There are many options for purchasing tickets online, but not all are safe and secure. One Forbes blogger revealed how he was scammed when attempting to purchase NFL tickets. And how did he encounter these scammers? Through Craigslist.

“The seller had a Gmail account and a cell phone number and a plausible-ish explanation about why he couldn’t use them, and he was willing to meet her in person to hand them over, and they looked more or less like the last tickets I bought. So we bought them. And we went to the stadium gate, where the guy who scanned our bar codes told us we had to go to Will Call, and the lady at Will Call took one look at our tickets and pronounced them fakes.”

Ticket scams have been occurring for years. When a ticket is nothing but a piece of paper with a barcode that will be scanned at the event entrance, counterfeiting is child’s play. Some events provide wristbands to ticketed attendees, which can also be easily faked.

To avoid scams, buy tickets directly from the box office, the venue’s official ticket exchange, or any other popular website or major brand specializing in ticket sales. The blocks of tickets sold by resellers are generally legit, but have the reseller walk you to the gate and get confirmation from a ticketing agent before handing over any money.

Exercise extreme caution when using Craigslist. Do not trust watermarks, barcodes, and other low-tech security features that make tickets slightly more difficult to recreate, but are often lost on the general public when it comes to determining authenticity. A ticket may look real, until a ticket agent scans it and you are denied entry.

One way that online ticketing providers are fighting back is through the use of device reputation technology. This allows them to uncover computers and related devices that are responsible for fraudulent activity at the point of sale, and deny transactions from these devices. This kind of visibility gives ticketing services businesses a powerful advantage by allowing the to easily identify and block scam artists before the damage is done. One ticketing provider alone reduced total fraud losses by 98% with device reputation.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses identity theft  in front of the National Speakers Association. (Disclosures)

Your success in stopping online fraud and abuse is largely determined by the fraud prevention techniques you employ and how you measure transaction risk. With cybercriminals pushing the limits to exploit vulnerabilities, it’s imperative that organizations educate themselves about security trends, best practices and the latest tools available to thwart evolving fraud threats.

To empower fraud analysts, iovation will be sharing some of the methods that online businesses are using to fight fraud, in an upcoming webinar titled, “Top 10 Business Rules Used by Online Merchants,” on Wednesday, May 23rd from 9:00-10:00 am PDT.

Of course, we can’t share everything, but we will provide insight into some of the business rules and levers that you can adjust to decrease manual reviews, identify suspicious activity much more quickly, and automate transactions flowing into your “accept, deny or review” queues.

iovation’s Vice President of Global Sales, Max Anhoury, and Senior Implementation Manager, Anthea Karl, will lead this discussion on proactively assessing risk and determining which transactions to trust and which to reject. The webinar will discuss important fraud detection topics such as:

• Which website integration points pose the highest risk
• How global fraud analysts use and share information about 10 million fraud events
• The top business rules in use today by iovation clients
• Various ways geolocation and country rules can be used
• How velocity, watch lists, anomaly and risk profile rules work
• How to customize risk scoring and set thresholds
• How to adjust rule settings as new threats emerge

Tom Donlea, Managing Director at the Merchant Risk Council who is providing the platform for the webinar, said sharing fraud prevention information with online business plays an important role to individual organizations and online communities as a whole.

“Improving the knowledge of key trends and best practices improves the collective fraud prevention efforts of the entire online merchant community.”

Register for the Top 10 Business Rules webinar on the MRC website: https://www2.gotomeeting.com/register/266794706.

This week at the TechAwards, iovation was awarded the 2012 Technology-Service Company of the Year. The award recognizes the Technology-Service company that has made the biggest positive impact to their customers and to Oregon. I was honored to accept this award on behalf of everyone at iovation who work tirelessly to protect our customers from fraud and abuse. We’ve been recognized with similar awards over 30 times in as many months.

While public recognition is always appreciated, I’m even more proud of the things that happen behind the scenes.

In addition to efficacy, ROI, cutting edge technology and roadmap, new customers often cite our exceptional team as reasons they love working with us. Our team routinely receives high marks and compliments from our clients through qualitative and quantitative customer surveys. And best of all, I regularly receive unsolicited phone calls or emails from customers going out of their way to express their appreciation for various members of our team.

Congratulations to the entire iovation team for being recognized as the 2012 TechAwards Technology-Service Company of the Year. And thank you for all your hard work and dedication that is also being recognized off-stage.

- Greg

To see photos from the awards banquet, please visit: facebook.com/iovation

In one such case, Romanian hackers are alleged to have remotely accessed hundreds of small businesses’ POS systems and stealing enough credit card data to rack up fraudulent charges totaling over $3 million. The hackers’ targets included more than 150 Subway restaurant franchises and at least 50 smaller retailers.

Officials report a wave of credit and debit card attacks, involving point of sale terminal swapping, data skimming, and hacking into payment processors. The U.S. Secret Service, for example, will not disclose details about specific cases, but confirmed, “they are conducting a multi-state, multi-country investigation into this string of crimes.”

Meanwhile, the Oklahoma Bankers Association has stated, “It is beyond apparent our bankers are taking great losses on these cards and we also need to explore creative ideas to mitigate these losses. It is in the best interest of retailers, bankers, processors and card providers to find ways to limit these losses so that debit and credit cards can remain a viable method of payment.”

When the use of these stolen credit cards go online, iovation’s ReputationManager 360 helps banks and online merchants avoid fraud losses by detecting high-risk behavior and stopping cybercriminals in their tracks. iovation’s device identification and device reputation technology assesses risk on activities taking place at various points within an online site such as account creation, logging in, updating account information, attempting a purchase, or transferring funds. These checks can be customized and fine-tuned to suit the needs of a particular business, detecting fraudulent and risky behavior in order to identify and block cybercriminals for good.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses POS skimming on CBS. Disclosures.

While encouraging reports like the UK Cards Association announcement in March show how credit card, debit card and online banking fraud losses have declined over the past three years, this doesn’t mean that the fight is over. On the contrary, we know how tenacious fraudster are, and that it’s merely a matter of time when cyber crooks create new schemes to launch against the online gambling industry.

Working directly with more than 50 major international online gambling operators to combat fraudulent transactions through our advanced device identification technology, iovation is dedicated to keeping the gambling industry up to speed with the latest fraud threats facing today’s gaming operators. Part of this education process is speaking with industry experts at forums to discuss new methods that cybercriminals are using to harm businesses and their customers.

On Thursday, May 10, iovation’s Chris Thomas, Marc Wood of Experian, and payments advisor Sarah Francis will discuss why the payments industry has experienced a significant drop in fraud losses and discuss how that affects the online gambling fraud industry. The panel discussion, “Fraud Protection: Have We Won?” will take place at the EGR (eGaming Review) Subscribers Forum.

iovation, which uses device intelligence to provide early detection of high-risk activity, helped our online gambling customers stop 8.6% of their overall transactions between January and March 2012, which were fraudulent. In doing so, these losses were prevented.

In addition to the panel forum, for the second year in a row, iovation is a finalist for the EGR B2B awards in the category of Fraud and Compliance Solution of the Year. Last year we claimed the title. Will we do it again? The conference and awards banquet will take place in the Great Hall at Wembley Stadium in London. Don’t miss it!

For example, the number one online fraud offender does his best work at 1:00 am local time in Ghana, or 5:00 pm PST. For the number two fraud offender, it’s 6:00 am Nigerian local time, or 9:00 am PST. And for number three, it’s 3:00 am in the Philippines, 11:00 am PST. That’s just one of many times when “carders,” who steal credit card numbers, take over existing accounts. 

Account takeover occurs when your online bank or credit card accounts are infiltrated and money is siphoned out. A hacked account through phishing attempts or stolen credit cards is often to blame. Criminals use stolen credit card numbers to make unauthorized charges online. Unlike regular storefronts, which may open at 10am and close at 6pm, online retailers are open day and night—in many cases doubling or tripling opportunities for theft.

While cyber fraud is a 24×7 problem, many bad actors conduct their “business” while West Coasters are bright-eyed and bushytailed, from 11:00 am—right before lunch—through dinner at 5:00 pm, and right before many of us head off to bed around 9:00 pm (at least if you’re like me, 43 years old with small kids).

iovation is the company that released these top fraud times, using data gleaned from the billions of transactions protected by their online fraud prevention service, ReputationManager 360, in 2011. The complex device identification technology allows businesses to gain grater flexibility and control over the activity on their websites by incorporating deep intelligence about end-user devices, associated accounts, and shared history.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses identity theft  in front of the National Speakers Association. (Disclosures)

Facebook estimates that as of December 31, 2011, false or duplicate accounts represented approximately 5-6% of monthly active users, but also stated, “This estimate is based on an internal review of a limited sample of accounts and we apply significant judgment in making this determination, such as identifying names that appear to be fake or other behavior that appears inauthentic to the reviewers. As such, our estimation of false or duplicate accounts may not accurately represent the actual number of such accounts.”

Why would anyone set up a fake Facebook account?

To steal your clients or potential clients. To squat on your name or brand. To post infected links while posing as legitimate individuals or businesses. To offer deals with links to spoofed websites in order to extract credit card numbers. To damage your name or brand. To harass you or someone you know. To co-opt a name or brand that has leverage in order to obtain privileged access.

Social media websites could go a long way in protecting their users by incorporating device reputation management. Rather than relying solely on information provided by a user (who could be an impersonator), device reputation goes deeper, identifying the computer or other devices being used, so that known scammers and spammers are exposed immediately, and potentially threatening accounts are denied and users abused.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses social media Facebook scammers on CNN. Disclosures.

Javelin Strategy & Research estimates that nearly 12 million Americans were victims of identity theft in 2011—a 13% increase over 2010. Interestingly, but not surprisingly, Javelin attributes this increase to the proliferation of smartphones and the popularity of social media, in addition to several major data breaches resulting in tens of millions of records being leaked.

Websites like Facebook certainly provide a great deal of data that can be used to help criminals crack knowledge-based passwords, and websites like LinkedIn make it easy for criminals to gather additional intelligence in order to conduct social engineering scams. Meanwhile, smartphones have become the keys to many of our digital lives now that we use them for social media, online shopping, and online banking. Smartphone users are even more likely to be victimized if they neglect to password-protect their devices, which are often lost or stolen.

Access to so much sensitive data has allowed criminals to take over existing credit accounts and quickly turn that data into cash. The most popular strategies are for fraudsters to add their own names as registered account users, or changing the physical address for a stolen account.

Account takeover or hijacking could be detected and prevented if online banking and shopping websites integrate a real-time device reputation check at the point where profile or account information is being updated. The power of this check raises red flags when certain business rules are triggered, such as exceeding a business’s predetermined threshold.  Examples might be when an account is being accessed from a brand new country, or too many different devices are accessing an account, or even when the device making account updates has exceeded the number of accounts that it is associated with at that bank or retailer. By customizing and weighting real-time business rules to prevent bad actors from accessing your customer accounts, this early detection might mean the difference in keeping a good client’s account safe, keeping that good customer’s business, and keeping bad actors out.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses identity theft  in front of the National Speakers Association. (Disclosures)

In order to ensure high levels of service quality, iovation monitors our service performance from a network of 75 nodes globally around the world. After the launch, the load times were reduced significantly from each of 17 European region monitoring nodes.

As anyone operating online properties knows, improvements such as these to content load times will cause measurable improvements to critical business metrics. While I can’t share the details here, iovation has seen improvements to both device printing quality and Real IP generation times for end users located in Europe.

Beyond the improvements to our product, this new facility brings online more Device Printing capacity to handle ever growing customer needs and it further increases the resiliency of the service by giving us yet another site to direct traffic to in the unlikely event of trouble at any of our other sites.

Let’s be frank

It is my belief that the majority of companies that are not willing to talk about their infrastructure are unwilling to do so because they have things to hide. I don’t subscribe to that model as I truly believe that iovation has done the right things when it comes to service availability/scalability/security. With this new site I feel that we have again hit that high bar which iovation is always striving for and should be willing to talk about it. So let’s dive into some technical details.

Deployment options

In preparing for this project we evaluated many different potential deployment options including Public Cloud, Private Cloud, Rented Servers, and iovation owned hardware. Each of these options has differences in their performance, resiliency, security, and scalability. In the end, after evaluating and testing the field of options, we chose to go with a time tested solution of deploying our own hardware. We felt this was the best balance (at this time) in order to provide us with the level of security, performance consistency, and resiliency that our customers demand.

Where to put it?

Once we decided on a path of physical hardware deployment we had to chose a geographic locale and facility with the connectivity in order to serve our customers needs best. After an extensive evaluation, we chose Amsterdam, The Netherlands as the place for equipment. This decision in large part was due to the nexus of fiber communication networks in Amsterdam with it being centrally located, and on continental Europe (i.e. not incurring the extra latency penalty from the UK).

The facility

After evaluating many facilities, we chose to partner with TelecityGroup to provide us space in their latest flagship datacenter, AMS5. This facility is state-of-the-art with massively redundant power and cooling systems at each tier of their infrastructure similar to the design at the Westin Building in Seattle, but built from the ground-up as a purpose-built datacenter.

TeleCity AMS5

A view from the mechanical hallway above one of the datazones. Here you can see the redundant power feeds A/B to each cabinet, plus the redundant fiber and copper cableways to each cabinet.

One of two access hallways (plus air handler space) providing access into one of six data-zones within the facility. Every other door is a hot or cold aisle.

One of eight electrical rooms

One of eight transformer rooms

One of eight generator rooms

One of many sets of redundant pump arrays to handle the various cooling loops

One of multiple backup mechanical chillers in the event the passive “free” cooling systems are unable to handle the load

Distributing traffic

As mentioned previously, iovation partners with Dyn to leverage their global Anycast network of DNS servers in order to provide ultra-fast lookups to our customers and end users. As you might expect, we also leverage their technology to provide global load balancing ability. Each time a request comes in to a Dyn server, we have them direct the user to the closest iovation node that can handle their request.

The equipment we deployed

While we don’t disclose specifics of our architecture, at the high level, you can be assured that we have fully redundant internet feeds (via diverse paths within the facility and outside the facility), redundant switching infrastructure, redundant firewalls, redundant load balancers, and redundant application tier servers. Deploying two sets of all of our infrastructure is expensive, but it is what enables us to provide our customers with the service availability they expect.

What is the net result?

With the careful analysis iovation has done, the facilities we have selected, and the equipment we have deployed, we are positioned to provide ever increasing service quality and capacity to our customers as demand for our products grows.

As always, if you have comments or questions please feel free to reach out and send me an email.

Fifty-eight percent of the more than 200 banks and credit unions surveyed said they plan to increase investments in fraud resources by 10-20% in 2012. Despite these increasing numbers, only 11% said they have come into conformance with the guidelines. Adding to that was the fact that half of the respondents said they don’t conform now, and nearly a quarter said they are unsure of their state of conformance.

This confusion around the FFIEC’s best practice suggestions, and the uncertainty about which are the most effective security tools to invest in, is disconcerting to Gartner analyst, Avivah Litan.

“This survey results reflect the confusion among most banks as to what’s expected of them when it comes to practical technical solutions.”

The survey results highlighted some key finding in the areas of fraud concerns and planned security investments for 2012, including:

Top Fraud Trends

• Credit and Debit Fraud
• Check Fraud
• Phishing and Vishing (Social Engineering Schemes)
• ACH and Wire Fraud (Account Takeover)
• ATM Fraud (Skimming and Ram Raids)

Top Planned Security Investments

• Enhanced fraud detection and monitoring systems (61%)
• Increase and improve staff training (49%)
• Enhance customer and member education efforts (43%)
• Improve out-of-band verification (33%)
• Enhance controls over account activities (27%)
• Invest in anti-money-laundering tools (26%)
• Enhance dual authorization through different access devices (24%)
• Improve how they track high-risk customers (21%)

From the layered security perspective, 66% of respondents said they continue to face challenges. One of the reasons why online fraud continues to be a nagging problem is companies continue to fight cyber crime by themselves. With today’s fraudsters collaborating and communicating with each other, businesses working solely within their own data silos to stop fraud are putting themselves at a considerable disadvantage.

At iovation, we promote real-time collaboration between fraud managers to detect and prevent fraud from occurring. Built on the expertise of over 2,000 cross-industry fraud analysts and tracking more than 900 million unique Internet-enabled computers and mobile devices and their associations, iovation’s ReputationManager 360 combines complex device identification with data, reporting, analytics and expertise that allows companies to proactively identify and stop fraud before it happens.

Implementing a fraud-fighting solution that looks at the device and shares its reputation can provide a multi-layered security defense that many of today’s fraud experts say is essential for reducing the impact of evolving forms of financial fraud.

For our valued clients, iovation will be hosting a Fraud Force User Group Meeting on June 5th at the Chicago Hard Rock Hotel. This is a unique opportunity for clients to share insight and perspectives on fraud trends, complex device identification, and layered fraud prevention techniques.

Bringing together major online businesses from around the world in an intimate setting can provide valuable insight into how to better protect these sites, plus attendees will better understand how to get the most out of iovation’s device reputation technology. iovation clients participate in Fraud Force user groups to:

• Maximize business rules to optimize early fraud detection
• Review new and improved device categorization
• Discuss mobile trends, fraud strategy and daily workflow
• Review ReputationManager 360 beta features
• Understand the product roadmap and have an opportunity to provide input
• Integrate out-of-band authentication and verification products into their strategy

This full-day user group is exclusively reserved for iovation clients only. To learn more and RSVP for this upcoming event, please visit http://www.iovation.com/user-group-chicago.

By combining iovation’s ReputationManager 360 fraud preventative solution with TeleSign 2FA, phone authentication and verification services, we are proud to offer the industry’s first solution that pairs a phone-based authentication and verification service with a global device reputation tool to fight online fraud.

Bringing together our security solutions is essential to combatting online fraud in today’s evolving mobile marketplace. By having a powerful, multi-layered intelligent authentication process in place to proactively identify and verify high-risk transactions whether they are initiated by a computer or a mobile device such as a tablet or smartphone, gives online consumers and businesses an additional layer of protection and confidence when purchasing goods and communicating on e-commerce websites or deciding whether to accept or reject online customer transactions.

How does it work?

When iovation ReputationManager 360 flags a transaction as risky and meets the customer’s set threshold, iovation will automatically trigger a TeleSign Phone Authentication or Verification transaction to a landline or mobile device (including smart phones and tablets) with either an automated voice call or SMS. If the user enters with the code on the site, the transaction continues, if not  the transaction can be routed to an alternative workflow.  A record of the failed transaction is logged with iovation and can be considered in future transactions.

TeleSign’s PhoneID also provides details about a user’s phone number to enable customers to quickly assess risk. Along with providing an automated mechanism for validating questionable transactions, the joint offering allows our clients to add two critical FFIEC compliance security layers, which provide an extra level of defense against Man in the Browser (MitB) attacks.

By combining our complementary fraud-fighting solutions, clients leveraging the service are able to detect and block fraud across industries and all Internet-connected devices more frequently, expose hidden fraud rings, and better protect their business and customers from today’s more challenging and dynamic fraud landscape.

We recently announced how iovation’s ReputationManager 360 online fraud prevention solution played an instrumental role in helping the Kirkland, Washington Police Department bust an identity theft and retail fraud ring that targeted 20 major retailers and victimized at least 15 people that resulted in tens of thousands of dollars in fraudulent charges.

Leveraging iovation ReputationManager 360, online retailers, credit issuers and law enforcement are able to connect the dots between fraudulent transactions and high-risk devices. In this particular case, what started out as a single fraud incident resulted in the discovery of more than a dozen additional victims tied to the same fraudulent device.

The case started when a report of $5,000 in fraudulent credit card charges at a large electronics store and two department stores was reported. It just so happens that the credit issuer was using iovation to flag fraudulent credit card applications and tracking that back to the specific computers used. This information, combined with surveillance photos and other offline detective work, provided the perfect blend of digital and physical data that law enforcement needed to bust the crime ring.

“Offline clues helped, but the online digital bread crumbs sniffed out by iovation were critical in tying everything together, leading to a much bigger crime ring than we originally suspected.” – Kirkland Detective

What began as a small state case with a single victim has now turned into a federal indictment with nine counts including bank fraud and aggravated identity fraud.

If you are interested in hearing the details on how iovation’s device intelligence and the Kirkland Police Department worked together to take down this fraud ring, this case study will be presented today at 9:00 am today at the Merchant Risk Council’s (MRC) Annual e-Commerce Payments & Risk Conference.

On Monday, March 26th, iovation’s vice president of corporate development, Jon Karl, and Experian’s product manager director of fraud and identity solutions, Ken Pruett, will lead a interactive session addressing these and other online fraud threats at the 2012 Merchant Risk Council (MRC) Annual e-Commerce Payments and Risk Conference in Las Vegas.

In the Merchant Focus Group, “Account Takeover and Identity Theft — An Increasing Merchant Threat,” Jon, Ken and others will share their insights into this growing trend and how successful fraud-fighting teams are currently detecting and combating both account takeover and identity fraud. Key topics and takeaways from this session will include:

• What tools are available and being used to detect account takeover and identity theft
• How to layer these tools for optimal protection levels
• Account behaviors and patterns that indicate a threat
• Best practices for balancing safeguards versus customer friction
• An understanding of the source problems that create a conducive identity theft or account takeover environment

This is the first event of the MRC conference. Space is limited for attending merchants, so RSVP today. The session, which takes places in the Wynn, Room: Mouton 1, is scheduled for 4:00-5:30 p.m. The registration desk opens at 3:00 p.m. We hope to see you there.

Allowing merchants to share collective fraud evidence on unique Internet-connected devices including computers, tablets and mobile phones can play a critical role in mitigating online payment risks on the tens of thousands of transaction requests online companies receive each day.

Due to iovation’s unique ability to provide businesses with powerful device intelligence to prevent all types of online fraud and abuse, we are proud to announce our ReputationManager 360 solution has been selected as a finalist for the 2012 Merchant Risk Council (MRC) Emerging Technology Award (METAward). This is the second straight year we have been so honored.

One of the reasons for this continued recognition has been our exploding customer base and the growing number of device reputations we manage. In 2011, our shared database of device reputations grew by more than 70%, and today stands at 900 million devices worldwide. Over the same period, the number of online merchants submitting verified fraud events and utilizing our fraud preventative service rose 38%.

Along with helping a wide range of businesses, across many industries, and many sizes – from Fortune 500 enterprises to medium-sized businesses, expand their fraud knowledge and surveillance beyond their corporate walls, ReputationManager 360 provides merchants with a live view of the hidden associations between accounts or transactions to expose and shut down fraudsters already working together within their environment.

The METAward winner will be announced at MRC’s 2012 e-Commerce Payments and Risk Conference, which takes place March 27-29 in Las Vegas.

On Friday, we were proud to announce that Forrester Research, one of the world’s most respected independent research firms, recognized our ReputationManager 360 fraud preventative solution as a “strong performer” in its report, “The Forrester Wave™: Risk-Based Authentication, Q1 2012.”

In the study, Forrester security analysts Eve Maler and Andras Cser wrote:

“iovation provides an association network and has a great network of fraud integrations.”

Being included in this report validates how our innovative device reputation solution stands out from more traditional fraud detection tools. As a pioneer in device-based reputation, we give Internet-based businesses the unique ability to understand which users are trustworthy, and which online transactions are fraudulent and high-risk.

As stated in this report, “In this dynamic and emerging market, most legacy OTP and web single sign-on vendors have offerings in this space, and many device fingerprinting companies offer RBA features. Vendors have been concentrating on: 1) creating reliable device fingerprints for not only desktops but also mobile devices; 2) creating self-learning systems to detect behavioral anomalies; and 3) combining statistical models with rules to establish a risk score.”

By sharing cyber fraud methods between hundreds of clients representing a broad range of industries and fraud analysts around the globe, iovation allows companies to proactively identify computers, tablets and mobile devices accessing their website. Acting on device intelligence in real-time helps businesses stop all forms of online fraud and abuse, as well as expose fraud rings by uncovering hidden associations between known fraudulent devices and online accounts. By tracking 900 million Internet-connected devices worldwide, ReputationManager 360 has protected more than 7 billion online transactions for our cross-industry customers.

To evaluate the risk-based authentication providers, Forrester used four data sources to assess the strengths and weaknesses of each solution, including vendor surveys, product demos, customer reference calls and independent, hands-on product testing. Criteria for qualifying providers included product revenues of more than $2 million, and an install base with credible, named references in financial services, healthcare, insurance, public sector and retail. To read or purchase the report, go to the Forrester Consulting report webpage.

Most of the top-tier U.S. banking institutions know this, which is why they already offer mobile banking and payment options to their retail and commercial customers. And for those that don’t? They are working diligently to offer mobile services by the end of the year.

So, where is this all leading? According to the Aite Group, a financial services research and consulting firm, the number of consumers that will be using some form of mobile banking is expected to increase to roughly 44 million by 2014.

While this is good news for financial institutions that offer mobile services, the first question that comes to mind is: “Are they investing the same in security technologies to protect all banking channels?”

As we’ve learned in the past, with any new or emerging platform — mobile being the latest — fraudsters are never far behind. In a 2011 study, the Aite Group found that 88% of global financial executives believe the mobile channel will be the next big point of fraud exposure for financial services companies. Aite’s Julie McNelley, who specializes in banking and payments fraud issues, says:

“We’ll see the same threats that are affecting the online environment affecting the mobile environment. From that perspective, ACH fraud will be a concern.”

With new mobile platforms like smartphones and tablets starting to experience the same type of fraud attacks traditionally used against computers, McNelley added that banks offering new mobile platforms need to deploy security tools to mitigate risks before offering mobile options to conduct financial transactions.

“People are going to have to be more proactive; you can’t be taking a wait-and-see approach.”

Just as consumers are leveraging mobile platforms to juggle their busy lives, financial services companies need to deploy effective security tools to detect fraud across multiple channels. While there is no magic solution that can completely protect an enterprise from every type of fraud, fraud prevention tools like iovation’s ReputationManager 360 allow businesses to employ a multi-layered defense against fraud and abuse across multiple platforms, including PCs, laptops, smartphones and tablets.

iovation uses a shared fraud database of more than 850 million unique device reputations around the globe to give financial services companies access to powerful device intelligence to identify in real-time when known fraudsters are trying to access their website or log into existing accounts. Recognizing or re-recognizing a device with a history of fraud or abuse enables businesses to instantly act on fraudulent and risky transactions, as well as shut down accounts connected to bad devices. Doing so enables companies to proactively stop fraudsters before they can expose multiple banking channels to fraud.

Analyzing data from more than two billion online transactions our ReputationManager 360 fraud preventative solution checked for our customers in 2011, we’ve narrowed down specific times of the day when some of the most productive online fraud offenders were hardest at work.

Not surprising, the most dangerous hours for cyber attacks were between 1:00 a.m. to 6:00 a.m. local time(s) for the countries with the highest global fraud rates (by percentage of transactions originating from that country). The following represents the hours when iovation stopped the largest amount of online abuse:

• 1:00am local time in Ghana (5pm PST) — Top online fraud offender
• 6:00am local time in Nigeria (9pm PST) — No. 2 online fraud offender
• 3:00am local time in the Philippines (11am PST) — No. 3 online fraud offender

To combat today’s around-the-clock online fraud cycle, businesses need to process data in real-time. Deploying an active-active environment gives companies the ability to replicate data between different geographically distributed servers so they can answer customer queries with up-to-date information to prevent fraudulent transactions 24×7. Any delay from failover to a secondary facility (such as an active-standby state) can minimize uptime, leaving a company’s website susceptible to fraud or abuse at any given point in the day.

To ensure maximum availability for iovation’s online fraud prevention services, we’ve built our own active-active infrastructure that allows us to scale horizontally while optimizing performance and availability for our clients.

“The ultimate panacea of the always-on, always-available infrastructure for many companies is an active-active architecture,” wrote senior analyst Rachel A. Dines at Forrester Research, Inc., one of the world’s most respected independent research firms. “Active-active configurations come in many flavors, but ultimately, the architecture includes two sets of infrastructure, often geographically separated, that can load balance a single workload so that if one site is lost, the other continues to deliver the service. While they can be complex to manage and configure and won’t be possible for all types of applications, active-active architectures are nonetheless extremely effective at preventing downtime and improving resiliency.”¹

¹”Building The Always-On, Always-Available Extended Enterprise,” Forrester Research, February 1, 2012

The Internet is making it much easier for fraud investigators to learn everything they need to know about their subjects.

Teenagers and street racers regularly publish accounts and videos of their exploits on Facebook, attracting attention from viewers who forward these reports to police, resulting in fines and arrests.

Fox Business reports, “In one Texas trial, a jury will likely give large weight to a video pulled off YouTube. The video shows a $1.2 million Bugatti Veyron – a limited production French sports car – careering into a saltwater lagoon. The owner, an auto dealer who had increased his insurance to $2.2 million shortly before the incident, claimed he had swerved to avoid a pelican. But Philadelphia Indemnity Insurance Co. argues no pelican can be seen in the video.”

The old adage, “You can run, but you can’t hide,” rings truer than ever with the Internet. Not only can fraud investigators use Internet posts against unwitting criminals, they can also expose criminal activity based on the reputation of the very devices with which they are posting. Whether a person voluntarily shares information through social media, or is captured on video that winds up online, or if the digital device they use has acquired a reputation for cybercrime, it’s harder than ever to escape the truth.

Device reputation analysis examines computers, tablets, and smartphones for a history of suspicious behavior, investigating for characteristics consistent with fraudulent use. This allows online retailers, dating websites, gaming websites, and insurance companies to deny criminals access to their networks, often before their first attempt.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses identity theft  in front of the National Speakers Association. (Disclosures)

PostOnline.co.uk reports, “Insurers can use indicators and experience of fraud awareness techniques to identify patterns and they are more aware of the possibilities of fraud and exposure they have in the fleet side of the business, but we can’t be complacent.”

According to Damian Ward, head of the fraud team at law firm Halliwells, a more sophisticated variety of fraud involving criminal gangs has been a problem within the industry for quite a while. Ward says fraudsters take advantage of the ease with which motor insurance may be obtained. “With the internet, there is little underwriting control and it is easier for people to set up false policies and claims.”

Insurance fraud investigators may not know what many in the financial, retail and banking sectors are already aware of, which is that the digital devices being used to file claims can be identified as collaborators in a larger conspiracy. Once these PCs, laptops, Macs, tablets, or smartphone are “fingerprinted” and their reputations are established, investigators can begin putting together the pieces of the puzzle in order to take down a criminal enterprise.

ReputationManager 360, by iovation Inc., can re-recognize devices and share the reputation of those devices, plus assess transaction risk in real-time for insurance companies. Hundreds of online businesses use this software-as-service to detect fraud upfront, reduce financial losses and protect their brand reputation.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses identity theft  in front of the National Speakers Association. (Disclosures)

Much of this increase is said to be due to the involvement of organized criminals. The most common fraud technique is known as a “crash for cash” scam, in which criminals slam on their brakes in order to cause an accident with the car behind them, leaving the victim’s insurance on the hook for the cost of damages.

One way of minimizing fraud is to stop organized criminals from transacting with a business over the Internet. Online insurance, retail, gaming, and even dating sites can weed out risky accounts based on devices’ reputations using iovation’s device identification service. When PCs, Macs, tablets, or smartphones collude, a pattern can be detected and fraud can be prevented.

By utilizing iovation’s fraud detection service, insurance companies can not only recognize high-risk devices responsible for creating fraudulent online policies, but also avoid paying for frequent “crash for cash” scams and help to reduce the rise in premiums for honest policyholders.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses identity theft  in front of the National Speakers Association. (Disclosures)

Just in time for the upcoming RSA Conference in San Francisco, BankinfoSecurity is conducting a “Faces of Fraud” online security survey to identify the top fraud trends, risk factors, and what businesses are doing to meet the new FFIEC Authentication Guidance. The questionnaire is part of an effort to bring fraud managers up to speed with growing online dangers and security changes that businesses need to make to effectively combat growing threats.

With fraud managers juggling multiple priorities for meeting evolving fraud challenges and adhering to ongoing regulatory requirements, education is key to determining the right detection tools and online security strategies needed to reduce a business’s risk of fraud and abuse. The multiple choice survey covers a variety of topics including:

• Fraud types experienced in 2011
• Upward/downward fraud trends by sector
• Typical detection tools used to identify fraud
• Estimated total fraud losses in 2011
• Factors that have increased fraud exposure

Surveys like these can provide invaluable information for fraud teams that are (or should be) continually re-evaluating their existing anti-fraud programs.

As we’ve always promoted, effectively preventing online fraud and abuse on a daily basis is a team effort. It requires real-time collaboration between experienced fraud analysts who work together around the globe to educate and help strengthen each others network defenses.

Built on the expertise of more than 2,000 cross-industry fraud managers and the computing history of more than 800 million unique Internet-connected desktop and mobile devices around the globe, iovation’s ReputationManager 360 fraud prevention service is a combination of device intelligence, data, reporting, analytics and expertise that is essential for building a multi-layered security defense for fighting evolving forms of online fraud and abuse while simultaneously exceeding the new FFIEC guidelines.

The Telegraph reports, “The multi-million pound scam is operated by fraudsters who target drivers who are economising and looking for cheaper motor insurance deals. These motorists are likely to be vulnerable pensioners, young drivers struggling with soaring premiums and those living within communities where English is a second language.”

The scary part of this scam is that when unsuspecting victims purchase policies, they get certificates of insurance that are essentially worthless. In the event of an accident, they will not be covered.

In some cases, the ghosts will contact legitimate insurance brokers and broker deals for insurance policies that they then pay for using stolen credit cards. The victim gets a real certificate of insurance, but it’s been paid for with stolen money. When the fraud is discovered, the policy is cancelled.

These rogue brokers engage in guerilla marketing campaigns involving windshield flyers, classified ads, and professional-looking websites.

Major insurance companies would fare better if they could identify ghost brokers and stop them in their tracks. One anti-fraud service that’s been garnering attention for delivering fast and effective results is iovation’s ReputationManager 360. This SaaS-based fraud prevention solution incorporates device identification, device reputation, and real-time risk profiling. It is used by hundreds of online businesses to prevent fraud and abuse in real time by analyzing the computers, smartphones, and tablets being used to connect to websites. iovation’s service can recognize devices that have been involved in scams and help insurance companies stop fraudsters upfront.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses identity theft  in front of the National Speakers Association. (Disclosures)

Auto insurance scams are some of the most prevalent in the insurance industry, allowing fraudsters to easily obtain policies and take advantage of the “he said, she said” nature of auto accidents.

Here are five major scams plaguing the industry:

1. Ghost brokers: Even in such a heavily regulated industry, scammers are able to pose as legitimate insurance agents, offering steep discounts on consumer policies that are, in fact, worthless.

2. Crash for cash: These are typically rear-end accidents in which the victims unintentionally crash into the scammers. “Crash for cash” scams often occur at roundabouts or rotaries, intersections, and highway on-ramps. See the UK’s top crash for cash hotspots.

3. Soft tissue scams: Scammers may collude with physical therapists, chiropractors, and doctors to fake back pain, neck pain, and other hard-to-prove injuries that can’t be detected on an X-ray.

4. Staging scams: Generally, in this type of scam two or more cars are involved in a preplanned “accident.” The participants have agreed ahead of time to split the proceeds from repairs and injuries.

5. Phantom victims: After either a staged or legitimate accident, people who were not present at the incident are included in the claim.

In most cases, scammers file their fraudulent insurance claims online. The criminals who perpetrate these sorts of online scams tend to repeat their trick over and over, generating a pattern that can easily be detected by iovation’s device reputation service. This service spots online evildoers by examining the computers, smartphones, and tablets being used to connect to a website. If a device is recognized as having previously committed financial crimes, or is a new device but exhibiting high-risk behavior, the website has the opportunity to reject the transaction, preventing losses to the business before they occur.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses identity theft  in front of the National Speakers Association. (Disclosures)

As fraud managers work tirelessly to identify stealthier forms of online fraud and abuse, they are including detection tools like device fingerprinting and IP geolocation as part of their automatic screening solution to instantly analyze incoming transactions and assess their risk in real-time.

The encouraging news is the fraud rate by order dropped 33% to 0.6% in 2011. This has many merchants feeling confident about the changes they’ve implemented to detect fraud. But while the fraud order rate was lower, the report also found that average fraud losses increased to 1% of the surveyed merchants’ total online revenue from 0.9% in 2010. This increase in fraud order value is something that concerns Andrew Naumann, CyberSource Senior Business Leader, Fraud Management Solutions.

“The bad news is that fraudsters took in a higher dollar volume, the first such increase we’ve seen since 2008. Our study shows merchants are working harder than ever to keep fraud in check, using more tools and reviewing more orders. Clearly the criminal element is growing more sophisticated.”

This has prompted merchants to take additional action in 2012. Of those surveyed, 57% said they plan to add one or more new fraud detection tools in the next 12 months. Device fingerprinting led the “Plan to Buy” list of detection tools that online businesses expect to evaluate for adoption.

With new forms of fraud hitting online merchants in more ways than ever before, implementing effective fraud detection solutions that automate transaction screening allows businesses to make quick changes to identify unconventional fraud patterns. iovation’s ReputationManager 360 device reputation service enables merchants to rapidly implement complex device identification and provides extensive capabilities for velocity rules or checks, including geolocation velocity, IP address velocity, transaction velocity, and account creation velocity–both within iovation’s client’s network and across iovation’s global base of clients.

iovation’s device recognition-in-depth approach is available in native and web integrations for a wide range of mobile and desktop devices, plus tagged and tagless device recognition to cover all bases. No other device identification service offers the same breadth of integrations. To schedule a demo in order to learn more, please contact us today.

Savvy criminals who perpetrate insurance fraud have learned to mask their true identities when setting up policies online, regularly changing account information to circumvent conventional methods of fraud detection. Now, more than ever, insurance companies need to be wary of these schemes from the onset and deploy effective solutions to analyze information beyond that supplied by users.

By initiating the application process with a device reputation check provided by iovation Inc., insurance companies can stop fraud before it happens and avoid further checks and fees when a device is known to be associated with identity theft and other frauds.  

The insurance industry has an opportunity to work in tandem with merchants, banks, and others to share data that helps pinpoint the devices responsible for fraudulent activity. Shared device reputation intelligence makes this possible for the first time.

The insurance industry can utilize the established reputations of over 800 million devices in iovation’s device reputation knowledge base. While a computer applying for insurance on a site may be new for the first time, it is rarely new to iovation’s global client base. By assessing risk based on the device in real-time, an insurance company can better determine whether a particular device is trustworthy before a transaction has been approved or an account has been opened.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses identity theft  in front of the National Speakers Association. (Disclosures)

Get the Whitepaper ->

While some scientists say the “science-based” matchmaking methods that online dating sites use cannot be trusted, and certainly can’t beat an old-fashioned courtship, at iovation we look at trust on romance sites in an entirely different light.

Unlike most anti-fraud measures, iovation looks at the devices (such as computers, tablets and smartphones) connecting to online dating sites. We help dating businesses know who to trust in real-time so that they can shut down troublemakers before they have a chance to strike. And we do this without using any personally identifiable information.

Over the past 12 months, iovation has seen a significant spike in online fraud attempts in the online dating industry. Mashable reports in the article, “Love-Seekers Beware: Online Dating Fraud Rose 150 Percent Last Year,” that 3.8% of the total transactions iovation processed in 2011 for Internet dating companies were fraudulent. That’s quite an increase over the 1.4% we saw in 2010.

Not catching online scammers before they strike can cost individuals big dollars. This CNBC Love at First Byte video shares that the FBI estimates that more than $4,000 is lost every hour to romance scams. And in the recent article, “10 Heart-Wrenching Dating Scams That’ll Break the Bank,” the National Consumers League said romance scams cost individual victims an average of $5,500 per incident in 2011.

Some of the most common scenarios that iovation helps prevent in online communities includes:

• Credit Card Fraud – Customer uses a fake or stolen credit card to create multiple accounts to scam users.
• Spamming – User is caught sending unsolicited bulk messages via emails, postings, instant messages, etc. to promote other products, websites or companies.
• Scams and Solicitations – User takes advantage of the community to promote nonexistent services and products, or to solicit services from legitimate members.
• Identity Mining – User makes any attempt to illegitimately acquire personal information from other users through means of phishing, keystroke logging, creating fake business websites, and other methods.
• Profile Misrepresentation – User posts inaccurate information in profile and/or uses bogus profile photos.
• Harassment / Bullying – User abuses or harasses another customer with undesirable language, threats, or unwanted advances.

Since 2004, iovation has been protecting many of the world’s leading online brands from fraud and abuse. Our device identification and device reputation service, ReputationManager 360, allows businesses to share fraud intelligence in order to stop repeat offenders and identify high-risk activity in real-time. In doing so, these online communities not only protect their brand reputation, but most importantly, keep their valued members in a safe and trusted environment.

Here’s to a safe and fun Valentine’s Day!

In the article, “ACH fraud is Payroll’s newest headache,” the FBI said they are seeing a growing number of new victims of ACH fraud each week. The crime typically stems from phishing emails that contain malware. If opened, the malicious software collects the person’s bank account login information. This data allows cyber thieves to transfer funds out of the person’s bank account. Worst of all, it’s happening right under the noses of banks, who are unable to identify fraudulent transactions because the information being used contains valid online banking credentials.

At this point, the FBI says that cyber crooks have the upper hand. This is something that we at iovation will never accept. While the bureau provides a number of measures both individuals and companies can take to mitigate the risk of getting their bank account information hacked, it doesn’t mention the fraud prevention tools on the market today that can help detect ACH fraud in real-time.

iovation’s innovative device reputation technology is designed to look beyond the personal credentials used to access online banking accounts. By recognizing the Internet-connected devices used to access online accounts — without relying on the personally identifiable information (PII) provided by the user — we aren’t fooled by thieves using stolen data to gain unauthorized access to legitimate bank accounts. Instead, we enable businesses to see through the falsified information that cyber thieves use to spoof electronic systems.

Inclusion of iovation’s ReputationManager 360 fraud fighting solution allows financial services businesses to build an effective multi-layered security defense that fills the gaps of existing defense techniques. With cyber criminals using so many tactics to defeat anti-fraud defenses, it’s essential that businesses take a defense-in-depth approach to reduce their risk of fraudulent transactions in the form of ACH fraud, credit application fraud, account takeover and identity fraud.

If you’d like to learn more how one bank effectively leverages device reputation at login/authentication to reduce friction, please read our whitepaper titled, Moving Beyond the FFIEC Guidelines: How Device Reputation Offers Protection Against Future Security Threats.

In the article, “Cybercrime is now a booming industry,” the new Global Risks for 2012 report says that along with a steady increase in cyber attacks on businesses and governments around the globe, the top concern for illegal digital data sellers is maintaining trust with their customers.

According to an ethical hacker in India, the digital black market has become so competitive that entrepreneurial cyber criminals depend on their trustworthiness, along with free trials, discounted offers and money-back guarantees on stolen goods, to succeed in the shady underworld.

“Today, the main concern for the data sellers is to generate trust among their clients.”

Any legitimate business knows the importance of building and maintaining a high level of trust and confidence with their paying customers. Without it, we have no customers. Turns out, the cyber underground is no different. In order to sell stolen goods to their customers, cyber criminals, whose livelihood is based on creating a web of lies to steal other people’s information, also have to establish and preserve an upstanding reputation among their likeminded clients.

At iovation, we’ve always understood the power of reputation — both good and bad. In fact, our business is built on the experiences and expertise of more than 2,000 fraud analysts from leading brands worldwide, who have all contributed to our device reputation database of over 800 million unique devices, including PCs, laptops, smartphones, tablets and consoles.

Unlike anti-fraud solutions that rely on personally identifiable information (PII), iovation’s advanced device reputation technology focuses on the user’s device to identify and stop fraud in real time, as well as make quicker decisions on legitimate online orders and business transactions. By including a fraud prevention service like iovation’s ReputationManager 360 to any multi-layered security strategy, organizations don’t have to rely solely on potentially stolen or misrepresenting information provided by criminals to perpetrate fraud over the Internet.

While there’s no arguing that trust is essential for doing business — apparently between cyber criminals, as well — having a trusted resource like iovation to uniquely recognize known fraudulent devices, expose hidden fraud rings and identify good customers before the transaction takes place, can play a pivotal role in any business’s ongoing challenge to reduce online fraud rates.

While monetary gains are always the ends to the means for cyber thieves, the digital goldmine appears to be personal and financial information stolen from email accounts and bank accounts, as well as intellectual property, all of which hackers can sell on the cyber black market. Some additional points in the Global Risks for 2012 report included:

• Cybercrime, cyber-espionage and cyberwarfare are on the rise
• Credit card cloning is flourishing in India, conducted by Nigerians living in India who are using card data received from Russian underground forums
• Hackers are launching chance attacks on individual users and more targeted attacks on businesses and governments to exploit system security flaws
• Corporate source codes for products, intellectual property and defense data is extremely valuable to competitive organizations and governments
• Enterprises leveraging social media tools should consider the risks of employees accessing social media sites while on the corporate network

Here are some of tonight’s 2012 Totally Gaming Award winners:

• 888.com for Best Online Product of the Year (iovation was a finalist)
• Betfair for iPhone for Best Mobile Gaming Product
• Holland Casino Amsterdam for Best Casino Operator
• Jan Jones and Ron Goudsmit for Outstanding Service to the Land-Based Industry
• Wes Himes for Outstanding Service to the Remote Industry
• Novomatic for the Media Award
• Inspired Gaming Group for Best Betting Product
• Casinos Austria for Best Marketing Campaign
• Casino Cosmopol Sun vaal for Best Casino 
• Raff Ltd for Best Lottery Product
• JMC Global for Best Street Supplier 

Next up on the ICE agenda is the Combating Cybercrime in Gaming conference at Earls Court. Starting Tuesday, January 24th, attendees will find a great line-up of topics, including jurisdictional approaches to investigating cybercrime, knowing “who” and “where” your gaming customers are, implementing strategies to reduce data leakage from your network, cybercrime hotspots and forecasting future threats, and staying ahead of mobile gaming fraudsters.

iovation’s vice president of global sales, Max Anhoury, leads the mobile gaming fraud panel at 2:00 pm, titled Staying One Step Ahead of Mobile Fraudsters, to help attendees understand the latest cybercrime threats and how gaming operators can better protect their business, brand and customers.  Joining Mr. Anhoury will be Darwyn Palenzuela, Chief Technology Officer at Smart Gaming Group and Christina Thakor-Rakin, Head of Operations at Virgin Games. iovation will be sharing worldwide mobile device trends from its global reputation database of more than 800 million unique devices, which includes PCs, laptops, smartphones, tablets and consoles. 

iovation offers mobile fraud protection by uniquely identifying mobile devices that touch its clients websites or applications. The company employs a “defense-in-depth” approach to identifying, recognizing and developing a reputation for each mobile device, which includes multiple components and strategies that work in concert to help online businesses fight fraud effectively. iovation’s device reputation service includes both web and native device recognition, with SDKs for iOS and Android available globally. Managing the associations between devices provides opportunities for device re-identification even when evasion techniques are in play.

Those attending iovation’s Mobile Gaming Fraud Panel will learn:

• Mobile gaming offerings available and the progress and challenges posed
• Mobile fraud schemes and how gaming sites detect and prevent them
• Popular real-time rules that gaming operators are using to detect and deny fraudulent transactions
• Advanced technologies that will impact your strategy today and in the future
• Regulatory and compliance issues with regard to managing fraud on mobile devices
• Mobile application development and experiences with iOS and Android approval and distribution systems
• Future trends and mobile gaming growth expectations by operators

If you are unable to attend the presentation, but would like to learn how to protect your gaming site from chargebacks, identity theft, bonus abuse and collusion, stop by the iovation booth #5117 during the exhibition and speak with our team!

In the article, “Why Internet crimes go unpunished,” security expert Roger Grimes breaks down some interesting numbers around cybercrime, and how hackers are (to put it mildly) beating the odds. According to the FBI’s 2011 Internet Crime Report, of the more than 300,000 complaints that netted criminals $1.1 billion in 2010, law enforcement agencies convicted an average of one crook for every 50,635 victims. In other words, as Grimes eloquently states:

Steal someone’s identity and your odds of being caught are almost infinitesimal.

With all the hacks and fraud headlines 2011 will be remembered for, that’s definitely not the way we want to ring in the New Year. But as Grimes also warns, if we aren’t careful we could see history repeat itself as criminals not only continue defrauding computer users, but launch recycled attacks against the explosion of worldwide mobile device users, who could fall victim to the same old PC tricks.

While law enforcement certainly has its challenges in tracking down and prosecuting cyber criminals, nobody will argue that we can always be doing something on our part to help reduce the risk of fraud where the criminal is utilizing a computer, as well as emerging mobile platforms like smartphones and tablets.

Whether you’re an individual, small to mid-size business, or even a large international corporation, in many ways you’re sort of on your own in cyberspace. This is why taking matters into your own hands and implementing defense-in-depth fraud preventative strategies is so critical to protecting yourself, your employees and business from both evolving and old-school scams targeting every form of Internet-connected device that we use.

This is the time of year when most businesses are setting their budgets and determining business goals for 2012. While improving customer service and increasing revenues are certainly at the top of any CEO’s to-do list, mitigating costly fraud risks that can take a hefty bite out of annual profits (not to mention cause significant reputation damage) requires organizations to deploy effective security tools like iovation’s ReputationManager 360 solution to reduce the risk of fraud or abuse over all devices and platforms connecting to their online business environment.

According to the Banking Times article, “Criminals shifting to card-not-present fraud because of chip and PIN success,” they are on the move again. Data recently released by FICO, a leading provider of analytics and decision management technology, shows that across Europe card-not-present (CNP) fraud has dramatically increased, accounting for 72% of all fraud losses between March 2009 and March 2011. The big reason for this change? Chip and PIN technology, which has helped reduce counterfeit fraud by 60% over the same period.

In comparison, a similar study conducted three years ago found that ‘card present’ fraud accounted for 60% of Europe’s credit card fraud. But since European banks adopted the smartcard payment system, that number has dropped significantly over the past couple of years.

So, remaining consistent to their adaptive nature, it appears that cyber criminals have shifted their attention to CNP schemes like online fraud, targeting countries and business systems with weaker detection and prevention capabilities, said Martin Warwick, FICO’s Fraud Chief in Europe, the Middle East and Africa.

“Our analysis of the data shines a spotlight on the tremendous change that has occurred in Europe’s fraud landscape.”

While European credit issuers continue to leverage Chip and PIN technology as part of their defensive strategies to fight fraud, the Merchant Advisory Group (MAG) recently rolled out a recommended roadmap for a U.S. electronic payments strategy that includes Chip and PIN adoption.

Such strategies have proven to help reduce card present fraud, but as the report shows, their success has also pushed hackers into new directions. Instead of using the actual credit card to defraud businesses in person, criminals are collecting credit card and personal information and using it to commit a host of online crimes including CNP fraud, account takeover and identity fraud.

As criminals increasingly pursue online fraud opportunities around the globe, businesses that rely on online payments need effective fraud detection tools that protect the growing number of online transactions taking place within the U.K. and across international borders.

Leveraging our fraud database of more than 800 million desktop and mobile device reputations worldwide, iovation performs 6.5 million device reputation checks a day for our customers. A complementary fraud prevention solution like iovation’s ReputationManager 360 provides businesses with unique intelligence and a deeper understanding of each device accessing their website or requesting a transaction, allowing them to make quicker, better informed decisions on all online transactions even if fraudsters try to re-invent how they defraud businesses over the Internet.

The truth is, even diligent businesses running the latest security software remain vulnerable to the growing number of new and unknown forms of online fraud and abuse. Take it from Mark Patterson, co-owner of PATCO Construction Inc: when it comes to fighting ACH fraud the new FFIEC authentication guidance falls short. He says that until banks become legally liable and accountable for such online crimes, businesses will remain susceptible to online fraud.

In the BankInfoSecurity article, “Fraud: The Victim’s Perspective,” Patterson, whose small residential and commercial construction company lost over $550,000 to fraudulent ACH transactions, said that while he’s glad updates have been made to the security guidelines, they don’t go far enough. In order for small businesses to protect themselves from online crimes like ACH fraud and account takeover, they need to take it upon themselves to also incorporate their own internal policies and processes to detect fraud and abuse. Some of his recommendations include:

• Talk to your bank about the ACH fraud policy to understand if fraud losses are covered
• Monitor all online transactions for bad IP addresses, anomalies, and suspicious activity
• Run and analyze reports to recognize patterns and velocities
• Educate yourself about online threats and how bad they really are

Today, too many companies struggle to keep the security of their desktop computers and mobile devices up-to-date, which puts their customers, business and brand reputation at risk. The FFIEC Guidance was designed to outline a multi-layered approach of processes and technologies that banks need to mitigate fraud risks, but if those recommendations aren’t applied and internally enforced businesses could still have trouble identifying and stopping risky transactions.

To combat the millions of online fraud and social engineering schemes attempted on banks and businesses every day (we should know, we stop more than 150,000 fraudulent transactions every day for our clients), an effective defense-in-depth anti-fraud strategy requires the ability to recognize high-risk transactions before they are accepted. iovation’s device reputation technology goes beyond traditional blacklists and personally identifiable information (PII) to identify, re-recognize and root out fraudulent devices and accounts in real time so businesses can proactively stop bad transactions from occurring, as well as shut down hidden fraud rings that are committing repeat fraud within their IT environment.

iovation’s ReputationManager 360 is a fraud prevention solution that provides an added layer of protection for any defense-in-depth anti-fraud strategy. By leveraging the power of device identification, iovation takes complex device ID a step further and equips financial services firms and other businesses with a dynamic collection of device intelligence, association data, analytics and reporting tools that allow fraud managers to assess larger sets of attributes and apply pattern recognition algorithms and pattern-learning processes to identify fraudulent devices, anomalies, velocities and other suspicious behavior taking place on their website every day.

In the article, “Mobile commerce played an integral part of the 2011 holiday season,” online retailers capitalized on the smartphone and tablet phenomenon by boosting their m-commerce promotions during the past holiday season. As a result, a company spokesperson at Gilt Groupe, a US-based shopping website, said mobile-only promotions contributed to 20% of all sales during November and December, with mobile traffic and sales increasing well over 100% in December 2011 compared to December 2010.

“Mobile continues to play a large role in driving Gilt’s business. And we continue to utilize mobile as a channel to reach both existing and new customers wherever they are.”

North America electronics retailer, Crutchfield Corporation, also saw triple-digit increases in mobile traffic and sales, a trend the Crutchfield’s director of e-commerce, Todd Cabell, believes will continue to climb in the new year.

“Mobile was certainly a bright spot this holiday season. It’s clear more and more customers are becoming comfortable using their mobile devices to research and purchase a wide variety of products. We anticipate continued growth in both the smartphone and tablet channels during 2012.”

As more consumers trust their mobile devices to purchase goods over the Internet, online merchants recognize the importance of including mobile in their cross-channel marketing efforts. At iovation, we see the mobile channel not only as an emerging sales channel, but a thriving one, for e-commerce. This is why our ReputationManager 360 fraud prevention tool recognizes, in real-time, all Internet-connected devices by type, including PCs, smartphones and tablets, that access retail websites.

By better understanding the devices connecting to their site, retail fraud managers can immediately accept, deny or pull for further review all transactions coming through their cross-channel sales mix. For retailer’s creating mobile-exclusive promotions that target smartphone and tablet users, this level of fraud protection is essential to the customer experience, profitability, and a merchant’s overall brand reputation.

If you are interested in learning more about how iovation protect online retail sites from fraudsters attempting all types of criminal or abusive behavior, we will be at the upcoming NRF Retail’s Big Show, January 16-18 in New York City.

We’d love it if you stopped by our booth #2820 to chat about any fraud issues your business is experiencing or anticipating, and to pick up your Virtual Crime Fighter t-shirt. By integrating iovation’s device reputation service on your account creation or checkout page, for example, we can help you stop cyber criminals—all without collecting any personally identifiable information (PII)—whether they are using a computer, tablet or mobile phone to access your site.

And while at the NRF Retail’s Big Show, one session that looks very interesting is “Emerging Technologies: Driving Businesses for Retailers, While Minimizing Risks from Fraudsters” at 2:00 pm on Tuesday.  The session is moderated by Evan Schuman, Editor of StorefrontBacktalk.com with speakers Joseph LaRocca, Sr. Asset Protection Advisor of the NRF and Bill Titus, Vice President of Loss Prevention at Sears Holding Corporation.  (See page 37 of the Show Guide).

It’s been a busy year with a ton of new features and enhancements ranging from big to small. We thought we’d take a moment to share with you some of the highlights from 2011.

As with any technology, there are many, many things that go into a new feature including design, development, testing, documentation, integration and other operational requirements. We won’t go into that amount of detail here, but instead will focus on the primary achievements within each of the four principle areas of specialization at iovation, which include:

• What does “layered security” actually mean?

“‘Layered security’ refers to the arrangement of fraud tools in a sequential fashion. A layered approach starts with the most simple, benign and unobtrusive methods of authentication and progresses toward more stringent controls as the activity unfolds and the risk increases.”

• What does “multi-factor” authentication actually mean?

“A simple example of multi-factor authentication is the use of a debit card at an ATM machine. The plastic debit card is an item that you must physically possess to withdraw cash, but the transaction also requires the PIN number to complete the transaction. The card is one factor, the PIN is a second. The two combine to deliver a multi-factor authentication.”  

• Who does this guidance affect? And does it affect each type of credit grantor/ lender differently?

“The guidance pertains to all financial institutions in the US that fall under the FFIEC’s influence. While the guidance specifically mentions authenticating in an on-line environment, it’s clear that the overall approach advocated by the FFIEC applies to authentication in any environment.”

• What will the regulation do to help mitigate fraud risk in the near-term and long-term?

“The guidance is an important reinforcement of several critical ideas: Fraud losses undermine faith in our financial system. Fraud tactics evolve constantly and the tools that combat them have to evolve as well. The guidance provides a perspective on why it is important to be able to understand the risk and to respond accordingly.”

• How are organizations responding? 

“Experian estimates that less than half of the institutions impacted by this guidance are prepared for the examinations. Many of the fraud tools in the marketplace, particularly those that are used to authenticate individuals were deployed as point-solutions. Few support the need for a feedback loop to identify vulnerabilities, or the ability to employ a risk-based, ‘layered’ approach that the guidance is seeking.”

To learn more, watch Experian and iovation’s webinar, titled Ensuring Optimal Efficacy and Balance with Out-of-Wallet Questions and Device Identification, dedicated to discussing the recent FFIEC guidance and taking a defense-in-depth approach to fraud prevention.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses identity theft  in front of the National Speakers Association. (Disclosures)

The Federal Financial Institutions Examination Council’s (FFIEC) updated security guidelines go into effect in less than a month. It is imperative that financial institutions recognize that the security precautions currently in place are ineffective in the face of new, more sophisticated attacks. Criminals have gotten around the minor hurdles posed by the tools being used to authenticate clients and prevent unauthorized transactions.

Basic multifactor authentication may be relatively effective for bank accounts that generally contain only enough to pay a month’s worth of bills. But high value accounts are more prone to attacks, and require additional levels of security. Ultimately, what is most important is that a security program includes multiple layers of protection rather than relying on a single mechanism of defense.

Using advanced device identification is also essential. The FFIEC suggests complex device identification, which is more advanced than previous techniques, and the leader in this space is iovation Inc.  They take complex device identification much further by delivering to financial institutions, a reputation of the device as it accesses their site to apply for credit, create an account, transfer money and more.

This proven strategy not only utilizes advanced methods to identify the devices being used to connect to a bank, it also incorporates geolocation, velocity, anomalies, proxy busting, webs of associations, fraud histories, commercially applied evidence of fraud or abuse, and much more to protect financial institutions from cybercrime.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses credit and debit card fraud on CNBC. Disclosures

“Dear Lucky Customer:

In the course of regular store maintenance, we discovered our credit/debit card readers at the self-check lanes ONLY in 20 stores (listed below) had been tampered with. Steps were taken immediately to remove the tampered card readers in the affected stores, as well as enhance security to every credit/debit card reader in all 234 stores in our company. We are not aware nor have we been notified of any reports that customer accounts were compromised.”

The “tampering” referenced in this letter has been described as skimming, which occurs when a separate piece of hardware is affixed to an ATM or point-of-sale terminal. The hardware is designed to blend in with the face of the machine and record card data whenever a card is swiped. Criminals either remove the skimming device later or retrieve data remotely via wireless Bluetooth or mobile SMS. 

In this particular case, however, it isn’t clear exactly what happened. What is known is that the POS terminals were compromised. When point-of-sale terminals have been compromised in the past, this has usually meant that criminals actually entered the store, physically removed an entire machine, and replaced it with one that resembled the original, but had been tweaked to capture and transmit customer data.

Consumers cannot protect themselves from this crime. All they can do is check their bank statements frequently and refute any unauthorized charges or withdrawals. On the other hand, online retailers who are subject to having stolen credit cards used on their sites can, in many cases, prevent fraudulent transactions upfront by checking the device’s reputation used during the transaction. Computers, tablets and smartphones are assessed for fraud, high-risk and suspicious activity in real-time, which means while that device is interacting with the retailer’s website.  By checking against iovation Inc.’s global shared database of more than 800 million unique devices and their associations, online retailers can protect themselves against chargeback losses, shipping fraud, account takeovers and identity theft attempts.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses POS skimming on CBS. Disclosures.

During this year’s record-breaking Black Friday and Cyber Monday, iovation documented a significant rise in fraudulent transactions, which included account takeover attempts.

Their comparison of the two hottest shopping days of this year vs. last year found:

• 400% increase in the rate of fraudulent transactions on Black Friday (up from 1% to 4%)
• 25% increase in the rate of fraudulent transactions on Cyber Monday (up from 3% to 4%)
• 15% greater transaction volume on Cyber Monday compared to Black Friday
• 4% mobile fraud rate on both Black Friday and Cyber Monday.  

These statistics are compounded by the dramatic and impressive consumer spending numbers for these dates. Consumers must understand that their credit card numbers are fueling the rise in cyber fraud. Throughout the holiday season and beyond, it is imperative that cardholders check their statements carefully, matching them up against receipts to confirm that each charge was authorized.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses Holiday Shopping Security on Fox News  Disclosures

In the recent article, “How to steal an identity in seven easy steps,” software developer, Herbert Thompson, shows us just how easy it is to collect personal information that allows fraudsters to gain access to somebody’s personal and financial online accounts. This is disturbing news, especially when you consider that roughly 40% of web users are ‘likely’ or ‘very likely’ to provide their personal information in one of six online scams, like the Ponemon Institute, commissioned by PC Tools, recently discovered after interviewing over 1,000 UK web users.  

Essentially, Thompson cites a number of online resources that criminals can tap into to gather personal information that increases their chances of cracking security questions and passwords required to access personal emails or financial accounts, including:

1. General Web Search: Searching someone’s name on a search engine such as Google can provide an assortment of information about a person including where they live and their social networking communities.
2. Personal Blog: Doing a keyword search on things like birthday, pets and mother’s maiden name can reveal personal data that users apply for questions relating to password reset and account login.
3. Public Websites: Public websites such as the DMV and state traffic court provide resources for obtaining information on traffic violators that could include things like birth date and vehicle type.
4. Resume/Job Seekers Webpages: Job seekers are constantly updating their work history and joining networking groups that disclose current home addresses, phone numbers, emails, where they’ve lived and their professional background.
5. Alumni Webpages: High school or college online social networking communities can make known somebody’s personal history, nicknames and other close friendships.

As you can see, online romancers aren’t the only ones susceptible to identity theft. This scenario essentially applies to anyone sharing personal information over the Internet.

While individuals need to always apply common sense before sharing personal information that really never goes away, so do the providers of these popular online environments. To ensure the safety of their legitimate users and maintain their reputable brand reputation, online dating and social networking sites need to deploy fraud detection tools that can stop known fraudsters before they enter their communities and root out fraud rings that are committing repeat fraud against good members.

iovation’s ReputationManager 360 does both. By identifying the user’s actual device, not the personally identifiable information (PII) they provide to create their profile, online communities can detect when a known fraudulent device is trying to enter their site, as well as expose bad devices and their associated accounts that are already active in the community. This unique level of device reputation intelligence enables Internet communities to improve their ability to deny fraudulent transactions before they happen and rid their trusted online communities of cyber criminals who are already perpetrating fraud or collecting personal information they can use later to break into personal or financial accounts.

Take, for example, a fraud prevention service like iovation’s ReputationManager 360. Using advanced device reputation technology, we work behind the scenes in many of the world’s largest and most respected gaming environments to provide protection from all forms of fraud and abuse. In the past year, we’ve provided invaluable intelligence on more than 475 million gaming transactions.

At iovation, we’re happy to play the role of the unsung hero. But every now and then it’s an honor to be recognized by industry leaders who call out the important work that we do. This is why we are so proud to announce that the distinguished ICE Totally Gaming panel has named iovation a finalist for the Best Online Gaming Product of the Year.

The award, which judges applicants on five criteria and their achievements over the past year, recognized iovation for our work in protecting billions of online transactions for our international gaming clients. Since 2004, we’ve successfully helped gaming businesses minimize chargebacks, account takeover, arbitrage betting, player collusion and affiliate abuse. Our customers also use iovation for their KYC requirements like managing customer request exclusions and geo-fencing.

The Totally Gaming Awards banquet takes place on Monday, January 23, 2012, at 8 Northumberland, London. After the ceremony, we will be exhibiting at Clarion Event’s ICE Totally gaming international exhibition in booth #5117 from January 24-26 at Earl’s Court in London.

Another of my holiday traditions is to expose the year’s phishing scams. The following examples come straight from my inbox or spam filter, and have been abbreviated to demonstrate the nature of the scam and specific hook being used.

1. This first phishing email appears to have been sent from LinkedIn, but the link that supposedly leads to the FDIC’s website is in fact a virus.

“From: LinkedIn linkedXXX@em.linkedin.com  

Temporary FDIC insurance coverage news. To obtain more information about temporary FDIC insurance coverage of transaction accounts, please refer to http://www.xxxxxx. Yours faithfully, Federal Deposit Insurance Corporation.”

2. In this phish, the sender claims to be Canadian, but the email suffix “.cn” is Chinese, and the scammer grammar is clearly East African in nature.

“From: Mrs.Martha Chery tesXXX@k.cn

Dear Beloved,

I am Mrs.Martha Chery from Canada,I am 58 years old,i am suffering from a long time cancer of my brain,from all indication my conditions is really deteriorating and it is quite obvious that i may not live for the next two months.”

3. Wow, my “email address has won.” Lucky me?

“From: payofficeXXX@aim.com

WINNING NUMBER: OL/656/020/018

OUR DEAR WINNER, THIS IS TO NOTIFY YOU THAT YOUR EMAIL ADDRESS HAS WON ONLINE LOTTO AND GAMING CORPORATION SUM OF (ONE MILLION EURO).”

4. This scammer responded to a Craigslist ad I had posted. Apparently I “sounded gorgeous in the ad.” I probably did!

“From: Justina Serini justinaXXX@hotmail.com

Hi Robert, I found your posting and wanted to ask you something essential. I am in a relationship and caught my partner cheating on me so I decided to get even! My co-worker said Craigslist list would be the best place to find someone nearby who I can be with for one time only so thought the hell, I would email someone I thought sounded gorgeous in the ad and came across yours!”

5. In this phish, I’m being scammed in Hebrew!

“???????!!! info@free2XXX.co.il

???? ????? ????? ????? ?? ???? ???? ????? – ??????! ?? ?? ????? ?????? ?????? ?? ?????? ?????? ?????,”

6. Oh, wow, the United Nations is contacting me directly. How exciting!

“From: UNITED NATIONS bankimoonXXX@yahoo.com

Attn: Beneficiary, This is to inform you that the International Community has received series Complaints from Beneficiaries who are yet to receive their outstanding Contract/Inheritance Funds.”

7. Download this report, and you’re as doomed as a boiled lobster.

“From: Jerry Bush benoit.metzger@XXXueamachine.com

This report applies to the ACH transfer (ID: 963623905410) that was recently sent from your banking account. The current status of the referred transfer is: failed due to the technical error. Please find the detailed information in the report below.”

Hey, that reminds me, I have fish to fry!

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses phishing on Fox Business Disclosures

Forbes reports, “Consumers are going mobile in large numbers, and the 2011 holiday season proved it. IBM Coremetrics recently reported that consumers increased shopping on smartphones and tablets on Black Friday. Purchases made on mobile devices accounted for 9.8% of online sales, which is up 3.2% from last year. GSI announced a 254% increase in US mobile sales on Black Friday. PayPal Mobile announced a 516% increase in global mobile payment volume over last year, and eBay Mobile reported US purchases were nearly two and a half times what they were last year.”

Criminals are paying attention.

The National Cyber Security Alliance and McAfee released a study showing that in the last six months, 50% of Americans have used smartphones to research potential purchases, 27% have used them to shop, 12% have used them to shop at auction websites, specifically, and 18% have used their phones to make online payments.

To stay safe while mobile shopping this holiday season:

1. Keep mobile security software current. The latest security software, web browser, and operating system are the best defenses against viruses, malware, and other online threats.

2. Automate software updates. Many software programs can update automatically to defend against known risks. If this is an available option, be sure to turn it on.

Retailers should be aware that criminals aren’t just using desktops to commit fraud, but are also making purchases with stolen credit card information via mobiles and tablets. They should adopt security technology that actually recognizes and analyzes the PCs, smartphones, and tablets being used to access their websites. Once a device has been identified, its reputation can be assessed in real-time to determine the risk of fraud. Is the device exhibiting suspicious behavior, or it already known to have been used for fraud, money laundering, or account takeovers?

Examining a device’s reputation allows businesses to know which online transactions are trustworthy beforehand, rather than waiting until fraud has already occurred.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses Mobile Security on Cyber Monday on Fox Washington. Disclosures

The

Which begs the question: when the dust settles, how much of this uptick in online sales will equate to online fraud? It is inevitable that some consumers will detect unauthorized charges on their credit and bank accounts, and many retailers will suffer high chargebacks.

Consumers should seek out and patronize businesses that implement a comprehensive, in-depth approach to protecting customers from identity theft and financial fraud. They should also check credit and banking statements carefully, scrutinize each and every charge, and call their bank or credit card company immediately to refute any unauthorized transactions.

Retailers should consider adding device identification technology to prevent more crime upfront before product ships and stolen credit cards are charged. This emerging technology examines the PC, smartphone, or tablet being used to conduct an online transaction in order to determine whether the device’s characteristics, behavior, and history indicate a high level of risk. The leading provider of device identification and device reputation services is iovation Inc. Take a look at iovation’s stats from Black Friday and Cyber Monday.

Fraud analysts from online retailers around the world interact with iovation’s database of device intelligence daily, and through sharing information and running real-time risk assessments, they block millions of online fraudulent attempts each year.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discussesCyber Monday on Fox Boston. Disclosures

This holiday season, as you seek out hard-to-find gifts and look for the best prices, keep in mind that not everyone out there on the wild, wild web has good intentions.

Auction sites are ground zero for scammers. It’s very easy to set up a free auction page from anywhere in the world, collect people’s money, and run.

Here are four tips to keep you safe when shopping through auction websites.

1. Use strong passwords: Use complex passwords that are hard to crack but easy to remember. Passwords should include upper and lowercase letters as well as numbers, and, if possible, other characters.
2. Look out for phishing emails: Any email that appears to have been sent from an auction site should be considered suspect. Certainly there are legitimate communications being sent by eBay and similar sites, but none of them should require a direct email response. To confirm that a communication is legitimate, always go to the website directly via your favorites menu, log into your account normally, and check your “My Messages” folder, rather than clicking any links within the email.
3. Secure your device: Whether you shop using a tablet, smartphone, PC, or Mac, they all need some form of antivirus protection. At the very least, the operating system should be kept up to date with all the latest security patches. Any website can potentially pose a threat. Never respond to pop-ups that claim your computer or other device has been infected and instruct you to install antivirus software. This is actually “scareware.”
4. Buy from trusted sources: Some may not like my saying so, but buying from sellers with no track history is risky. If sellers have less than five transactions under their belt, they may be scammers. My rule of thumb is never but from anyone with fewer than ten transactions, and even then I take all their feedback into account before purchasing. If a seller has ten transactions but all those purchases are less than a dollar in value, that seller is still suspect.

Online classified and auction websites can do more to protect legitimate buyers and sellers by identifying fraudsters faster with advanced device identification.  iovation Inc.’s fraud prevention service is called ReputationManager 360 and incorporates device identification, device reputation analysis, and geolocation, velocity, and anomaly checks in its real-time risk profiling. iovation is used by hundreds of online businesses to prevent fraud and abuse by analyzing the computers, smartphones, and tablets being used to connect to their online properties.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses Black Friday/Cyber Monday Scams on Mike and Juliet Show  Disclosures

In the USA Today article, “Travelers at high risk of identity theft, experts say,” travelers lost a total of 11,000 mobile devices at the busiest U.S. airports this year. And that only accounts for items lost before travelers reach their intended destinations. In a study of 200 data breaches, Trustwave’s SpiderLabs found that hotels and resorts are prime targets for crooks stealing financial information, with respondents saying 38% of data thefts took place at hotels or resorts.

John Sileo, an identity theft and fraud expert who experienced identity fraud first-hand while traveling to Disney World, says people can be particularly vulnerable when they are unfamiliar with their surroundings. In his case, he suspected someone took a photo of his card number at the theme park before his bank informed him that his credit card had been shut down when someone attempted to make $3,000 worth of online charges to his card.

“Data theft goes through the roof on the road,” says Sileo, a spokesperson for CSID, an identity-protection provider.

When preparing to travel, Steve Schwartz, executive vice president of consumer services at Intersections, says there are several precautions every traveler should take to protect their personal information, including:

1. Use a credit card to book flights, hotels and arrangements: Because federal law limits the liability of card holders if your credit card is lost or fraudulent purchases are made to your card, it’s best to use a credit card to book all travel arrangements rather than a debit card, which has different federal protections that could result in additional financial losses.

2. Clear out your wallet before a thief does: As much as we would like to trust our fellow travelers, you can never be sure when criminals are scoping out airport waiting areas, hotel lobbies or public media centers looking for the right moment to steal somebody’s personal property.

3. Travel with only two credit cards: Walking around with one card and storing a backup in a hotel safe limits a thieve’s ability to swipe multiple cards and access various personal accounts.

4. Leave your social security card at home: Most of us don’t carry around our social security cards anyway, so safely storing your SSN somewhere when you’re on the road is a good idea.

5. Safely store contact numbers of card companies: In the event you find your personal possessions missing, you can quickly contact your card companies and have them stop any purchases until you locate your card or are issued a new one.

6. Never type passwords or credit card numbers over unsecured wireless networks: Doing so can allow fraudsters using special software to conduct a “man-in-the-middle” attack, which enables crooks to control and intercept messages between two legitimate users without them knowing it.

7. Never share travel plans on social networks: While vacationers are always tempted to share their travel plans or instantly post pictures over social networks, this information can let criminals known when you are away from home. It’s best to provide a recap of your business trip or vacation once you’ve returned.

While individuals can do several things to protect themselves while traveling, the same holds true for businesses.

With millions of company employees on the road at any given time, organizations need to take proper security measures to protect their business data when workers are accessing their corporate network remotely. Making sure they are regularly updating all anti-virus software, encrypting sensitive data, and having effective fraud detection and prevention tools in place to secure their private networks can help reduce the risk of fraud for their traveling employees and better protect their business assets.

It’s truly an honor to follow in the footsteps of some of the most recognizable technology companies in the world such as Google, YouTube, Skype and eBay, who have all been previously selected to Red Herring’s prestigious Top 100 Global list.

This recognition is a direct result of years of hard work evolving our fraud protection service into a full spectrum device reputation solution that supports native and web integrations for mobile and desktop devices, tagged and tagless device recognition, real-time transparent risk scoring, and on-demand and scheduled reporting. Our remarkable growth is attributed to the collaborative work and effectiveness of our global device intelligence network, which today protects billions of transactions for our clients representing multiple industries around the globe.

Red Herring Chairman, Alex Vieux, elaborated on the difficulty the editorial staff goes through each year in selecting the Global Top 100.

“Choosing the best out of the previous two years was by no means a small feat. After rigorous contemplation and discussion, we narrowed down our list from 1,100 potential companies to 100 winners. It was an extremely difficult process. iovation should be extremely proud of its achievement, the competition for the Top 100 was fierce. The Top 100 Global are truly the best of the best.”

Companies were evaluated on both quantitative and qualitative criteria such as financial performance, technology innovation, management quality, strategy and market penetration.

The full list of 2011 winners is located at: http://www.herring100.com/RHG/2011/top100.html.

According to the NY Times article, “Cyber Monday Shopping Surpasses Expectations,” both ComScore and IBM Benchmark reported that the $1.3 billion spent by online shoppers represented up to a 33% increase in online sales over last year. This followed record-breaking Black Friday weekend sales of $52.4 billion, which CNN Money reported is a 16% jump over 2010. Either way you cut it, there’s little doubt that retail and online sales over the weekend could make for a very profitable holiday season for merchants.

At iovation, we help our clients know who to trust online, by quickly recognizing their good online customers and isolating the fraudsters through shared device intelligence. By identifying bad actors upfront and flagging suspicious transactions in real-time, we help merchants decline fraudulent orders faster, minimize chargebacks and take more good business with confidence — all especially important during the holiday’s peak traffic.

Looking at iovation’s device reputation network on Black Friday and Cyber Monday, we found some interesting trends and year-over-year comparisons during the two hottest shopping days of the year, including:

• 400% increase in the rate of fraudulent transactions (from 1% to 4%) on Black Friday
• 25% increase in the rate of fraudulent transactions (from 3% to 4%) on Cyber Monday
• 15% greater transaction volume on Cyber Monday compared to Black Friday
• 4% mobile fraud rate on both Black Friday and Cyber Monday

While it was no surprise that credit card fraud, shipping fraud and account takeovers topped the list of fraud types reported to iovation’s database on these days, a noticeable drop in the share of mobile shopping activity was very unexpected.

Despite several industry surveys forecasting significant increases in mobile purchases over the holidays, iovation saw mobile transactions decrease as a share of overall activity on Black Friday and Cyber Monday. While mobile transactions usually account for 5% of queries to iovation’s service, mobile’s share of overall retail transactions dropped to 3.2% on Black Friday and 2.7% on Cyber Monday. At this point any conclusions would be only speculative as to why mobile transactions were down during these peak periods. Are consumers not ready to make purchases over their smartphones? Is the user experience of a smartphone checkout too cumbersome compared to the convenience of a desktop?  As retailers look to the mobile market as an increasingly important channel, it will be critical that they solve these issues.

For the 2011 Global Award, the Red Herring editorial team selected companies demonstrating the most innovative technologies and business models originating from over 1,000 companies from over 40 nations. The companies are judged on a range of qualitative and quantitative metrics, including technology innovation, financial performance, growth criterion, management’s execution standards, potential globalization of the strategy and market share improvement.

The 2011 Global finalists will be featured during the Red Herring event taking place at the Hyatt Regency Century Plaza on December 5-7, 2012. iovation’s CEO, Greg Pierson, will be presenting iovation’s winning strategy on Tuesday, December 6th and on the last night of the event, the Global winner will be announced. If you are attending the event and would like to schedule time to chat with Greg Pierson, please email info@iovation.com.

Keep safe and sane this holiday season:

1. Look for indications of online security. Depending on your browser, there may be an icon of a yellow lock at the top of the window, near the address bar, or at the bottom, near the taskbar. If the website is secure, the yellow lock should be closed. Some browsers use a color coding system, displaying red to indicate that a website is not secure and may potentially be infected, or green to indicate that it’s okay. 

2. Update your operating system. If your computer’s operating system is out of date, it may invite trouble when heading out to the wild, wild web. Go to your security center to download the latest critical security patches.

3. Update your browser. While your operating system may be up to date, which would mean that Internet Explorer is most likely up to date as well, if you are using Chrome or Firefox, you may need to update manually. Select “About” in your browser’s toolbar to check for updates.

4. Protect your computer with antivirus software. Antivirus protection that includes a firewall will, in most cases, shield you from “drive by downloads” and other malware. Even a major online retailer with a secure website can be vulnerable to criminal hackers.

5. Beware of phantom websites. Criminals love to pull the wool over unsuspecting eyes. One technique is to use “black-hat SEO” to place fake websites at the top of organic search results. Customers who attempt to make purchases via these fake websites are unknowingly transmitting credit card numbers directly to the hackers, and it’s safe to assume they’ll never receive the products they believe they’ve purchased.

6. Check credit card statements often. I still have to search the Internet for the names of unfamiliar retailers that appear on my credit card statements with unauthorized charges. Check your statements online weekly, and refute unauthorized charges within 60 days.

Most major online retailers are already using multiple sophisticated fraud prevention procedures to protect you. Oregon-based iovation Inc. is one hot technology company offering a device reputation service that alerts businesses to suspicious behavior such as someone attempting to hijack your account or use your stolen credentials (and  many others’) to steal from online businesses.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses credit and debit card fraud on CNBC. Disclosures