When it comes to managing risk for online transactions, we get a lot of questions about how our approach compares to other commercial solutions. Establishing business rules and risk scoring in combination with device reputation ranks high among topics of interest. Simply put, iovation uses the device and transaction data available to any vendor, and combines it with the strongest database of historical device risk data available on the market today.

Risk scoring, when you boil it down, is the simple process of taking the data you have available about a given transaction and the device requesting that transaction, and measuring characteristics that would lead you to believe that it is either valid or risky. Most device-based risk scores, including those offered by iovation, incorporate common types of risk elements in their scoring. These may include:

• Velocity-based Rules – Measuring device activity in a given time frame
• Transaction Anomalies – Device characteristics that indicate the device is masking its identity, such as using an anonymizing proxy, or disabling technologies like flash

What sets iovation apart is the growing network of businesses it protects that leverage and contribute to the Device Reputation Authority (DRA). This database of over 350 million device reputations is queried more than 5 million times per day by iovation clients.

The Device Reputation Authority contains historical information about specific fraud and abuse occurrences by the device used. We use this information to further assess transaction risk for our customers in the following unique ways:

• Global Account Associations – Looking at extended relationships between devices and shared accounts that are evident in fraud rings and targeted fraud
• Factual Evidence of Fraud – Whether the information comes from a close partner, a peer, or a company in a completely unrelated industry, direct evidence of fraud on a given device is one of the strongest correlations to transaction risk a customer can have.
• Profile Risk – Profiling harnesses the power of shared factual evidence in the reputation system to measure the similarity of the device in the current transaction to those devices that have been seen across iovation subscriber sites in the past. A high ratio of known bad devices in the set of similar devices is a very strong risk indicator.

These three risk elements are tremendously valuable to our customers who find over time that either factual evidence or profile risk are so strongly correlated with fraud that it can cut their review time down substantially for those transactions.

In the world of risk scoring, cloud services, and crowdsourcing, it is proven that leveraging information from larger affinity groups provides unmatched effectiveness. When a company is combating highly sophisticated fraudsters determined to defeat their defenses, what risk analyst wouldn’t want to know that a device trying to create an account or make a purchase had previously been flagged for fraudulent activity? Adding this data to risk scores increases their ability to shine light on fraud that might otherwise remain hidden.

With fraudsters better at hiding their true identities, it’s getting more and more difficult to know which online transactions to trust and which to reject. Would if you could confidently identify good transactions from the bad ones before they occurred? How valuable would this intelligence be in your ongoing efforts to reduce the risk of online fraud or abuse?

Join us for a live webinar, “Detecting High-Risk Transactions,” on Tuesday, July 20th. Learn how you can proactively assess risky transactions to better protect your business from more sophisticated schemes and elaborate fraud rings. Along with discussing the various techniques today’s cyber criminals use to hide their identities, you’ll learn more about the top 5 methods of detecting transaction risk, including:

Transaction Anomaly — Check mismatches, proxies and disabled components.
Velocity Rules — Know when activity counts have been met or exceeded.
Profile Risk — Check against aggregate profiles of risky accounts or devices.
Factual Evidence — Identify when known bad devices touch your website.
Account Associations — Identify and shut down fraud rings for good.

Register today at iovation.com/risk-mitigation.

We look forward to a very insightful, interactive discussion.

As we continue to learn more about how cyber criminals operate, online businesses continue to seek out effective countermeasures against organized fraudsters committing fraud and abuse. Trying to fight fraud alone can be a losing battle. No matter how much information your business has collected to stop criminals, there is a growing number of sophisticated fraudsters out there who are constantly changing their identities and the profile of their computers, to perpetrate fraud across a multitude of verticals.

One of the most effective ways to defend your enterprise is by working together and sharing information with other fraud teams across multiple industries. Interacting with a centralized, global network of fraud intelligence arms you with information upfront to minimize your chances of having to take that first hit. (more…)

Understandably, many sessions at this year’s LOGIN Conference in Seattle centered around game world monetization and payment types. Gaming businesses have a number of monetization models to choose from, including free-to-play, subscription, virtual goods, sponsored branded goods, virtual goods catalog/store front, virtual goods trading, crafting virtual goods, mini games, in-game competitions, and even in-game media assets—such as billboards or sponsored branded events.

To make things even more interesting, there are also different currencies. While the main currency remains to be real-world money as you might expect, secondary currencies include things like player experience, activity and achievement (in other words, gaining points for advancing levels within a game). (more…)

I just returned from LOGIN 2010 and wanted to share a few things that I thought were interesting, and might actually be meaningful to you.  Between the opportunity to involve games into people’s work life, the growing choices of monetization and payment types, and the ongoing fight against cyber criminals and in-game abuse, we at iovation are very excited to be engaged in this fascinating industry.

For this multi-part blog series, here’s my first topic of interest from LOGIN Seattle.

Part I:  Playing at Work.

The next frontier for the application of virtual worlds and game environments could actually be in the workforce. Considering work activities and putting them in a game-like environment with scores, levels, rewards, visibility and recognition could really be something in the future. (more…)

As many of the online game industry’s most respected leaders and innovators convene in Seattle next week for the LOGIN Conference, we look forward to seeing familiar faces and meeting new friends at this year’s event.

As always, the show will feature some of the industry’s top names sharing their ideas about advancements in technology and design, the future of digital games, and how online games and virtual worlds are helping solve real-world business issues.

iovation has a particular interest in this show because we actively protect over 20 gaming clients and their legitimate players from all forms of fraud and abuse. Each day, our device reputation technology helps more than 75 individual online games identify bad players in their virtual environments — and keep them from returning — to build a safer and more trusting online gaming experience for their good customers. (more…)

While the hot new iPad provides an exciting platform to surf the web, exchange emails and read books, users are also using the computer tablet to access their existing accounts on social networking sites, play virtual games, and make online purchases much like they would on their home computer.

This past week, iovation has seen a rapid adoption of the iPad being used at our customer sites. We’ve seen the number of iPad transactions grow by thousands every single day since the new device was made available. And these transactions aren’t just occurring within the same industry. In fact, we’re seeing iPad transactions on a multitude of verticals including travel sites, social networks, sportsbooks, dating sites, credit issuers, MMOs and online social games. And our job is to make sure that the transactions processed are from legitimate, good customers.

Topping the list of industries where we’ve seen the most online transactions this week is online communities at 45%, with the majority on social networking sites as opposed to dating sites. The second largest group was online retail, accounting for 28% of total iPad transactions. Most of those transactions occurred on travel sites. And lastly, international gambling sites such as sportsbooks came in third, at 23% of all iovation-protected iPad transactions.

So that’s where we’re helping customers, but what information do fraud teams share within our database in order to reduce fraud losses and ensure good customers have a positive experience on their site?

iovation tracks over 30 different types of bad behavior and this segmentation is important to our customers. How they treat evidence (specific types of fraud and abuse) changes across various industries. For example, an online retailer cares about mitigating chargebacks and catching criminal activity before product goes out the door, whereas an online community cares more about stopping spam, solicitations, predators and phishing attempts, in order to protect community members and maintain a safe and trusted environment.

Our customers can customize our fraud protection service to gain control over the specific transactions and activities that they correlate with high risk. This allows them to take more business with confidence and spend less time conducting costly manual reviews.

Believe it or not, within the first week of iPad sales, we have already uncovered fraudulent activity. Over half of all transactions denied from iPads were specifically related to credit card fraud. In other words, they were fraudsters attempting to monetize stolen identities on our customers’ websites.

As iPads connect to online businesses to create accounts, submit applications and make purchases, it is very important for organizations to know whether or not the device:

• has committed fraud or abuse on their site
• has committed fraud or abuse at another business
• has relationships with other devices or accounts that have been involved with fraud or abuse
• has not been seen before, but matches the profile of other high-risk or suspect devices

As iovation’s global shared database of over 275 million devices grows, so do the reputations of iPads used to request transactions. This is important information that companies can use to determine whether or not a transaction requested by an iPad, or any other Internet device, can be trusted and just the kind of information iovation provides to its valued customers.

The FBI recently released some interesting findings about cyber crime that confirmed what we suspected all along — cyber criminals are very business-like, working together, and operate like most other businesses that are out to make a profit. In the article, “The rise of Mafia-like cyber crime syndicates,” Deputy Assistant FBI Director, Steven Chabinsky, said a number of sting operations have uncovered the various roles individuals play within a criminal organization down to the specific titles and duties.

For example, Coders write the malware. Hackers are actively searching for vulnerabilities to exploit. Fraudsters create and deploy social engineering schemes. Hosters provide safe hosting of content on servers and sites. Techies maintain the infrastructure. And Leaders are the managers who keep the team together. (more…)

For some time now I’ve been writing about the importance of businesses working together to combat cyber crime. Echoing this sentiment is retired Air Force General Dale Meyerrose, who sat down this week with The New New Internet to discuss the importance of building partnerships, the challenges of building those alliances, and the question of who is ultimately responsible for protecting critical infrastructures in cyberspace.

In the article, “Cybersecurity Partnerships are Absolutely Critical, says Gen. Dale Meyerrose,” Meyerrose, now the VP for Cyberspace Solutions at Harris Corporation, expressed his concerns surrounding cybersecurity and the economic impact of cyber crime:

“The [issue] of most concern to me is cyber crime… elements of cyber crime, particularly economically for our country, have come to the point where we need to really be concerned. There have been estimates that we’ve lost over a trillion dollars a year to cyber crime in the last couple years. And it now exceeds all other crime in terms of the amount of money.” (more…)

The security strategy of “defense-in-depth” allows a system or an organization to prevent an attack by coordinating complementary defense techniques, taking advantage of the strengths of each one while relying on the combination to shore up weaknesses in the others.  The end result is a more complex and nuanced system that is resilient to a much greater number of attacks.

In a similar vein, we can see that any single device recognition strategy on the Web is going to run into some serious limitations, mostly related to the quality and the variety of the data that can be collected from a browser.  There are a number of sources of data that we can use to construct a view of a device on the Web, but most of them can be manipulated, and all of them have problems with uniqueness.  How to build a system that is resilient to so much data uncertainty?  Yeah, I know you’re already a step ahead of me – we design in depth. (more…)

Identity fraud, and the number of its victims, continues to rise each year.

According to a recent article,  “Number of identity fraud victims jumps,” a Javelin Strategy & Research survey found that the total number of ID fraud victims in the U.S. rose to last years to 11.1 million—a 12% increase over the year before. The study also found that 2009 losses due to ID fraud totaled  $54 billion (in comparison  $48 billion in 2008).

But why, with so many anti-fraud management solutions and techniques available, does ID fraud continue to climb year-over-year? According to James Van Dyke, president and founder of Javelin, the continual evolution of technology is one of three main factors contributing to the increase of Identity fraud. Van Dyke sees online crime continuing to escalate, due to: (more…)

It’s been said that the best offense is a good defense. But how do you defend against something that’s always changing? That’s an important question for IT security professionals who know that it’s only a matter of time before cyber criminals find ways to take advantage of the inherent weaknesses in even the best technologies.

The harsh reality is that today’s cyber criminals are so tech savvy and innovative that staying one step ahead of them isn’t always possible. That’s why, when it comes to network security, a good defense should be made up of several different layers. That way, even if a hacker is able to exploit vulnerability in one layer of the system, he may be stopped or slowed down by another. This strategy, known as defense in depth, essentially allows organizations to protect the integrity of their systems by slowing hackers down and buying security professionals the time they need to respond to a security breach once it has occurred. This mitigates the damage that malicious hackers can do, even if they are able to make it past initial barriers. (more…)

After a three-year investigation by the FBI and the UK’s Serious Organized Crime Agency (SOCA), British authorities announced they have arrested the sophisticated network of cyber criminals behind DarkMarket, one of the world’s top criminal websites. The site, which operated out of an unassuming London Internet café, was an international cyber supermarket for stolen credit card and bank account information that officials say has cost the banking industry tens of millions of dollars. (more…)

How much money has the world lost to e-crime so far? … A trillion dollars. That’s the estimated annual cost of e-crime worldwide, according to a recent article, “National online-fraud helpline to launch in April.” Despite the staggering losses attributed to online crime, victims of such crimes—both individuals and businesses—have not had a simple option for reporting them. Hopefully this is about to improve, with the UK’s new Action Fraud helpline, one of the first attempts at streamlining a call-in process for victims to report online crime.

I commend the National Fraud Reporting Centre (NFRC) for getting the hotline going. The helpline will allow individuals and small businesses to report cyber crime to a central agency, simplifying what would otherwise be a confusing process involving potentially several different government ag encies. A similar effort in the U.S., the Internet Crime Complain Center (IC3), currently allows individuals to file complaints of internet fraud through its website. (more…)

Velocity-based rules have long been used by merchants to help identify potentially fraudulent online behavior. Typically, velocity-based rules function by looking at commonalities in personal information, across accounts and transactions. For example, a warning may be set off if multiple accounts, or multiple orders, all have different names but the same shipping address. Another example might be if multiple accounts were all set up using the same password.

Unfortunately, these kinds of velocity checks are of limited value against more sophisticated fraudsters who have the information, the technology, and the general savvy to set up multiple accounts that all, on paper, look completely different—different names, different credit card numbers, different shipping addresses, different IP addresses. (more…)