer, financial institution, or gaming company the ability to easily create and manage rules that are run against their transactions requires a tool that makes it simple to see, add, edit, and experiment with rules.

The iovation business rules editor provides great flexibility in managing the set of rules to be reviewed for transactions such as login, account creation, account change, and checkout. Rule sets are the collections of rules for each end-customer touch point. Rules can be added with a familiar drag-and-drop, enabled and disabled with one click, parameters can be adjusted, and lists of common items can be managed and included. An example of a list is a ‘risky ISP list’, where the user can create a list of risky ISPs and use that same list in multiple rules. If the list changes, all rules leveraging that list will be immediately updated. New rules can be evaluated without impacting scoring results by giving them a zero weight and tracking how frequently they are triggered.

The iovation rules editor provides additional flexibility to help you keep up with the evolution of fraud while protecting your business.

Raising the awareness of fraud and emerging fraud trends is in the best interest of everyone, particularly those who purchase, sell and communicate with others on the Internet. For this year’s Fraud Prevention Month, the annual education and awareness campaign focused on the growing concerns of online fraud.

With total losses to Internet crime topping $599 million in 2009 (the latest annual statistics), educating others about the current state of fraud, evolving fraud tactics, high at-risk groups, and best practices to identify and prevent fraud, plays a critical role in helping consumers and businesses protect themselves from online fraud.

Fraud Prevention Month is also an indicator of how much still needs to be done for businesses to adequately protect themselves and their customers from today’s growing threats. (more…)

The Federal Trade Commission (FTC) recently reported that for the 11th straight year, identity theft was the leading complaint among consumers. In the article, “Identity theft and impostor scams among consumer complaints last year, FTC says,” over 250,000 (19%) of the 1.3 million complaints filed to the FTC in 2010 were related to identity theft. While there are many weaknesses in the protection of personal data, many speculate that the Internet has played a huge role in exacerbating this problem.

With identity theft the clear leader of consumer complaints over the past decade, what I found most surprising is that impostor scams — the means of deceptively assuming another identity (either that of an individual or of an organizational entity) — only cracked the FTC’s Top 10 most complained-about consumer issues for the first time last year, coming in at No. 6 with over 60,000 complaints.

With impostor scams, fraudsters earn trust with their victims by impersonating anything from credible, trustworthy businesses to consumers applying for credit or purchasing items over the Internet. Whether fraudsters are attempting to defraud individuals or socially engineer businesses, identifying cleverly concocted impostor scams requires the ability to see beyond the information provided by criminals.

(more…)

Scammers and hackers often originate from Ghana, Nigeria, Romania, Korea, Israel, Columbia, Argentina, Philippines, Malaysia, and, of course, China and the good old USA. These developing countries breed MIT-like hackers who spend all their days targeting consumers and Internet users like you and me.

But Râmnicu Vâlcea is different. Wired describes the odd contrast between flapping clotheslines and the luxury Mercedes-Benz dealership in this small Romanian town, where young men in expensive jewelry drive luxury cars, all paid for with money from eBay scams, Craigslist scams, advanced fee scams, ATM skimming, phishing, infiltrating databases, new account fraud, and account takeover fraud.

Early scams were obvious but successful. English is a second language to Romanian scammers, so over the past decade, consumers caught on to the broken English and typos typical of phishing emails or classified scams. Romanian scammers responded by hiring English speakers to clean up their communication and give them an appearance of legitimacy.

Over time, U.S. authorities and corporations who were being defrauded caught on to Romania being the hub of organized computer crime, and so began flagging wire transfers, product shipments, and credit card orders. In response, scammers developed a distribution chain involving “mules,” who often ship products or collect money in countries like the United Kingdom, in order to avoid authorities monitoring Romanian IP addresses.

There are sophisticated anti-fraud companies that work around the clock to stay ahead of scammers to make the Internet a safer place to conduct business and interact. One such company is iovation. They have a highly effective fraud protection service called ReputationManager 360 offering device reputation management to determine if a PC, smartphone, or tablet has been used to commit fraud, regardless of the country of origin. Their device reputation management is the only solution that leverages the shared experience of global brands across numerous industries, with thousands of fraud professionals from major online brands reporting and sharing fraud and abuse attempts each day.

It’s no secret that there are kooky people in the world, and those kooky people seem to gravitate to the Internet. My theory is that those with ulterior motives relish the anonymity of the web, which allows them to lure in their victims more easily. I can see why they’d appreciate that. It’s easier to lie online.

There’s no body language, no intonation in one’s voice, and no emotional connection to the other person. It’s harder for a person’s sixth sense to connect with an avatar.

The Internet provides a great cover for predators.

In Connecticut, State Representative Mae Flexer introduced a bill designed to make online dating safer. “Sexual predators now have a new tool to find victims — Internet dating websites,” she told the General Law Committee. (more…)

Being a sales leader at iovation is an exciting and interesting job. I get to work with companies across a wide spectrum of industries spanning from the traditional, like financial services and retail, to the unique and new – such as gaming, community sites and gambling. On a daily basis, I get to talk with experienced professionals who are focused on a problem that is fundamental to preserving their company’s profitability and viability. One thing I’ve found in these discussions, is that when it comes to stopping fraud and managing risk they have a lot in common. Risk is no longer simply about meeting compliance guidelines, it’s an essential element of online businesses’ strategy.

There is a great recent article in Government Info Security that examines this change titled appropriately, “The Evolution of Risk.” It gives a nice look at the role risk managers play in key strategic decisions and how stopping and analyzing the sources of fraud has been escalated in importance over the past couple of decades. (more…)

Social media is the fifth form of mainstream media. At this point, most people know how to use social media, and how to navigate the various websites. But what most users don’t yet realize is how social media can be used against them.

Social media identity theft occurs for a number of reasons.

1. An online impersonator may attempt to steal your clients or potential clients.
2. Impersonators may squat on your name or brand, hoping to profit by selling it back to you or preventing you from using it.
3. Impersonators who pose as legitimate individuals or businesses can post infected links that will infect the victim’s PC or network with a virus that gives hackers backdoor access.

(more…)

I’m extremely happy to announce our new partnership with Besedo, the Swedish-based business process outsourcing company that offers content moderation, safety and customer retention. Through this partnership, Besedo will extend iovation’s advanced fraud and abuse prevention services to its customers in online classifieds, auctions, social networks, online dating and gaming websites.

As expanding businesses combat an array of online crimes such as credit card fraud, phishing, forgery and money laundering, our customers’ collective experiences are reported and shared in our database of over half a billion unique device reputations, which include computers, tablets and mobile phones. (more…)

In a relatively short period of time, mobile devices have changed the way people access the Internet. So much so that mobile web traffic is expected to overtake desktop access by 2015.

Banks understand this, which is why they’re pushing mobile payment apps that are designed to make mobile banking and mobile payments faster and easier for their customers directly from their smartphones and tablets. However, because mobile transactions between banks, merchants and mobile devices aren’t as closely guarded as they are over the Internet, cyber criminals are taking advantage of this vulnerability by targeting banks and online businesses with their mobile devices.

The recent article, “Theft gangs using smartphones to steal bank card numbers,” provides another example of how Web services and new mobile devices are being used by criminals to commit financial fraud. While the rise in identity fraud is leading banks and other financial institutions to consider security tools that help protect them and their customers from mobile transaction fraud, Donald Malloy, business development manager for NagraID Security, said U.S. banks haven’t been too receptive to security measures that require customers to take additional steps such as more passcodes to authorize transactions because this creates an extra inconvenience when making a purchase. (more…)

I’m weird. I know this because people tell me all the time. They tell me I’m weird because I like to do things that most people don’t. I like to do things that are different, and different usually means weird. One of my little weird things is posing as a woman. Yup. Read on.

I like to expose the flaws in our systems, to find what makes us vulnerable. Much of my “research” (or my “antics,” as some would say) is prompted by my desire to learn more about the scumbags of society, who prey on others. So I sign up for online dating sites, create a profile as a woman, and wait for men to contact me. My research has led me to discover some particularly shady methods scammers use to target emotionally vulnerable victims. The most common is an advanced fee scam involving a wire transfer.

A divorced mother of three in Britain was taken for £80,000 by a scammer posing as a US soldier. It began when a man who called himself Sergeant Ray Smith introduced himself on a dating website. Soon they were chatting and emailing regularly, and then he was calling her on the phone and asking her to wire him money. (more…)

For romantics across the globe, love is in the air this Valentine’s Day. But like love itself, it’s also a time to be cautious when seeking romance online. In the article, “Be fraud safe this Valentines — top tips to avoid online dating fraud,” the Action Fraud report found that over the past six months approximately £2.5 million was stolen by online dating fraudsters.

Dr. Bernard Herdan, CEO of the National Fraud authority who runs Action Fraud, said fraudsters who take advantage of online dating sites are a particularly sinister bunch, who use clever tricks to gain the confidence and affections of legitimate site users before asking for money. He warned that nobody should ever send money to someone they’ve never met in person. (more…)

Account takeover happens when your existing bank or credit card accounts are infiltrated and money is siphoned out. A hacked account or stolen credit card is often to blame.

The drop in account takeover may be due in part to a few different things.

Less breaches. There was a drop in data breaches from 221 million records in 604 breaches during 2009 to 26 million records breached in 404 reported breaches during 2010. Criminal hacker Albert Gonzalez and his gang were responsible for many of those hacked records and he and many of his cohorts are now in jail.

PCI standards. All those responsible for accepting credit cards are now under strict Payment Card Industry Standards rules and regulations that require a level of security that took about 5 years to implement. Today many of those merchants are doing a much better job of protecting data.

Device reputation management. Technology that checks an Internet transaction by looking at the PC, smartphone or tablet to see if it has a history of bad behavior or is high risk based on device characteristics and behavior. iovation is one such company that has blocked 35 million fraudulent transactions of this sort just last year. (more…)

As long as identity thieves continue to breach databases and steal Social Security numbers, new account fraud will plague the public.

New account fraud refers to financial identity theft in which the victim’s personal identifying information and good credit standing are used to create new accounts, which are then used to obtain products and services. Stolen Social Security numbers are often used to commit new account fraud.

Since the thief typically submits a different mailing address when applying for new accounts, the victim never receives the bills and may remain unaware of their existence until creditors come seeking payment for debts the thief has accumulated in the victim’s name.

Variations on new account fraud include:

Utility fraud, in which the identity thief opens new utility accounts, such as gas, electric, phone, or cable, in the victim’s name, accounts for as much as 20% of all instances of identity theft. (more…)

Device reputation spots online evildoers by examining the computer, smartphone, or tablet they are using to connect to any website. If a device is recognized as having previously committed some type of unwanted behavior, the website has the opportunity to reject the transaction, preventing damage before it occurs.

In the physical world, as the saying goes, “You are only as good as your word.” And when somebody says one thing and does another, we no longer trust them.

Online, people say and do things they never would in the real world. Internet anonymity fuels bad behavior. Websites’ comments sections are filled with vitriol that you’d never hear real people utter. Pedophiles who’d never approach a child on the street contact kids over the Internet. Sex offenders avoid the stigma of their label on dating sites and social media. Scammers create accounts in order to con people and businesses into forking over money. And identity thieves use your personal information to fill out online applications for credit. (more…)