For many online merchants, friendly fraud is a persistent problem. Without the right security tools in place, it is difficult to identify whether or not a customer is committing fraud.

According to the article, “Friend and Foe? Combating E-Commerce ‘Friendly Fraud’,” financial cybercrime against card-not-present (CNP) retailers can take many forms. While MasterCard says 70% of all e-commerce chargebacks are identified as fraud, more and more cardholders are committing friendly fraud due to buyers’ remorse or financial hardships. Although merchants are doing everything they can to reduce refund rates – from conducting operational assessments, marketing data analysis, and adopting a payer authentication program – they still don’t have the information needed to proactively identify and prevent friendly fraud before it happens.

While some merchants feel friendly fraud is impossible to prevent, there are solutions available that enable online businesses to proactively identify computers that have a habit of committing friendly chargebacks.

iovation ReputationManager 360 will assess risk on incoming transactions and identify whether the device being used has committed friendly chargebacks on other websites. By leveraging known intelligence and inference of risk while website visitors interact with a business’s website, they can “deny” incoming transactions when risk levels thresholds are met.

When businesses choose to “review” transactions associated with friendly chargeback histories, they will research the transaction, account or device within the ReputationManager portal. Here they will see all the other subscriber evidence related to that particular customer.

In the unfortunate event that a merchant is hit with a friendly chargeback, they will then place evidence against that account to avoid repeat offenses such as additional fraudulent orders. Merchants choose between 32 different types of fraud or abuse when placing evidence in the ReputationManager portal.

Utilizing device reputation as a best practice for fraud protection is critical to reducing fraud losses and boosting profitability, gaining operational efficiencies with the fraud prevention process, and ensuring that good customers have a safe and positive experience while interacting on your website.

When it comes to managing risk for online transactions, we get a lot of questions about how our approach compares to other commercial solutions. Establishing business rules and risk scoring in combination with device reputation ranks high among topics of interest. Simply put, iovation uses the device and transaction data available to any vendor, and combines it with the strongest database of historical device risk data available on the market today.

Risk scoring, when you boil it down, is the simple process of taking the data you have available about a given transaction and the device requesting that transaction, and measuring characteristics that would lead you to believe that it is either valid or risky. Most device-based risk scores, including those offered by iovation, incorporate common types of risk elements in their scoring. These may include:

• Velocity-based Rules – Measuring device activity in a given time frame
• Transaction Anomalies – Device characteristics that indicate the device is masking its identity, such as using an anonymizing proxy, or disabling technologies like flash

What sets iovation apart is the growing network of businesses it protects that leverage and contribute to the Device Reputation Authority (DRA). This database of over 350 million device reputations is queried more than 5 million times per day by iovation clients.

The Device Reputation Authority contains historical information about specific fraud and abuse occurrences by the device used. We use this information to further assess transaction risk for our customers in the following unique ways:

• Global Account Associations – Looking at extended relationships between devices and shared accounts that are evident in fraud rings and targeted fraud
• Factual Evidence of Fraud – Whether the information comes from a close partner, a peer, or a company in a completely unrelated industry, direct evidence of fraud on a given device is one of the strongest correlations to transaction risk a customer can have.
• Profile Risk – Profiling harnesses the power of shared factual evidence in the reputation system to measure the similarity of the device in the current transaction to those devices that have been seen across iovation subscriber sites in the past. A high ratio of known bad devices in the set of similar devices is a very strong risk indicator.

These three risk elements are tremendously valuable to our customers who find over time that either factual evidence or profile risk are so strongly correlated with fraud that it can cut their review time down substantially for those transactions.

In the world of risk scoring, cloud services, and crowdsourcing, it is proven that leveraging information from larger affinity groups provides unmatched effectiveness. When a company is combating highly sophisticated fraudsters determined to defeat their defenses, what risk analyst wouldn’t want to know that a device trying to create an account or make a purchase had previously been flagged for fraudulent activity? Adding this data to risk scores increases their ability to shine light on fraud that might otherwise remain hidden.

With fraudsters better at hiding their true identities, it’s getting more and more difficult to know which online transactions to trust and which to reject. Would if you could confidently identify good transactions from the bad ones before they occurred? How valuable would this intelligence be in your ongoing efforts to reduce the risk of online fraud or abuse?

Join us for a live webinar, “Detecting High-Risk Transactions,” on Tuesday, July 20th. Learn how you can proactively assess risky transactions to better protect your business from more sophisticated schemes and elaborate fraud rings. Along with discussing the various techniques today’s cyber criminals use to hide their identities, you’ll learn more about the top 5 methods of detecting transaction risk, including:

Transaction Anomaly — Check mismatches, proxies and disabled components.
Velocity Rules — Know when activity counts have been met or exceeded.
Profile Risk — Check against aggregate profiles of risky accounts or devices.
Factual Evidence — Identify when known bad devices touch your website.
Account Associations — Identify and shut down fraud rings for good.

Register today at iovation.com/risk-mitigation.

We look forward to a very insightful, interactive discussion.

While friendly fraud is nothing new, according to an industry study it remains a prevalent problem throughout the online retail community. In the article, “Merchants’ Battle Against Friendly Fraud Will Be A Protracted One — Across Two Fronts,” LexisNexis found that friendly fraud accounted for more than one-third of the total fraud losses for online-only merchants in 2009, costing them .4% of their total annual revenue. While that number dropped slightly for the largest e-commerce merchants to about 24% of their total fraud losses, it still represented a significant amount of lost revenue last year.

Definition of friendly fraud: Any transaction, contested by a customer, where the merchant suspects that the customer or a personal associate (child, spouse) legitimately authorized the transaction in question. (more…)

iovation is announcing a new partnership with Failsafe Payments, a leading merchant service provider that connects online merchants with worldwide banks, payment processors, shopping carts, and e-commerce payment alternatives.

I recently sat down with Failsafe’s chief operating officer, Patrick Sallnert, to discuss some of the top online payment challenges facing today’s merchants, its integrated e-commerce platform, Certo Payment Gateway, and how our partnership will help provide safe and secure online payment services for merchant customers.

Max Anhoury: We are very excited to be partnered with Failsafe Payments and your Certo Payment Gateway. Would you please tell our readers about Failsafe Payments and how it got started?

Patrick Sallnert: Failsafe Payments was created in 2007 as a regular billing company by a very experienced team within e-payments. Our goal early on was to make it easy for merchants to find suitable billing solutions along with an easy API or payment page integration along with excellent customer support. In 2008, we established Failsafe Payments North America with an office in Cleveland, Ohio, and it was around this time I started to think about the product that would later become Certo Payment Gateway. (more…)

Along with the enormous success of mobile phone sales, wireless carriers and resellers have to contend with a variety of issues around theft and fraud. Working closely with several carriers and resellers, we’ve seen four primary fraud threats that financially impact carrier business. They include:

1. Account creation / application fraud – In this case, a fraudster uses a stolen identity to apply for an account online to order phones and services.  After initiating a shipping scheme to obtain the goods, the fraudster runs up the phone bill until the carrier or identity theft victim uncovers the charges.Much like credit issuers, carriers perform comprehensive identity and financial background checks on applicants, however, the checks are on the identity theft victim.  By adding a device check at the front of the process (which looks at the computer or Internet-enabled device being used), carriers can quickly identify suspicious activity such as when the same computer initiates multiple applications under various identities, or if the computer being used has been involved in previous fraudulent activity. (more…)

As we continue to learn more about how cyber criminals operate, online businesses continue to seek out effective countermeasures against organized fraudsters committing fraud and abuse. Trying to fight fraud alone can be a losing battle. No matter how much information your business has collected to stop criminals, there is a growing number of sophisticated fraudsters out there who are constantly changing their identities and the profile of their computers, to perpetrate fraud across a multitude of verticals.

One of the most effective ways to defend your enterprise is by working together and sharing information with other fraud teams across multiple industries. Interacting with a centralized, global network of fraud intelligence arms you with information upfront to minimize your chances of having to take that first hit. (more…)

While online payments is the fastest growing segment of retail and payments, it also continues to be one of the riskiest. As cyber criminals step up their game and adapt new techniques to defraud online and card-not-present (CNP) merchants, payment providers and online retailers must take steps to protect their networks from organized fraud rings. (more…)

More evidence that cyber criminals are using personal information from social networking sites to create socially engineered attacks was recently disclosed when VeriSign iDefense reported a cyber crook was trying to sell 1.5 million Facebook accounts on an electric fraud Web forum. In the article, “1.5 Million Facebook Accounts for Sale in Web Forum, VeriSign Reports,” social networking credentials are gaining value in the cyber-underworld. According to Rick Howard, director of cyber-intelligence at iDefense, the more Facebook friends an account has, the more valuable the credential. (more…)

While the hot new iPad provides an exciting platform to surf the web, exchange emails and read books, users are also using the computer tablet to access their existing accounts on social networking sites, play virtual games, and make online purchases much like they would on their home computer.

This past week, iovation has seen a rapid adoption of the iPad being used at our customer sites. We’ve seen the number of iPad transactions grow by thousands every single day since the new device was made available. And these transactions aren’t just occurring within the same industry. In fact, we’re seeing iPad transactions on a multitude of verticals including travel sites, social networks, sportsbooks, dating sites, credit issuers, MMOs and online social games. And our job is to make sure that the transactions processed are from legitimate, good customers.

Topping the list of industries where we’ve seen the most online transactions this week is online communities at 45%, with the majority on social networking sites as opposed to dating sites. The second largest group was online retail, accounting for 28% of total iPad transactions. Most of those transactions occurred on travel sites. And lastly, international gambling sites such as sportsbooks came in third, at 23% of all iovation-protected iPad transactions.

So that’s where we’re helping customers, but what information do fraud teams share within our database in order to reduce fraud losses and ensure good customers have a positive experience on their site?

iovation tracks over 30 different types of bad behavior and this segmentation is important to our customers. How they treat evidence (specific types of fraud and abuse) changes across various industries. For example, an online retailer cares about mitigating chargebacks and catching criminal activity before product goes out the door, whereas an online community cares more about stopping spam, solicitations, predators and phishing attempts, in order to protect community members and maintain a safe and trusted environment.

Our customers can customize our fraud protection service to gain control over the specific transactions and activities that they correlate with high risk. This allows them to take more business with confidence and spend less time conducting costly manual reviews.

Believe it or not, within the first week of iPad sales, we have already uncovered fraudulent activity. Over half of all transactions denied from iPads were specifically related to credit card fraud. In other words, they were fraudsters attempting to monetize stolen identities on our customers’ websites.

As iPads connect to online businesses to create accounts, submit applications and make purchases, it is very important for organizations to know whether or not the device:

• has committed fraud or abuse on their site
• has committed fraud or abuse at another business
• has relationships with other devices or accounts that have been involved with fraud or abuse
• has not been seen before, but matches the profile of other high-risk or suspect devices

As iovation’s global shared database of over 275 million devices grows, so do the reputations of iPads used to request transactions. This is important information that companies can use to determine whether or not a transaction requested by an iPad, or any other Internet device, can be trusted and just the kind of information iovation provides to its valued customers.

The FBI recently released some interesting findings about cyber crime that confirmed what we suspected all along — cyber criminals are very business-like, working together, and operate like most other businesses that are out to make a profit. In the article, “The rise of Mafia-like cyber crime syndicates,” Deputy Assistant FBI Director, Steven Chabinsky, said a number of sting operations have uncovered the various roles individuals play within a criminal organization down to the specific titles and duties.

For example, Coders write the malware. Hackers are actively searching for vulnerabilities to exploit. Fraudsters create and deploy social engineering schemes. Hosters provide safe hosting of content on servers and sites. Techies maintain the infrastructure. And Leaders are the managers who keep the team together. (more…)

While overall percentages of online fraud continue to climb, one of our partners in fighting cyber crime, Retail Decisions (ReD), reported that card payment fraud in the UK dropped an estimated 15% last year. According to the article, “ReD Estimates a 15% Drop in UK Card Payment Fraud in 2009,” the value of online, mail order and telephone order fraud dipped to GBP278 million in 2009 from GBP328 million in 2008.

Retail Decisions CEO, Carl Clump, credits innovations in fraud prevention technologies for the estimated 15% decline over the past year. This defied the trend where overall CNP (card not present) fraud losses have grown consistently over the past five years. Despite the total drop in losses, Clump was quick to point out that the current trend, which would continue well into 2010, may not be here to stay. (more…)

Online retailers are losing on average 1.2% of their total revenue to online fraud. That’s according to a recent survey conducted by the Merchant Risk Council and reported in the article, “Fraud is costing online merchants 1.2% of revenue, survey finds.” Not surprising, the more automated fraud screening tools a company used, the lower their fraud rates were.

For large online merchants that used 7.9 fraud tools, fraud losses dropped to 0.9% of their revenue compared to the 4.7 average tools for all survey respondents. Reported fraud rates for international orders were also lower for large online retailers by a 1.4% to 2% margin, compared to all companies who participated in the survey. (more…)

Last week, the Internet Crime Complaint Center (IC3) released its 2009 Annual Report on Internet fraud activity, and the results were staggering. According to the report, in 2009 U.S. citizens lost nearly $560 million to online scams. That number more than doubled the $265M in online fraud losses reported in 2008. The IC3, which tracks worldwide complaints of Internet fraud through its Web site, also said the total number of complaints in 2009 jumped 22% compared to 2008.

In the article, “Internet fraud’s U.S. price tag put at $550 million,” Donald Brackman, director of the National White Collar Crime Center (NW3C), said the growing figures can be largely attributed to increasingly sophisticated online schemes and cyber criminals’ ability to hide their true identities online. (more…)

For some time now I’ve been writing about the importance of businesses working together to combat cyber crime. Echoing this sentiment is retired Air Force General Dale Meyerrose, who sat down this week with The New New Internet to discuss the importance of building partnerships, the challenges of building those alliances, and the question of who is ultimately responsible for protecting critical infrastructures in cyberspace.

In the article, “Cybersecurity Partnerships are Absolutely Critical, says Gen. Dale Meyerrose,” Meyerrose, now the VP for Cyberspace Solutions at Harris Corporation, expressed his concerns surrounding cybersecurity and the economic impact of cyber crime:

“The [issue] of most concern to me is cyber crime… elements of cyber crime, particularly economically for our country, have come to the point where we need to really be concerned. There have been estimates that we’ve lost over a trillion dollars a year to cyber crime in the last couple years. And it now exceeds all other crime in terms of the amount of money.” (more…)