In the article, “Cybercrime is now a booming industry,” the new Global Risks for 2012 report says that along with a steady increase in cyber attacks on businesses and governments around the globe, the top concern for illegal digital data sellers is maintaining trust with their customers.

According to an ethical hacker in India, the digital black market has become so competitive that entrepreneurial cyber criminals depend on their trustworthiness, along with free trials, discounted offers and money-back guarantees on stolen goods, to succeed in the shady underworld.

“Today, the main concern for the data sellers is to generate trust among their clients.”

Any legitimate business knows the importance of building and maintaining a high level of trust and confidence with their paying customers. Without it, we have no customers. Turns out, the cyber underground is no different. In order to sell stolen goods to their customers, cyber criminals, whose livelihood is based on creating a web of lies to steal other people’s information, also have to establish and preserve an upstanding reputation among their likeminded clients.

At iovation, we’ve always understood the power of reputation — both good and bad. In fact, our business is built on the experiences and expertise of more than 2,000 fraud analysts from leading brands worldwide, who have all contributed to our device reputation database of over 800 million unique devices, including PCs, laptops, smartphones, tablets and consoles.

Unlike anti-fraud solutions that rely on personally identifiable information (PII), iovation’s advanced device reputation technology focuses on the user’s device to identify and stop fraud in real time, as well as make quicker decisions on legitimate online orders and business transactions. By including a fraud prevention service like iovation’s ReputationManager 360 to any multi-layered security strategy, organizations don’t have to rely solely on potentially stolen or misrepresenting information provided by criminals to perpetrate fraud over the Internet.

While there’s no arguing that trust is essential for doing business — apparently between cyber criminals, as well — having a trusted resource like iovation to uniquely recognize known fraudulent devices, expose hidden fraud rings and identify good customers before the transaction takes place, can play a pivotal role in any business’s ongoing challenge to reduce online fraud rates.

While monetary gains are always the ends to the means for cyber thieves, the digital goldmine appears to be personal and financial information stolen from email accounts and bank accounts, as well as intellectual property, all of which hackers can sell on the cyber black market. Some additional points in the Global Risks for 2012 report included:

• Cybercrime, cyber-espionage and cyberwarfare are on the rise
• Credit card cloning is flourishing in India, conducted by Nigerians living in India who are using card data received from Russian underground forums
• Hackers are launching chance attacks on individual users and more targeted attacks on businesses and governments to exploit system security flaws
• Corporate source codes for products, intellectual property and defense data is extremely valuable to competitive organizations and governments
• Enterprises leveraging social media tools should consider the risks of employees accessing social media sites while on the corporate network

In the article, “Why Internet crimes go unpunished,” security expert Roger Grimes breaks down some interesting numbers around cybercrime, and how hackers are (to put it mildly) beating the odds. According to the FBI’s 2011 Internet Crime Report, of the more than 300,000 complaints that netted criminals $1.1 billion in 2010, law enforcement agencies convicted an average of one crook for every 50,635 victims. In other words, as Grimes eloquently states:

Steal someone’s identity and your odds of being caught are almost infinitesimal.

With all the hacks and fraud headlines 2011 will be remembered for, that’s definitely not the way we want to ring in the New Year. But as Grimes also warns, if we aren’t careful we could see history repeat itself as criminals not only continue defrauding computer users, but launch recycled attacks against the explosion of worldwide mobile device users, who could fall victim to the same old PC tricks.

While law enforcement certainly has its challenges in tracking down and prosecuting cyber criminals, nobody will argue that we can always be doing something on our part to help reduce the risk of fraud where the criminal is utilizing a computer, as well as emerging mobile platforms like smartphones and tablets.

Whether you’re an individual, small to mid-size business, or even a large international corporation, in many ways you’re sort of on your own in cyberspace. This is why taking matters into your own hands and implementing defense-in-depth fraud preventative strategies is so critical to protecting yourself, your employees and business from both evolving and old-school scams targeting every form of Internet-connected device that we use.

This is the time of year when most businesses are setting their budgets and determining business goals for 2012. While improving customer service and increasing revenues are certainly at the top of any CEO’s to-do list, mitigating costly fraud risks that can take a hefty bite out of annual profits (not to mention cause significant reputation damage) requires organizations to deploy effective security tools like iovation’s ReputationManager 360 solution to reduce the risk of fraud or abuse over all devices and platforms connecting to their online business environment.

According to the Banking Times article, “Criminals shifting to card-not-present fraud because of chip and PIN success,” they are on the move again. Data recently released by FICO, a leading provider of analytics and decision management technology, shows that across Europe card-not-present (CNP) fraud has dramatically increased, accounting for 72% of all fraud losses between March 2009 and March 2011. The big reason for this change? Chip and PIN technology, which has helped reduce counterfeit fraud by 60% over the same period.

In comparison, a similar study conducted three years ago found that ‘card present’ fraud accounted for 60% of Europe’s credit card fraud. But since European banks adopted the smartcard payment system, that number has dropped significantly over the past couple of years.

So, remaining consistent to their adaptive nature, it appears that cyber criminals have shifted their attention to CNP schemes like online fraud, targeting countries and business systems with weaker detection and prevention capabilities, said Martin Warwick, FICO’s Fraud Chief in Europe, the Middle East and Africa.

“Our analysis of the data shines a spotlight on the tremendous change that has occurred in Europe’s fraud landscape.”

While European credit issuers continue to leverage Chip and PIN technology as part of their defensive strategies to fight fraud, the Merchant Advisory Group (MAG) recently rolled out a recommended roadmap for a U.S. electronic payments strategy that includes Chip and PIN adoption.

Such strategies have proven to help reduce card present fraud, but as the report shows, their success has also pushed hackers into new directions. Instead of using the actual credit card to defraud businesses in person, criminals are collecting credit card and personal information and using it to commit a host of online crimes including CNP fraud, account takeover and identity fraud.

As criminals increasingly pursue online fraud opportunities around the globe, businesses that rely on online payments need effective fraud detection tools that protect the growing number of online transactions taking place within the U.K. and across international borders.

Leveraging our fraud database of more than 800 million desktop and mobile device reputations worldwide, iovation performs 6.5 million device reputation checks a day for our customers. A complementary fraud prevention solution like iovation’s ReputationManager 360 provides businesses with unique intelligence and a deeper understanding of each device accessing their website or requesting a transaction, allowing them to make quicker, better informed decisions on all online transactions even if fraudsters try to re-invent how they defraud businesses over the Internet.

In the article, “Mobile commerce played an integral part of the 2011 holiday season,” online retailers capitalized on the smartphone and tablet phenomenon by boosting their m-commerce promotions during the past holiday season. As a result, a company spokesperson at Gilt Groupe, a US-based shopping website, said mobile-only promotions contributed to 20% of all sales during November and December, with mobile traffic and sales increasing well over 100% in December 2011 compared to December 2010.

“Mobile continues to play a large role in driving Gilt’s business. And we continue to utilize mobile as a channel to reach both existing and new customers wherever they are.”

North America electronics retailer, Crutchfield Corporation, also saw triple-digit increases in mobile traffic and sales, a trend the Crutchfield’s director of e-commerce, Todd Cabell, believes will continue to climb in the new year.

“Mobile was certainly a bright spot this holiday season. It’s clear more and more customers are becoming comfortable using their mobile devices to research and purchase a wide variety of products. We anticipate continued growth in both the smartphone and tablet channels during 2012.”

As more consumers trust their mobile devices to purchase goods over the Internet, online merchants recognize the importance of including mobile in their cross-channel marketing efforts. At iovation, we see the mobile channel not only as an emerging sales channel, but a thriving one, for e-commerce. This is why our ReputationManager 360 fraud prevention tool recognizes, in real-time, all Internet-connected devices by type, including PCs, smartphones and tablets, that access retail websites.

By better understanding the devices connecting to their site, retail fraud managers can immediately accept, deny or pull for further review all transactions coming through their cross-channel sales mix. For retailer’s creating mobile-exclusive promotions that target smartphone and tablet users, this level of fraud protection is essential to the customer experience, profitability, and a merchant’s overall brand reputation.

If you are interested in learning more about how iovation protect online retail sites from fraudsters attempting all types of criminal or abusive behavior, we will be at the upcoming NRF Retail’s Big Show, January 16-18 in New York City.

We’d love it if you stopped by our booth #2820 to chat about any fraud issues your business is experiencing or anticipating, and to pick up your Virtual Crime Fighter t-shirt. By integrating iovation’s device reputation service on your account creation or checkout page, for example, we can help you stop cyber criminals—all without collecting any personally identifiable information (PII)—whether they are using a computer, tablet or mobile phone to access your site.

And while at the NRF Retail’s Big Show, one session that looks very interesting is “Emerging Technologies: Driving Businesses for Retailers, While Minimizing Risks from Fraudsters” at 2:00 pm on Tuesday.  The session is moderated by Evan Schuman, Editor of StorefrontBacktalk.com with speakers Joseph LaRocca, Sr. Asset Protection Advisor of the NRF and Bill Titus, Vice President of Loss Prevention at Sears Holding Corporation.  (See page 37 of the Show Guide).

It’s been a busy year with a ton of new features and enhancements ranging from big to small. We thought we’d take a moment to share with you some of the highlights from 2011.

As with any technology, there are many, many things that go into a new feature including design, development, testing, documentation, integration and other operational requirements. We won’t go into that amount of detail here, but instead will focus on the primary achievements within each of the four principle areas of specialization at iovation, which include:

It’s truly an honor to follow in the footsteps of some of the most recognizable technology companies in the world such as Google, YouTube, Skype and eBay, who have all been previously selected to Red Herring’s prestigious Top 100 Global list.

This recognition is a direct result of years of hard work evolving our fraud protection service into a full spectrum device reputation solution that supports native and web integrations for mobile and desktop devices, tagged and tagless device recognition, real-time transparent risk scoring, and on-demand and scheduled reporting. Our remarkable growth is attributed to the collaborative work and effectiveness of our global device intelligence network, which today protects billions of transactions for our clients representing multiple industries around the globe.

Red Herring Chairman, Alex Vieux, elaborated on the difficulty the editorial staff goes through each year in selecting the Global Top 100.

“Choosing the best out of the previous two years was by no means a small feat. After rigorous contemplation and discussion, we narrowed down our list from 1,100 potential companies to 100 winners. It was an extremely difficult process. iovation should be extremely proud of its achievement, the competition for the Top 100 was fierce. The Top 100 Global are truly the best of the best.”

Companies were evaluated on both quantitative and qualitative criteria such as financial performance, technology innovation, management quality, strategy and market penetration.

The full list of 2011 winners is located at: http://www.herring100.com/RHG/2011/top100.html.

According to the NY Times article, “Cyber Monday Shopping Surpasses Expectations,” both ComScore and IBM Benchmark reported that the $1.3 billion spent by online shoppers represented up to a 33% increase in online sales over last year. This followed record-breaking Black Friday weekend sales of $52.4 billion, which CNN Money reported is a 16% jump over 2010. Either way you cut it, there’s little doubt that retail and online sales over the weekend could make for a very profitable holiday season for merchants.

At iovation, we help our clients know who to trust online, by quickly recognizing their good online customers and isolating the fraudsters through shared device intelligence. By identifying bad actors upfront and flagging suspicious transactions in real-time, we help merchants decline fraudulent orders faster, minimize chargebacks and take more good business with confidence — all especially important during the holiday’s peak traffic.

Looking at iovation’s device reputation network on Black Friday and Cyber Monday, we found some interesting trends and year-over-year comparisons during the two hottest shopping days of the year, including:

• 400% increase in the rate of fraudulent transactions (from 1% to 4%) on Black Friday
• 25% increase in the rate of fraudulent transactions (from 3% to 4%) on Cyber Monday
• 15% greater transaction volume on Cyber Monday compared to Black Friday
• 4% mobile fraud rate on both Black Friday and Cyber Monday

While it was no surprise that credit card fraud, shipping fraud and account takeovers topped the list of fraud types reported to iovation’s database on these days, a noticeable drop in the share of mobile shopping activity was very unexpected.

Despite several industry surveys forecasting significant increases in mobile purchases over the holidays, iovation saw mobile transactions decrease as a share of overall activity on Black Friday and Cyber Monday. While mobile transactions usually account for 5% of queries to iovation’s service, mobile’s share of overall retail transactions dropped to 3.2% on Black Friday and 2.7% on Cyber Monday. At this point any conclusions would be only speculative as to why mobile transactions were down during these peak periods. Are consumers not ready to make purchases over their smartphones? Is the user experience of a smartphone checkout too cumbersome compared to the convenience of a desktop?  As retailers look to the mobile market as an increasingly important channel, it will be critical that they solve these issues.

As we inch closer to the holiday season, a pair of recent articles highlight the increasing volume of online transactions that are just around the corner for online merchants. If there is a security takeaway from these trends, it’s that IT fraud teams better be prepared for significant increases in online transactions over the next few weeks.

The first article, “Retailers: Don’t Leave ‘Peak Week’ Money on the Table,” highlights the jump in online traffic over the four-day sales period it terms, “Peak Week.” That’s the time between Black Friday (the day after Thanksgiving) and Cyber Monday (the following Monday). According to analysts at Experian Marketing Services, each of these four days appear in the top 10 for high transaction rates. Other online traffic and retail email data results the marketing group released included:

• In 2010, online traffic to the top 500 retail sites increased 5% during Peak Week over 2009
• Email volume increased 26% in 2010 versus 2009 during Peak Week
• Black Friday online traffic increased 13% in 2010
• Black Friday is the second-biggest day for online email transactions

In the article, “Online Merchants Prepare for Cyber Weekend (Not Monday),” Ken Wisnefski, founder and CEO of the search engine marketing and E-commerce solutions firm, WebiMax, elaborated on the significance of how Peak Week, or what he calls, “Cyber Weekend,” has become much larger than a one-day retail event.

“Online retailers and merchants have largely invested in E-commerce, online ads and ramping up their website infrastructure in 2011. We’re seeing these merchants committed to making it a weekend-long buying experience versus confining the mad-dash to just one day.”

At iovation, our mission is to support our clients’ business growth by securing online transactions through highly effective fraud prevention solutions. iovation is focused on helping our subscribers manage the higher volume of risks that come with peak season online transactions, without negatively impacting the shoping experience for their customers.

As an anti-fraud security provider that helps stop more than 150,000 fraud incidents each day, we understand the importance of efficiently managing high-volume order flows. Making sure that your fraud team is prepared for the growing number of online orders over peak sales periods is critical if you’re going to get the most out of the holiday sales season.

Computerworld reports:

“Tony Perez III, of Hammond, Indiana, pleaded guilty to the charges on April 4. In his plea, Perez said he sold counterfeit credit cards encoded with stolen account information. Perez found customers through criminal ‘carding forums,’ Internet discussion groups set up to aid in the buying and selling of stolen financial account information and related services.”

“During a June 2010 search of Perez’s residence, Secret Service agents found 20,987 stolen credit card accounts on his computers, in his email messages, in an online account and on counterfeit credit cards he was in the process of manufacturing, according to court documents. Credit card companies have reported more than US$3.1 million in fraudulent charges associated with those accounts, court documents said.”

Carding is a full time profession for thousands of hackers worldwide. Retailers’, banks’, credit card processors’, and many other corporations’ databases often contain millions of credit card numbers, and are targeted in “advanced persistent threats.” Any entity that accepts credit cards online or in the physical world is a ripe target for fraud.

It’s in the retailer’s best interest to put online fraud prevention measures in place to thwart credit card fraud use on their sites. This not only helps them keep their chargebacks and fees low, but it also protects their brand reputation with their loyal customers. But how can retailers detect when fraudsters are stealing from their websites in the first place?

Before verifying identity and credit information, first make sure that the computer, tablet or smartphone connecting to the site is not a known fraudulent device – one used to steal from your business in the past, or from other online businesses.

Would you like to know if the device is acting suspicious such as masking its IP address or constantly changing its characteristics between transactions? Is it opening an excessive number of new accounts, or are new countries suddenly accessing your customer’s existing accounts?

There are many indicators of risk and companies like Oregon-based iovation Inc. helps online businesses set up fraud and risk rules in advance so that as transactions come in, the rules run and all checks in a fraction of a second. This device identification service can stop the transaction right then and there.

Carders are just one piece of the cybercrime puzzle. Having a defense-in-depth approach to fraud prevention is essential. And sharing fraud intelligence with other businesses can only help you catch more fraud, and meanwhile, take more business with confidence.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses another databreach on Good Morning America. (Disclosures)

As cyber criminals take advantage of various technologies to bypass businesses’ digital security efforts, any business that wants to succeed in today’s rapidly-changing business environment needs to have layered and effective security measures in place that allow them to know when they are dealing with a legitimate customer or a clever fraudster. 

In the article, “IT industry news: Identity fraud ‘a threat to businesses,’” Neil Munroe, chair of the Identity Fraud Consumer Awareness Group (IFCAG), said the growing threat of identity theft is not going away anytime soon. In other words, for businesses embracing new technology including mobile devices to offer customers multiple ways to purchase goods over the Internet, every company’s online payment process needs to have the proper protections in place if they are going to succeed and remain competitive.

The fact is fraud doesn’t stop, and in all likelihood, it never will. It merely changes methods.

While it’s true no single anti-fraud solution can stop every new type of fraud criminals can think up, iovation’s device reputation technology provides online businesses with a critical layer of fraud detection that identifies the user’s device in real-time, allowing them to stop a fraudulent transaction before it takes place. In doing so, merchants can better secure their payment processes by determining if online orders are coming from genuine customers or known fraudulent devices across any type of remote technology.  When placing iovation’s device check upfront in your fraud detection process, if the transaction is fraudulent, businesses can save money by not running subsequent and costly checks.

To expand our fraud preventative services to organizations in southern Europe, we’ve partnered with AliasLab, a leading professional services, consultancy and system integrator specializing in digital signature solutions and secure data transfer. Through this partnership, AliasLab will offer iovation’s device identification service, ReputationManager 360, along with its sophisticated Out of Band (OOB) authentication solution, SecureCall Suite, which offers strong authentication, mobile payment digital signature and mobile VAS services to banking, insurance and telcos in Italy and Southern Europe.

It goes without saying that we are very proud to be partnering with an industry leader like AliasLab. This partnership is a key for iovation’s growth largely because our companies’ authentication and device reputation solutions are extremely complimentary to each other. Together, we provide a highly effective next-generation solution for authentication and fraud management.

Working with many of the market’s leading brands, AliasLab has an established presence in Italy and Southern Europe. They will share how iovation’s global fraud prevention solution reduces online fraud and abuse to protect corporate brands and their customers, allowing them to:

• Know when an Internet-enabled device with a history of fraud touches their website
• Expose related accounts and devices collaborating in fraud
• Assess risk by velocity, past behavior and device characteristics

By customizing business rules to meet their specific and evolving needs, organizations leverage iovation’s device identification technology and comprehensive risk assessment service to confidently allow, deny or flag suspicious transactions in real-time to increase operational efficiency, saving both time and money.

We look forward to working with Roberto Tabacchi and the rest of the innovative team at AliasLab to expand our global presence and help businesses recognize and stop all types of online fraud and abuse.

Criminal hackers are getting smarter and savvier all the time, and they often have better technology than the banks and retailers tasked with protecting your data.

Time reported on a recent Javelin Strategy and Research survey in which Javelin analyzed 23 of the biggest credit card issuers’ online security practices. When companies were graded on a 100-point scale, the average result was just 59. Javelin head of security and risk analyst Phil Blank, who authored the study, explained, “The good news is issuers are doing a better job overall of resolution, but that’s the easiest thing to do. Prevention is the hardest to do but it’s got the biggest payback.”

The report also found that for a full year after your bank account information has been hacked, there is a strong chance that you will be a victim of credit card fraud. So even though you may be getting a little hardened to data breach warnings, you still need to watch your credit card statements closely. As long as you dispute unauthorized credit card charges within 60 days, federal laws limit liability to $50. Unauthorized debit card charges must be reported within two days, or liability jumps to $500.

One of the FFIEC’s recommendations for financial institutions involves using complex device identification. iovation, an Oregon-based security firm, offers an advanced device identification service that incorporates real-time risk assessments, the history of fraud on linked devices (such as chargebacks, identity theft and credit application fraud) and exposes fraudsters working together to steal from online businesses.

“Complex device identification” involves the creation of a digital fingerprint based on several characteristics of the device including hardware and software configuration, Internet protocol addresses, and geolocation. Unfortunately, complex device ID by itself only increases the strength of identification; it does little to increase the efficacy of an overall anti-fraud strategy.

“Device reputation” offers all of the security measures that complex device ID does, but it also strategically incorporates velocity, anomalies, proxy busting, webs of associations (linking devices and accounts), and fraud and abuse histories. Device reputation moves from a micro to a macro view of transactions which takes into account how particular devices behave or have behaved beyond its activities with a financial institution, its usage by a current user or other users, and/or its relationship to other devices.  This chart explains what is involved with each:

Leading financial institutions aren’t merely complying with the FFIEC’s security recommendations, but are going beyond it by incorporating device reputation and other authentication and anti-fraud tools into their layered security approach.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses credit and debit card fraud on CNBC. Disclosures

iovation has seen first-hand mobile transactions increase by more than 300% annually. With merchants expecting more fraud as a percentage of sales from their mobile channel, I look forward to participating alongside with other leading mobile security authorities in the panel, “Mobile Security: Improving Systems to Mitigate Fraud,” at the Mobile Contactless Payment Innovations Summit in Chicago.

I will be joining Marc Washawsky, SVP Mobile Channel Executive at Bank of America, Kevin Gillick, Executive Director at GlobalPlatform, Jack Jania, SVP GM Secure Transactions at Gemalto, and moderator, James Wester, Editor of Mobile Payments Today, as we share with executives from retailers, banks, card issuers and payment networks insights on assessing risk and detecting fraudulent behavior from mobile devices, including smart phones and tablets. Some of the topics we will cover include: 

• The importance of mobile security
• Common perceptions customers have towards mobile devices
• Mobile standards, practices and identity issues
• The security and fraud implications for consumer vs. business devices
• The future of mobile security

Each year, iovation assesses billions of online transactions for our customers, most notably in financial services, online retail and online communities like social networks and dating sites. Of the mobile transactions we’ve assessed for risk to date, 35% were from Android devices, 32% from iPhones, 24% from iPads, and 9% have been from Blackberry and other mobile devices.

The mobile fraud panel will take place on Tuesday, October 18th, beginning at 11:15 a.m. at the W Hotel City Center, Chicago, Illinois. If you are attending this conference, I hope you can join us for this very important presentation.

In the InternetRetailing article, “Online shopping fraud down in first half of 2011,” during the six months ending in June, online shopping fraud including mail order and phone fraud dropped to £109.2m compared to the £118.2m in fraud losses in the first six months of 2010.

Source: Financial Fraud Action UK, Cheque & Credit Clearing Company and The UK Cards Association

While findings like these are certainly encouraging, it doesn’t mean the bad guys have given up. Far from it. While an increase in fraud protection measures play a significant role in the declining numbers, once a security hole is filled fraudsters typically turn their energies elsewhere.

DCI Paul Barnard, head of the Dedicated Cheque and Plastic Crime Unit (DCPCU), is quick to point out that while online shopping fraud losses are down, the fraudulent use of lost or stolen cards is up 20%.

“There has been an increase in old fashioned scams – criminals using distraction techniques and social engineering methods to get hold of people’s cards or phone banking details. We are urging everyone to be on their guard.”

As organized cyber criminals shift tactics, the ability to expose thieves who are fraudulently using someone else’s personal or financial information to purchase items online is essential to preventing fraud or abusive activity that impacts consumers and an online business’s bottom line. This is something iovation does every day for merchants that sell goods and services over the Internet.

Checking millions of daily transactions coming into our B2B customers’ websites against our dynamic, device reputation database that’s now 715 million deep, iovation’s ReputationManager 360 provides real-time device intelligence IT fraud teams need to instantly recognize and reject bad orders on the spot to prevent an array of fraud techniques and social engineering schemes designed to defraud today’s online businesses.

According to the article, “Cyber crime hit 431 million adults in 24 countries,” a recent Norton cybercrime report found online crime jumped 3% compared to its 2010 study, costing fraud victims more than $388 billion worldwide over the past year.

Eating up 35% of the global cybercrime bill were U.S. fraud victims, who spent $139 billion on cybercrime last year. That amounts to 141 victims per minute, an alarming statistic even for Norton’s consumer cybercrime expert, Helen Malani.

“We were astounded by the costs in terms of cash lost. The number came to more than $US388 billion globally. That’s more than the illegal drugs market in heroin, cocaine and marijuana. Cybercrime is an illegal underground economy and it needs to be taken seriously.”

According to the study, one of the biggest gains in cybercrime last year came in crimes against mobile devices, which are up 10% globally. No surprise there, considering the explosion of smartphones and tablets being used to connect to the Internet. Malani said the chief concern with mobile fraud is users inability to stay on top of security updates. She said only 20% of people accessing their mobile devices have installed the most up-to-date mobile security. With up to 80% of mobile devices improperly protected, this provides fertile ground for cybercrime activity.

Similar to any other legitimate economy, growth in the illegal underground marketplace is driven by innovation, and tapping into the next opportunity. For cyber crooks, it’s all about exploiting the latest technology before the security gaps are identified and closed.

For online businesses that allow users to access their websites and corporate networks via mobile devices, this is especially disconcerting. Operating without the tools to effectively detect when fraudulent devices are logging onto their sites and requesting transactions, organizations and their customers are vulnerable to evolving schemes such as credit card fraud, card-not-present (CNP) fraud, account takeover, phishing and identity theft.

Today, building a multi-layered fraud preventative strategy that includes device reputation technology is critical to identifying when an Internet-based device, whether it’s a PC, smartphone and tablet, is already registered or attempting to log onto a website. The device intelligence that iovation’s ReputationManager 360 provides in real-time allows online businesses to recognize when a remote device that has been used to commit fraud or abuse in the past and stop any illegal or unwanted activity before it happens.

With nearly 150 users (just in the U.S.) exposed to some type of fraud every minute, it’s time businesses gain an extra layer of protection needed to stop more advanced forms of online fraud and abuse. Performing real-time risk analysis on transactions from every country in the world, iovation has already flagged nearly 40 million fraudulent transactions for its B2B customers just this year.

Here is Regulation E in black and white:

ELECTRONIC FUND TRANSFERS (REGULATION E)

Limitations on amount of liability. A consumer’s liability for an unauthorized electronic fund transfer or a series of related unauthorized transfers shall be determined as follows:

1. Timely notice given. If the consumer notifies the financial institution within two business days after learning of the loss or theft of the access device, the consumer’s liability shall not exceed the lesser of $50 or the amount of unauthorized transfers that occur before notice to the financial institution.

2. Timely notice not given. If the consumer fails to notify the financial institution within two business days after learning of the loss or theft of the access device, the consumer’s liability shall not exceed the lesser of $500 or the sum of:

(i) $50 or the amount of unauthorized transfers that occur within the two business days, whichever is less.”

Businesses do not get this kind or protection. So when business accounts are compromised, they often have to fight for their money. And today, more than ever, they are losing. But banks are losing, too. The only winners here are the criminal hacking enterprises.

In order to meet the Federal Financial Institutions Examination Council’s compliance guidelines by January of 2012, banks must implement multiple layers of security. Called out in the recent FFIEC guidance was using complex device identification and moving to out-of-wallet questions.

Financial institutions and their clients aren’t only losing millions to fraud; they are losing millions more fighting each other. It makes more sense for banks to beef up security (all while properly managing friction for legitimate customers) than to battle with their customers.

Financial institutions could protect users and themselves by incorporating device identification, device reputation, and risk profiling services to keep cyber criminals out. Oregon-based iovation Inc. offers the world’s leading device reputation service, ReputationManager 360, which is used by leading financial institutions such as credit issuers and banks, to help mitigate these types of risk in their online channel.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses another databreach on Fox News. Disclosures

Their main concern was that companies could set up shop, accept tons of credit card charges, and then vanish, leaving the banks short. Mail order fraud was also big. A stolen credit card could be used to place orders over the phone, and when the fraudulent charges were discovered, merchants would suffer from chargebacks.

At the time, it wasn’t even necessary to provide a correct expiration date, as long as the card wasn’t already expired. Then credit card companies began verifying billing addresses to authenticate mail orders. Eventually, an additional verification code was added to cards, referred to as a CVC or CVV. We still use these codes today, but they can be fraudulently obtained in a number of ways.

When merchants moved from catalogs to websites, IP addresses were used to track transactions. But bad guys figured out how to spoof them.

Now we have a number of new technologies designed to fight credit card fraud. The most effective and widely implemented is device reputation, an effective online fraud prevention method that helps protect retailers from fraudulent CNP transactions by examining the computer or other device for a history of unwanted behavior, plus any suspicious activity at the time of transaction.

If a customer’s PC, smartphone, or tablet indicates an abnormally high level of risk, the merchant can reject the purchase in advance. iovation, the global leader in device reputation, flagged 35 million online transactions as high-risk in the last year for its clients and will flag 50 million or more by the end of 2011.

Protect yourself from credit card fraud by checking your statements regularly. Set up your own email alerts so that at a minimum, you are notified of any transactions over your specified amount occur on your account. Businesses set up triggers and alerts to protect themselves, shouldn’t you?

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses credit and debit card fraud on CNBC. Disclosures

There are data breaches every week, and I’d bet every day, but we may not hear about the majority. All of these breaches have a method, signature, or feature in common, which retailers and banks can learn from.

Criminals are organizing like never before. They are learning from each other, sharing information and strategies. When one publicizes an exploit, other criminals execute it, leading law enforcement off in a new direction. It’s like a vicious game of whack-a-mole.

Today, governments around the world are organizing to fight fraud. But what’s even more exciting is that competing banks, retailers, and small businesses are all sharing fraud information to help each other out. These fraud targets are finding strength in numbers.

Oregon-based iovation Inc. has created an exclusive network of global brands across numerous industries, with thousands of fraud professionals reporting more than 10,000 fraud and abuse attempts each day. iovation’s shared database contains more than 700 million unique devices including PCs, laptops, iPhones, iPads, Android, Blackberries—practically every Internet-enabled device that exists.

Many leading banks and big brand retailers use this device reputation service to detect fraud early by not only customizing their own real-time rules to set off triggers, but they leverage the experiences of other fraud analysts to know if the device touching them at this moment has been involved in chargebacks, identity theft, bust-outs, loan defaults, and any other kind of online abuse you could imagine.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses another databreach on Good Morning America. (Disclosures)

Banks and retailers know better than anyone that people lie. There are countless scenarios and justifications, but people who lie invariably do it in order to get something.

In general, we strive to be a kind and civil species. We trust by default. We want to be helpful and accommodating. We don’t want to believe that people lie, but they do.

Dishonesty poses a challenge to banks and retailers in the form of theft. Theft is a big problem on the Internet, and any online business knows that they can’t afford to trust you, regardless of how honest you may be.

The Federal Financial Institutions Examination Council recently instructed both retailers and banks to enhance their security procedures, in response to the increasingly creative lies concocted by scammers.

One of those FFIEC recommendations involves incorporating complex device identification. This means that banks and retailers should adopt technology that actually recognizes and analyzes the PCs, smartphones, and tablets being used to access their websites. Once the device is identified, knowing the device’s reputation is where it really gets interesting. Is it acting suspicious or is it a known device that has been used in a fraud ring, in money laundering, or has been attempting account takeovers? Knowing the device’s reputation lets businesses know ahead of time who they can trust online.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses credit card fraud on NBC Boston. Disclosures

Online auction and classifieds websites are unwittingly participating in car sale scams. Ads gain credibility by appearing on eBay, Craigslist, and other online automobile sales websites, but some are either completely phony or have been copied and pasted from other websites.

The FBI’s Internet Crime Complaint Center received nearly 14,000 complaints from 2008 through 2010, from consumers who have been victimized, or at least targeted, by these auto sale scams. Of the victims who lost money, the total dollar amount is staggering: nearly $44.5 million.

The FBI explains how the scam works:

“Consumers find a vehicle they like—often at a below-market price—on a legitimate website. The buyer contacts the seller, usually through an e-mail address in the ad, to indicate their interest. The seller responds via e-mail, often with a hard-luck story about why they want to sell the vehicle and at such a good price.

In the e-mail, the seller asks the buyer to move the transaction to the website of another online company….for security reasons….and then offers a buyer protection plan in the name of a major Internet company (e.g., eBay). Through the new website, the buyer receives an invoice and is instructed to wire the funds for the vehicle to an account somewhere. In a new twist, sometimes the criminals pose as company representatives in a live chat to answer questions from buyers.

Once the funds are wired, the buyer may be asked by the seller to fax a receipt to show that the transaction has taken place. And then the seller and buyer agree upon a time for the delivery of the vehicle.”

Consumers should watch out for the following red flags:

• Cars are advertised at too-good-to-be true prices
• Sellers want to move transactions from the original website to another site
• Sellers claim that a buyer protection program offered by a major Internet company covers an auto transaction conducted outside that company’s website
• Sellers refuse to meet in person or allow potential buyers to inspect the car ahead of time
• Sellers who say they want to sell the car because they’re in the U.S. military about to be deployed, are moving, the car belonged to someone who recently died, or a similar story
• Sellers who ask for funds to be wired ahead of time

Online classified and auction websites could work together, and share information on the devices running these scams, through the device reputation service provided by iovation Inc. Their fraud detection service, called ReputationManager 360, is a B2B SaaS solution incorporating complex device identification, device reputation and real-time risk profiling. It is used by hundreds of online businesses to prevent fraud and behavioral abuse in real time by analyzing the computer, smartphone, or tablet connecting to their online properties.

iovation’s “living shared database” is used by fraud analysts daily and shares the reputations of devices from literally every country in the world. This reputation is a combination of fact-based evidence (such actual chargebacks, identity theft, online scams and account takeovers), plus what risk can be inferred at transaction time. Fraud analysts take this fight seriously and submit 10,000 events of fraud or abuse into the shared database each day.

Performing a device reputation check on a scammer attempting to create a new account at a sale or auction website would stop him before he has a chance to post advertisements for scams, preventing damage to the business and its customers. And when one of your good customers has been scammed, you can submit that evidence back into the iovation database to make sure it does not happen again, whether from the same device, or a related device.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses scammers and thieves on The Big Idea with Donnie Deutsch. Disclosures.

This is why combating increasingly sophisticated fraud techniques requires online merchants to identify fraudulent orders faster and boost the efficiency of their fraud management functions, without increasing overhead. For one North America retailer whose fraud losses were eating into profits and affecting the customer experience, implementing the right fraud prevention service enabled them to drop annual fraud losses from a peak of $2 million to $180,000.

In our newly downloadable case study, “Online Retailer Uses New Fraud Detection Systems To Cut Fraud Loss Rates,” Forrester Research principal analyst, Andras Cser, shares how the online merchant was able to reduce fraud loss by $1.8 million after deploying iovation’s ReputationManager 360 along with our partner’s case management system.

Initially lacking the ability to configure its own business rules and review important order details in one place with its existing fraud management solution, iovation allowed the retailer to create versatile fraud detection rules and review complete order information from a robust, single-screen user interface. iovation’s Real IP technology also revealed the true IP addresses of the devices cyber criminals were using to perpetrate fraud so the merchant could identify high-risk activity relating to velocity, anomalies and detection of proxy in real-time to automatically flag suspicious orders for review or stop them in their tracks.

Recognizing fraudulent orders before they are approved and shipped is critical to reducing fraud rates, which is why iovation’s device reputation technology is essential for any online retailer’s fraud prevention strategy.

The presentation, “Selling Your Fraud Strategy Internally and Overcoming Challenges Deploying Third Party Tools,” will demonstrate how focusing on things like brand protection, company image, customer acquisition and retention, and boosting profits can strengthen your case when lobbying for fraud prevention projects that help reduce fraud rates and improve the health of your IT environment.

The iovation client presenting with Cory brings first-hand experience undergoing proper tool evaluation to determine which fraud tools to build in-house and which to purchase through a third party. The presentation will provide merchants that have online social aspects (user to user) with tips on how to compete against other internal revenue-generating projects. Specific points that will be covered include:

• How to match third-party tools with unique business problems

• How to decide which tools to buy and which to build in-house

• Why understanding the technical aspects of third-party tools can help you make correct decisions

• How to win budget and resources for fraud projects

• How a clean marketplace and user base contribute to your corporate brand and company health

If you are attending MRC Fall Platinum next week, be sure to set some time aside to attend this presentation.  If you’d like to talk about any specific fraud or abuse challenges that your online business is currently, I will be at Chicago meeting on Monday through Wednesday and would be happy to meet with you.

This casual, unwary approach toward security continues to boggle my mind, particularly in today’s highly volatile business environment. But while three-quarters of the small businesses polled said they are incorporating steps to protect their computer systems from fraudsters, Fred Graziano, head of the commercial and small business banking at TD Bank, said companies need to keep up with the latest available fraud preventative technologies and criminal tactics used by more sophisticated fraudsters.

“It’s encouraging to see that small business owners are taking steps to protect their business, but fraud protection should be a high priority and it pays to be vigilant. Given the influx of new digital technologies and operational tools available for small business owners, it’s increasingly important to learn about the latest trends and techniques used by criminals, and to be more diligent in defending against fraud.”

Graziano, along with TD bank’s director of corporate security and investigations, Robert Dunlop, offered some advice to small businesses about protecting their systems and customers from evolving fraud attacks, including:

Manage finances with secure online banking:

Closely monitoring all account activity payments and financial transfers in real time with automated fraud preventative tools helps businesses quickly identify any discrepancies and provides audit trails for all online transactions.

Protect computer systems and practice online awareness:

In Dunlop’s terms, “Being complacent about cyber protection can lead to the compromise of critical information and detrimental consequences for a business.” That about says it all.

Safely handle highly sensitive documents:

Properly storing and disposing sensitive hardcopy documents such as financial statements, credit card information and social security numbers is critical to reducing the risks of confidential data landing in the wrong hands.

Incorporate appropriate checks and balances:

A strong internal review and assessment process shows customers how serious you are about fraud and preventing criminals from perpetrating deceptive acts against your business and customers.

As small and medium-sized businesses (SMBs) struggle to make progress in stopping payments fraud, organizations of all sizes should evaluate their fraud prevention needs and prioritize accordingly. Businesses operating without proactive fraud preventative tools that effectively detect and stop new forms of financial fraud will continue to fall victim to scams that costs them thousands to millions in profits and cause irreversible damage to their corporate brands.

In the article, “North business loses $8k in online scam,” a company was recently cheated out of $8,000 by an international scam that included fraudulent credit cards and a bogus freight business. The company was duped after a customer requested its purchase to be shipped to Japan via a fake London-based freight company, where additional charges to have the product shipped were added to the bill. When the customer’s payment went through, the freight company emailed the online business saying it could not take credit card payments. It asked for a direct, non-refundable overseas cash transfer, which the business paid for. Because the initial transaction went through, over the next month the company made five additional shipping payments on similar orders, amassing $8,000.

With these and other shipping scams stealing hundreds of thousands of dollars from eCommerce companies each year, detective Pete Hayes is warning online businesses about such scams that threaten any business working online.

“Anyone in the retail business that deals with orders over the internet has to be aware. Some of the red flags that might be raised are the name Postex Air Express and if someone is asking for payment via a direct cash transfer through a credit union or similar.”

For online merchants, international eCommerce orders carry a higher risk. Accepting cross-border payments pose about a 2.5 times higher risk than domestic orders. While many of today’s screening tools focus on Address Verification Services (AVS) and IP geo-location information for specific countries and regions, they can be easily spoofed by fraudsters using anonymizing proxies and other methods to hide their true locations and identities.

With many security tools limited to geographic constraints or simply ineffective in equally screening domestic and international fraud, layering a fraud prevention service like iovation’s ReputationManager 360 as part of a business’s anti-fraud strategy is critical for detecting fraud regardless of the source or location of incoming online orders.

Instead of focusing exclusively on personal information or the user to screen transactions, iovation enables businesses to identify the device being used to screen for fraud across the Internet. Its device recognition technologies combined with real-time risk reporting and analytics help businesses around the globe identify any device (PC, smartphone or tablet) with a history of fraud such as chargebacks and shipping/re-shipping fraud, and expose hidden associations with online accounts to stop repeat offenders who may already be perpetrating fraud within a network. Doing so allows eCommerce merchants to greatly reduce fraud losses (and chargeback rates) and improve the efficiency of their fraud process and team.

In one case alone, iovation helped reduce an online retailer’s fraud losses by $1.8 billion. Read the case study by Forrester Principal Analyst, Andras Cser.

In the article, “Fraudster used Facebook to hack bank accounts,” cyber criminal Iain Wood spent 18 hours a day online collecting information posted by his neighbors on social networking sites including Facebook to figure out passwords that would defeat online banking security checks. Prior to getting caught by police, he managed to steal more than £35,000 (approx. $55,000 USD) over a two-year period.

This is just a small example of how a single hacker can stage an ongoing crime spree that impacts individual users and their banks. Prosecutor, Neil Pallister, said Wood followed and befriended several neighbors online to obtain enough personal information that helped him break into their online bank accounts.

“He would make friends with people on Facebook and got their usernames. He would try it on the bank websites, on the basis people use the same passwords. If that did not work he would fill in the security information, which he got from Facebook and Friends Reunited.”

With this type of criminal behavior taking place every day, online banks can no longer afford to rely on personal information to validate customers and detect fraud. Today, knowledge-based security defenses are leaving online businesses and their customers vulnerable to schemes that allow fraudsters to easily answer security questions and de-code passwords. Now more than ever financial institutions need to deploy security tools that go beyond the data provided by customers to access their accounts. Businesses need the ability to identify the actual device used to access online accounts to see when someone is using stolen or false information to fraudulently access another person’s account.

The fact is, fraudsters will continue to gather personal information from the Internet to fool even the latest security tools. While these fraud practices may be impossible to stop, a multi-layered security approach that includes iovation’s ReputationManager 360 allows online businesses to look beyond personally identifiable information (PII) and see when any type of Internet-connected device (PC, smartphone or tablet) with a history of fraud or abuse logs onto a website or tries to access an account using personal information. This is why having deeper insight into online transactions, without relying on the information a user provides, is essential for protecting online businesses and their customers from today’s more sophisticated, knowledge-based fraud schemes.

According to the article, “Credit card fraud is a cross-border crime,” statistics have shown in recent years that online fraud trends can differ dramatically between countries. For example, online payment fraud in the UK dropped 10% from 2009-2010, while the US experienced a 157% rise in attempted payment fraud during that same period.

Carl Clump, Group Chairman of Retail Decisions (ReD), a leading payment fraud prevention provider (and iovation partner), said this is particularly disconcerting for online merchants that do business overseas. As attack methods vary considerably in different parts of the world, e-retailers operating with a limited security scope could be leaving their networks and customers vulnerable to fraud trends for which their existing security tools are not adequately prepared.

“E-commerce businesses that only focus on fraud in their own sector will not immediately spot a new ploy that criminals have used in another industry. The narrower the retailer’s perspective of fraud, the harder it becomes to keep pace with rapidly changing fraud techniques.”

As online retailers expand their businesses abroad, the key to mitigating the risk of unknown attacks is having collective intelligence that spans beyond borders. iovation’s global Device Reputation Authority fraud database shares the firsthand experiences of 2,000 worldwide fraud analysts that have provided fraud evidence on more than 650 million Internet-connected devices across the globe that criminals use to perpetrate all types of fraud and other unwanted activities including credit card fraud, card-not-present (CNP) fraud, account takeovers, and shipping/re-shipping fraud.

Leveraging the power of device reputation goes beyond the stolen information that criminals use to commit fraud. Knowing if a device has a history of fraud or abuse, or is associated with other known fraudulent devices or online accounts helps online businesses identify and stop cyber crime in real time, no matter what country or region they are doing business in. Now businesses can adapt, protect themselves, and share information worldwide — even faster than the fraudsters.

One of the emerging markets experiencing an upswing in Internet transactions is India. According to the article, “How secure are Indian businesses?” the Internet is one of the fastest growing mediums for generating business leads for Indian small and medium-sized businesses, with 57% of SMBs now using their websites as a sales channel.

Like many emerging online markets, security concerns create an initial resistance from users to share their personal and financial data over the Internet. However, online payment options that are protected by mandated security measures and multi-factor authentication processes have provided a level of confidence with consumers that has expanded India’s current online shopping market to Rs 30 million per month, said Suvrat Saigal, Consumer Banking Director, Barclays Corporate India.

“There is a steady growth of businesses and internet users in India that rely on the medium and are quite comfortable disclosing their details online; this change can be attributed to implementation of robust security standards by banks and also increased consumer awareness.”

But while users are increasingly comfortable with shopping online, Indian businesses and their customers haven’t become complacent about the importance of securing transactions or unsolicited emails aimed at tricking users into divulging personal and financial details. In fact, with cyber criminals working around the clock to develop new ways to circumvent existing network protections, today more than ever businesses need to educate themselves and take preventative steps to mitigate the risk of evolving cyber threats, said Muralidharan R, chief operating officer, Dhanlaxmi Bank Ltd.

“When it comes to online security, the challenge is to keep the ‘Bad Guys’ out while securing the ‘Good Guys’.

As fraud schemes evolve, the truth is businesses of all sizes and markets are riding the waves together. With the challenge of distinguishing the good guys from the bad guys becoming even more difficult, companies need security solutions that go beyond the personally identifiable information (PII) that criminals use to open up an account, apply for credit, or make an online purchase using someone else’s information.

iovation’s ReputationManager 360 anti-fraud solution uses real-time risk and device reputations with comprehensive data analytics to identify when a known fraudulent device is trying to log onto a website, as well as connect the dots between bad devices and existing online accounts that may already be perpetrating fraud within a network. Having insightful device intelligence to determine whether you want to accept, deny, or pull for further review an online transaction before it takes place enables businesses to reduce fraud rates, boost productivity levels, and build a safer online shopping environment.

When it comes to fraud, SMBs, like any large organization doing business over the Internet, have a lot at stake. Having the right mix of security strategies in place is critical to your company’s brand reputation and financial health, no matter what size you are or how mature your market.

The study found that IP theft (£9.2bn) and industrial espionage (£7.6bn), combined, account for over two-thirds of the overall cost to UK businesses per annum. IP theft is largely committed against companies with high volumes of IP or IP that’s easy to hack, while industrial espionage includes stealing or exploiting non-IP data from organizations that depend on large amounts of financial transactions and monetary activities.

Other significant cyber crimes that impact UK businesses include extortion (£2.2bn), direct online theft (£1.3bn), and loss or stolen customer data (£1bn), according to the report.

Because organizations today are becoming increasingly dependent on cyber space for business commerce, communications, and daily operations and production, cyber threats pose a significant threat to individual nations, as well as the global economy. This is why reports like these are so important.

Understanding the economical impact cyber crime can have on businesses, industry, and the economy can play a critical role in setting effective security policies and implementing proactive fraud preventative strategies, such as iovation’s device reputation service, which combats new and evolving forms of cyber crime that have a negative impact on organizations across the globe.

According to the Wall Street Journal article, “Hackers Shift Attacks to Small Firms,” as small businesses make the leap to computerized systems, they are becoming prime targets for cyber thieves.

Business owner Joe Agelastri, who runs a pair of magazine shops in the Chicago-area, found out the hard way. After cyber criminals planted a software program on his cash registers, which sent customer credit-card numbers to Russia, the breach cost him around $22,000, slicing his annual profits in half. Though somewhat puzzled, Agelastri is just one of a growing number of small business owners who have experienced firsthand how prolific a problem cyber fraud has become in the SMB community.

“We thought there would be very little chance that somebody would come into a business of our size to pull off something like this.”

According to former hacker and small business security consultant, Bryce Case Jr., the “too small to hack” mentality is what hackers take advantage of. Weaker security due to budgetary limitations, combined with the fact that in the same time it takes to hack a major company cyber thieves can undetectably steal data from dozens of small companies, is playing a key role in more small companies being targeted by cyber criminals. In Case’s words:

“the juice has become worth the squeeze. Even the pizza place has addresses, names and credit-card information.”

In fact, a 2010 study by the U.S. Secret Service and Verizon Communications Inc.’s forensic analysis unit that investigates attacks found that 63% of data breaches were within companies with 100 employees or less. The WSJ article also cites that Visa estimates that 95% of the credit-card security breaches it finds come from its smallest business customers.

The problem with small businesses that are operating with inadequate security in place is a single breach can potentially cost them their business. This isn’t the case for larger companies, who generally have the budget and experts on staff to protect their assets. If anything, stories like these are lessons for small businesses, who need to overcome the mentality that they are too small to hack and take appropriate measures to safeguard their customers and valuable business assets. After all, when it comes to hacking, cyber criminals don’t discriminate.

And despite the constant stream of bad news, consumers continue divulging a tremendous amount of data to retailers, auction sites, dating sites, and gaming sites. While awareness of fraud and cybercrime is at an all time high, consumers seem to feel they don’t have much of a choice but to provide all their data.

People have grown to love the Internet and all the conveniences it offers, both commercially and socially. In my household, little people under five years old whack away at online iPhone games, never knowing what it’s like not to have the Internet.

Many seem to feel that their privacy is the price they must pay for all this connectedness and convenience, and are even willing to put their personal security at risk in exchange.

Scammers know and are capitalizing on this. There isn’t an online gamer, dater, social networker, or consumer today who isn’t at some level of risk.

While all necessary defenses must be employed to prevent hackers from compromising data, an additional layer of protection should be implemented to keep them off websites in the first place.

Every one of these platforms would do well to stem the tide of fraud by incorporating device reputation. One anti-fraud service offering fast and effective results is iovation’s ReputationManager 360. This service incorporates device identification, device reputation, and real-time risk profiling. Hundreds of online businesses prevent fraud and abuse by analyzing the computer, smartphone, or tablet connecting to their websites, and with iovation’s service, they stop 150,000 online fraudulent activities each day.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses another databreach on Good Morning America. (Disclosures)

Infographics: Hotel Credit Card Hacking © CreditDonkey

When travelers go online to research hotels to plan a vacation or business trip, things like proximity, cleanliness, amenities, and safety play a huge role in their decision-making process. But those priorities may be changing. With credit card fraud becoming more prevalent in the hotel industry, a hotel’s reputation in relation to online security and fraud risks may soon override many of the traditional considerations that consumers have for choosing hotel accommodations.

According to the article, “Hotel Guests More Likely to Be Credit Card Hacking Victims, CreditDonkey Illustrates Danger,” a study estimates that 38% of all credit card hacking involves hotels. That’s two-times more than the financial industry (19%), which surprises Charles Tran, founder of the credit card comparison website, CreditDonkey.

“We were surprised at the numbers showing that hotel visitors run the greatest risk of all for having their credit card information stolen.”

One of the reasons for these unexpected numbers may be the recession. Because the hotel industry has been hit so hard, many hotels and hotel chains have not adequately upgraded their computer security systems. This, along with the fact that travelers typically use credit cards to pay for their hotel stays, may explain why hotels have become prime targets for cyber criminals.

All of this could create a shift in priorities for travelers selecting a hotel. As a result, hotels need to make sure they implement effective anti-fraud security strategies that help reduce the risk of credit card fraud.

As cyber thieves get more sophisticated, hotels must deploy security tools that help them identify fraudulent activity before they happen. Fraud prevention tools like iovation ReputationManager 360 uses device reputations to identify in real-time when a device with a history of fraud or is associated with other known fraudulent accounts is attempting a transaction.

By recognizing or re-recognizing any type of Internet-connected device — whether it’s a PC, laptop, tablet or smartphone — before the transaction takes place, hotels can mitigate their risk of credit card fraud and other unwanted activities, all of which can have a significant impact on their brand reputation and, ultimately, their business revenues.

The Westin Building is easily the best connected facility in the Northwest United States. Via our patch panel in the meet-me-room we can rapidly connect to dozens of global telecommunications carriers serving the US, Asia, Canada, Europe, and the rest of the world with a simple fiber optic jumper cable. This facility is also home to the Seattle Internet Exchange on which we are a member.

If you are an iovation customer and would like to directly connect to us within this facility or across the SIX please contact me.

From an infrastructure point of view, keeping the iovation service online at all times and keeping the “bad guys” from harming our customers is always Job #1. To do this, we employ many levels of redundancy, both within a given facility, and between multiple facilities. As with any data center, this starts with the electrical power feeding the facility. Every piece of iovation equipment is fed from dual power sources which are completely redundant all the way back to the power utility. It should also be noted that power failures in Seattle are nearly nonexistent as the grid is extremely robust (fed largely by hydro-power).  

Here you can see the generator bank backing up our “A” side power bus:

Here you can see the generators backing up our “B” side power bus:

After the generators, the power flows through a pair of “Automated Transfer Switches” that will cutover from “utility” power to “generator” power should their be a disturbance on the power grid. Unfortunately, I don’t have a picture of these transfer switches handy, but here is a picture of the main electrical switchgear that is downstream of the transfer switches for both the “A” side bus and the “B” side bus.

After the main switchgear, the power is fed into a pair of 500KVA UPS units (again, completely separate “A” side and “B” side units) which provide super-clean output power at all times due to their double-online-conversion design. They also provide battery back up during power outages until the generators start up and take the load:

From the UPS units, the power is sent out at 480 volts to step-down transformers located on the data center floor (the black cabinet in the middle of the picture is one of the two that feed iovation):

After being stepped down to 208 volts, iovation receives one three phase 225 amp power feed from the “A” side power bus and another 225 amp power feed from the “B” side power bus into a pair of RPP panel units (circuit breakers):

From these RPP panel units we provide every cabinet with one 208v 30amp 3 phase connection from the “A” unit and another from the “B” unit. All power capacity planning is done with the assumption that we can lose either the “A” side or “B” side power and everything will just seamlessly shift over to the still-functioning power leg without any impact.

So that should provide a pretty good overview of our power infrastructure, now let’s talk about cooling for a bit. While the Westin Building has numerous redundant evaporative cooling towers, here is a snapshot of a few of them:

I don’t have a picture handy, but needless to say, the cooling loop system has fully redundant pumps for water circulation. Here you can see a very important feature of the cooling system – The Westin Building stores thousands of gallons of emergency water on site to keep their cooling system operational even in the event of a water utility outage:

Here you can see an example of the many redundant cooling units that actually provide cool air to our servers by moving heat from the air into the cooling loop. There are a pair of these units dedicated to the iovation cage (not shown):

And last but not least, here is a picture of the iovation cage (though this was taken before all the servers were installed):

I could continue on about the layers of fire protection systems, multi-factor access control, 24×7 engineering and security staff, etc, but perhaps those will be topics for future blog posts. We here at iovation are very excited about the addition of this facility to our tool set as it allows us to scale up to handle ever increasing customer demand while continuing to provide the highest level of service to our clients.

As always, please send me an email if you have any questions!

-Eric
Sr. Infrastructure Architect

“We are proud to be a new entrant to the Portland Business Journal’s Top 100 list and look forward to being a regular member of this outstanding group of companies. We fully intend to move up the list in the coming years as our growth continues to accelerate,” said Doug Shafer, CFO at iovation Inc. “We are very excited about the growth opportunities in all of the key vertical markets that we serve across the globe.”

In any economy — but even more so in today’s slow economic recovery — the key to business growth is all about customer satisfaction. Driven by a “customer first” mentality, we provide much-needed fraud protection services to online businesses around the globe. This powerful combination has played a central role in not only earning new business, but also achieving a 96% customer retention rate.

For any fraud prevention company, knowing you are delivering highly innovative and effective fraud-fighting solutions that are improving the safety and financial well-being of your customers and business partners makes all the difference. That’s what makes us tick at iovation. And we couldn’t have done this without the hard work and dedication of our amazing team, partners and customers. Thanks for working with us to make the Internet a safer place.

The Better Business Bureau and the Consumer Sentinel Network received 725,000 consumer complaints of fraud in 2010. The defrauded consumers who reported fraud last year lost $1.7 billion.

Beware of the following scams.

Auction Scams: This ruse involves fake profiles advertising goods and accepting payments, with no intention of ever shipping any items. Scammers often contact potential victims within an auction website, but then bring communications to outside email or phone. Once the target engages with the scammer, social engineering commences.

Craigslist Scams: A scammer responds to a seller, claiming he wishes to purchase an item. He mails the seller a fake check for an amount in excess of the purchase price, with extra money included for shipping, and requests that the buyer deposit the check and then wire the payment to the shippers from the buyer’s own account. By the time the check bounces, the scammer has already received the seller’s money.

Dating Scams: Criminals pose as lovesick Romeos or Juliets, looking to sweep their victims off their feet while emptying their bank accounts. Marriage is often discussed within the first week of communications, and the word love is used as frequently as the victims’ names, which coincidently are two of the most important words a person can hear.

For consumers, education and awareness is key. For platforms on which the scams proliferate, one risk mitigation solution employed by auction sites, retailers, and dating sites is device reputation management. This not only keeps known bad computers or mobile devices from creating more fake accounts, but it also protects businesses against brand new devices that are behaving similarly to cyber criminals.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses Scambaiting on Fox News. (Disclosures)

Meet with Cory at iDate West

On June 22-24, the Internet Dating Conference will be taking place in Beverly Hills at the SLS Hotel. The 8th annual show assembles senior dating and social networking executives to network and share best practices.

Attendees will hear from the likes of SpeedDate, Google, Click 2 Asia, Pink Sofa, Match.com, Grindr, DatingHype.com and Mark Brooks of Online Personals Watch.

From anti-fraud experts iovation, Senior Sales Executive Cory Swick will be attending the show. Cory has been a frequent speaker at the Internet Dating events, presenting case studies and leading panels on protecting brand reputation and customers against online scams, predators and spammers.

This year Cory will be talking to online communities about the latest enhancements to iovation’s fraud-fighting service, ReputationManager 360. These recent developments include mobile SDKs (iOS and Android) and a suite of new and updated business rules that offer great flexibility and control over the activity on dating sites.  The sophisticated business rules allow sites to identify specific characteristics or behaviors at the device, account or transaction level. Business rules are combined into rule sets to manage the risk associated with different interactions on the dating site – such as profile creation or payment.

Dating sites configure and weight business rules in various categories to efficiently identify spammers and scammers, including:

• Evidence Rules – Trigger an alert when activity comes from an account or device already associated with fraud such as online scams or financial fraud.
• Geolocation Rules – Trigger an alert when activity is coming from an unauthorized country or through a proxy.
• Velocity Rules – Trigger an alert when thresholds for the number of accounts opened, or the number of devices accessing an account has been exceeded within a certain timeframe. Or perhaps when an account has been accessed by too many countries.
• Watch List Rules – Trigger alerts on your pre-defined list of attributes. These lists can be set up as positive or negative lists, depending on what result or weight you assign to the rule. Lists could include accounts, devices, IP ranges, ISP lists and more.
• Age-Based Rules – Trigger an alert based on the amount of experience that you have with a device or device-account pair. If activity comes from a device that has never previously been associated with an account in your system, you may want to offer additional authentication questions prior to giving account access.
• Anomaly Rules – While individual device characteristics may not be indicators of risk, certain characteristics are worth monitoring, or several in combination with each other may indicate attempts by the user to evade detection.
• Risk Profile Rules – Profile risk rules look at the specific combination of characteristics for the device accessing the dating site and then assess the risk by examining all other devices in iovation’s system that look similar. These profiles are based on devicesthat have accessed your dating site, as well as devices seen at any of iovation’s global client sites.

iovation has extensive experience helping online communities such as dating sites and social network stop fraud and abuse.  This greatly protects brand reputation and keeps valued customers in a safe environment.  iovation has already protected more than 2 billion dating site transactions and flagged 3 million dating activities for fraud, abuse or high-risk behavior.

If you’re attending iDate West, be sure to set aside time to talk with Cory Swick about how to ensure your online community is protected against spammers and scammers.

Scammer grammar and general awkwardness make these scams relatively easy to detect. But when a scammer is local, the ruse becomes more insidious and effective.

The Toronto Sun reports that a man in Hamilton, Ontario faces “60 charges for allegedly selling thousands of dollars worth of non-existent tickets to concerts and sporting events, mostly at venues in Toronto.” The suspect “allegedly used Craigslist to sell tickets to pop concerts like Lady Gaga, Taylor Swift and Justin Bieber, or sporting events like Wrestlemania.”

As in most Craigslist scams, the perpetrator had the victims wire money to him, and in this case it was to a local account, which reduced suspicions. He told victims they would get a shipping confirmation number once the money was received, but of course, this was entirely bogus.

At the top of every post, Craigslist reminds you, “Avoid scams and fraud by dealing locally!” But they may not consider that scammers can deal locally, too. My suggestion is to always meet the seller with cash in hand, or simply buy tickets directly from the venue or venue’s website.

Craigslist and auction sites could better protect end users and prevent the majority of these scams by using readily available and proven fraud detection tools on the market. They could easily round up accounts opened by scammers by tracking them back to the computers, tablets and smart phones that opened them up in the first place by using device reputation management. And when those computers try to open more accounts under more stolen identities, the accounts are automatically denied upfront—at the “account creation” stage.

Craigslist could easily employ customized business rules to identify high-risk activity such as those offered by iovation’s ReputationManager 360 anti-fraud service.  For example, if someone posted a local offer, iovation could expose to the business when users are hiding behind proxies to make them appear as if they were in the local region.  If they are selling a used car supposedly in Irvine, California and they are going through the work to mask their IP and make it “look” like they are in Irvine, but their real IP is exposing that they are in Ghana, wouldn’t that be a red flag?  When this happens, the business could automatically deny the attempt in a fraction of a second, or at a minimum send it to a review queue so that fraud analysts can take a closer look before exposing a scammers’ offer to the public.

In general, with today’s sophisticated fraud prevention technologies and techniques, scammer accounts could and should easily be stopped at the front door (while attempting to set up a new account) — before ads are placed, before ads are read by the public, and before tens to hundreds of visitors act on the ad by engaging in conversation with a cyber criminal who wants to steal their money.

Imagine the scale of bad accounts that could be shut down instantly.  Sophisticated fraud rings could be identified within the business’s network and thousands of fraudulent accounts shut down, making Craigslist and other auction sites a much safer place for the public to look for desired products and services.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses scambaiting on Fox News. (Disclosures)

According to the article, “Retailers are not protecting data security,” the report found that only 46% of EMEA retailers have actually put policies in place to deal with exchanges on blogs or social networks. That’s a scary thought when you consider the increase of online and mobile interactions that are taking place around the globe. 

Although cyber threats are a growing concern with online retailers, Christine Bardwell, EMEA research manager at IDC Retail Insights, said at this point there doesn’t appear to be a sense of urgency among retailers about protecting the security of their sensitive and propriety data. The report found that there remains a wide gap between good intentions and operational execution and implementation.

As organizations increasingly depend on mobile devices such as smartphones and tablets for accepting customer payments, they can’t afford to put themselves at risk of cyber criminals targeting various gateways they believe have the least amount of protection. They need the ability to monitor all mobile traffic coming to their website and non-intrusively identify devices to make quick and easy decisions on the growing volume of Internet transactions they are experiencing.

Through a shared, database of over 600 million device reputations including PCs, smartphones, tablets, PDAs and laptops, iovation’s ReputationManager 360 works behind the scenes to help online businesses monitor traffic on every type of device accessing their websites and applications. Online retailers simply customize their unique business rules that lead to an allow, deny or review of incoming transactions (within a fraction of a second) and stops fraud upfront before product is shipped or additional damage takes place.

When talking to people on the street about fraud and abuse in multiplayer online games, they are often surprised that such a thing even exists! But the reality is that once a game reaches a certain level of popularity, it becomes equally attractive to the dark side.

Nexon America is one gaming publisher that takes this threat very seriously! They not only fight fraud and abuse head-on; they take a proactive approach with the assumption that every possible flavor of abuse will be attempted and they’re armed and ready for it.

At a recent fraud prevention user group for iovation’s gaming clients during E3 in Los Angeles, Nexon led discussions on preventing account takeovers, chargebacks and gold farming with other fraud professionals who attended. Gold farming (stealing virtual goods or using stolen credit cards to obtain them) is a serious abuse that destroys in-game economies and contributes to poor player experience. Additional topics that were covered during the iovation user group included friendly fraud, code hacking, password education, blacklists and biometrics, just to name a few.

Sharing best practices, tools and strategies is essential in the fight against online fraud. iovation facilitates the sharing of information not only through in-person user groups, but directly through its ReputationManager 360 fraud prevention service. For example, if one gaming site is hit with gold farmers or a group of devices involved in a fraud ring, other iovation clients know this information upfront, before incurring chargebacks or other damage. Our customers benefit greatly from this immediate feedback on devices that are new to them, but not new to iovation.

Even when a device touches a gaming site for the first time, and iovation has no previous history for that particular device, we can still leverage what we know about the associated account and its history, the geolocation information of the transaction, and a host of other device-related properties that might indicate risk based on everything we know about similar devices.  Twelve percent (12%) of the transactions iovation flags as high risk are from new devices.  That’s 1.6 million just the first half of this year.

Online gaming companies like Nexon are motivated to ensure their gaming environments are first and foremost fun and safe for players. This not only helps protect their brand; it strengthens the trust between the company and their valued players.

————–

Nexon America, Inc. develops multiplayer online games in North America. It develops Mabinogi, a multiplayer online role-playing game; Combat Arms, a multiplayer online first-person shooter; and PopTag, an arcade-style multiplayer action game. The company was founded in 2005 and is based in Los Angeles, California. Nexon America, Inc. operates as a subsidiary of Nexon Corporation.

Viagogo found that more than 67,000 fake music festival tickets were sold last year. In 2011, that number could reach 100,000. Most of this scamming occurs during the summer, the most popular season for concerts.

Ticket scams have been occurring for years. When a ticket is nothing but a piece of paper with a barcode that is scanned at the gate, counterfeiting is child’s play. Some events provide wristbands to ticketed attendees, and these wristbands can also be easily faked.

Watermarks and other security features make tickets a bit more difficult to recreate, but these low-tech methods of determining a ticket’s authenticity are often lost on the general public. The victim only realizes the scam when he’s denied entry to an event.

Avoid scalpers, period. Unless you know them personally, just buy tickets at the venue’s window. When purchasing tickets online, stick to legitimate websites. An online search will probably turn up plenty of options, but only buy from familiar, trusted brokers.

Scam artists often take advantage of online ticket companies by buying up blocks of tickets with stolen credit cards, either to counterfeit or simply to overcharge the public.

Fortunately, some online ticketing companies have deployed device reputation, which allows them to uncover computers or other devices responsible for fraudulent activity or exhibiting suspicious behavior at the time of sale, and deny transactions from these devices. This kind of visibility gives ticket services businesses a powerful advantage. More than ever, they can easily identify the scam artists and where they’re coming from.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses yet another data breach on Good Morning America. (Disclosures)

According to the article, “Hackers coming in through the front door,” more and more cyber criminals are creating virtual disguises that are indistinguishable from a legitimate customers, allowing them to make what appears to be valid online purchases right under a merchant’s nose. This type of deceptive fraud tactic not only impacts online merchants’ sales and profits, but is changing the way businesses protect their online retail environments.

It’s no secret that over the years cyber crime has been one of the biggest catalysts in the evolution of online security. As fraudsters find new ways to get around existing defenses, online businesses are forced to react to new criminal tactics. While anti-fraud techniques such as additional card verification, geo-location, device fingerprinting and velocity checks have upped the ante in the ongoing cat-and-mouse game between hackers and IT security professionals, simply slapping on additional detection tools doesn’t necessary create a stronger defense.

For example, increasing levels of sensitivity for fraud tests can actually lead to a rise in false positive rates, which can result in rejecting more good orders, accepting more bad ones, dwindling profits and damaged customer relationships. In fact, CyberSource’s 2011 UK Online Fraud Report found that merchants’ average order rejection rate has increased, along with the acceptance of fraudulent orders.

One of the keys to fighting more sophisticated fraud is implementing effective security tools that combine and cross-reference data with global data sources. When it comes to fraudulent disguises, iovation’s ReputationManager 360 uses a globally shared, fraud database of more than half a billion device reputations to identify all Internet-connected devices that have been used to perpetrate fraud or abuse, or are associated with fraudulent online accounts.

The ability to instantly recognize whether an online transaction is good or bad, without having to rely on the information provided by the user, is critical to stopping more complex fraud schemes. By identifying devices requesting transactions, online retailers can reduce fraud and confidently accept more good orders, which improves the overall customer experience and increases business profits.

Auction fraud refers to fraudulent transactions on online auctions. Either a product advertised for sale is misrepresented, or purchases are never delivered at all.

The IC3’s annual report explains, “Historically, auction fraud has been the leading complaint reported by victims, with a high of 71.2 percent of all referrals in 2004. However, in 2010, auction fraud represents slightly more than 10 percent of referrals. This demonstrates the growing diversification of crimes related to the Internet.”

In other words, auction fraud is still profitable for scammers, and they’ve also discovered many new techniques for scamming consumers.

IC3 advises consumers against conducting online transactions with anyone who exhibits the following suspicious behavior:

• The seller creates an online auction as though he resides in the United States, but responds to buyers with an email claiming he’s outside the United States for business reasons or a family emergency. Or, the seller posts the auction under one name, but asks for payment to be transferred to a different name.
• The seller requests payment via Western Union, MoneyGram, or bank-to-bank wire transfer. This makes the money virtually unrecoverable once the victim discovers the scam. Any transaction involving a money transfer control number (MTCN) may indicate fraud.
• The seller poses as an authorized dealer or factory representative in a country where there are no such dealers.
• The buyer asks for a purchase to be shipped to another via a particular method in order to avoid customs or taxes.
• The buyer uses a credit card for which the billing address does not match the shipping address. Always secure the cardholder’s authorization before shipping any purchased items.

Online classified and auction websites could prevent fraud and protect their users by incorporating device reputation management. One anti-fraud service getting lots of attention for its fast and effective results is iovation’s ReputationManager 360. This service incorporates device identification, device reputation, and real-time risk profiling. It is used by hundreds of online businesses to prevent fraud and abuse by analyzing the computer, smartphone, or tablet connecting to their online properties.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses scammers and thieves on The Big Idea with Donny Deutsch. (Disclosures)

FedEx can and should deny suspicious online transactions. Moneygram and Western Union could also make some effort to deter scammers. It’s hard to weed out the bad guys, but there are technologies that help.

What kind of scam am I talking about? A good friend recently called to ask what I know about check scams. He had received a $2,400 check from a major chemical company via FedEx. He had no idea why, but mentioned that he had placed an add on Craigslist, asking $150 for an item he wished to sell, and that a deaf woman had called him through a translating service and offered to FedEx a check.

I explained that this is advanced fee fraud, or a shipping scam, and that he will undoubtedly receive an email demanding that the difference be paid to shippers.

Maybe the scammer pretended to be deaf, using the translator service as a third party to scramble the caller’s location. Or maybe the buyer really was a deaf woman.

But why send a check for $2,400, and why from a chemical company? Probably because it was the only seemingly legitimate check the scammer had printed up at the time, and it’s a nice score if he sends back the $2,250 difference.

My buddy was flabbergasted to think that anyone would fall for such a scam, and insisted that if someone came to his house to pick up the purchased item and demanded he pay the purchaser $2,250, he’d punch them in the face.

Shortly after getting off the phone with me, he received this email:

“Hello Dean,

How are you doing today?

The check has been delivered via Fedex,Thanks for your honesty towards this transaction so far.Well, the overpayment is meant to cover the cost of shipment for the item alongside my other properties including tax and insurance plus the movers and agent fees.

Please deposit the check today so that it clears tomorrow after the check has cleared,All you have to do is go the bank and have the rest of the money withdrawn in cash and have it sent to the movers via money gram

Here’s the movers information below.

Name : Jason Shambaugh

Address : 2330 Contra Costa Blv

City : Pleasant Hill

state : CA

Post code : 94523

Do let me know your schedule for the week regarding pickup as i have some other properties to be moved alongside the item. Please do act accordingly as agreed after deducting your money for the item, make the rest fund available to the movers via money gram Money Transfer at any of their outlet around you or check on www.moneygram.com{click find us} and check for their outlets around and get back to me with the transfer details below (as it appears on the receipt) so i can contact the movers for the pick-up at your location ….Deduct the money gram money transfer charges from my fund also $50 for yourself (meant for any hassle or run around).

1}Sender’s name and address

2}Reference number {which is the 8 digits number on the Money Gram receipt}

3}Actual amount sent after the fee had been deducted

Hope i can trust you with the overpayment? Your Honesty and transparency will be appreciated”

The email also included the FedEx tracking information, with my friend’s address. Looking up the shipping address on Google maps reveals an office building, which most likely has some vacancies. The scammer probably has some connection to the building, allowing for anonymous shipments.

Craigslist could easily prevent the majority of these scams easily by using device reputation management. Many Craigslist scammers based in Ghana, Nigeria, Romania, Korea, Israel, Columbia, Argentina, the Philippines, and Malaysia spend their days targeting consumers in the developed world. But real-time device reputation checks, such as those offered by iovation, can detect computers that have been used for auction fraud and expose all of the accounts associated with the suspicious device or group of devices. This provides Craigslist and other websites with the opportunity to instantly shut down sophisticated fraud rings and thousands of fraudulent accounts.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses scambaiting on Fox News. (Disclosures)

The Visionary section of the Magic Quadrant recognizes security vendors whose products are easy to implement and have successfully reduced online fraud for their customers.  According to Gartner’s description:

The Visionaries’ products are relatively easy to implement (when compared with many of their competitors) and have achieved very good results in reducing online fraud for their clients, often using software-as-a-service (SaaS)-based models. Often, they are more innovative than their competitors and tend to offer superior customer service, which they can afford to do, given their smaller customer base and their dedication solely to fraud detection.

Our revolutionary device reputation technology uniquely identifies and re-recognizes individual devices, including computers, smartphones and tablets, that log onto business websites and checks it with our shared global fraud and abuse database to help customers assess the transaction risk based on the likelihood that the device will commit online fraud or abuse.

In fact, Gartner’s description of Web fraud detection nearly describes what iovation’s ReputationManager 360 fraud prevention solution does to a tee: detects account takeover, detects fraudulent accounts created by a stolen or fictitious identity, and detects the use of a stolen financial account when making a financial transaction.

“We’ll stop over 50 million fraud attempts this year as we continue on our mission to make the Internet a safer place”, said Greg Pierson, founder and CEO of iovation. “We are honored to be positioned by Gartner as a Visionary and recognized in the web fraud detection market. We take pride in providing superior customers service and delivering meaningful results in the fight against online fraud and abuse.”

Being recognized as a finalist for this prestigious award, which looks at technological innovation, financial performance, execution of strategy and management strength of private technology ventures, is a testament to our continued success in protecting the world’s largest brands from online fraud and abuse like credit card fraud, account takeover, chargebacks, money laundering and identity theft, to name a few.

“This year was very rewarding,” said Alex Vieux, publisher and CEO of Red Herring. “The global economic situation has abated and there are many great companies producing really innovative and amazing products. We had a very difficult time narrowing the pool and selecting the finalists. iovation shows great promise and therefore deserves to be among the Finalists. Now we’re faced with the difficult task of selecting the Top 100 winners of Red Herring North America. We know that the 2011 crop will grow into some amazing companies that are sure to make an impact.”

Last year alone, iovation helped online businesses prevent 35 million fraud attempts to protect their customers, corporate reputations and reduce fraud losses. As cyber crime continues to put online businesses and their critical data at risk, nothing is more satisfying to me than knowing the impact our device reputation technology is having in helping our customers across multiple industries fight fraud and protect their customers and business profits from more sophisticated and damaging fraud and abuse schemes.

We look forward to sharing more during our presentation at the Red Herring North America Forum in Hollywood, California, June 13-15, 2011.

In a CNP transaction, it is not possible to examine a card’s security features or signature. This creates a higher degree of risk than when a card is physically present at the point of sale. As a result, merchants pay higher fees for CNP transactions, and they pass those costs on to the customer.

Identity thieves can use stolen credit card data to make CNP purchases, or they can copy the data to blank cards, which they can use at self-checkouts or when the thief knows the salesperson, who can “sweetheart” the transaction. Blank cards can also be pressed with foils to create the appearance of a legitimate credit card.

Device reputation, an effective online fraud prevention method, helps protect retailers from fraudulent CNP transactions by examining the computer or other device for a history of unwanted behavior plus any suspicious activity at the time of transaction. If a customer’s PC, smartphone, or tablet indicates an abnormally high level of risk, the merchant can reject the purchase in advance. Device reputation global leader iovation has flagged 35 million fraudulent transactions for online merchants in just the last year.

Protect yourself from credit card fraud by checking your statements regularly. As long as you dispute unauthorized credit card charges within 60 days, federal laws limit liability to $50. Unauthorized debit card charges must be reported within two days, or liability jumps to $500.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses credit and debit card fraud on CNBC. (Disclosures)

Spoofed websites are generally created in order to phish for consumers’ personal information, or to accept credit card payments for products or services that will never be delivered.

In the case of the nonexistent University of Redwood, it’s entirely possible the website served as the front for a diploma mill.

Diploma mills were born alongside legitimate, accredited online universities. Diploma mills issue degrees that can be used to fraudulently obtain employment, promotions, raises, or bonuses. They can also be used as fake identification, to gain employment under an invented name, impersonate a licensed professional, or use fake documents to obtain a genuine ID with fraudulent information.

Diploma mills model themselves after accredited institutions, right down to the .edu web address. They may even incorporate part of an existing university’s name or logo into their own, or mimic an Ivy League school’s color scheme or website design.

Just like a legitimate school, a diploma mill may actually require students to purchase books, do homework, and take tests. Unlike a legitimate school, the diploma school may make passing a foregone conclusion. In many cases, students can simply purchase a diploma, no questions asked. Many of these organizations are nothing more than glorified print shops.

Before plunking down a dime on any learning institution, do your research. There are websites that publicly expose diploma mills, and the U.S. Department of Education recommends that you consult their database as well as additional sources of qualitative information.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses identity theft for the National Speakers Association. (Disclosures)

Even if you protect your PC and keep your critical security patches and antivirus definitions updated, there is always the possibility that your bank or credit card company may be hacked, and your sensitive data sold for the purposes of identity theft.

2. Social Engineering: This is the act of manipulating people into taking certain actions or disclosing sensitive information. It’s essentially a fancier, more technical form of lying.

At 2010’s Defcon, a game was played in which contestants used the telephone to convince company employees to voluntarily cough up information they probably shouldn’t have. Of 135 “targets” of the social engineering “game,” 130 blurted out sensitive information. All five holdouts were women who gave up zero data to the social engineers.

3. Failure to Log Out: Web-based email services, social networking sites, and other websites that require login credentials generally provide an option to “Remember me,” “Keep me logged in,” or, “Save password,” and, once selected, will do so indefinitely. This feature often works with cookies, or codes stored in temp files. Some operating systems also include an “auto-complete” feature, which remembers usernames and passwords.

4. Inside Jobs: With millions losing jobs, there are many opportunities for an insider to plug in a thumb drive and steal client data or other proprietary information. Networks are like candy bars, hard on the outside, soft and chewy on the inside. Insiders who fear layoffs may be easily tempted to use their access to profit while they have the chance.

5. Fraudulent Accounts: Many businesses lay claim to thousands or millions of members or clients who have access to web-based accounts. No matter the nature of the business, social network, dating site, gaming site, or even bank or retailer, some percentage of the accounts are ongoing instigators and repositories for fraud. Troublemaker accounts infect the overall stability of any organization, and flushing them out is essential.

One anti-fraud service getting lots of attention for protecting online businesses from crime and abuse is ReputationManager 360 by iovation Inc. The service is used by hundreds of online businesses to prevent fraud by deeply analyzing the computer, smartphone or tablet connecting to their online properties.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses scammers and thieves on The Big Idea with Donnie Deutsch. (Disclosures)

Our dependency on the Internet has long since passed the point of turning back, and I think we’ve made a mistake in that approach. Fortunately, it’s extremely unlikely that the Internet will go down entirely.

The U.S. and most other developed countries are thoroughly electrically and digitally dependent. Critical infrastructures, including drinking water, sewer systems, phone lines, banks, air traffic, and government systems, all depend on the electric grid. After a major successful attack, we’d be back to the dark ages in an instant. No electricity, no computers, no gasoline, no refrigeration, no clean water. Think about what happens when the power goes out for a few hours. We’re stymied.

A Wired op-ed by Deputy Secretary of Homeland Security Jane Holl Lute and Bruce McConnell, a Senior Counselor at the department, points out that no single individual or entity has the capacity to protect the Internet, not would we want to rely on one entity. They stress the necessity of collaboration among, private citizens, corporations, and government.

The most important part:

“While America is deeply reliant on cyberspace, the health of this critical ecosystem is itself a work in progress. Indeed, tomorrow’s threats and defensive capabilities have probably not yet been invented. Government must engage: to secure government systems, assist the private sector in securing itself, enforce the law, and lay the policy foundation for future success. Where industry lags, policy change can incentivize key actions. Today’s environment does not, for example, adequately incentivize companies to write secure software. This must change.”

What this is saying is, essentially, “This ain’t no dress rehearsal.” This is the time to act, particularly for those companies that are engaged in commerce or in support of our critical infrastructures.

Robert Siciliano, personal security expert contributor to iovation, discusses the possibility of an Internet crash on Fox Boston. (Disclosures)

In the Internet Retailer article, “Sony data breaches highlight the fraud risks online retailers face,” it was first disclosed that hackers made off with customers’ names, street addresses, email addresses and dates of birth. However, updated reports now say that up to 10 million credit cards may have been compromised.

While the theft of personal information can lead to more phishing email, fraudulent accounts, and a host of other social engineering schemes, David Montague, president of The Fraud Practice LLC, a consulting firm that specializes in card-not-present (CNP) and online fraud prevention, said the real threat to Internet retailers would be if the criminals stole credit and debit card numbers.

“When large numbers of credit card numbers are stolen, there are more available for sale and fraud attempts increase.”

In recent years, there has been so much theft of payment card numbers that retailers now have to consider every card number as suspect, said Forrest Research analyst, Jonathan Penn. To protect their businesses and customers from an array of fraudulent activity such as credit card fraud, phishing attacks, account takeovers and identity theft, Penn says that merchants should avail themselves of the latest innovative fraud-fighting solutions like Ethoca, which aggregates data about fraud from many retailers, and iovation, which compiles a database of computers associated with fraud.

This will not be the last that we will hear of breaches of this sort. In the past, identity thieves would “dumpster dive” and clone cards at restaurants or at pumps. Today, they steal millions of cards at a time from online retailers. The sad reality is that the vast majority of the victims of this crime most likely did everything right, and yet they are still going to bear the consequences of this breach.

As part of our effort to expand our device identification, device reputation and real-time risk mitigation services for online businesses in France, I am pleased to announce that Philippe Mazurier has joined iovation as Country Manager, heading up sales and business development and is based in Montpellier.

Philippe brings strong business relationships and deep, in-market experience that will be instrumental in helping us meet online fraud protection demands in this market. He understands the serious and damaging impacts that cybercrime has on online businesses.

As we continue to serve the French market, protecting e-commerce, financial services, gaming and online communities from fraud and abuse, having a seasoned veteran in authentication and fraud prevention services representing iovation will help us serve this market even better.

To arrange meetings with Philippe to talk about any fraud or abuse issues your company is experiencing, please email france@iovation.com or call +33 (0)6 69 79 12 33.