Consumers enjoy a certain level of protection that business bank accounts do not, and it’s called “Regulation E.”

Here is Regulation E in black and white:

ELECTRONIC FUND TRANSFERS (REGULATION E)

Limitations on amount of liability. A consumer’s liability for an unauthorized electronic fund transfer or a series of related unauthorized transfers shall be determined as follows:

1. Timely notice given. If the consumer notifies the financial institution within two business days after learning of the loss or theft of the access device, the consumer’s liability shall not exceed the lesser of $50 or the amount of unauthorized transfers that occur before notice to the financial institution.

2. Timely notice not given. If the consumer fails to notify the financial institution within two business days after learning of the loss or theft of the access device, the consumer’s liability shall not exceed the lesser of $500 or the sum of:

(i) $50 or the amount of unauthorized transfers that occur within the two business days, whichever is less.” (more…)

Around 1994, when I operated a small mail order catalog business, it was very difficult to obtain “merchant status,” or approval to accept Visa, MasterCard, Discover, and American Express cards. It was easier if you had a storefront, but payment processors made mail order businesses jump through more hoops.

Their main concern was that companies could set up shop, accept tons of credit card charges, and then vanish, leaving the banks short. Mail order fraud was also big. A stolen credit card could be used to place orders over the phone, and when the fraudulent charges were discovered, merchants would suffer from chargebacks.

At the time, it wasn’t even necessary to provide a correct expiration date, as long as the card wasn’t already expired. Then credit card companies began verifying billing addresses to authenticate mail orders. Eventually, an additional verification code was added to cards, referred to as a CVC or CVV. We still use these codes today, but they can be fraudulently obtained in a number of ways. (more…)

The amount of money made and lost due to fraud is surpassing the illegal drug trade. A digital arms race has law enforcement officials nipping at the criminals’ heels. Retailers and banks continue to fight criminal hackers, but are being bombarded by advanced, persistent threats that eventually make their way into the network.

There are data breaches every week, and I’d bet every day, but we may not hear about the majority. All of these breaches have a method, signature, or feature in common, which retailers and banks can learn from.

Criminals are organizing like never before. They are learning from each other, sharing information and strategies. When one publicizes an exploit, other criminals execute it, leading law enforcement off in a new direction. It’s like a vicious game of whack-a-mole.

Today, governments around the world are organizing to fight fraud. But what’s even more exciting is that competing banks, retailers, and small businesses are all sharing fraud information to help each other out. These fraud targets are finding strength in numbers. (more…)

People lie when they set up online dating profiles, they lie when they put up fake social media profiles, and they lie to the innocent victims of their scams.

Banks and retailers know better than anyone that people lie. There are countless scenarios and justifications, but people who lie invariably do it in order to get something.

In general, we strive to be a kind and civil species. We trust by default. We want to be helpful and accommodating. We don’t want to believe that people lie, but they do.

Dishonesty poses a challenge to banks and retailers in the form of theft. Theft is a big problem on the Internet, and any online business knows that they can’t afford to trust you, regardless of how honest you may be.

The Federal Financial Institutions Examination Council recently instructed both retailers and banks to enhance their security procedures, in response to the increasingly creative lies concocted by scammers.

One of those FFIEC recommendations involves incorporating complex device identification. This means that banks and retailers should adopt technology (more…)

Online auction and classifieds websites are unwittingly participating in car sale scams. Ads gain credibility by appearing on eBay, Craigslist, and other online automobile sales websites, but some are either completely phony or have been copied and pasted from other websites.

The FBI’s Internet Crime Complaint Center received nearly 14,000 complaints from 2008 through 2010, from consumers who have been victimized, or at least targeted, by these auto sale scams. Of the victims who lost money, the total dollar amount is staggering: nearly $44.5 million.

The FBI explains how the scam works:

“Consumers find a vehicle they like—often at a below-market price—on a legitimate website. The buyer contacts the seller, usually through an e-mail address in the ad, to indicate their interest. The seller responds via e-mail, often with a hard-luck story about why they want to sell the vehicle and at such a good price. (more…)

When it comes to studying the impact of online fraud, the discussion always turns financial. For online retailers whose business models rely on Internet transactions to generate revenue, fraud losses that range anywhere from tens of thousands to millions of dollars a year can have a significant impact on their overall business profits.

This is why combating increasingly sophisticated fraud techniques requires online merchants to identify fraudulent orders faster and boost the efficiency of their fraud management functions, without increasing overhead. For one North America retailer whose fraud losses were eating into profits and affecting the customer experience, implementing the right fraud prevention service enabled them to drop annual fraud losses from a peak of $2 million to $180,000.

In our newly downloadable case study, “Online Retailer Uses New Fraud Detection Systems To Cut Fraud Loss Rates,” Forrester Research principal analyst, Andras Cser, shares how the online merchant was able to reduce fraud loss by $1.8 million after deploying iovation’s ReputationManager 360 along with our partner’s case management system. (more…)

Sometimes finding the right fraud prevention solution is the easy part. The real challenge comes when you have to sell the project to your executive team.

Does this scenario sound familiar? If so, you’re in luck. On September 20th, iovation’s senior sales executive, Cory Swick, along with one of our online global marketplace clients, will share their unique perspectives on how IT fraud professionals can properly sell their fraud prevention projects to upper management. The presentation will take place at this year’s Merchant Risk Council Fall Platinum meeting in Chicago, beginning at 4:00 p.m. in the Grand Ballroom at the Drake Hotel.

The presentation, “Selling Your Fraud Strategy Internally and Overcoming Challenges Deploying Third Party Tools,” will demonstrate how focusing on things like brand protection, company image, customer acquisition and retention, and boosting profits can strengthen your case when lobbying for fraud prevention projects that help reduce fraud rates and improve the health of your IT environment. (more…)

Part of maintaining a strong corporate image is ensuring your customers are protected from all types of security threats. This is true for any organization as the health of their brand is often closely linked to their business success. That said, a recent study by TD Bank found that even with fraud cases on the rise, only one percent of small business owners surveyed said falling victim to fraud was a top business concern.

This casual, unwary approach toward security continues to boggle my mind, particularly in today’s highly volatile business environment. But while three-quarters of the small businesses polled said they are incorporating steps to protect their computer systems from fraudsters, Fred Graziano, head of the commercial and small business banking at TD Bank, said companies need to keep up with the latest available fraud preventative technologies and criminal tactics used by more sophisticated fraudsters. (more…)

One of the biggest benefits of doing business over the Worldwide Web is increasing revenues with a broader, international audience. While business potential can be limitless over the Internet, unfortunately, so are the risks. Today, online merchants doing business domestically and overseas need to be aware of the various types of shipping and re-shipping scams that fraudsters are perpetrating to steal from unsuspecting companies.

In the article, “North business loses $8k in online scam,” a company was recently cheated out of $8,000 by an international scam that included fraudulent credit cards and a bogus freight business. The company was duped after a customer requested its purchase to be shipped to Japan via a fake London-based freight company, where additional charges to have the product shipped were added to the bill. When the customer’s payment went through, the freight company emailed the online business saying it could not take credit card payments. It asked for a direct, non-refundable overseas cash transfer, which the business paid for. Because the initial transaction went through, over the next month the company made five additional shipping payments on similar orders, amassing $8,000. (more…)

Every second, someone is sharing personal information about themselves over the Internet. For most online users, this data is meaningless except to the friends and well-intended recipients of the sender. But the truth is, others are watching; and they’re watching closely. For online fraudsters, personal information is carefully pieced together and used to answer security questions that allow them to break into other peoples’ online accounts to perpetrate identity theft and steal from their bank accounts.

In the article, “Fraudster used Facebook to hack bank accounts,” cyber criminal Iain Wood spent 18 hours a day online collecting information posted by his neighbors on social networking sites including Facebook to figure out passwords that would defeat online banking security checks. Prior to getting caught by police, he managed to steal more than £35,000 (approx. $55,000 USD) over a two-year period. (more…)

The attack vectors of online scams morph faster and faster, making it consistently more difficult for security professionals to develop effective preventative solutions. Merely keeping pace with fraudsters’ latest tricks is not enough to adequately protect a system or network. This is especially true for online retailers and other businesses that open their virtual doors to international business.

According to the article, “Credit card fraud is a cross-border crime,” statistics have shown in recent years that online fraud trends can differ dramatically between countries. For example, online payment fraud in the UK dropped 10% from 2009-2010, while the US experienced a 157% rise in attempted payment fraud during that same period. (more…)

When it comes to adopting new technologies, every industry and market has its growing pains. For example, businesses with an increasing dependency on the Internet for sales revenues face a number of security challenges ranging from credit card fraud, phishing emails and social engineering scams. If they aren’t careful, both the business and their customers can fall victim to more complex fraud schemes.

One of the emerging markets experiencing an upswing in Internet transactions is India. According to the article, “How secure are Indian businesses?” the Internet is one of the fastest growing mediums for generating business leads for Indian small and medium-sized businesses, with 57% of SMBs now using their websites as a sales channel. (more…)

A recent report, published by the Office of Cyber Security & Information Assurance in the Cabinet Office and Detica, on the cost of cyber crime revealed that online crime costs the UK economy £27 billion per year. In the article, “UK Cabinet Office Report: The Cost of Cyber Crime,” UK businesses shell out more than three-quarters of the total annual cybercrime costs at £21 billion, while private citizens (£3.1bn) and the government (£2.2bn) round out the overall economical impact.

The study found that IP theft (£9.2bn) and industrial espionage (£7.6bn), combined, account for over two-thirds of the overall cost to UK businesses per annum. IP theft is largely committed against companies with high volumes of IP or IP that’s easy to hack, while industrial espionage includes stealing or exploiting non-IP data from organizations that depend on large amounts of financial transactions and monetary activities.

Other significant cyber crimes that impact UK businesses include extortion (£2.2bn), direct online theft (£1.3bn), and loss or stolen customer data (£1bn), according to the report.

Because organizations today are becoming increasingly dependent on cyber space for business commerce, communications, and daily operations and production, cyber threats pose a significant threat to individual nations, as well as the global economy. This is why reports like these are so important.

Understanding the economical impact cyber crime can have on businesses, industry, and the economy can play a critical role in setting effective security policies and implementing proactive fraud preventative strategies, such as iovation’s device reputation service, which combats new and evolving forms of cyber crime that have a negative impact on organizations across the globe.

You’ve heard the phrase, “Too big to fail,” right? It’s a term that basically says certain banks or financial institutions are so large and interconnected that their failure would be disastrous to everyone else. A similar attitude has been floating around cyberspace for some time. Much like the first term, which the financial crisis proved wrong, the business mentality of being “too small to hack” is also failing.

According to the Wall Street Journal article, “Hackers Shift Attacks to Small Firms,” as small businesses make the leap to computerized systems, they are becoming prime targets for cyber thieves.

Business owner Joe Agelastri, who runs a pair of magazine shops in the Chicago-area, found out the hard way. After cyber criminals planted a software program on his cash registers, which sent customer credit-card numbers to Russia, the breach cost him around $22,000, slicing his annual profits in half. Though somewhat puzzled, Agelastri is just one of a growing number of small business owners who have experienced firsthand how prolific a problem cyber fraud has become in the SMB community. (more…)

The ticker tape of data breaches in the last few months has been astounding. Many have called 2011 “The Year of The Hacker“ and that prognostication has rung true, without question. Halfway through the year, data breaches are an incessant news story.

And despite the constant stream of bad news, consumers continue divulging a tremendous amount of data to retailers, auction sites, dating sites, and gaming sites. While awareness of fraud and cybercrime is at an all time high, consumers seem to feel they don’t have much of a choice but to provide all their data.

People have grown to love the Internet and all the conveniences it offers, both commercially and socially. In my household, little people under five years old whack away at online iPhone games, never knowing what it’s like not to have the Internet.

Many seem to feel that their privacy is the price they must pay for all this connectedness and convenience, and are even willing to put their personal security at risk in exchange. (more…)