In what is considered “the largest identity theft takedown in U.S. history,” 111 individuals were indicted for “stealing the personal credit information of thousands of unwitting American and European consumers and costing individuals, financial institutions and retail businesses more than $13 million in losses over a 16-month period.”

The five different identity theft and forgery rings involved in these crimes targeted banks using a variety of techniques. From inside jobs to robberies and credit card fraud, this criminal network, based in Queens, New York but with ties to Europe, Asia, Africa, and the Middle East, was organized and profitable.

The criminals’ primary focus was on credit cards. Many of the defendants are accused of using stolen credit card numbers to purchase “tens of thousands of dollars worth of high-end electronics and expensive handbags and jewelry,” not to mention staying at five-star hotels. Even after the culprits are caught and prosecuted, their victims are still faced with the difficult task of having to repair their credit ratings and financial reputations. In some cases, that process can take years.” Read the rest of this entry »

The PCI Security Standards Council is an open global forum, launched in 2006, that is responsible for the development, management, education, and awareness of the PCI Security Standards, including the Data Security Standard (PCI DSS), Payment Application Data Security Standard (PA-DSS), and PIN Transaction Security (PTS) requirements.

Now, after five years of pushing standards out to merchants and retailers, a Verizon study has found that 79% of retailers are noncompliant. That means your credit card data is at risk in 8 out of 10 transactions.

InformationWeek reports numerous reasons why credit and debit card data is at risk. The first is that the burden posed by PCI causes businesses to view PCI as a nuisance, rather than a standard. Instead of working towards better security, they shun it. Read the rest of this entry »

Businesses have always been challenged with knowing whether a customer is genuine or not. It’s a critical part of any company’s daily business operations, and how they protect themselves from fraud losses that impact the bottom line. But with online merchants taking more orders from new and evolving technologies, the ability to identify the good from the bad is a great challenge.

As cyber criminals take advantage of various technologies to bypass businesses’ digital security efforts, any business that wants to succeed in today’s rapidly-changing business environment needs to have layered and effective security measures in place that allow them to know when they are dealing with a legitimate customer or a clever fraudster.  Read the rest of this entry »

At iovation, we understood early on that you can’t successfully fight evolving online fraud and abuse alone. It takes ongoing collaboration. In other words, authentication and security providers working together to achieve a common goal – to prevent and stop fraud. That’s been our approach from day one, and it continues today.

To expand our fraud preventative services to organizations in southern Europe, we’ve partnered with AliasLab, a leading professional services, consultancy and system integrator specializing in digital signature solutions and secure data transfer. Through this partnership, AliasLab will offer iovation’s device identification service, ReputationManager 360, along with its sophisticated Out of Band (OOB) authentication solution, SecureCall Suite, which offers strong authentication, mobile payment digital signature and mobile VAS services to banking, insurance and telcos in Italy and Southern Europe.

It goes without saying that we are very proud to be partnering with an industry leader like AliasLab. This partnership is a key for iovation’s growth largely because our companies’ authentication and device reputation solutions are extremely complimentary to each other. Together, we provide a highly effective next-generation solution for authentication and fraud management. Read the rest of this entry »

“It seems to me that if there was any logic to our language, trust would be a four-letter word.”

This clever, yet pertinent quote from the film, “Risky Business,” has always stuck with me. Today, it’s more relevant than ever when it comes to trusting someone in an online social environment.

As much as we would like to believe what other people say over the Internet, the bottom line is that most separate our real-life persona from our online persona to a certain degree. For some, it’s an outdated photo. For others, it’s embellishing the truth or telling a little white lie. When it comes to online trust, however, the most dangerous kind if personal misrepresentation are those who make a living at deceiving others for profit or personal gain. That’s right. I’m referring to online fraudsters. Read the rest of this entry »

Over the past 15 years, we have watched hackers’ evolution from “phreaking” phone systems, to hacking government agencies like NASA, and eventually creating viruses that take down networks. In the beginning, their primary motivations were fun, fame, and amusement. Over the past ten years, the game changed dramatically, from fun and fame to financial gain. Hackers targeted government agencies, then colleges, banks, retailers, credit card processors, hotels, and eventually, major multinational corporations.

Who are they hacking now? Well, everyone. And as journalist Brian Krebs has pointed out on his blog, Krebs On Security, they are targeting auto dealerships in a big way. Why? Because auto dealerships’ records include lots of Social Security numbers, which identity thieves can use to apply for credit cards in their victims’ names. Read the rest of this entry »

Consumers, businesses, retailers, and even the media are becoming numb to news about data breaches. Not a week goes by when we don’t hear of another major breach affecting thousands or even millions of customer accounts.

Criminal hackers are getting smarter and savvier all the time, and they often have better technology than the banks and retailers tasked with protecting your data.

Time reported on a recent Javelin Strategy and Research survey in which Javelin analyzed 23 of the biggest credit card issuers’ online security practices. When companies were graded on a 100-point scale, the average result was just 59. Javelin head of security and risk analyst Phil Blank, who authored the study, explained, “The good news is issuers are doing a better job overall of resolution, but that’s the easiest thing to do. Prevention is the hardest to do but it’s got the biggest payback.” Read the rest of this entry »

Traditionally, students seeking financial assistance to further their education were required to complete a ton of paperwork and provide in-person photo IDs and other official personal documents. While much of the required information for applying for financial aid remains the same, the growth of online education programs for colleges and universities have changed in how applicants complete applications and deliver their information.

Today, anyone seeking federal aid for the thousands of online courses can do so while maintaining their anonymity. Without the physical checkpoints traditionally used to cross-reference and validate that applicants are who they say they are, higher education online programs are being hit with what’s being dubbed financial aid fraud, or distance-education fraud.

In the recent New York Times article, “As Online Courses Grow, So Does Financial Aid Fraud,” financial aid scams have become a serious problem. In a number of high-profiled cases, distance-education fraud rings have stolen hundreds of thousands of dollars using various techniques. For example, a woman submitted applications on behalf of 23 unknowing prison inmates that she gathered information on while working in the prison’s education department. The applications were admitted and granted more than $450,000 in federal aid, including nearly $125,000 for books, transportation and living expenses. Read the rest of this entry »

As mobile transactions become part of our everyday lives, online businesses that allow users to access their websites from mobile devices and provide mobile payment options need to consider the security challenges and new risks that emerging mobile platforms create for both consumers and businesses.

iovation has seen first-hand mobile transactions increase by more than 300% annually. With merchants expecting more fraud as a percentage of sales from their mobile channel, I look forward to participating alongside with other leading mobile security authorities in the panel, “Mobile Security: Improving Systems to Mitigate Fraud,” at the Mobile Contactless Payment Innovations Summit in Chicago.

I will be joining Marc Washawsky, SVP Mobile Channel Executive at Bank of America, Kevin Gillick, Executive Director at GlobalPlatform, Jack Jania, SVP GM Secure Transactions at Gemalto, and moderator, James Wester, Editor of Mobile Payments Today, as we share with executives from retailers, banks, card issuers and payment networks insights on assessing risk and detecting fraudulent behavior from mobile devices, including smart phones and tablets. Some of the topics we will cover include:  Read the rest of this entry »

Good news in the fight against online fraud. The Financial Fraud Action UK recently announced that fraud stemming from card-not-present (CNP) transactions fell 8% over the same period last year.

In the InternetRetailing article, “Online shopping fraud down in first half of 2011,” during the six months ending in June, online shopping fraud including mail order and phone fraud dropped to £109.2m compared to the £118.2m in fraud losses in the first six months of 2010.

Source: Financial Fraud Action UK, Cheque & Credit Clearing Company and The UK Cards Association

While findings like these are certainly encouraging, it doesn’t mean the bad guys have given up. Far from it. While an increase in fraud protection measures play a significant role in the declining numbers, once a security hole is filled fraudsters typically turn their energies elsewhere.

DCI Paul Barnard, head of the Dedicated Cheque and Plastic Crime Unit (DCPCU), is quick to point out that while online shopping fraud losses are down, the fraudulent use of lost or stolen cards is up 20%.

“There has been an increase in old fashioned scams – criminals using distraction techniques and social engineering methods to get hold of people’s cards or phone banking details. We are urging everyone to be on their guard.”

As organized cyber criminals shift tactics, the ability to expose thieves who are fraudulently using someone else’s personal or financial information to purchase items online is essential to preventing fraud or abusive activity that impacts consumers and an online business’s bottom line. This is something iovation does every day for merchants that sell goods and services over the Internet.

Checking millions of daily transactions coming into our B2B customers’ websites against our dynamic, device reputation database that’s now 715 million deep, iovation’s ReputationManager 360 provides real-time device intelligence IT fraud teams need to instantly recognize and reject bad orders on the spot to prevent an array of fraud techniques and social engineering schemes designed to defraud today’s online businesses.

Much like the annual gains of any financial market, the cyber crime economy is growing.

According to the article, “Cyber crime hit 431 million adults in 24 countries,” a recent Norton cybercrime report found online crime jumped 3% compared to its 2010 study, costing fraud victims more than $388 billion worldwide over the past year.

Eating up 35% of the global cybercrime bill were U.S. fraud victims, who spent $139 billion on cybercrime last year. That amounts to 141 victims per minute, an alarming statistic even for Norton’s consumer cybercrime expert, Helen Malani. Read the rest of this entry »

Consumers enjoy a certain level of protection that business bank accounts do not, and it’s called “Regulation E.”

Here is Regulation E in black and white:

ELECTRONIC FUND TRANSFERS (REGULATION E)

Limitations on amount of liability. A consumer’s liability for an unauthorized electronic fund transfer or a series of related unauthorized transfers shall be determined as follows:

1. Timely notice given. If the consumer notifies the financial institution within two business days after learning of the loss or theft of the access device, the consumer’s liability shall not exceed the lesser of $50 or the amount of unauthorized transfers that occur before notice to the financial institution.

2. Timely notice not given. If the consumer fails to notify the financial institution within two business days after learning of the loss or theft of the access device, the consumer’s liability shall not exceed the lesser of $500 or the sum of:

(i) $50 or the amount of unauthorized transfers that occur within the two business days, whichever is less.” Read the rest of this entry »

Around 1994, when I operated a small mail order catalog business, it was very difficult to obtain “merchant status,” or approval to accept Visa, MasterCard, Discover, and American Express cards. It was easier if you had a storefront, but payment processors made mail order businesses jump through more hoops.

Their main concern was that companies could set up shop, accept tons of credit card charges, and then vanish, leaving the banks short. Mail order fraud was also big. A stolen credit card could be used to place orders over the phone, and when the fraudulent charges were discovered, merchants would suffer from chargebacks.

At the time, it wasn’t even necessary to provide a correct expiration date, as long as the card wasn’t already expired. Then credit card companies began verifying billing addresses to authenticate mail orders. Eventually, an additional verification code was added to cards, referred to as a CVC or CVV. We still use these codes today, but they can be fraudulently obtained in a number of ways. Read the rest of this entry »

The amount of money made and lost due to fraud is surpassing the illegal drug trade. A digital arms race has law enforcement officials nipping at the criminals’ heels. Retailers and banks continue to fight criminal hackers, but are being bombarded by advanced, persistent threats that eventually make their way into the network.

There are data breaches every week, and I’d bet every day, but we may not hear about the majority. All of these breaches have a method, signature, or feature in common, which retailers and banks can learn from.

Criminals are organizing like never before. They are learning from each other, sharing information and strategies. When one publicizes an exploit, other criminals execute it, leading law enforcement off in a new direction. It’s like a vicious game of whack-a-mole.

Today, governments around the world are organizing to fight fraud. But what’s even more exciting is that competing banks, retailers, and small businesses are all sharing fraud information to help each other out. These fraud targets are finding strength in numbers. Read the rest of this entry »

While the term “online abuse” often conjures up thoughts of cyber bullying, predatory behavior and customer harassment, Internet-based businesses that experience abusive activity within their social communities have to immediately address customer trust and confidence issues. Otherwise, they risk unwanted conduct between subscribers, which can ultimately lead to financial implications for the organization.

We all know that the top priority for any IT fraud team is to ensure their good customers can safely and easily communicate and do business within their online environment. However, because many business websites have networking communities that bring likeminded individuals together to socialize, the potential for users or criminals to act inappropriately towards others can create problems that can impact the user experience. Read the rest of this entry »