Since when did hackers start worrying about moral turpitude? In the underground cybercrime economy where lies, deception and maintaining complete anonymity are the key attributes for success, I find it ironic that trust, yes trust, has climbed the ladder of qualifications that today’s online fraudsters need to profit in the digital black market.

In the article, “Cybercrime is now a booming industry,” the new Global Risks for 2012 report says that along with a steady increase in cyber attacks on businesses and governments around the globe, the top concern for illegal digital data sellers is maintaining trust with their customers.

According to an ethical hacker in India, the digital black market has become so competitive that entrepreneurial cyber criminals depend on their trustworthiness, along with free trials, discounted offers and money-back guarantees on stolen goods, to succeed in the shady underworld. (more…)

Turns out, crime does pay, at least for hackers committing identity theft over the Internet.

In the article, “Why Internet crimes go unpunished,” security expert Roger Grimes breaks down some interesting numbers around cybercrime, and how hackers are (to put it mildly) beating the odds. According to the FBI’s 2011 Internet Crime Report, of the more than 300,000 complaints that netted criminals $1.1 billion in 2010, law enforcement agencies convicted an average of one crook for every 50,635 victims. In other words, as Grimes eloquently states:

Steal someone’s identity and your odds of being caught are almost infinitesimal.

With all the hacks and fraud headlines 2011 will be remembered for, that’s definitely not the way we want to ring in the New Year. But as Grimes also warns, if we aren’t careful we could see history repeat itself as criminals not only continue defrauding computer users, but launch recycled attacks against the explosion of worldwide mobile device users, who could fall victim to the same old PC tricks. (more…)

Online fraudsters have always been a shifty bunch. The worst part is, it’s their chameleon-like nature that is part of their ongoing success, as well as every fraud managers’ nightmare.

According to the Banking Times article, “Criminals shifting to card-not-present fraud because of chip and PIN success,” they are on the move again. Data recently released by FICO, a leading provider of analytics and decision management technology, shows that across Europe card-not-present (CNP) fraud has dramatically increased, accounting for 72% of all fraud losses between March 2009 and March 2011. The big reason for this change? Chip and PIN technology, which has helped reduce counterfeit fraud by 60% over the same period.

In comparison, a similar study conducted three years ago found that ‘card present’ fraud accounted for 60% of Europe’s credit card fraud. But since European banks adopted the smartcard payment system, that number has dropped significantly over the past couple of years.

So, remaining consistent to their adaptive nature, it appears that cyber criminals have shifted their attention to CNP schemes like online fraud, targeting countries and business systems with weaker detection and prevention capabilities, said Martin Warwick, FICO’s Fraud Chief in Europe, the Middle East and Africa. (more…)

Some say shopping on your smartphone or tablet is still in its infancy stage. While this may be true to a certain degree, however, several new holiday shopping reports show that mobile commerce is growing up pretty fast.

In the article, “Mobile commerce played an integral part of the 2011 holiday season,” online retailers capitalized on the smartphone and tablet phenomenon by boosting their m-commerce promotions during the past holiday season. As a result, a company spokesperson at Gilt Groupe, a US-based shopping website, said mobile-only promotions contributed to 20% of all sales during November and December, with mobile traffic and sales increasing well over 100% in December 2011 compared to December 2010.

“Mobile continues to play a large role in driving Gilt’s business. And we continue to utilize mobile as a channel to reach both existing and new customers wherever they are.”

North America electronics retailer, Crutchfield Corporation, also saw triple-digit increases in mobile traffic and sales, a trend the Crutchfield’s director of e-commerce, Todd Cabell, believes will continue to climb in the new year. (more…)

iovation is continually developing new features to meet customer business challenges, keep pace with the constantly changing Internet environment, respond to great customer ideas, and meet our own internal strategic goals.

It’s been a busy year with a ton of new features and enhancements ranging from big to small. We thought we’d take a moment to share with you some of the highlights from 2011.

As with any technology, there are many, many things that go into a new feature including design, development, testing, documentation, integration and other operational requirements. We won’t go into that amount of detail here, but instead will focus on the primary achievements within each of the four principle areas of specialization at iovation, which include:

A few week’s back, I wrote how iovation’s fraud prevention service had been named as a finalist for the 2011 Red Herring 100 Global Award. This week we are proud to announce that iovation was named a Top 100 Global Company.

It’s truly an honor to follow in the footsteps of some of the most recognizable technology companies in the world such as Google, YouTube, Skype and eBay, who have all been previously selected to Red Herring’s prestigious Top 100 Global list.

This recognition is a direct result of years of hard work evolving our fraud protection service into a full spectrum device reputation solution that supports native and web integrations for mobile and desktop devices, tagged and tagless device recognition, real-time transparent risk scoring, and on-demand and scheduled reporting. Our remarkable growth is attributed to the collaborative work and effectiveness of our global device intelligence network, which today protects billions of transactions for our clients representing multiple industries around the globe. (more…)

In the hours following the two most-anticipated shopping days of the year — Black Friday and Cyber Monday — we’ve already seen a number of impressive figures that defy earlier modest expectations for the holiday season.

According to the NY Times article, “Cyber Monday Shopping Surpasses Expectations,” both ComScore and IBM Benchmark reported that the $1.3 billion spent by online shoppers represented up to a 33% increase in online sales over last year. This followed record-breaking Black Friday weekend sales of $52.4 billion, which CNN Money reported is a 16% jump over 2010. Either way you cut it, there’s little doubt that retail and online sales over the weekend could make for a very profitable holiday season for merchants.

At iovation, we help our clients know who to trust online, by quickly recognizing their good online customers and isolating the fraudsters through shared device intelligence. By identifying bad actors upfront and flagging suspicious transactions in real-time, we help merchants decline fraudulent orders faster, minimize chargebacks and take more good business with confidence — all especially important during the holiday’s peak traffic.

Looking at iovation’s device reputation network on Black Friday and Cyber Monday, we found some interesting trends and year-over-year comparisons during the two hottest shopping days of the year, including:

• 400% increase in the rate of fraudulent transactions (from 1% to 4%) on Black Friday
• 25% increase in the rate of fraudulent transactions (from 3% to 4%) on Cyber Monday
• 15% greater transaction volume on Cyber Monday compared to Black Friday
• 4% mobile fraud rate on both Black Friday and Cyber Monday

While it was no surprise that credit card fraud, shipping fraud and account takeovers topped the list of fraud types reported to iovation’s database on these days, a noticeable drop in the share of mobile shopping activity was very unexpected.

Despite several industry surveys forecasting significant increases in mobile purchases over the holidays, iovation saw mobile transactions decrease as a share of overall activity on Black Friday and Cyber Monday. While mobile transactions usually account for 5% of queries to iovation’s service, mobile’s share of overall retail transactions dropped to 3.2% on Black Friday and 2.7% on Cyber Monday. At this point any conclusions would be only speculative as to why mobile transactions were down during these peak periods. Are consumers not ready to make purchases over their smartphones? Is the user experience of a smartphone checkout too cumbersome compared to the convenience of a desktop?  As retailers look to the mobile market as an increasingly important channel, it will be critical that they solve these issues.

As Internet traffic grows exponentially, the ability to identify all online transactions is an ongoing challenge for any organization. This challenge is even more significant for businesses whose sales revenues rely on online payments. For them, the ability to analyze and decipher the difference between a valid transaction and a risky one is critical to their business success.

As we inch closer to the holiday season, a pair of recent articles highlight the increasing volume of online transactions that are just around the corner for online merchants. If there is a security takeaway from these trends, it’s that IT fraud teams better be prepared for significant increases in online transactions over the next few weeks. (more…)

“Carders” are the people who test and sell credit card details (most likely phished) to other individuals who carry out the actual credit card fraud. Carders are the most visible of criminals who distribute and sell stolen data to whoever is willing to take it and burn it onto a white card or make purchases over the internet. “Dumps” is a term for the batches stolen credit card data they buy and sell.

Computerworld reports:

“Tony Perez III, of Hammond, Indiana, pleaded guilty to the charges on April 4. In his plea, Perez said he sold counterfeit credit cards encoded with stolen account information. Perez found customers through criminal ‘carding forums,’ Internet discussion groups set up to aid in the buying and selling of stolen financial account information and related services.”

“During a June 2010 search of Perez’s residence, Secret Service agents found 20,987 stolen credit card accounts on his computers, in his email messages, in an online account and on counterfeit credit cards he was in the process of manufacturing, according to court documents. Credit card companies have reported more than US$3.1 million in fraudulent charges associated with those accounts, court documents said.”

Carding is a full time profession for thousands of hackers worldwide. Retailers’, banks’, credit card processors’, and many other corporations’ databases often contain millions of credit card numbers, and are targeted in “advanced persistent threats.” Any entity that accepts credit cards online or in the physical world is a ripe target for fraud. (more…)

Businesses have always been challenged with knowing whether a customer is genuine or not. It’s a critical part of any company’s daily business operations, and how they protect themselves from fraud losses that impact the bottom line. But with online merchants taking more orders from new and evolving technologies, the ability to identify the good from the bad is a great challenge.

As cyber criminals take advantage of various technologies to bypass businesses’ digital security efforts, any business that wants to succeed in today’s rapidly-changing business environment needs to have layered and effective security measures in place that allow them to know when they are dealing with a legitimate customer or a clever fraudster.  (more…)

At iovation, we understood early on that you can’t successfully fight evolving online fraud and abuse alone. It takes ongoing collaboration. In other words, authentication and security providers working together to achieve a common goal – to prevent and stop fraud. That’s been our approach from day one, and it continues today.

To expand our fraud preventative services to organizations in southern Europe, we’ve partnered with AliasLab, a leading professional services, consultancy and system integrator specializing in digital signature solutions and secure data transfer. Through this partnership, AliasLab will offer iovation’s device identification service, ReputationManager 360, along with its sophisticated Out of Band (OOB) authentication solution, SecureCall Suite, which offers strong authentication, mobile payment digital signature and mobile VAS services to banking, insurance and telcos in Italy and Southern Europe.

It goes without saying that we are very proud to be partnering with an industry leader like AliasLab. This partnership is a key for iovation’s growth largely because our companies’ authentication and device reputation solutions are extremely complimentary to each other. Together, we provide a highly effective next-generation solution for authentication and fraud management. (more…)

Consumers, businesses, retailers, and even the media are becoming numb to news about data breaches. Not a week goes by when we don’t hear of another major breach affecting thousands or even millions of customer accounts.

Criminal hackers are getting smarter and savvier all the time, and they often have better technology than the banks and retailers tasked with protecting your data.

Time reported on a recent Javelin Strategy and Research survey in which Javelin analyzed 23 of the biggest credit card issuers’ online security practices. When companies were graded on a 100-point scale, the average result was just 59. Javelin head of security and risk analyst Phil Blank, who authored the study, explained, “The good news is issuers are doing a better job overall of resolution, but that’s the easiest thing to do. Prevention is the hardest to do but it’s got the biggest payback.” (more…)

As mobile transactions become part of our everyday lives, online businesses that allow users to access their websites from mobile devices and provide mobile payment options need to consider the security challenges and new risks that emerging mobile platforms create for both consumers and businesses.

iovation has seen first-hand mobile transactions increase by more than 300% annually. With merchants expecting more fraud as a percentage of sales from their mobile channel, I look forward to participating alongside with other leading mobile security authorities in the panel, “Mobile Security: Improving Systems to Mitigate Fraud,” at the Mobile Contactless Payment Innovations Summit in Chicago.

I will be joining Marc Washawsky, SVP Mobile Channel Executive at Bank of America, Kevin Gillick, Executive Director at GlobalPlatform, Jack Jania, SVP GM Secure Transactions at Gemalto, and moderator, James Wester, Editor of Mobile Payments Today, as we share with executives from retailers, banks, card issuers and payment networks insights on assessing risk and detecting fraudulent behavior from mobile devices, including smart phones and tablets. Some of the topics we will cover include:  (more…)

Good news in the fight against online fraud. The Financial Fraud Action UK recently announced that fraud stemming from card-not-present (CNP) transactions fell 8% over the same period last year.

In the InternetRetailing article, “Online shopping fraud down in first half of 2011,” during the six months ending in June, online shopping fraud including mail order and phone fraud dropped to £109.2m compared to the £118.2m in fraud losses in the first six months of 2010.

Source: Financial Fraud Action UK, Cheque & Credit Clearing Company and The UK Cards Association

While findings like these are certainly encouraging, it doesn’t mean the bad guys have given up. Far from it. While an increase in fraud protection measures play a significant role in the declining numbers, once a security hole is filled fraudsters typically turn their energies elsewhere.

DCI Paul Barnard, head of the Dedicated Cheque and Plastic Crime Unit (DCPCU), is quick to point out that while online shopping fraud losses are down, the fraudulent use of lost or stolen cards is up 20%.

“There has been an increase in old fashioned scams – criminals using distraction techniques and social engineering methods to get hold of people’s cards or phone banking details. We are urging everyone to be on their guard.”

As organized cyber criminals shift tactics, the ability to expose thieves who are fraudulently using someone else’s personal or financial information to purchase items online is essential to preventing fraud or abusive activity that impacts consumers and an online business’s bottom line. This is something iovation does every day for merchants that sell goods and services over the Internet.

Checking millions of daily transactions coming into our B2B customers’ websites against our dynamic, device reputation database that’s now 715 million deep, iovation’s ReputationManager 360 provides real-time device intelligence IT fraud teams need to instantly recognize and reject bad orders on the spot to prevent an array of fraud techniques and social engineering schemes designed to defraud today’s online businesses.

Much like the annual gains of any financial market, the cyber crime economy is growing.

According to the article, “Cyber crime hit 431 million adults in 24 countries,” a recent Norton cybercrime report found online crime jumped 3% compared to its 2010 study, costing fraud victims more than $388 billion worldwide over the past year.

Eating up 35% of the global cybercrime bill were U.S. fraud victims, who spent $139 billion on cybercrime last year. That amounts to 141 victims per minute, an alarming statistic even for Norton’s consumer cybercrime expert, Helen Malani. (more…)