It’s a trend that has stood the test of time. Whenever something is a hit with consumers, everybody wants a piece of it. The same is true for cyber criminals, who are basically opportunists that operate on the wrong side of the law. Every time a new technology or social networking service hits a cord with the mainstream, hackers aren’t far behind.

While we know fraudsters can’t resist a sure thing, Craig Scroggie, vice president and managing director of Symantec in the Pacific region, said most of the time consumers turn a deaf ear to such warnings until it is too late. In the article, “Cybercrime to hit tablets,” Scroggie, who has warned consumers about potential threats to email, fake websites and computers in the past, is at it again. This time he says the proliferation of smartphones and tablet devices will soon face the same type of attacks PC owners have long suffered. (more…)

As Internet advancements change the competitive landscapes of industries across the globe, fraud prevention mechanisms are essential to filter online payments and flag or stop suspicious transactions.

According to the article, “Securing Internet Payments,” 70% of all fraudulent credit card transactions originate from card-not-present (CNP) transactions. This has a substantial impact on the public’s confidence using their credit card for online transactions. Lacking the capability to prevent unauthorized transactions and associated fraud and abuse ultimately trickles down to Internet-based businesses’ bottom line revenues and profits. (more…)

Fraud prevention requires layers of defense. Mature fraud organizations often have several layers that interrogate the transaction details such as name, address, and credit card details, device reputation that starts with device identification, and risk scoring on rules developed over time to detect fraud attempts as well as predict new types of attacks.

In order for the business rules engines to be productive, the rules they operate on need to reflect the particular risks the organization faces. When it comes to customizing business rules, this is not a “one size fits all” model. Giving a retailer, financial institution, or gaming company the ability to easily create and manage rules that are run against their transactions requires a tool that makes it simple to see, add, edit, and experiment with rules.

The iovation business rules editor provides great flexibility in managing the set of rules to be reviewed for transactions such as login, account creation, account change, and checkout. Rule sets are the collections of rules for each end-customer touch point. Rules can be added with a familiar drag-and-drop, enabled and disabled with one click, parameters can be adjusted, and lists of common items can be managed and included. An example of a list is a ‘risky ISP list’, where the user can create a list of risky ISPs and use that same list in multiple rules. If the list changes, all rules leveraging that list will be immediately updated. New rules can be evaluated without impacting scoring results by giving them a zero weight and tracking how frequently they are triggered.

The iovation rules editor provides additional flexibility to help you keep up with the evolution of fraud while protecting your business.

Raising the awareness of fraud and emerging fraud trends is in the best interest of everyone, particularly those who purchase, sell and communicate with others on the Internet. For this year’s Fraud Prevention Month, the annual education and awareness campaign focused on the growing concerns of online fraud.

With total losses to Internet crime topping $599 million in 2009 (the latest annual statistics), educating others about the current state of fraud, evolving fraud tactics, high at-risk groups, and best practices to identify and prevent fraud, plays a critical role in helping consumers and businesses protect themselves from online fraud.

Fraud Prevention Month is also an indicator of how much still needs to be done for businesses to adequately protect themselves and their customers from today’s growing threats. (more…)

The Federal Trade Commission (FTC) recently reported that for the 11th straight year, identity theft was the leading complaint among consumers. In the article, “Identity theft and impostor scams among consumer complaints last year, FTC says,” over 250,000 (19%) of the 1.3 million complaints filed to the FTC in 2010 were related to identity theft. While there are many weaknesses in the protection of personal data, many speculate that the Internet has played a huge role in exacerbating this problem.

With identity theft the clear leader of consumer complaints over the past decade, what I found most surprising is that impostor scams — the means of deceptively assuming another identity (either that of an individual or of an organizational entity) — only cracked the FTC’s Top 10 most complained-about consumer issues for the first time last year, coming in at No. 6 with over 60,000 complaints.

With impostor scams, fraudsters earn trust with their victims by impersonating anything from credible, trustworthy businesses to consumers applying for credit or purchasing items over the Internet. Whether fraudsters are attempting to defraud individuals or socially engineer businesses, identifying cleverly concocted impostor scams requires the ability to see beyond the information provided by criminals.

(more…)

A recent Norton study estimates that cybercrime will cost Britain £1.9 billion in 2011. That’s an average cost of £103 per victim of online crimes. This information is based on the security firm’s new Cybercrime Index, which displays online threat levels in various countries.

By taking data collected from 113 million servers globally that track cyber attacks like identity theft, phishing threats and fraud activity, the Cybercrime Index is a website that acts like a stock index, informing Internet users about the day’s biggest online threats. (more…)

With today’s cyber criminals more financially motivated, organizations need ways to better protect sensitive areas of their websites that process electronic payments. To handle the volumes and high availability requirements of demanding financial institutions, iovation has partnered with Affirmative Technologies, which provides a suite of Automated Clearing House (ACH) services and other risk management and verification solutions to its financial clients.

Through this partnership, Affirmative Technologies will offer customers iovation’s ReputationManager 360, which combines customizable business rules, risk profiles, and the shared experiences of more than 2,000 fraud analysts from leading brands worldwide, as a strategic component of its risk platform. By combining Affirmative Technologies expertise in electronic payments with our risk assessment and global device reputation solution, companies get an extra layer of security to authenticate users before they enter their secure websites. (more…)

Neither, they are just a mechanism to how the Web works.  The bigger question is, are the uses thereof good or bad.

Microsoft, Google, and Firefox are implementing do-not-track features into their browsers, giving consumers the option to block cookies that may track their surfing for advertising purposes.

Most major websites now install cookies on your computer, which, over time, help develop a profile that serves as your digital fingerprint. This is why, after searching for a specific product, you may notice advertisements for that particular product or brand appearing on various other websites.

But not all cookies track you in order to sell you something. Many are there for security purposes. Merchant Risk Council considers “where the line is drawn between the proper and improper uses of this type of technology (protecting against online fraud vs. targeted online marketing).”

Several companies use cookies as well as other technologies, such as tokens, along with sophisticated and unique pattern matching that can only be derived from extensive and unique experiences with a shared reputation database, to identify and re-identify devices. (more…)

In a relatively short period of time, mobile devices have changed the way people access the Internet. So much so that mobile web traffic is expected to overtake desktop access by 2015.

Banks understand this, which is why they’re pushing mobile payment apps that are designed to make mobile banking and mobile payments faster and easier for their customers directly from their smartphones and tablets. However, because mobile transactions between banks, merchants and mobile devices aren’t as closely guarded as they are over the Internet, cyber criminals are taking advantage of this vulnerability by targeting banks and online businesses with their mobile devices.

The recent article, “Theft gangs using smartphones to steal bank card numbers,” provides another example of how Web services and new mobile devices are being used by criminals to commit financial fraud. While the rise in identity fraud is leading banks and other financial institutions to consider security tools that help protect them and their customers from mobile transaction fraud, Donald Malloy, business development manager for NagraID Security, said U.S. banks haven’t been too receptive to security measures that require customers to take additional steps such as more passcodes to authorize transactions because this creates an extra inconvenience when making a purchase. (more…)

For romantics across the globe, love is in the air this Valentine’s Day. But like love itself, it’s also a time to be cautious when seeking romance online. In the article, “Be fraud safe this Valentines — top tips to avoid online dating fraud,” the Action Fraud report found that over the past six months approximately £2.5 million was stolen by online dating fraudsters.

Dr. Bernard Herdan, CEO of the National Fraud authority who runs Action Fraud, said fraudsters who take advantage of online dating sites are a particularly sinister bunch, who use clever tricks to gain the confidence and affections of legitimate site users before asking for money. He warned that nobody should ever send money to someone they’ve never met in person. (more…)

When it comes to helping online businesses fight fraud and abuse, iovation is in a league of its own.

After being recognized by the international gaming and online dating communities in January as one of the top technologies for preventing fraud and increasing profitability, productivity and efficiency, we are extremely proud and honored to be recognized by industry leaders in e-Commerce as one of the most innovative fraud fighting tools for online or multi-channel retailers.

To be eligible for the awards, all entrants must be available for online or multi-channel retailers to use for the purpose of measuring, monitoring or mitigating one or more of the following: card-not-present fraud; advancing online data security; improving online payment processes; and advancing the MRC’s vision of making electronic commerce more efficient, safe and profitable.

This week, the Merchant Risk Council (MRC) announced that iovation ReputationManager 360 has been named a finalist for the 2011 MRC Emerging Technology Awards (also known as the METAwards). The awards are judged by a panel of merchants that include the likes of eBay, BestBuy.com, Go Daddy, HP, Microsoft, NCsoft, Tiffany & Co., Urban Outfitters, T-Mobile, among others. (more…)

We’ve recently learned that iovation ReputationManager 360 has been selected by the Info Security Products Guide as a finalist for this year’s Global Excellence Awards. Our fraud prevention service, which combines device identification, device reputation and real-time device risk reporting to prevent card-not-present (CNP) fraud and other online abuses, has been recognized in the categories of Risk Management and Best Security Service.

While this and the other accolades we’ve received lately have been nothing short of overwhelming, we are extremely proud of being recognized by industry leaders and associations across multiple industries. Because we serve online retail, gaming, social community and financial services companies, the acknowledgements have been a testament to iovation’s ongoing commitment to make the Internet a safer place to interact and conduct business, as well as reinforces the positive impact we make in the everyday lives of our customers by protecting their online transactions to reduce fraud rates.

The 2011 Global Excellence Awards will be announced at an awards gala, February 16th, in San Francisco.

Distinguishing transactions with real risk from those that only appear risky is one challenge of effective fraud management. False positives can dramatically degrade fraud catch while increasing operational costs. Risk rules based on IP address, including the ability to see through proxies to unmask the real source IP address, are a good example. It’s well known that many fraudsters use web proxies to hide their source IP address. They may use proxies simply to evade recognition, to source transactions from locations that match stolen identities they wish to exploit, or to overcome rules blocking transactions from high fraud rate countries. At first blush, a transaction may seem risky if the ‘stated’ IP does not match the ‘real’ ip address. But let’s look a little closer.

There are situations where a mismatch between presented IP address and actual IP address does not indicate risk. These include certain ISPs, corporate networks, and CDN services that either require their users’ web traffic to pass through proxies or have service configurations that result in proxy-like behavior. If the IP addresses don’t match but the locations do, that can help filter out some of these false positive, lower risk scenarios. Likewise, if the IP addresses differ but the ISP is the same, proxy risk is typically low. When the IP addresses don’t match, the geolocated country or region differ, and the ISPs are not the same, that is much more likely to be an example of intentional proxy use by the end user.

Of course, legitimate site visitors sometimes use proxies too. So, proxy risk should be considered in conjunction with device reputation and other risk indicators for balanced real-time transaction decisioning.

Most of us would have no idea Egypt had pulled the plug on the Internet unless it was splashed all over the news. However one company called iovation knew right away.

Basically “just like that” the up to 1000 fraud checks they receive every hour out of Egypt dropped to zero. At first glance one would think there was some type of meltdown or maybe Egyptian scammers all of a sudden decided to get a job.

Normally, iovation would see thousands of queries from Egyptian customers interacting with businesses of all types, including social networks, online dating sites, online gaming sites, banks and retailers. Then at about 6:00 pm Eastern time, nothing.

“We’ve got a unique view of the Internet at iovation. Our service experiences the interaction of unique computers and mobile devices from every nation on earth, across a broad swath of Internet commerce,” says VP of Corporate Development, Jon Karl. “When we’re seeing Egypt’s Internet fall off a cliff, it’s at a more precise individual user level rather than just through aggregated online traffic. While transactions from Egypt represent a very small percentage of the queries to iovation’s service, it has a ripple effect that’s felt by a wide variety of our customers.” (more…)

They sell a variety of goods and services online. Offer a seller’s commission and volume discounts. Need project work? They’ve got that, too. It all sounds like any run-of-the-mill online business, right? While this website may operate like any other business, PandaLabs research has found that black market websites are anything but legitimate online businesses, illegally profiting from stolen financial information and other services aimed at defrauding businesses and consumers alike.

In the article, “Report: Stolen data sold over online black market,” the security firm revealed that cyber criminals have set up shop online to buy and sell everything from stolen bank account information, credit card numbers and passwords to consulting and technical services around developing and operating fake online stores. (more…)