In the article, “Cybercrime is now a booming industry,” the new Global Risks for 2012 report says that along with a steady increase in cyber attacks on businesses and governments around the globe, the top concern for illegal digital data sellers is maintaining trust with their customers.

According to an ethical hacker in India, the digital black market has become so competitive that entrepreneurial cyber criminals depend on their trustworthiness, along with free trials, discounted offers and money-back guarantees on stolen goods, to succeed in the shady underworld.

“Today, the main concern for the data sellers is to generate trust among their clients.”

Any legitimate business knows the importance of building and maintaining a high level of trust and confidence with their paying customers. Without it, we have no customers. Turns out, the cyber underground is no different. In order to sell stolen goods to their customers, cyber criminals, whose livelihood is based on creating a web of lies to steal other people’s information, also have to establish and preserve an upstanding reputation among their likeminded clients.

At iovation, we’ve always understood the power of reputation — both good and bad. In fact, our business is built on the experiences and expertise of more than 2,000 fraud analysts from leading brands worldwide, who have all contributed to our device reputation database of over 800 million unique devices, including PCs, laptops, smartphones, tablets and consoles.

Unlike anti-fraud solutions that rely on personally identifiable information (PII), iovation’s advanced device reputation technology focuses on the user’s device to identify and stop fraud in real time, as well as make quicker decisions on legitimate online orders and business transactions. By including a fraud prevention service like iovation’s ReputationManager 360 to any multi-layered security strategy, organizations don’t have to rely solely on potentially stolen or misrepresenting information provided by criminals to perpetrate fraud over the Internet.

While there’s no arguing that trust is essential for doing business — apparently between cyber criminals, as well — having a trusted resource like iovation to uniquely recognize known fraudulent devices, expose hidden fraud rings and identify good customers before the transaction takes place, can play a pivotal role in any business’s ongoing challenge to reduce online fraud rates.

While monetary gains are always the ends to the means for cyber thieves, the digital goldmine appears to be personal and financial information stolen from email accounts and bank accounts, as well as intellectual property, all of which hackers can sell on the cyber black market. Some additional points in the Global Risks for 2012 report included:

• Cybercrime, cyber-espionage and cyberwarfare are on the rise
• Credit card cloning is flourishing in India, conducted by Nigerians living in India who are using card data received from Russian underground forums
• Hackers are launching chance attacks on individual users and more targeted attacks on businesses and governments to exploit system security flaws
• Corporate source codes for products, intellectual property and defense data is extremely valuable to competitive organizations and governments
• Enterprises leveraging social media tools should consider the risks of employees accessing social media sites while on the corporate network

Here are some of tonight’s 2012 Totally Gaming Award winners:

• 888.com for Best Online Product of the Year (iovation was a finalist)
• Betfair for iPhone for Best Mobile Gaming Product
• Holland Casino Amsterdam for Best Casino Operator
• Jan Jones and Ron Goudsmit for Outstanding Service to the Land-Based Industry
• Wes Himes for Outstanding Service to the Remote Industry
• Novomatic for the Media Award
• Inspired Gaming Group for Best Betting Product
• Casinos Austria for Best Marketing Campaign
• Casino Cosmopol Sun vaal for Best Casino 
• Raff Ltd for Best Lottery Product
• JMC Global for Best Street Supplier 

Next up on the ICE agenda is the Combating Cybercrime in Gaming conference at Earls Court. Starting Tuesday, January 24th, attendees will find a great line-up of topics, including jurisdictional approaches to investigating cybercrime, knowing “who” and “where” your gaming customers are, implementing strategies to reduce data leakage from your network, cybercrime hotspots and forecasting future threats, and staying ahead of mobile gaming fraudsters.

iovation’s vice president of global sales, Max Anhoury, leads the mobile gaming fraud panel at 2:00 pm, titled Staying One Step Ahead of Mobile Fraudsters, to help attendees understand the latest cybercrime threats and how gaming operators can better protect their business, brand and customers.  Joining Mr. Anhoury will be Darwyn Palenzuela, Chief Technology Officer at Smart Gaming Group and Christina Thakor-Rakin, Head of Operations at Virgin Games. iovation will be sharing worldwide mobile device trends from its global reputation database of more than 800 million unique devices, which includes PCs, laptops, smartphones, tablets and consoles. 

iovation offers mobile fraud protection by uniquely identifying mobile devices that touch its clients websites or applications. The company employs a “defense-in-depth” approach to identifying, recognizing and developing a reputation for each mobile device, which includes multiple components and strategies that work in concert to help online businesses fight fraud effectively. iovation’s device reputation service includes both web and native device recognition, with SDKs for iOS and Android available globally. Managing the associations between devices provides opportunities for device re-identification even when evasion techniques are in play.

Those attending iovation’s Mobile Gaming Fraud Panel will learn:

• Mobile gaming offerings available and the progress and challenges posed
• Mobile fraud schemes and how gaming sites detect and prevent them
• Popular real-time rules that gaming operators are using to detect and deny fraudulent transactions
• Advanced technologies that will impact your strategy today and in the future
• Regulatory and compliance issues with regard to managing fraud on mobile devices
• Mobile application development and experiences with iOS and Android approval and distribution systems
• Future trends and mobile gaming growth expectations by operators

If you are unable to attend the presentation, but would like to learn how to protect your gaming site from chargebacks, identity theft, bonus abuse and collusion, stop by the iovation booth #5117 during the exhibition and speak with our team!

In the article, “Why Internet crimes go unpunished,” security expert Roger Grimes breaks down some interesting numbers around cybercrime, and how hackers are (to put it mildly) beating the odds. According to the FBI’s 2011 Internet Crime Report, of the more than 300,000 complaints that netted criminals $1.1 billion in 2010, law enforcement agencies convicted an average of one crook for every 50,635 victims. In other words, as Grimes eloquently states:

Steal someone’s identity and your odds of being caught are almost infinitesimal.

With all the hacks and fraud headlines 2011 will be remembered for, that’s definitely not the way we want to ring in the New Year. But as Grimes also warns, if we aren’t careful we could see history repeat itself as criminals not only continue defrauding computer users, but launch recycled attacks against the explosion of worldwide mobile device users, who could fall victim to the same old PC tricks.

While law enforcement certainly has its challenges in tracking down and prosecuting cyber criminals, nobody will argue that we can always be doing something on our part to help reduce the risk of fraud where the criminal is utilizing a computer, as well as emerging mobile platforms like smartphones and tablets.

Whether you’re an individual, small to mid-size business, or even a large international corporation, in many ways you’re sort of on your own in cyberspace. This is why taking matters into your own hands and implementing defense-in-depth fraud preventative strategies is so critical to protecting yourself, your employees and business from both evolving and old-school scams targeting every form of Internet-connected device that we use.

This is the time of year when most businesses are setting their budgets and determining business goals for 2012. While improving customer service and increasing revenues are certainly at the top of any CEO’s to-do list, mitigating costly fraud risks that can take a hefty bite out of annual profits (not to mention cause significant reputation damage) requires organizations to deploy effective security tools like iovation’s ReputationManager 360 solution to reduce the risk of fraud or abuse over all devices and platforms connecting to their online business environment.

According to the Banking Times article, “Criminals shifting to card-not-present fraud because of chip and PIN success,” they are on the move again. Data recently released by FICO, a leading provider of analytics and decision management technology, shows that across Europe card-not-present (CNP) fraud has dramatically increased, accounting for 72% of all fraud losses between March 2009 and March 2011. The big reason for this change? Chip and PIN technology, which has helped reduce counterfeit fraud by 60% over the same period.

In comparison, a similar study conducted three years ago found that ‘card present’ fraud accounted for 60% of Europe’s credit card fraud. But since European banks adopted the smartcard payment system, that number has dropped significantly over the past couple of years.

So, remaining consistent to their adaptive nature, it appears that cyber criminals have shifted their attention to CNP schemes like online fraud, targeting countries and business systems with weaker detection and prevention capabilities, said Martin Warwick, FICO’s Fraud Chief in Europe, the Middle East and Africa.

“Our analysis of the data shines a spotlight on the tremendous change that has occurred in Europe’s fraud landscape.”

While European credit issuers continue to leverage Chip and PIN technology as part of their defensive strategies to fight fraud, the Merchant Advisory Group (MAG) recently rolled out a recommended roadmap for a U.S. electronic payments strategy that includes Chip and PIN adoption.

Such strategies have proven to help reduce card present fraud, but as the report shows, their success has also pushed hackers into new directions. Instead of using the actual credit card to defraud businesses in person, criminals are collecting credit card and personal information and using it to commit a host of online crimes including CNP fraud, account takeover and identity fraud.

As criminals increasingly pursue online fraud opportunities around the globe, businesses that rely on online payments need effective fraud detection tools that protect the growing number of online transactions taking place within the U.K. and across international borders.

Leveraging our fraud database of more than 800 million desktop and mobile device reputations worldwide, iovation performs 6.5 million device reputation checks a day for our customers. A complementary fraud prevention solution like iovation’s ReputationManager 360 provides businesses with unique intelligence and a deeper understanding of each device accessing their website or requesting a transaction, allowing them to make quicker, better informed decisions on all online transactions even if fraudsters try to re-invent how they defraud businesses over the Internet.

The truth is, even diligent businesses running the latest security software remain vulnerable to the growing number of new and unknown forms of online fraud and abuse. Take it from Mark Patterson, co-owner of PATCO Construction Inc: when it comes to fighting ACH fraud the new FFIEC authentication guidance falls short. He says that until banks become legally liable and accountable for such online crimes, businesses will remain susceptible to online fraud.

In the BankInfoSecurity article, “Fraud: The Victim’s Perspective,” Patterson, whose small residential and commercial construction company lost over $550,000 to fraudulent ACH transactions, said that while he’s glad updates have been made to the security guidelines, they don’t go far enough. In order for small businesses to protect themselves from online crimes like ACH fraud and account takeover, they need to take it upon themselves to also incorporate their own internal policies and processes to detect fraud and abuse. Some of his recommendations include:

• Talk to your bank about the ACH fraud policy to understand if fraud losses are covered
• Monitor all online transactions for bad IP addresses, anomalies, and suspicious activity
• Run and analyze reports to recognize patterns and velocities
• Educate yourself about online threats and how bad they really are

Today, too many companies struggle to keep the security of their desktop computers and mobile devices up-to-date, which puts their customers, business and brand reputation at risk. The FFIEC Guidance was designed to outline a multi-layered approach of processes and technologies that banks need to mitigate fraud risks, but if those recommendations aren’t applied and internally enforced businesses could still have trouble identifying and stopping risky transactions.

To combat the millions of online fraud and social engineering schemes attempted on banks and businesses every day (we should know, we stop more than 150,000 fraudulent transactions every day for our clients), an effective defense-in-depth anti-fraud strategy requires the ability to recognize high-risk transactions before they are accepted. iovation’s device reputation technology goes beyond traditional blacklists and personally identifiable information (PII) to identify, re-recognize and root out fraudulent devices and accounts in real time so businesses can proactively stop bad transactions from occurring, as well as shut down hidden fraud rings that are committing repeat fraud within their IT environment.

iovation’s ReputationManager 360 is a fraud prevention solution that provides an added layer of protection for any defense-in-depth anti-fraud strategy. By leveraging the power of device identification, iovation takes complex device ID a step further and equips financial services firms and other businesses with a dynamic collection of device intelligence, association data, analytics and reporting tools that allow fraud managers to assess larger sets of attributes and apply pattern recognition algorithms and pattern-learning processes to identify fraudulent devices, anomalies, velocities and other suspicious behavior taking place on their website every day.

In the article, “Mobile commerce played an integral part of the 2011 holiday season,” online retailers capitalized on the smartphone and tablet phenomenon by boosting their m-commerce promotions during the past holiday season. As a result, a company spokesperson at Gilt Groupe, a US-based shopping website, said mobile-only promotions contributed to 20% of all sales during November and December, with mobile traffic and sales increasing well over 100% in December 2011 compared to December 2010.

“Mobile continues to play a large role in driving Gilt’s business. And we continue to utilize mobile as a channel to reach both existing and new customers wherever they are.”

North America electronics retailer, Crutchfield Corporation, also saw triple-digit increases in mobile traffic and sales, a trend the Crutchfield’s director of e-commerce, Todd Cabell, believes will continue to climb in the new year.

“Mobile was certainly a bright spot this holiday season. It’s clear more and more customers are becoming comfortable using their mobile devices to research and purchase a wide variety of products. We anticipate continued growth in both the smartphone and tablet channels during 2012.”

As more consumers trust their mobile devices to purchase goods over the Internet, online merchants recognize the importance of including mobile in their cross-channel marketing efforts. At iovation, we see the mobile channel not only as an emerging sales channel, but a thriving one, for e-commerce. This is why our ReputationManager 360 fraud prevention tool recognizes, in real-time, all Internet-connected devices by type, including PCs, smartphones and tablets, that access retail websites.

By better understanding the devices connecting to their site, retail fraud managers can immediately accept, deny or pull for further review all transactions coming through their cross-channel sales mix. For retailer’s creating mobile-exclusive promotions that target smartphone and tablet users, this level of fraud protection is essential to the customer experience, profitability, and a merchant’s overall brand reputation.

If you are interested in learning more about how iovation protect online retail sites from fraudsters attempting all types of criminal or abusive behavior, we will be at the upcoming NRF Retail’s Big Show, January 16-18 in New York City.

We’d love it if you stopped by our booth #2820 to chat about any fraud issues your business is experiencing or anticipating, and to pick up your Virtual Crime Fighter t-shirt. By integrating iovation’s device reputation service on your account creation or checkout page, for example, we can help you stop cyber criminals—all without collecting any personally identifiable information (PII)—whether they are using a computer, tablet or mobile phone to access your site.

And while at the NRF Retail’s Big Show, one session that looks very interesting is “Emerging Technologies: Driving Businesses for Retailers, While Minimizing Risks from Fraudsters” at 2:00 pm on Tuesday.  The session is moderated by Evan Schuman, Editor of StorefrontBacktalk.com with speakers Joseph LaRocca, Sr. Asset Protection Advisor of the NRF and Bill Titus, Vice President of Loss Prevention at Sears Holding Corporation.  (See page 37 of the Show Guide).

It’s been a busy year with a ton of new features and enhancements ranging from big to small. We thought we’d take a moment to share with you some of the highlights from 2011.

As with any technology, there are many, many things that go into a new feature including design, development, testing, documentation, integration and other operational requirements. We won’t go into that amount of detail here, but instead will focus on the primary achievements within each of the four principle areas of specialization at iovation, which include:

• What does “layered security” actually mean?

“‘Layered security’ refers to the arrangement of fraud tools in a sequential fashion. A layered approach starts with the most simple, benign and unobtrusive methods of authentication and progresses toward more stringent controls as the activity unfolds and the risk increases.”

• What does “multi-factor” authentication actually mean?

“A simple example of multi-factor authentication is the use of a debit card at an ATM machine. The plastic debit card is an item that you must physically possess to withdraw cash, but the transaction also requires the PIN number to complete the transaction. The card is one factor, the PIN is a second. The two combine to deliver a multi-factor authentication.”  

• Who does this guidance affect? And does it affect each type of credit grantor/ lender differently?

“The guidance pertains to all financial institutions in the US that fall under the FFIEC’s influence. While the guidance specifically mentions authenticating in an on-line environment, it’s clear that the overall approach advocated by the FFIEC applies to authentication in any environment.”

• What will the regulation do to help mitigate fraud risk in the near-term and long-term?

“The guidance is an important reinforcement of several critical ideas: Fraud losses undermine faith in our financial system. Fraud tactics evolve constantly and the tools that combat them have to evolve as well. The guidance provides a perspective on why it is important to be able to understand the risk and to respond accordingly.”

• How are organizations responding? 

“Experian estimates that less than half of the institutions impacted by this guidance are prepared for the examinations. Many of the fraud tools in the marketplace, particularly those that are used to authenticate individuals were deployed as point-solutions. Few support the need for a feedback loop to identify vulnerabilities, or the ability to employ a risk-based, ‘layered’ approach that the guidance is seeking.”

To learn more, watch Experian and iovation’s webinar, titled Ensuring Optimal Efficacy and Balance with Out-of-Wallet Questions and Device Identification, dedicated to discussing the recent FFIEC guidance and taking a defense-in-depth approach to fraud prevention.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses identity theft  in front of the National Speakers Association. (Disclosures)

The Federal Financial Institutions Examination Council’s (FFIEC) updated security guidelines go into effect in less than a month. It is imperative that financial institutions recognize that the security precautions currently in place are ineffective in the face of new, more sophisticated attacks. Criminals have gotten around the minor hurdles posed by the tools being used to authenticate clients and prevent unauthorized transactions.

Basic multifactor authentication may be relatively effective for bank accounts that generally contain only enough to pay a month’s worth of bills. But high value accounts are more prone to attacks, and require additional levels of security. Ultimately, what is most important is that a security program includes multiple layers of protection rather than relying on a single mechanism of defense.

Using advanced device identification is also essential. The FFIEC suggests complex device identification, which is more advanced than previous techniques, and the leader in this space is iovation Inc.  They take complex device identification much further by delivering to financial institutions, a reputation of the device as it accesses their site to apply for credit, create an account, transfer money and more.

This proven strategy not only utilizes advanced methods to identify the devices being used to connect to a bank, it also incorporates geolocation, velocity, anomalies, proxy busting, webs of associations, fraud histories, commercially applied evidence of fraud or abuse, and much more to protect financial institutions from cybercrime.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses credit and debit card fraud on CNBC. Disclosures

“Dear Lucky Customer:

In the course of regular store maintenance, we discovered our credit/debit card readers at the self-check lanes ONLY in 20 stores (listed below) had been tampered with. Steps were taken immediately to remove the tampered card readers in the affected stores, as well as enhance security to every credit/debit card reader in all 234 stores in our company. We are not aware nor have we been notified of any reports that customer accounts were compromised.”

The “tampering” referenced in this letter has been described as skimming, which occurs when a separate piece of hardware is affixed to an ATM or point-of-sale terminal. The hardware is designed to blend in with the face of the machine and record card data whenever a card is swiped. Criminals either remove the skimming device later or retrieve data remotely via wireless Bluetooth or mobile SMS. 

In this particular case, however, it isn’t clear exactly what happened. What is known is that the POS terminals were compromised. When point-of-sale terminals have been compromised in the past, this has usually meant that criminals actually entered the store, physically removed an entire machine, and replaced it with one that resembled the original, but had been tweaked to capture and transmit customer data.

Consumers cannot protect themselves from this crime. All they can do is check their bank statements frequently and refute any unauthorized charges or withdrawals. On the other hand, online retailers who are subject to having stolen credit cards used on their sites can, in many cases, prevent fraudulent transactions upfront by checking the device’s reputation used during the transaction. Computers, tablets and smartphones are assessed for fraud, high-risk and suspicious activity in real-time, which means while that device is interacting with the retailer’s website.  By checking against iovation Inc.’s global shared database of more than 800 million unique devices and their associations, online retailers can protect themselves against chargeback losses, shipping fraud, account takeovers and identity theft attempts.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses POS skimming on CBS. Disclosures.

During this year’s record-breaking Black Friday and Cyber Monday, iovation documented a significant rise in fraudulent transactions, which included account takeover attempts.

Their comparison of the two hottest shopping days of this year vs. last year found:

• 400% increase in the rate of fraudulent transactions on Black Friday (up from 1% to 4%)
• 25% increase in the rate of fraudulent transactions on Cyber Monday (up from 3% to 4%)
• 15% greater transaction volume on Cyber Monday compared to Black Friday
• 4% mobile fraud rate on both Black Friday and Cyber Monday.  

These statistics are compounded by the dramatic and impressive consumer spending numbers for these dates. Consumers must understand that their credit card numbers are fueling the rise in cyber fraud. Throughout the holiday season and beyond, it is imperative that cardholders check their statements carefully, matching them up against receipts to confirm that each charge was authorized.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses Holiday Shopping Security on Fox News  Disclosures

In the recent article, “How to steal an identity in seven easy steps,” software developer, Herbert Thompson, shows us just how easy it is to collect personal information that allows fraudsters to gain access to somebody’s personal and financial online accounts. This is disturbing news, especially when you consider that roughly 40% of web users are ‘likely’ or ‘very likely’ to provide their personal information in one of six online scams, like the Ponemon Institute, commissioned by PC Tools, recently discovered after interviewing over 1,000 UK web users.  

Essentially, Thompson cites a number of online resources that criminals can tap into to gather personal information that increases their chances of cracking security questions and passwords required to access personal emails or financial accounts, including:

1. General Web Search: Searching someone’s name on a search engine such as Google can provide an assortment of information about a person including where they live and their social networking communities.
2. Personal Blog: Doing a keyword search on things like birthday, pets and mother’s maiden name can reveal personal data that users apply for questions relating to password reset and account login.
3. Public Websites: Public websites such as the DMV and state traffic court provide resources for obtaining information on traffic violators that could include things like birth date and vehicle type.
4. Resume/Job Seekers Webpages: Job seekers are constantly updating their work history and joining networking groups that disclose current home addresses, phone numbers, emails, where they’ve lived and their professional background.
5. Alumni Webpages: High school or college online social networking communities can make known somebody’s personal history, nicknames and other close friendships.

As you can see, online romancers aren’t the only ones susceptible to identity theft. This scenario essentially applies to anyone sharing personal information over the Internet.

While individuals need to always apply common sense before sharing personal information that really never goes away, so do the providers of these popular online environments. To ensure the safety of their legitimate users and maintain their reputable brand reputation, online dating and social networking sites need to deploy fraud detection tools that can stop known fraudsters before they enter their communities and root out fraud rings that are committing repeat fraud against good members.

iovation’s ReputationManager 360 does both. By identifying the user’s actual device, not the personally identifiable information (PII) they provide to create their profile, online communities can detect when a known fraudulent device is trying to enter their site, as well as expose bad devices and their associated accounts that are already active in the community. This unique level of device reputation intelligence enables Internet communities to improve their ability to deny fraudulent transactions before they happen and rid their trusted online communities of cyber criminals who are already perpetrating fraud or collecting personal information they can use later to break into personal or financial accounts.

Take, for example, a fraud prevention service like iovation’s ReputationManager 360. Using advanced device reputation technology, we work behind the scenes in many of the world’s largest and most respected gaming environments to provide protection from all forms of fraud and abuse. In the past year, we’ve provided invaluable intelligence on more than 475 million gaming transactions.

At iovation, we’re happy to play the role of the unsung hero. But every now and then it’s an honor to be recognized by industry leaders who call out the important work that we do. This is why we are so proud to announce that the distinguished ICE Totally Gaming panel has named iovation a finalist for the Best Online Gaming Product of the Year.

The award, which judges applicants on five criteria and their achievements over the past year, recognized iovation for our work in protecting billions of online transactions for our international gaming clients. Since 2004, we’ve successfully helped gaming businesses minimize chargebacks, account takeover, arbitrage betting, player collusion and affiliate abuse. Our customers also use iovation for their KYC requirements like managing customer request exclusions and geo-fencing.

The Totally Gaming Awards banquet takes place on Monday, January 23, 2012, at 8 Northumberland, London. After the ceremony, we will be exhibiting at Clarion Event’s ICE Totally gaming international exhibition in booth #5117 from January 24-26 at Earl’s Court in London.

Another of my holiday traditions is to expose the year’s phishing scams. The following examples come straight from my inbox or spam filter, and have been abbreviated to demonstrate the nature of the scam and specific hook being used.

1. This first phishing email appears to have been sent from LinkedIn, but the link that supposedly leads to the FDIC’s website is in fact a virus.

“From: LinkedIn linkedXXX@em.linkedin.com  

Temporary FDIC insurance coverage news. To obtain more information about temporary FDIC insurance coverage of transaction accounts, please refer to http://www.xxxxxx. Yours faithfully, Federal Deposit Insurance Corporation.”

2. In this phish, the sender claims to be Canadian, but the email suffix “.cn” is Chinese, and the scammer grammar is clearly East African in nature.

“From: Mrs.Martha Chery tesXXX@k.cn

Dear Beloved,

I am Mrs.Martha Chery from Canada,I am 58 years old,i am suffering from a long time cancer of my brain,from all indication my conditions is really deteriorating and it is quite obvious that i may not live for the next two months.”

3. Wow, my “email address has won.” Lucky me?

“From: payofficeXXX@aim.com

WINNING NUMBER: OL/656/020/018

OUR DEAR WINNER, THIS IS TO NOTIFY YOU THAT YOUR EMAIL ADDRESS HAS WON ONLINE LOTTO AND GAMING CORPORATION SUM OF (ONE MILLION EURO).”

4. This scammer responded to a Craigslist ad I had posted. Apparently I “sounded gorgeous in the ad.” I probably did!

“From: Justina Serini justinaXXX@hotmail.com

Hi Robert, I found your posting and wanted to ask you something essential. I am in a relationship and caught my partner cheating on me so I decided to get even! My co-worker said Craigslist list would be the best place to find someone nearby who I can be with for one time only so thought the hell, I would email someone I thought sounded gorgeous in the ad and came across yours!”

5. In this phish, I’m being scammed in Hebrew!

“???????!!! info@free2XXX.co.il

???? ????? ????? ????? ?? ???? ???? ????? – ??????! ?? ?? ????? ?????? ?????? ?? ?????? ?????? ?????,”

6. Oh, wow, the United Nations is contacting me directly. How exciting!

“From: UNITED NATIONS bankimoonXXX@yahoo.com

Attn: Beneficiary, This is to inform you that the International Community has received series Complaints from Beneficiaries who are yet to receive their outstanding Contract/Inheritance Funds.”

7. Download this report, and you’re as doomed as a boiled lobster.

“From: Jerry Bush benoit.metzger@XXXueamachine.com

This report applies to the ACH transfer (ID: 963623905410) that was recently sent from your banking account. The current status of the referred transfer is: failed due to the technical error. Please find the detailed information in the report below.”

Hey, that reminds me, I have fish to fry!

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses phishing on Fox Business Disclosures

Forbes reports, “Consumers are going mobile in large numbers, and the 2011 holiday season proved it. IBM Coremetrics recently reported that consumers increased shopping on smartphones and tablets on Black Friday. Purchases made on mobile devices accounted for 9.8% of online sales, which is up 3.2% from last year. GSI announced a 254% increase in US mobile sales on Black Friday. PayPal Mobile announced a 516% increase in global mobile payment volume over last year, and eBay Mobile reported US purchases were nearly two and a half times what they were last year.”

Criminals are paying attention.

The National Cyber Security Alliance and McAfee released a study showing that in the last six months, 50% of Americans have used smartphones to research potential purchases, 27% have used them to shop, 12% have used them to shop at auction websites, specifically, and 18% have used their phones to make online payments.

To stay safe while mobile shopping this holiday season:

1. Keep mobile security software current. The latest security software, web browser, and operating system are the best defenses against viruses, malware, and other online threats.

2. Automate software updates. Many software programs can update automatically to defend against known risks. If this is an available option, be sure to turn it on.

Retailers should be aware that criminals aren’t just using desktops to commit fraud, but are also making purchases with stolen credit card information via mobiles and tablets. They should adopt security technology that actually recognizes and analyzes the PCs, smartphones, and tablets being used to access their websites. Once a device has been identified, its reputation can be assessed in real-time to determine the risk of fraud. Is the device exhibiting suspicious behavior, or it already known to have been used for fraud, money laundering, or account takeovers?

Examining a device’s reputation allows businesses to know which online transactions are trustworthy beforehand, rather than waiting until fraud has already occurred.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses Mobile Security on Cyber Monday on Fox Washington. Disclosures

The

Which begs the question: when the dust settles, how much of this uptick in online sales will equate to online fraud? It is inevitable that some consumers will detect unauthorized charges on their credit and bank accounts, and many retailers will suffer high chargebacks.

Consumers should seek out and patronize businesses that implement a comprehensive, in-depth approach to protecting customers from identity theft and financial fraud. They should also check credit and banking statements carefully, scrutinize each and every charge, and call their bank or credit card company immediately to refute any unauthorized transactions.

Retailers should consider adding device identification technology to prevent more crime upfront before product ships and stolen credit cards are charged. This emerging technology examines the PC, smartphone, or tablet being used to conduct an online transaction in order to determine whether the device’s characteristics, behavior, and history indicate a high level of risk. The leading provider of device identification and device reputation services is iovation Inc. Take a look at iovation’s stats from Black Friday and Cyber Monday.

Fraud analysts from online retailers around the world interact with iovation’s database of device intelligence daily, and through sharing information and running real-time risk assessments, they block millions of online fraudulent attempts each year.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discussesCyber Monday on Fox Boston. Disclosures

This holiday season, as you seek out hard-to-find gifts and look for the best prices, keep in mind that not everyone out there on the wild, wild web has good intentions.

Auction sites are ground zero for scammers. It’s very easy to set up a free auction page from anywhere in the world, collect people’s money, and run.

Here are four tips to keep you safe when shopping through auction websites.

1. Use strong passwords: Use complex passwords that are hard to crack but easy to remember. Passwords should include upper and lowercase letters as well as numbers, and, if possible, other characters.
2. Look out for phishing emails: Any email that appears to have been sent from an auction site should be considered suspect. Certainly there are legitimate communications being sent by eBay and similar sites, but none of them should require a direct email response. To confirm that a communication is legitimate, always go to the website directly via your favorites menu, log into your account normally, and check your “My Messages” folder, rather than clicking any links within the email.
3. Secure your device: Whether you shop using a tablet, smartphone, PC, or Mac, they all need some form of antivirus protection. At the very least, the operating system should be kept up to date with all the latest security patches. Any website can potentially pose a threat. Never respond to pop-ups that claim your computer or other device has been infected and instruct you to install antivirus software. This is actually “scareware.”
4. Buy from trusted sources: Some may not like my saying so, but buying from sellers with no track history is risky. If sellers have less than five transactions under their belt, they may be scammers. My rule of thumb is never but from anyone with fewer than ten transactions, and even then I take all their feedback into account before purchasing. If a seller has ten transactions but all those purchases are less than a dollar in value, that seller is still suspect.

Online classified and auction websites can do more to protect legitimate buyers and sellers by identifying fraudsters faster with advanced device identification.  iovation Inc.’s fraud prevention service is called ReputationManager 360 and incorporates device identification, device reputation analysis, and geolocation, velocity, and anomaly checks in its real-time risk profiling. iovation is used by hundreds of online businesses to prevent fraud and abuse by analyzing the computers, smartphones, and tablets being used to connect to their online properties.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses Black Friday/Cyber Monday Scams on Mike and Juliet Show  Disclosures

In the USA Today article, “Travelers at high risk of identity theft, experts say,” travelers lost a total of 11,000 mobile devices at the busiest U.S. airports this year. And that only accounts for items lost before travelers reach their intended destinations. In a study of 200 data breaches, Trustwave’s SpiderLabs found that hotels and resorts are prime targets for crooks stealing financial information, with respondents saying 38% of data thefts took place at hotels or resorts.

John Sileo, an identity theft and fraud expert who experienced identity fraud first-hand while traveling to Disney World, says people can be particularly vulnerable when they are unfamiliar with their surroundings. In his case, he suspected someone took a photo of his card number at the theme park before his bank informed him that his credit card had been shut down when someone attempted to make $3,000 worth of online charges to his card.

“Data theft goes through the roof on the road,” says Sileo, a spokesperson for CSID, an identity-protection provider.

When preparing to travel, Steve Schwartz, executive vice president of consumer services at Intersections, says there are several precautions every traveler should take to protect their personal information, including:

1. Use a credit card to book flights, hotels and arrangements: Because federal law limits the liability of card holders if your credit card is lost or fraudulent purchases are made to your card, it’s best to use a credit card to book all travel arrangements rather than a debit card, which has different federal protections that could result in additional financial losses.

2. Clear out your wallet before a thief does: As much as we would like to trust our fellow travelers, you can never be sure when criminals are scoping out airport waiting areas, hotel lobbies or public media centers looking for the right moment to steal somebody’s personal property.

3. Travel with only two credit cards: Walking around with one card and storing a backup in a hotel safe limits a thieve’s ability to swipe multiple cards and access various personal accounts.

4. Leave your social security card at home: Most of us don’t carry around our social security cards anyway, so safely storing your SSN somewhere when you’re on the road is a good idea.

5. Safely store contact numbers of card companies: In the event you find your personal possessions missing, you can quickly contact your card companies and have them stop any purchases until you locate your card or are issued a new one.

6. Never type passwords or credit card numbers over unsecured wireless networks: Doing so can allow fraudsters using special software to conduct a “man-in-the-middle” attack, which enables crooks to control and intercept messages between two legitimate users without them knowing it.

7. Never share travel plans on social networks: While vacationers are always tempted to share their travel plans or instantly post pictures over social networks, this information can let criminals known when you are away from home. It’s best to provide a recap of your business trip or vacation once you’ve returned.

While individuals can do several things to protect themselves while traveling, the same holds true for businesses.

With millions of company employees on the road at any given time, organizations need to take proper security measures to protect their business data when workers are accessing their corporate network remotely. Making sure they are regularly updating all anti-virus software, encrypting sensitive data, and having effective fraud detection and prevention tools in place to secure their private networks can help reduce the risk of fraud for their traveling employees and better protect their business assets.

It’s truly an honor to follow in the footsteps of some of the most recognizable technology companies in the world such as Google, YouTube, Skype and eBay, who have all been previously selected to Red Herring’s prestigious Top 100 Global list.

This recognition is a direct result of years of hard work evolving our fraud protection service into a full spectrum device reputation solution that supports native and web integrations for mobile and desktop devices, tagged and tagless device recognition, real-time transparent risk scoring, and on-demand and scheduled reporting. Our remarkable growth is attributed to the collaborative work and effectiveness of our global device intelligence network, which today protects billions of transactions for our clients representing multiple industries around the globe.

Red Herring Chairman, Alex Vieux, elaborated on the difficulty the editorial staff goes through each year in selecting the Global Top 100.

“Choosing the best out of the previous two years was by no means a small feat. After rigorous contemplation and discussion, we narrowed down our list from 1,100 potential companies to 100 winners. It was an extremely difficult process. iovation should be extremely proud of its achievement, the competition for the Top 100 was fierce. The Top 100 Global are truly the best of the best.”

Companies were evaluated on both quantitative and qualitative criteria such as financial performance, technology innovation, management quality, strategy and market penetration.

The full list of 2011 winners is located at: http://www.herring100.com/RHG/2011/top100.html.

According to the NY Times article, “Cyber Monday Shopping Surpasses Expectations,” both ComScore and IBM Benchmark reported that the $1.3 billion spent by online shoppers represented up to a 33% increase in online sales over last year. This followed record-breaking Black Friday weekend sales of $52.4 billion, which CNN Money reported is a 16% jump over 2010. Either way you cut it, there’s little doubt that retail and online sales over the weekend could make for a very profitable holiday season for merchants.

At iovation, we help our clients know who to trust online, by quickly recognizing their good online customers and isolating the fraudsters through shared device intelligence. By identifying bad actors upfront and flagging suspicious transactions in real-time, we help merchants decline fraudulent orders faster, minimize chargebacks and take more good business with confidence — all especially important during the holiday’s peak traffic.

Looking at iovation’s device reputation network on Black Friday and Cyber Monday, we found some interesting trends and year-over-year comparisons during the two hottest shopping days of the year, including:

• 400% increase in the rate of fraudulent transactions (from 1% to 4%) on Black Friday
• 25% increase in the rate of fraudulent transactions (from 3% to 4%) on Cyber Monday
• 15% greater transaction volume on Cyber Monday compared to Black Friday
• 4% mobile fraud rate on both Black Friday and Cyber Monday

While it was no surprise that credit card fraud, shipping fraud and account takeovers topped the list of fraud types reported to iovation’s database on these days, a noticeable drop in the share of mobile shopping activity was very unexpected.

Despite several industry surveys forecasting significant increases in mobile purchases over the holidays, iovation saw mobile transactions decrease as a share of overall activity on Black Friday and Cyber Monday. While mobile transactions usually account for 5% of queries to iovation’s service, mobile’s share of overall retail transactions dropped to 3.2% on Black Friday and 2.7% on Cyber Monday. At this point any conclusions would be only speculative as to why mobile transactions were down during these peak periods. Are consumers not ready to make purchases over their smartphones? Is the user experience of a smartphone checkout too cumbersome compared to the convenience of a desktop?  As retailers look to the mobile market as an increasingly important channel, it will be critical that they solve these issues.

For the 2011 Global Award, the Red Herring editorial team selected companies demonstrating the most innovative technologies and business models originating from over 1,000 companies from over 40 nations. The companies are judged on a range of qualitative and quantitative metrics, including technology innovation, financial performance, growth criterion, management’s execution standards, potential globalization of the strategy and market share improvement.

The 2011 Global finalists will be featured during the Red Herring event taking place at the Hyatt Regency Century Plaza on December 5-7, 2012. iovation’s CEO, Greg Pierson, will be presenting iovation’s winning strategy on Tuesday, December 6th and on the last night of the event, the Global winner will be announced. If you are attending the event and would like to schedule time to chat with Greg Pierson, please email info@iovation.com.

Keep safe and sane this holiday season:

1. Look for indications of online security. Depending on your browser, there may be an icon of a yellow lock at the top of the window, near the address bar, or at the bottom, near the taskbar. If the website is secure, the yellow lock should be closed. Some browsers use a color coding system, displaying red to indicate that a website is not secure and may potentially be infected, or green to indicate that it’s okay. 

2. Update your operating system. If your computer’s operating system is out of date, it may invite trouble when heading out to the wild, wild web. Go to your security center to download the latest critical security patches.

3. Update your browser. While your operating system may be up to date, which would mean that Internet Explorer is most likely up to date as well, if you are using Chrome or Firefox, you may need to update manually. Select “About” in your browser’s toolbar to check for updates.

4. Protect your computer with antivirus software. Antivirus protection that includes a firewall will, in most cases, shield you from “drive by downloads” and other malware. Even a major online retailer with a secure website can be vulnerable to criminal hackers.

5. Beware of phantom websites. Criminals love to pull the wool over unsuspecting eyes. One technique is to use “black-hat SEO” to place fake websites at the top of organic search results. Customers who attempt to make purchases via these fake websites are unknowingly transmitting credit card numbers directly to the hackers, and it’s safe to assume they’ll never receive the products they believe they’ve purchased.

6. Check credit card statements often. I still have to search the Internet for the names of unfamiliar retailers that appear on my credit card statements with unauthorized charges. Check your statements online weekly, and refute unauthorized charges within 60 days.

Most major online retailers are already using multiple sophisticated fraud prevention procedures to protect you. Oregon-based iovation Inc. is one hot technology company offering a device reputation service that alerts businesses to suspicious behavior such as someone attempting to hijack your account or use your stolen credentials (and  many others’) to steal from online businesses.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses credit and debit card fraud on CNBC. Disclosures

1. Go big. Do your online business with major retailers, or those you already know, like, and trust. The chances of a major online retailer stiffing you, or of their database being compromised, are slimmer than those of an unknown.

2. Do your homework. If you search for a particular product and wind up at an unfamiliar website, do some research on the retailer before putting down your credit card number. Search for the company’s name and web address to see if there have been complaints.

3. Don’t give out more personal data than necessary. Many retailers require your name, address, phone number, and credit card information. This is normal. But if you are asked for anything beyond that, like bank account numbers or your Social Security number, run hard and fast.

4. Vary your passwords. Often, online retailers will ask you to register with their website when you make your first purchase. Never register using the same password you’ve already used for another website. Otherwise, if one website is hacked, your password could be used to infiltrate your other accounts.

5. Use HTTPS sites. Websites that have a secure checkout process, with “https://” in the web address (as opposed to “http://”) are safer.

6. Print out and save online receipts. Keeping track of what you bought, where, and for how much can become confusing when making multiple purchases online. You need to pay close attention to your purchases in order to reconcile your credit card statements.

Smart retailers are already protecting consumers behind the scenes by implementing multiple layers of fraud protection. One very effective fraud detection technology is the use of device identification and device reputation to alert businesses to known fraudsters on their site. iovation Inc. provides this service, taking it another level to analyzing the device’s reputation by assessing risk on each transaction.

“The most reputable online sites all ramp up their security processes during the holidays,” says Molly O’Hearn, iovation’s VP of Operations & Co-founder. “This is a very good thing for online consumers because this is the time of year that your identity and credit card information is most at risk.”

Whether you are buying electronics as gifts this holiday season, or sports and entertainment tickets for friends and family, iovation is working hard in the background of these sites to keep the bad guys out so you can have a safe and fun experience.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses credit card fraud on NBC Boston. Disclosures

As we inch closer to the holiday season, a pair of recent articles highlight the increasing volume of online transactions that are just around the corner for online merchants. If there is a security takeaway from these trends, it’s that IT fraud teams better be prepared for significant increases in online transactions over the next few weeks.

The first article, “Retailers: Don’t Leave ‘Peak Week’ Money on the Table,” highlights the jump in online traffic over the four-day sales period it terms, “Peak Week.” That’s the time between Black Friday (the day after Thanksgiving) and Cyber Monday (the following Monday). According to analysts at Experian Marketing Services, each of these four days appear in the top 10 for high transaction rates. Other online traffic and retail email data results the marketing group released included:

• In 2010, online traffic to the top 500 retail sites increased 5% during Peak Week over 2009
• Email volume increased 26% in 2010 versus 2009 during Peak Week
• Black Friday online traffic increased 13% in 2010
• Black Friday is the second-biggest day for online email transactions

In the article, “Online Merchants Prepare for Cyber Weekend (Not Monday),” Ken Wisnefski, founder and CEO of the search engine marketing and E-commerce solutions firm, WebiMax, elaborated on the significance of how Peak Week, or what he calls, “Cyber Weekend,” has become much larger than a one-day retail event.

“Online retailers and merchants have largely invested in E-commerce, online ads and ramping up their website infrastructure in 2011. We’re seeing these merchants committed to making it a weekend-long buying experience versus confining the mad-dash to just one day.”

At iovation, our mission is to support our clients’ business growth by securing online transactions through highly effective fraud prevention solutions. iovation is focused on helping our subscribers manage the higher volume of risks that come with peak season online transactions, without negatively impacting the shoping experience for their customers.

As an anti-fraud security provider that helps stop more than 150,000 fraud incidents each day, we understand the importance of efficiently managing high-volume order flows. Making sure that your fraud team is prepared for the growing number of online orders over peak sales periods is critical if you’re going to get the most out of the holiday sales season.

According to the Politico article, “Free pass for dating site liars,” people can take comfort in knowing that they don’t have to worry about being prosecuted or hauled off to jail for telling a little white lie over the Internet. While this certainly makes sense, at the same time we’re still walking on shaky ground when it comes to online lies, falsifications, profile misinterpretations, or whatever you want to label it. The fact is, when it comes to identity fraud, fake accounts or other crimes on romance sites, lying is typically the basis for the crime. It sets the stage for deeper criminal activity that can cost victims both emotional and financial hardships, not to mention damage to the dating site’s reputation. 

In the recent blog, “Online Trust Remains Risky Business,” I discussed how most of us have at one time or another told some kind of little white lie on the Internet. Would this be cause for criminal prosecution? Probably not. However, if the intent is to steal or commit some type of crime against another person or business, the lie could be a violation of corporate policy covered by the Computer Fraud and Abuse Act (CFAA), which criminalizes “exceeding authorized access” of a computer.

While DoJ spokeswoman, Alisa Finelli, says it’s not the DoJ’s position that lying violates the CFAA, its current position is one that could be open for change.

“We understand the concern that is motivating these criticisms of the statute, and we are willing to work with Congress on legislative proposals in this area.”

While Congress works on legislation that clarifies what would be grounds for prosecution when it comes to lying on the Internet, to protect their members and online environments dating sites need to take action by deploying anti-fraud detection tools that help them identify risky behavior. At the moment, there may not be an actual online “lie detector” that can distinguish when a member is telling the truth or not, but there are tools available, such as iovation’s device identification service, that helps detect online scammers, spammers and bad actors attempting to mine the identity details of legitimate members.

As far back as I can remember, police have been warning of thieves who target cars in parking lots, smashing windows to steal shopping bags left in plain sight. Then, we’d be warned that as the Christmas lights went up, thieves would target the wrapped gifts underneath the tree. I thought, “It can’t get worse than this?”

Then Cyber Monday came along. It was born as a marketing opportunity that has taken on a life of its own over the past five or six years. Online retailers promote their Cyber Monday offers throughout the fall, creating hype that whips shoppers into a frenzy. It’s become as essential to the retail community as Black Friday.

Now the warnings are different: no longer so focused on crime in the physical world, but instead, on threats in the virtual world.

When shopping online, you risk unintentionally visiting an infected website, which could infect your PC with keylogging spyware, which would be used to steal your data. Or you might provide your credit card information to a legitimate online merchant that later falls victim to a data breach. Another risk is that you might order a particular product but receive something of lesser quality, or a different item entirely, and then have to contend with poor customer service.

And, of course, your identity might get stolen. Lovely. My, how times have changed!

Online retailers would spread more holiday cheer if they did their part to protect the public from credit card fraud by implementing device reputation. Device reputation, offered by iovation Inc., taps into a global device identification network that also contains millions of verified fraud and abuse events such as chargebacks, identity theft, shipping fraud on those devices. The device’s reputation is assessed in real time when a transaction is being attempted on a retailer’s website.  And when the device (such as a computer, phone or tablet) has no prior history, iovation profiles its potential risk for the online retailer, identifying high-risk activity before the transaction is approved or product shipped.

Stopping fraudulent transactions upfront spares many holiday revelers the burden of covering the bill for the gift lists of cyber criminals.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses identity theft  in front of the National Speakers Association. (Disclosures)

In the article, “American Stranded in Ukraine in Online Dating Scam,” former write-in candidate for governor of Arizona, Cary Dolego, traveled to the city of Chernivti, Ukraine, eager to meet up with the woman he fell in love with online and one day hoped to marry. She never showed.

Turns out, Dolego was a victim of an online dating scam that stemmed from account takeover. Apparently, someone or some group hacked into a woman’s account on an international dating website and was communicating with Dolego on behalf of a woman named Yulia. While the woman later said the account on the dating site that Dolego had been corresponding with was hers, she claims she was not part of the scam.

While this and other similar stories continue to generate media attention about the potential dangers of online dating scams, many of the common tactics hackers use to commit fraud against good members of matchmaking sites could be avoided if the website’s fraud strategy didn’t rely so much on personally identifiable information (PII) to spot and stop fraud within their online social networks.

Unlike anti-fraud tools that collect and use PII to detect fraud online, iovation’s advanced device identification technology is not susceptible to the personal information that users are required to provide when creating new online dating profiles or accessing existing ones. By identifying the actual device used to open or access online accounts — not the user’s PII — iovation’s fraud prevention service provides dating and social networking sites real-time intelligence on more than 750 million known devices. This enables romance sites to instantly accept, deny or pull for further review suspicious transactions before they happen, as well as expose hidden associations between devices and accounts that PII-based fraud detection tools simply can’t do.

Because personal information gathered from social networking sites such as Facebook is what hackers use to open new online accounts or break into legitimate ones, dating sites need a fraud detection tool like iovation that goes beyond the user’s personal information. Without it, dating and social networking sites will remain vulnerable to profile misrepresentations, fake accounts, chargebacks, account takeovers and other online scams that fraudsters can think of using PII, which today is too easily accessible on the Internet.

1. When handing your card to a clerk or cashier, pay close attention. The card should be swiped through a point of sale terminal or keyboard card reader once, maybe twice. If your card is swiped through an additional reader, the card number may have been stolen.

2. Shop only at trusted sites. Phantom websites appear online all year round. They look legitimate, resembling well-known online retailers. But only do business those you recognize. Established online merchants are best.

3. Unsolicited emails that request sensitive data such as credit card numbers or lead you to a too-good-to-be-true offer are most likely phishing emails. Don’t disclose your information, and don’t click unknown links.

4. Check your credit card statements daily, if possible. Once a week is sufficient. Refute any unauthorized withdrawals or transactions within the time limit stipulated by your bank. For most credit cards, it’s 60 days, and for debit cards the limit can be 30 days or less.

Internet crime schemes steal millions of dollars annually from victims. If you are looking for more helpful tips, the Internet Crime Complaint Center is a great resource. Their site provides preventative measures that help you be more informed prior to making purchases on the Internet.

Holiday schemes will be in full force this year. Charge or purchase wisely.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses identity theft in front of the National Speakers Association. (Disclosures)

Many of the stories of heartbreak and fraud look like this:

“After chatting via email, they arranged to meet, but their plans ‘collapsed’ when he told her that he had been held by tax authorities over an issue while he was attempting to fly out on business.

The so-called ‘Mr. Fields’ then asked the nurse for financial help, using emails from his fake solicitor to convince the nurse that this was merely an oversight and that his client would pay her back.”

No matter who someone is, what they say, or how they look, don’t automatically trust them.

Discussion of money or loans in any capacity is a red flag.

Don’t let your heart get in the way of basic common sense.

Sometimes loneliness trumps our ability to see the truth. Keep your head up and be attentive to people’s intentions. In context of the “Color Code of Mental Awareness” this would mean operating in the yellow zone (not in the white zone) while interacting with others on dating and social networking sites.

One company looking out for you behind the scenes is iovation Inc. They work with dating sites and social networks around the world to rid their sites of bad actors. They have stopped more than 50 million attempts of online scams and solicitations, spam, identity mining and fake profiles for their clients. All of this happens behind the scenes to keep the site and its customers safe.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses Dating Security on E! True Hollywood Stories. Disclosures

Computerworld reports:

“Tony Perez III, of Hammond, Indiana, pleaded guilty to the charges on April 4. In his plea, Perez said he sold counterfeit credit cards encoded with stolen account information. Perez found customers through criminal ‘carding forums,’ Internet discussion groups set up to aid in the buying and selling of stolen financial account information and related services.”

“During a June 2010 search of Perez’s residence, Secret Service agents found 20,987 stolen credit card accounts on his computers, in his email messages, in an online account and on counterfeit credit cards he was in the process of manufacturing, according to court documents. Credit card companies have reported more than US$3.1 million in fraudulent charges associated with those accounts, court documents said.”

Carding is a full time profession for thousands of hackers worldwide. Retailers’, banks’, credit card processors’, and many other corporations’ databases often contain millions of credit card numbers, and are targeted in “advanced persistent threats.” Any entity that accepts credit cards online or in the physical world is a ripe target for fraud.

It’s in the retailer’s best interest to put online fraud prevention measures in place to thwart credit card fraud use on their sites. This not only helps them keep their chargebacks and fees low, but it also protects their brand reputation with their loyal customers. But how can retailers detect when fraudsters are stealing from their websites in the first place?

Before verifying identity and credit information, first make sure that the computer, tablet or smartphone connecting to the site is not a known fraudulent device – one used to steal from your business in the past, or from other online businesses.

Would you like to know if the device is acting suspicious such as masking its IP address or constantly changing its characteristics between transactions? Is it opening an excessive number of new accounts, or are new countries suddenly accessing your customer’s existing accounts?

There are many indicators of risk and companies like Oregon-based iovation Inc. helps online businesses set up fraud and risk rules in advance so that as transactions come in, the rules run and all checks in a fraction of a second. This device identification service can stop the transaction right then and there.

Carders are just one piece of the cybercrime puzzle. Having a defense-in-depth approach to fraud prevention is essential. And sharing fraud intelligence with other businesses can only help you catch more fraud, and meanwhile, take more business with confidence.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses another databreach on Good Morning America. (Disclosures)

The five different identity theft and forgery rings involved in these crimes targeted banks using a variety of techniques. From inside jobs to robberies and credit card fraud, this criminal network, based in Queens, New York but with ties to Europe, Asia, Africa, and the Middle East, was organized and profitable.

The criminals’ primary focus was on credit cards. Many of the defendants are accused of using stolen credit card numbers to purchase “tens of thousands of dollars worth of high-end electronics and expensive handbags and jewelry,” not to mention staying at five-star hotels. Even after the culprits are caught and prosecuted, their victims are still faced with the difficult task of having to repair their credit ratings and financial reputations. In some cases, that process can take years.”

“Even after the culprits are caught and prosecuted, their victims are still faced with the difficult task of having to repair their credit ratings and financial reputations. In some cases, that process can take years,” explained Queens district attorney Richard Brown.

Police Commissioner Kelly commented, “These weren’t holdups at gunpoint, but the impact on victims was the same. They were robbed. We assigned detectives to financial crimes because of the potential victimization is so great, especially as the use of credit cards and their vulnerability to identity theft have grown along with the Internet.”

More financial institutions could protect their clients and themselves by incorporating device identification upfront in their fraud detection processes to keep scammers out, as the recent FFIEC guidelines suggest. Oregon-based iovation Inc. offers the world’s most advanced device identification service, which is already in use at many major financial institutions offering commercial and retail banking as well as credit issuance. The device recognition service, called ReputationManager 360, is used alongside other risk-based authentication tools for a layered defense against organized crime.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses another data breach on Good Morning America. (Disclosures)

Now, after five years of pushing standards out to merchants and retailers, a Verizon study has found that 79% of retailers are noncompliant. That means your credit card data is at risk in 8 out of 10 transactions.

InformationWeek reports numerous reasons why credit and debit card data is at risk. The first is that the burden posed by PCI causes businesses to view PCI as a nuisance, rather than a standard. Instead of working towards better security, they shun it.

Another risk factor is that most merchants only maintain basic compliance. Credit card processors hold merchants’ feet to the fire by requiring that PCI standards be met, but only audit annually so merchants don’t maintain security throughout the year. When it comes time to be audited, merchants will often fail because they’re unprepared or because the rules have changed.

Finally, lack of awareness increases risk. According to Verizon, “the greater awareness of PCI found in a business, the greater the actual compliance.” Jennifer Mack, director of global PCI services, says, “The more aware your organization is of the standard, the more prepared you are for the type of approach you take.” Seems like common sense to me!

No matter how you slice it, retailers are a target and must employ multiple layers of fraud protection to thwart cyber criminals. One way that retailers are uncovering suspicious activity on their site is by utilizing powerful tools for early detection. iovation Inc., the leader in device recognition technology, allows retailers to create multiple rules and adjust them as threats emerge and evolve. They do this without collecting any personally identifiable information (PII) from the retailer.

As devices (such as computers and mobile devices) with fraudulent histories connect to the retailer’s website, the business is alerted in real time. And when velocity or geolocation alerts are triggered, the retailer knows in real time. iovation’s living database of device intelligence is shared across its global base of finance, gaming, travel, shipping, dating and retail clients. They share information to detect fraudulent activity as soon as possible, before product is shipped and chargebacks and fees are incurred. They call it device reputation. I call it another bit of common sense for retailers.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses credit card fraud on NBC Boston. Disclosures

As cyber criminals take advantage of various technologies to bypass businesses’ digital security efforts, any business that wants to succeed in today’s rapidly-changing business environment needs to have layered and effective security measures in place that allow them to know when they are dealing with a legitimate customer or a clever fraudster. 

In the article, “IT industry news: Identity fraud ‘a threat to businesses,’” Neil Munroe, chair of the Identity Fraud Consumer Awareness Group (IFCAG), said the growing threat of identity theft is not going away anytime soon. In other words, for businesses embracing new technology including mobile devices to offer customers multiple ways to purchase goods over the Internet, every company’s online payment process needs to have the proper protections in place if they are going to succeed and remain competitive.

The fact is fraud doesn’t stop, and in all likelihood, it never will. It merely changes methods.

While it’s true no single anti-fraud solution can stop every new type of fraud criminals can think up, iovation’s device reputation technology provides online businesses with a critical layer of fraud detection that identifies the user’s device in real-time, allowing them to stop a fraudulent transaction before it takes place. In doing so, merchants can better secure their payment processes by determining if online orders are coming from genuine customers or known fraudulent devices across any type of remote technology.  When placing iovation’s device check upfront in your fraud detection process, if the transaction is fraudulent, businesses can save money by not running subsequent and costly checks.

To expand our fraud preventative services to organizations in southern Europe, we’ve partnered with AliasLab, a leading professional services, consultancy and system integrator specializing in digital signature solutions and secure data transfer. Through this partnership, AliasLab will offer iovation’s device identification service, ReputationManager 360, along with its sophisticated Out of Band (OOB) authentication solution, SecureCall Suite, which offers strong authentication, mobile payment digital signature and mobile VAS services to banking, insurance and telcos in Italy and Southern Europe.

It goes without saying that we are very proud to be partnering with an industry leader like AliasLab. This partnership is a key for iovation’s growth largely because our companies’ authentication and device reputation solutions are extremely complimentary to each other. Together, we provide a highly effective next-generation solution for authentication and fraud management.

Working with many of the market’s leading brands, AliasLab has an established presence in Italy and Southern Europe. They will share how iovation’s global fraud prevention solution reduces online fraud and abuse to protect corporate brands and their customers, allowing them to:

• Know when an Internet-enabled device with a history of fraud touches their website
• Expose related accounts and devices collaborating in fraud
• Assess risk by velocity, past behavior and device characteristics

By customizing business rules to meet their specific and evolving needs, organizations leverage iovation’s device identification technology and comprehensive risk assessment service to confidently allow, deny or flag suspicious transactions in real-time to increase operational efficiency, saving both time and money.

We look forward to working with Roberto Tabacchi and the rest of the innovative team at AliasLab to expand our global presence and help businesses recognize and stop all types of online fraud and abuse.

“It seems to me that if there was any logic to our language, trust would be a four-letter word.”

This clever, yet pertinent quote from the film, “Risky Business,” has always stuck with me. Today, it’s more relevant than ever when it comes to trusting someone in an online social environment.

As much as we would like to believe what other people say over the Internet, the bottom line is that most separate our real-life persona from our online persona to a certain degree. For some, it’s an outdated photo. For others, it’s embellishing the truth or telling a little white lie. When it comes to online trust, however, the most dangerous kind if personal misrepresentation are those who make a living at deceiving others for profit or personal gain. That’s right. I’m referring to online fraudsters.

By now, every online social community is aware of the countless types of malicious behavior that can take place within these environments. Even in remote communities where no financial transactions are exchanged, there are risks when building an online relationship with someone you’ve never met. That said, it’s not only important for individual users to keep up with the latest fraud tactics, but businesses that operate online communities should stay on top of evolving fraud trends and implement fraud preventative tools that recognize when a user on their website has committed fraud or any other type of unwanted behavior in the past.

In the article, “Online Romance Scams Dupe Thousands,” I was hit yet again with another memorable phrase that rings true to online dating fraud:

“Romance fraud is organized crime.”

For the many online communities including dating and networking sites that we protect every day, the potential fraud dangers that exist are likely not coming from a fraud network of one. While personifying a single user, the perpetrator is likely part of a larger group of organized criminals making coordinated efforts to defraud a particular organization. Working diligently to defeat a website’s line of defense, once the bad guys get in they create multiple accounts, sneak in their partners in crime, and put their best laid schemes to work.

The key to thwarting scams targeting online social communities and networking sites is recognizing all the players involved. iovation’s ReputationManager 360 anti-fraud solution leverages its device recognition technology to uniquely identify known devices used by bad actors and link the multiple fake accounts associated with those devices. iovation’s global shared database of more than 750 million devices is shared amongst iovation’s clients. Cyber criminals and scammers share information, so why shouldn’t businesses collaborate to keep the bad guys out?

Who are they hacking now? Well, everyone. And as journalist Brian Krebs has pointed out on his blog, Krebs On Security, they are targeting auto dealerships in a big way. Why? Because auto dealerships’ records include lots of Social Security numbers, which identity thieves can use to apply for credit cards in their victims’ names.

Krebs states, “Recent hacker break-ins at a half-dozen car dealerships nationwide are a reminder of just how easily one’s personal and financial information can be jeopardized by poor security at any of tens of thousands of organizations that have access to that data.”

This results in “new account fraud.” This is a form of financial identity theft in which victims’ personal identifying information and good credit standing are used to create new accounts, which are then used to obtain products and services. Stolen Social Security numbers are frequently used to commit new account fraud.

Get a credit freeze. Go to ConsumersUnion.org and follow the steps for your particular state. This is a necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name.  And when you are actively seeking credit, as Experian points out, “You should plan ahead and lift a freeze, either completely if you are shopping around, or specifically for a certain creditor, a few days before actually applying for new credit.”

Device reputation leader, iovation Inc., helps credit issuers spot new account fraud through the device intelligence that it provides back in real time. iovation alerts issuers to the computers or mobile devices that are applying for multiple credit accounts with different identity information, or masking its location while applying for credit, along with other highly-suspicious behavior.  The credit issuer simply sets up their own unique business rules and iovation runs those rules while the applicant is on the site, and returns back and Allow, Deny or Review response for the transaction along with the reasons why.

By identifying new account fraud in real time, credit issuers can save millions of dollars per year from fraud losses.  In one case, a Fortune 100 credit issuer using iovation identified 43,000 fraudulent credit applications saving them $8 million dollars from fraud loss over two years.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses identity theft  in front of the National Speakers Association. (Disclosures)

Criminal hackers are getting smarter and savvier all the time, and they often have better technology than the banks and retailers tasked with protecting your data.

Time reported on a recent Javelin Strategy and Research survey in which Javelin analyzed 23 of the biggest credit card issuers’ online security practices. When companies were graded on a 100-point scale, the average result was just 59. Javelin head of security and risk analyst Phil Blank, who authored the study, explained, “The good news is issuers are doing a better job overall of resolution, but that’s the easiest thing to do. Prevention is the hardest to do but it’s got the biggest payback.”

The report also found that for a full year after your bank account information has been hacked, there is a strong chance that you will be a victim of credit card fraud. So even though you may be getting a little hardened to data breach warnings, you still need to watch your credit card statements closely. As long as you dispute unauthorized credit card charges within 60 days, federal laws limit liability to $50. Unauthorized debit card charges must be reported within two days, or liability jumps to $500.

One of the FFIEC’s recommendations for financial institutions involves using complex device identification. iovation, an Oregon-based security firm, offers an advanced device identification service that incorporates real-time risk assessments, the history of fraud on linked devices (such as chargebacks, identity theft and credit application fraud) and exposes fraudsters working together to steal from online businesses.

“Complex device identification” involves the creation of a digital fingerprint based on several characteristics of the device including hardware and software configuration, Internet protocol addresses, and geolocation. Unfortunately, complex device ID by itself only increases the strength of identification; it does little to increase the efficacy of an overall anti-fraud strategy.

“Device reputation” offers all of the security measures that complex device ID does, but it also strategically incorporates velocity, anomalies, proxy busting, webs of associations (linking devices and accounts), and fraud and abuse histories. Device reputation moves from a micro to a macro view of transactions which takes into account how particular devices behave or have behaved beyond its activities with a financial institution, its usage by a current user or other users, and/or its relationship to other devices.  This chart explains what is involved with each:

Leading financial institutions aren’t merely complying with the FFIEC’s security recommendations, but are going beyond it by incorporating device reputation and other authentication and anti-fraud tools into their layered security approach.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses credit and debit card fraud on CNBC. Disclosures

Today, anyone seeking federal aid for the thousands of online courses can do so while maintaining their anonymity. Without the physical checkpoints traditionally used to cross-reference and validate that applicants are who they say they are, higher education online programs are being hit with what’s being dubbed financial aid fraud, or distance-education fraud.

In the recent New York Times article, “As Online Courses Grow, So Does Financial Aid Fraud,” financial aid scams have become a serious problem. In a number of high-profiled cases, distance-education fraud rings have stolen hundreds of thousands of dollars using various techniques. For example, a woman submitted applications on behalf of 23 unknowing prison inmates that she gathered information on while working in the prison’s education department. The applications were admitted and granted more than $450,000 in federal aid, including nearly $125,000 for books, transportation and living expenses.

Other fraud rings use “straw students” who have no intention of pursuing an education or are simply unaware applications are being filed in their name. With the vast majority of colleges and universities now offering online courses, Kathleen S. Tighe, inspector general for the Department of Education, said more needs to be done to stop financial aid fraud, including clamping down on identity verification.

“Without that money there would be significantly less incentive for this particular scam. We’ll do the best we can with our resources to investigate the allegations we receive, but there are actions that can be taken to help reduce the appeal of this quick-cash-for-little-effort scam.”

Identity verification processes that provide red flags for suspicious applications give higher education programs the ability to monitor and identify online transaction anomalies, velocities and geolocation information before federal aid is approved. For example, when a single computer is applying for multiple grants under different names, fraud preventative solutions like iovation’s ReputationManager 360 help online businesses spot and stop suspicious transactions in real-time without collecting or relying on any personally identifiable information (PII).

Having effective, fraud prevention tools in place provides a multi-layered approach to help identify and stop fraudulent transactions that are costing online businesses, including higher education programs, hundreds of thousands of dollars each year.

iovation has seen first-hand mobile transactions increase by more than 300% annually. With merchants expecting more fraud as a percentage of sales from their mobile channel, I look forward to participating alongside with other leading mobile security authorities in the panel, “Mobile Security: Improving Systems to Mitigate Fraud,” at the Mobile Contactless Payment Innovations Summit in Chicago.

I will be joining Marc Washawsky, SVP Mobile Channel Executive at Bank of America, Kevin Gillick, Executive Director at GlobalPlatform, Jack Jania, SVP GM Secure Transactions at Gemalto, and moderator, James Wester, Editor of Mobile Payments Today, as we share with executives from retailers, banks, card issuers and payment networks insights on assessing risk and detecting fraudulent behavior from mobile devices, including smart phones and tablets. Some of the topics we will cover include: 

• The importance of mobile security
• Common perceptions customers have towards mobile devices
• Mobile standards, practices and identity issues
• The security and fraud implications for consumer vs. business devices
• The future of mobile security

Each year, iovation assesses billions of online transactions for our customers, most notably in financial services, online retail and online communities like social networks and dating sites. Of the mobile transactions we’ve assessed for risk to date, 35% were from Android devices, 32% from iPhones, 24% from iPads, and 9% have been from Blackberry and other mobile devices.

The mobile fraud panel will take place on Tuesday, October 18th, beginning at 11:15 a.m. at the W Hotel City Center, Chicago, Illinois. If you are attending this conference, I hope you can join us for this very important presentation.

In the InternetRetailing article, “Online shopping fraud down in first half of 2011,” during the six months ending in June, online shopping fraud including mail order and phone fraud dropped to £109.2m compared to the £118.2m in fraud losses in the first six months of 2010.

Source: Financial Fraud Action UK, Cheque & Credit Clearing Company and The UK Cards Association

While findings like these are certainly encouraging, it doesn’t mean the bad guys have given up. Far from it. While an increase in fraud protection measures play a significant role in the declining numbers, once a security hole is filled fraudsters typically turn their energies elsewhere.

DCI Paul Barnard, head of the Dedicated Cheque and Plastic Crime Unit (DCPCU), is quick to point out that while online shopping fraud losses are down, the fraudulent use of lost or stolen cards is up 20%.

“There has been an increase in old fashioned scams – criminals using distraction techniques and social engineering methods to get hold of people’s cards or phone banking details. We are urging everyone to be on their guard.”

As organized cyber criminals shift tactics, the ability to expose thieves who are fraudulently using someone else’s personal or financial information to purchase items online is essential to preventing fraud or abusive activity that impacts consumers and an online business’s bottom line. This is something iovation does every day for merchants that sell goods and services over the Internet.

Checking millions of daily transactions coming into our B2B customers’ websites against our dynamic, device reputation database that’s now 715 million deep, iovation’s ReputationManager 360 provides real-time device intelligence IT fraud teams need to instantly recognize and reject bad orders on the spot to prevent an array of fraud techniques and social engineering schemes designed to defraud today’s online businesses.

According to the article, “Cyber crime hit 431 million adults in 24 countries,” a recent Norton cybercrime report found online crime jumped 3% compared to its 2010 study, costing fraud victims more than $388 billion worldwide over the past year.

Eating up 35% of the global cybercrime bill were U.S. fraud victims, who spent $139 billion on cybercrime last year. That amounts to 141 victims per minute, an alarming statistic even for Norton’s consumer cybercrime expert, Helen Malani.

“We were astounded by the costs in terms of cash lost. The number came to more than $US388 billion globally. That’s more than the illegal drugs market in heroin, cocaine and marijuana. Cybercrime is an illegal underground economy and it needs to be taken seriously.”

According to the study, one of the biggest gains in cybercrime last year came in crimes against mobile devices, which are up 10% globally. No surprise there, considering the explosion of smartphones and tablets being used to connect to the Internet. Malani said the chief concern with mobile fraud is users inability to stay on top of security updates. She said only 20% of people accessing their mobile devices have installed the most up-to-date mobile security. With up to 80% of mobile devices improperly protected, this provides fertile ground for cybercrime activity.

Similar to any other legitimate economy, growth in the illegal underground marketplace is driven by innovation, and tapping into the next opportunity. For cyber crooks, it’s all about exploiting the latest technology before the security gaps are identified and closed.

For online businesses that allow users to access their websites and corporate networks via mobile devices, this is especially disconcerting. Operating without the tools to effectively detect when fraudulent devices are logging onto their sites and requesting transactions, organizations and their customers are vulnerable to evolving schemes such as credit card fraud, card-not-present (CNP) fraud, account takeover, phishing and identity theft.

Today, building a multi-layered fraud preventative strategy that includes device reputation technology is critical to identifying when an Internet-based device, whether it’s a PC, smartphone and tablet, is already registered or attempting to log onto a website. The device intelligence that iovation’s ReputationManager 360 provides in real-time allows online businesses to recognize when a remote device that has been used to commit fraud or abuse in the past and stop any illegal or unwanted activity before it happens.

With nearly 150 users (just in the U.S.) exposed to some type of fraud every minute, it’s time businesses gain an extra layer of protection needed to stop more advanced forms of online fraud and abuse. Performing real-time risk analysis on transactions from every country in the world, iovation has already flagged nearly 40 million fraudulent transactions for its B2B customers just this year.

Here is Regulation E in black and white:

ELECTRONIC FUND TRANSFERS (REGULATION E)

Limitations on amount of liability. A consumer’s liability for an unauthorized electronic fund transfer or a series of related unauthorized transfers shall be determined as follows:

1. Timely notice given. If the consumer notifies the financial institution within two business days after learning of the loss or theft of the access device, the consumer’s liability shall not exceed the lesser of $50 or the amount of unauthorized transfers that occur before notice to the financial institution.

2. Timely notice not given. If the consumer fails to notify the financial institution within two business days after learning of the loss or theft of the access device, the consumer’s liability shall not exceed the lesser of $500 or the sum of:

(i) $50 or the amount of unauthorized transfers that occur within the two business days, whichever is less.”

Businesses do not get this kind or protection. So when business accounts are compromised, they often have to fight for their money. And today, more than ever, they are losing. But banks are losing, too. The only winners here are the criminal hacking enterprises.

In order to meet the Federal Financial Institutions Examination Council’s compliance guidelines by January of 2012, banks must implement multiple layers of security. Called out in the recent FFIEC guidance was using complex device identification and moving to out-of-wallet questions.

Financial institutions and their clients aren’t only losing millions to fraud; they are losing millions more fighting each other. It makes more sense for banks to beef up security (all while properly managing friction for legitimate customers) than to battle with their customers.

Financial institutions could protect users and themselves by incorporating device identification, device reputation, and risk profiling services to keep cyber criminals out. Oregon-based iovation Inc. offers the world’s leading device reputation service, ReputationManager 360, which is used by leading financial institutions such as credit issuers and banks, to help mitigate these types of risk in their online channel.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses another databreach on Fox News. Disclosures

Their main concern was that companies could set up shop, accept tons of credit card charges, and then vanish, leaving the banks short. Mail order fraud was also big. A stolen credit card could be used to place orders over the phone, and when the fraudulent charges were discovered, merchants would suffer from chargebacks.

At the time, it wasn’t even necessary to provide a correct expiration date, as long as the card wasn’t already expired. Then credit card companies began verifying billing addresses to authenticate mail orders. Eventually, an additional verification code was added to cards, referred to as a CVC or CVV. We still use these codes today, but they can be fraudulently obtained in a number of ways.

When merchants moved from catalogs to websites, IP addresses were used to track transactions. But bad guys figured out how to spoof them.

Now we have a number of new technologies designed to fight credit card fraud. The most effective and widely implemented is device reputation, an effective online fraud prevention method that helps protect retailers from fraudulent CNP transactions by examining the computer or other device for a history of unwanted behavior, plus any suspicious activity at the time of transaction.

If a customer’s PC, smartphone, or tablet indicates an abnormally high level of risk, the merchant can reject the purchase in advance. iovation, the global leader in device reputation, flagged 35 million online transactions as high-risk in the last year for its clients and will flag 50 million or more by the end of 2011.

Protect yourself from credit card fraud by checking your statements regularly. Set up your own email alerts so that at a minimum, you are notified of any transactions over your specified amount occur on your account. Businesses set up triggers and alerts to protect themselves, shouldn’t you?

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses credit and debit card fraud on CNBC. Disclosures

There are data breaches every week, and I’d bet every day, but we may not hear about the majority. All of these breaches have a method, signature, or feature in common, which retailers and banks can learn from.

Criminals are organizing like never before. They are learning from each other, sharing information and strategies. When one publicizes an exploit, other criminals execute it, leading law enforcement off in a new direction. It’s like a vicious game of whack-a-mole.

Today, governments around the world are organizing to fight fraud. But what’s even more exciting is that competing banks, retailers, and small businesses are all sharing fraud information to help each other out. These fraud targets are finding strength in numbers.

Oregon-based iovation Inc. has created an exclusive network of global brands across numerous industries, with thousands of fraud professionals reporting more than 10,000 fraud and abuse attempts each day. iovation’s shared database contains more than 700 million unique devices including PCs, laptops, iPhones, iPads, Android, Blackberries—practically every Internet-enabled device that exists.

Many leading banks and big brand retailers use this device reputation service to detect fraud early by not only customizing their own real-time rules to set off triggers, but they leverage the experiences of other fraud analysts to know if the device touching them at this moment has been involved in chargebacks, identity theft, bust-outs, loan defaults, and any other kind of online abuse you could imagine.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses another databreach on Good Morning America. (Disclosures)

We all know that the top priority for any IT fraud team is to ensure their good customers can safely and easily communicate and do business within their online environment. However, because many business websites have networking communities that bring likeminded individuals together to socialize, the potential for users or criminals to act inappropriately towards others can create problems that can impact the user experience.

For the verticals we serve, including online dating and Internet gaming and gambling websites, the social interaction that goes on between their members is core to their business and daily revenue stream. If somebody gets out of line or breaks corporate policy, it not only impacts the user’s experience, but can put the organization’s reputation at risk.

If any online business fails to maintain the trust and confidence of their paying subscribers, those customers can simply take their business elsewhere. This is why online romance sites and Internet gaming environments need to be aware of the impact member abuse can have on their bottom line.

One of the challenges of protecting networking sites from abusive behavior is stopping it before it happens. But how? While most anti-fraud measures still focus on the person connecting to a site, iovation’s ReputationManager 360 solution checks the device being used to log onto a site or request transactions against a dynamic database of more than 700 million unique devices and their reputations to give businesses deeper insight to those connecting to their network. Understanding when a device on your network — whether it’s a PC, smartphone or tablet — has been used to perpetrate abusive or fraudulent behavior on another site is valuable information fraud teams can use to prevent unwanted behavior against their members.

The bottom line is, when it comes to online services, consumers have more choices than ever. If their trust and confidence has been violated as a result of online fraud or abuse, they can walk away at any time. Organizations leveraging device reputation technology to protect their social communities have an additional layer of intelligence needed to prevent both fraudulent and abusive behavior before it impacts the user experience or results in a financial loss.

Banks and retailers know better than anyone that people lie. There are countless scenarios and justifications, but people who lie invariably do it in order to get something.

In general, we strive to be a kind and civil species. We trust by default. We want to be helpful and accommodating. We don’t want to believe that people lie, but they do.

Dishonesty poses a challenge to banks and retailers in the form of theft. Theft is a big problem on the Internet, and any online business knows that they can’t afford to trust you, regardless of how honest you may be.

The Federal Financial Institutions Examination Council recently instructed both retailers and banks to enhance their security procedures, in response to the increasingly creative lies concocted by scammers.

One of those FFIEC recommendations involves incorporating complex device identification. This means that banks and retailers should adopt technology that actually recognizes and analyzes the PCs, smartphones, and tablets being used to access their websites. Once the device is identified, knowing the device’s reputation is where it really gets interesting. Is it acting suspicious or is it a known device that has been used in a fraud ring, in money laundering, or has been attempting account takeovers? Knowing the device’s reputation lets businesses know ahead of time who they can trust online.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses credit card fraud on NBC Boston. Disclosures

“Social fakes” are invented profiles on social media (often referred to as profile misrepresentation), which can be used to harass or mock victims anonymously. But the more lucrative fake profile is one that imitates a legitimate business, damaging that business’s online reputation.

The impostors’ ultimate goal? Spam leading to scams.

Social-web security provider Impermium published the results of their recent analysis of the cost of social spam. “Online ID signup fraud” is an emerging trend, with fraudulent accounts ranging from a low of 5% to 40% of users. “Scammers are registering accounts by the millions as they perpetrate fake “friend requests,” deceptive tweets, and the like, while the black market for bulk social networking accounts is growing exponentially.”

They also warned about social web abuse, describing current “sleeper cells” as “a ticking time bomb.” Last month, more than 30,000 fraudulent accounts coordinated an attack, in which attackers submitted more than 475,000 malicious wall posts in one hour. According to Impermium, “Even accounts you’ve had for years could be lying in wait for just the right moment.”

Multiple issues stem from fake accounts, such as brand damage for both the website and its users, scams being perpetrated on existing or potential customers, and for social networking websites, an inflated, incorrect summation of active subscribers—to name a few.

Social media sites can use iovation’s device reputation service to help identify fraudsters at account setup. When a device (or related group of devices) signs up for more than your allotted number of accounts, you can receive alerts on this behavior. When multiple countries are logging into the same accounts within a specified timeframe, you can set alerts on this activity. When users are constantly changing their device attributes between multiple online registrations (to look like new, legitimate consumers), you can know this immediately—and automatically deny the new accounts outright or send them to your fraud review queue. If 1,000 accounts were just set up from the same machine, one after another, wouldn’t you want to know that while it’s happening so you can do something before the scams start?

Rather than relying on information provided by the user, which may not be honest or accurate, device reputation technology goes deeper, identifying the computer being used to register an account. This exposes negative behaviors right away, allowing a website operator to deny access to threatening accounts before your business reputation is damaged and your users are abused.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses hackers hacking social media on Fox Boston. Disclosures

To help European financial services leaders understand how to thwart these increasing risks, iovation is scheduling one-on-one meetings with Europe’s major financial institutions at the upcoming Financial Services Technology (FST) Summit, October 4-6, in Lisbon, Portugal. If you are interested in learning about the latest online fraud trends and best practices for fraud prevention in retail banking and commercial banking, please reserve some time for us to talk.

As the world’s leading provider of fraud preventative device reputation services, iovation helps businesses assess online transaction risks before they happen. Our active partnerships with leading credit issuers, foreign exchange service providers and banking clients around the globe are designed to stop account takeovers, ID theft, ACH or debit fraud, credit application fraud and more.

Having assessed risk on more than six billion online transactions, our experience and proven expertise at recognizing a wide variety of devices that touch financial services websites — including PCs to the latest mobile phones and Android tablets — plays an essential role for many of our financial services clients, who have layered device reputation with authentication.

Because today’s cyber criminals are better at evading most fraud detection defenses, iovation’s device reputation and risk profiling services assess risks posed by any Web-enabled device in real-time to help financial services identify fraudulent transactions and stop organized criminal rings while maintaining client satisfaction and minimizing friction and client support calls to sustain a competitive position in today’s challenging marketplace.

Should you be attending the European FST Summit, I look forward to meeting you there.  If you are not attending, but would like to meet while I am in the Lisbon area, please don’t hesitate to contact me.

Network World reports, “The Financial Services Information Sharing and Analysis Center (FS-ISAC) polled 77 financial institutions and asked how many account takeovers occurred in 2009 and during the first six months of 2010. The FS-ISAC consists of a group of banks that shares threat information and interacts with the federal government on critical infrastructure issues. Its members include Citi, Prudential, Bank of America, JPMorgan Chase, Goldman Sachs and Wells Fargo, among others.”

Account takeover occurs when thieves infiltrate your existing bank or credit card account and siphon out your money. This typically occurs after your account has been hacked or your credit card or personal identity has been stolen.

21 of the institutions polled reported a total of 108 commercial account takeovers during the first six months of 2010, compared to 86 for the full year of 2009.

In 2010, 36% of fraud attempts were successfully thwarted, whereas 2009, fraud was only prevented 20% of the time.

I have previously referenced a report from Javelin Strategy: “When examining account takeover trends, the two most popular tactics for fraudsters were adding their name as a registered user on an account or changing the physical address of the account. In 2010, changing the physical address became the most popular method, with 44 percent of account takeover incidents conducted this way.”

Unfortunately, FS-ISAC’s study failed to disclose what methods were used to thwart the account takeovers. Many financial institutions are protecting their users and themselves by incorporating device identification, device reputation, and risk profiling services to keep scammers out. Oregon-based iovation Inc. offers the world’s leading device reputation service, ReputationManager 360, which is used by leading financial institutions to help mitigate these types of risk in their online channel.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses discussesonline banking security on CBS Boston. Disclosures

Online auction and classifieds websites are unwittingly participating in car sale scams. Ads gain credibility by appearing on eBay, Craigslist, and other online automobile sales websites, but some are either completely phony or have been copied and pasted from other websites.

The FBI’s Internet Crime Complaint Center received nearly 14,000 complaints from 2008 through 2010, from consumers who have been victimized, or at least targeted, by these auto sale scams. Of the victims who lost money, the total dollar amount is staggering: nearly $44.5 million.

The FBI explains how the scam works:

“Consumers find a vehicle they like—often at a below-market price—on a legitimate website. The buyer contacts the seller, usually through an e-mail address in the ad, to indicate their interest. The seller responds via e-mail, often with a hard-luck story about why they want to sell the vehicle and at such a good price.

In the e-mail, the seller asks the buyer to move the transaction to the website of another online company….for security reasons….and then offers a buyer protection plan in the name of a major Internet company (e.g., eBay). Through the new website, the buyer receives an invoice and is instructed to wire the funds for the vehicle to an account somewhere. In a new twist, sometimes the criminals pose as company representatives in a live chat to answer questions from buyers.

Once the funds are wired, the buyer may be asked by the seller to fax a receipt to show that the transaction has taken place. And then the seller and buyer agree upon a time for the delivery of the vehicle.”

Consumers should watch out for the following red flags:

• Cars are advertised at too-good-to-be true prices
• Sellers want to move transactions from the original website to another site
• Sellers claim that a buyer protection program offered by a major Internet company covers an auto transaction conducted outside that company’s website
• Sellers refuse to meet in person or allow potential buyers to inspect the car ahead of time
• Sellers who say they want to sell the car because they’re in the U.S. military about to be deployed, are moving, the car belonged to someone who recently died, or a similar story
• Sellers who ask for funds to be wired ahead of time

Online classified and auction websites could work together, and share information on the devices running these scams, through the device reputation service provided by iovation Inc. Their fraud detection service, called ReputationManager 360, is a B2B SaaS solution incorporating complex device identification, device reputation and real-time risk profiling. It is used by hundreds of online businesses to prevent fraud and behavioral abuse in real time by analyzing the computer, smartphone, or tablet connecting to their online properties.

iovation’s “living shared database” is used by fraud analysts daily and shares the reputations of devices from literally every country in the world. This reputation is a combination of fact-based evidence (such actual chargebacks, identity theft, online scams and account takeovers), plus what risk can be inferred at transaction time. Fraud analysts take this fight seriously and submit 10,000 events of fraud or abuse into the shared database each day.

Performing a device reputation check on a scammer attempting to create a new account at a sale or auction website would stop him before he has a chance to post advertisements for scams, preventing damage to the business and its customers. And when one of your good customers has been scammed, you can submit that evidence back into the iovation database to make sure it does not happen again, whether from the same device, or a related device.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses scammers and thieves on The Big Idea with Donnie Deutsch. Disclosures.