Their main concern was that companies could set up shop, accept tons of credit card charges, and then vanish, leaving the banks short. Mail order fraud was also big. A stolen credit card could be used to place orders over the phone, and when the fraudulent charges were discovered, merchants would suffer from chargebacks.

At the time, it wasn’t even necessary to provide a correct expiration date, as long as the card wasn’t already expired. Then credit card companies began verifying billing addresses to authenticate mail orders. Eventually, an additional verification code was added to cards, referred to as a CVC or CVV. We still use these codes today, but they can be fraudulently obtained in a number of ways.

When merchants moved from catalogs to websites, IP addresses were used to track transactions. But bad guys figured out how to spoof them.

Now we have a number of new technologies designed to fight credit card fraud. The most effective and widely implemented is device reputation, an effective online fraud prevention method that helps protect retailers from fraudulent CNP transactions by examining the computer or other device for a history of unwanted behavior, plus any suspicious activity at the time of transaction.

If a customer’s PC, smartphone, or tablet indicates an abnormally high level of risk, the merchant can reject the purchase in advance. iovation, the global leader in device reputation, flagged 35 million online transactions as high-risk in the last year for its clients and will flag 50 million or more by the end of 2011.

Protect yourself from credit card fraud by checking your statements regularly. Set up your own email alerts so that at a minimum, you are notified of any transactions over your specified amount occur on your account. Businesses set up triggers and alerts to protect themselves, shouldn’t you?

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses credit and debit card fraud on CNBC. Disclosures

In the article, “North business loses $8k in online scam,” a company was recently cheated out of $8,000 by an international scam that included fraudulent credit cards and a bogus freight business. The company was duped after a customer requested its purchase to be shipped to Japan via a fake London-based freight company, where additional charges to have the product shipped were added to the bill. When the customer’s payment went through, the freight company emailed the online business saying it could not take credit card payments. It asked for a direct, non-refundable overseas cash transfer, which the business paid for. Because the initial transaction went through, over the next month the company made five additional shipping payments on similar orders, amassing $8,000.

With these and other shipping scams stealing hundreds of thousands of dollars from eCommerce companies each year, detective Pete Hayes is warning online businesses about such scams that threaten any business working online.

“Anyone in the retail business that deals with orders over the internet has to be aware. Some of the red flags that might be raised are the name Postex Air Express and if someone is asking for payment via a direct cash transfer through a credit union or similar.”

For online merchants, international eCommerce orders carry a higher risk. Accepting cross-border payments pose about a 2.5 times higher risk than domestic orders. While many of today’s screening tools focus on Address Verification Services (AVS) and IP geo-location information for specific countries and regions, they can be easily spoofed by fraudsters using anonymizing proxies and other methods to hide their true locations and identities.

With many security tools limited to geographic constraints or simply ineffective in equally screening domestic and international fraud, layering a fraud prevention service like iovation’s ReputationManager 360 as part of a business’s anti-fraud strategy is critical for detecting fraud regardless of the source or location of incoming online orders.

Instead of focusing exclusively on personal information or the user to screen transactions, iovation enables businesses to identify the device being used to screen for fraud across the Internet. Its device recognition technologies combined with real-time risk reporting and analytics help businesses around the globe identify any device (PC, smartphone or tablet) with a history of fraud such as chargebacks and shipping/re-shipping fraud, and expose hidden associations with online accounts to stop repeat offenders who may already be perpetrating fraud within a network. Doing so allows eCommerce merchants to greatly reduce fraud losses (and chargeback rates) and improve the efficiency of their fraud process and team.

In one case alone, iovation helped reduce an online retailer’s fraud losses by $1.8 billion. Read the case study by Forrester Principal Analyst, Andras Cser.

With criminals targeting online casinos around the clock (we’ve got the data to prove it!), gaming sites need all the help they can get to rid their tables of costly criminal activity such as credit card fraud, chargebacks, account takeover and player collusion. Leveraging iovation’s global database of over 600 million unique devices, our gaming customers gain deep insight into every device, whether it’s a PC, smartphone or tablet, attempting to login or play on their site. Using customizable business rules that allow them to assess risk at various integration points, online gaming providers will spot characteristics that are consistent with fraud and abuse to stop criminals before they strike.

Based on the online gaming transactions iovation has checked since January 1, 2011, here’s a sample of what we’ve stopped and what we’ve seen:

This prestigious award is a testament to our continued commitment to reduce fraud and abuse in the online gaming industry. For 7 years now, we’ve been helping gaming sites detect cyber criminals and shut down global fraud rings so our customers can improve their business profits and maintain a reliable, trustworthy reputation with their good players.

In a nutshell, merchants must take a proactive approach by adopting tailored fraud and risk management solutions to protect their businesses. As fraudsters become more sophisticated, Badran said protecting an online business environment from fraudulent orders and safeguarding cardholder data is critical to overall business revenues and brand reputation.

“Merchants risk incurring damage to their reputation and brand, and the consequences associated with loss of trust from customers are difficult to overcome. Merchants simply cannot ignore the impact of fraud to their business and their bottom line.”

According to Badran, one way to help mitigate bad orders is to implement fraud and risk scoring tools that provide multiple data points beyond the actual card data. Information such as velocity behavior, bill to/ship to address, IP address and device ID can help merchants set parameters for their businesses and score online transactions.

“Fraud scoring tools can help in making the right automated decisions quicker and more effectively during high-volume periods so that you are able to accept more good orders and reduce the number that may result in chargebacks.”

One way iovation helps online merchants make decisions in an efficient and effective manner is by offering customizable real-time business rules.  Within the latest release of ReputationManager 360, weighted business rules allow our customers to define a set of rules that, taken together, reflect a more accurate measure of risk for each transaction.

Here’s how Weighted Business Rules work:

1. Define the rules to be used at a specific website interaction point such as login or checkout
2. Assign a weight that reflects the risk associated with each rule
3. Set threshold limits to reflect Accept, Deny or Review (A, D, R) real-time responses
4. Once implemented, all rules will be tested within the set and a Transaction Score will be calculated for those rules that were ‘true’
5. The real-time response (A, D, R) returned is determined by where the Transaction Score falls within the thresholds.

In the example above, an online business has chosen to create a rule set that contains rules for:

• Velocity (such as the number of devices that touch a particular account within a period of time)
• Evidence (such as financial fraud evidence exists on this account)
• Geolocation (such as a high-risk IP range)
• Anonymous Proxy (such as users hiding their IP address or making it appear they are coming from another location)
• Anomaly (such as a timezone/geolocation mismatch)

While all business rules were checked, only two returned a ‘true’ response, velocity and evidence.  The weights associated with these two rules created a Transaction Score of -125.  The threshold previously set by the business states that anything less than -100 would automatically return a ‘deny’ response for this transaction, hence rejecting the high-risk transaction.

Within each of these rule categories, multiple rules exist and can be applied and customized by our customers.  Additional categories such as Risk Profiles and Watch Lists are also available. Based on the customized business rules set, iovation’s customers are able to automatically Accept, Deny or Review any transaction at any integration point — including (but not limited to) account creation, login, account change, deposit or withdrawal and checkout.  As a result, online businesses can accept good orders faster and reduce bad ones without impacting the business process or end user experience.

Definition of friendly fraud: Any transaction, contested by a customer, where the merchant suspects that the customer or a personal associate (child, spouse) legitimately authorized the transaction in question.

Merchants are ultimately responsible for friendly chargebacks, not to mention the preventative screening tools and recovery services that resolve each case. There may be no magic bullet that can stop friendly fraud completely, but there are solutions that merchants have identified to manage potentially risky online transactions such as chargebacks.

iovation’s device reputation service helps online merchants identify devices with a history of friendly fraud that have hit merchants across multiple verticals. By sharing fraud and abuse intelligence on over 300 million devices worldwide, iovation provides merchants with information they can use to make educated decisions to determine provides merchants with information they can use to make confident decisions to determine which online transactions to trust and which to deny or review.

As always, the show will feature some of the industry’s top names sharing their ideas about advancements in technology and design, the future of digital games, and how online games and virtual worlds are helping solve real-world business issues.

iovation has a particular interest in this show because we actively protect over 20 gaming clients and their legitimate players from all forms of fraud and abuse. Each day, our device reputation technology helps more than 75 individual online games identify bad players in their virtual environments — and keep them from returning — to build a safer and more trusting online gaming experience for their good customers.

In fact, over the past 90 days approximately 100,000 incidents of potential fraud or abuse within our customers’ game sites were reported to iovation. Types of fraud included chargebacks, code hacking, policy and terms of service violations, virtual asset theft and account takeovers.

While at the show, be sure to stop by our exhibit and learn how to rid your games of fraudsters, minimize chargebacks and keep your reputation as a safe and fun environment. And enter to win one of the Apple TVs we’ll be giving away.

We look forward to seeing you there!

This past week, iovation has seen a rapid adoption of the iPad being used at our customer sites. We’ve seen the number of iPad transactions grow by thousands every single day since the new device was made available. And these transactions aren’t just occurring within the same industry. In fact, we’re seeing iPad transactions on a multitude of verticals including travel sites, social networks, sportsbooks, dating sites, credit issuers, MMOs and online social games. And our job is to make sure that the transactions processed are from legitimate, good customers.

Topping the list of industries where we’ve seen the most online transactions this week is online communities at 45%, with the majority on social networking sites as opposed to dating sites. The second largest group was online retail, accounting for 28% of total iPad transactions. Most of those transactions occurred on travel sites. And lastly, international gambling sites such as sportsbooks came in third, at 23% of all iovation-protected iPad transactions.

So that’s where we’re helping customers, but what information do fraud teams share within our database in order to reduce fraud losses and ensure good customers have a positive experience on their site?

iovation tracks over 30 different types of bad behavior and this segmentation is important to our customers. How they treat evidence (specific types of fraud and abuse) changes across various industries. For example, an online retailer cares about mitigating chargebacks and catching criminal activity before product goes out the door, whereas an online community cares more about stopping spam, solicitations, predators and phishing attempts, in order to protect community members and maintain a safe and trusted environment.

Our customers can customize our fraud protection service to gain control over the specific transactions and activities that they correlate with high risk. This allows them to take more business with confidence and spend less time conducting costly manual reviews.

Believe it or not, within the first week of iPad sales, we have already uncovered fraudulent activity. Over half of all transactions denied from iPads were specifically related to credit card fraud. In other words, they were fraudsters attempting to monetize stolen identities on our customers’ websites.

As iPads connect to online businesses to create accounts, submit applications and make purchases, it is very important for organizations to know whether or not the device:

• has committed fraud or abuse on their site
• has committed fraud or abuse at another business
• has relationships with other devices or accounts that have been involved with fraud or abuse
• has not been seen before, but matches the profile of other high-risk or suspect devices

As iovation’s global shared database of over 275 million devices grows, so do the reputations of iPads used to request transactions. This is important information that companies can use to determine whether or not a transaction requested by an iPad, or any other Internet device, can be trusted and just the kind of information iovation provides to its valued customers.

The Merchant Risk Council (MRC) represents the largest and most influential constituency focused exclusively on making eCommerce more safe and secure. iovation is a proud sponsor of the Merchant Risk Council and brings you this interview and podcast with Executive Director, Tom Donlea.

Listen to the Podcast >

iovation: This is Scott Olson on behalf of iovation. I am here with Tom Donlea, the Executive Director of the Merchant Risk Council. Hi Tom.

Tom Donlea: Hi Scott.

iovation: Tom, as the Executive Director of the Merchant Risk Council, you lead this trade association made up of merchants, vendors, e-commerce management professionals, and law enforcement. I imagine this role gives you a great deal of insight into the key issues facing online merchants. After having just completed the Merchant Risk Council semi-annual platinum meeting and now preparing for the upcoming conference in March, is there one topic you would say is getting more attention than others?

Tom Donlea: Yes, Scott. I think for the MRC it has clearly been the economy. A lot of our merchants are increasingly focused on managing their costs and minimizing losses. They are getting a lot of pressure, so they are coming to the MRC with some very specific requests; three in fact. The first thing is they are looking for benchmarking data. They want to look at their costs, the resources they are using, and investments that they should put toward managing fraud risk.

Another piece of this, another part of the membership value, is utilizing the newest and most proven technologies available. They want to make sure that they have the right things in place, whether it is the device recognition, IP geolocation, or some of the other new technologies that are really key for the merchants.

The third thing that merchants are looking for is figuring out how to squeeze every dollar possible out of their program and their operational expenses. We are helping them connect with other members and learn about industry best practices to make sure that they are as efficient as they can be.

iovation: In recent e-commerce fraud surveys, Merchant Risk Council members show consistently lower fraud rates than the industry average. So from your experience, what are these businesses doing right?

Tom Donlea: Belonging to an organization like the MRC allows our member merchants to collaborate and then determine and discover best practices. Through our organization, the merchants have access to industry leaders. And through those presentations and forums, they are staying on top of the latest services from solution providers.

We introduce those topics and issues through webinars that we hold. We do about 20 a year right now. We hold two big conferences each year and we also have a wide enough member base from the merchant community that allows deep collaboration. Merchants from travel, gaming, the apparel industry, electronics—they are all able to gain a greater understanding of the solutions that are most widely adopted and are benefiting the bottom line, and that are, of course, appropriate for the business model.

Increasingly, merchants are looking to the MRC for advocacy. When we gather folks from the travel industry, for example, and we are hearing common issues that they have that are industry-wide issues, the MRC is positioning itself to go to battle, to cause positive change in the industry on behalf of those merchants. And we are excited to play that role.

iovation: You have followed iovation as one of the vendors and the growing interest in device-based fraud solutions for several years now. Would you say the use of this technology is now being considered a best practice for your members?

Tom Donlea: Yes, absolutely. On an annual basis, we do a fraud survey. Every year that we conduct this survey we ask our members, “What sort of third-party solutions or technology solutions are you adding to your arsenal of fraud detection tools?” Device reputation technology is one of the latest advances, and we see our merchants increasingly utilizing that type of technology to develop and enhance their fraud screening tools.

Of course, our merchants know that there is no single silver bullet that is going to eliminate fraud risk when it comes to accepting payments online. But they do know that they have got to have a diverse portfolio of tools. Not only do our members have lower fraud rates than the general industry standards for companies at the same level of revenue, but they also employ more tools than your typical e-commerce company. Through the MRC, and through meeting companies like iovation, they have learned that they must have a broad array of tools in order to meet the challenges of taking diverse payments online.

iovation: Speaking of tools and the different fraud types that your members address, most people think the Merchant Risk Council members deal primarily with financial fraud such as fraudulent chargebacks and payment fraud. What are the other risks that your Merchants are addressing?

Tom Donlea: It’s interesting that both security and authentication are becoming important issues. We’ve seen in recent headlines that data security is more and more of an issue with retailers and with consumers. The challenge for many of our e-commerce and multi-channel retailers is that they not only want to offer an inviting and convenient shopping environment for the consumer, they also want to provide the safety and security for that customer’s personal data. It’s a huge motivator for us to boost that consumer confidence in e-commerce as a channel; a focus on security is a part of that. We know that it’s important for the customers, as well as our members. The shoppers who are conducting business online, they’ve got to trust those MRC members before, during, and after placing an online transaction.

We’ve been very proactive in providing programs and events to educate retailers on the root causes of the data breaches, the regulatory issues involving the Payment Card Industry—or PCI, as we call it —and then providing them examples of compromised systems. What could have been done in advance to avoid that? Then, certainly, the remediation that happens following mistakes like the TJX breach, for example.

Authentication is another issue that we’re really focused on. Of course, authentication for financial transactions is always paramount for our members. I know iovation has lots of clients in the dating, social networking, gaming area. This has become an increasing percentage of our membership as well. For those companies, the customer experience, again, is paramount, which includes: “if I become a member of a social networking site, I want to avoid any sort of predatory behavior, phishing or any scams that are going on.” That non-financial authentication is a very, very big deal for those companies because they have to make sure that the customer experience is continually excellent.

iovation: Earlier, you mentioned that the economy was one of the major issues, and this past year, certainly, has been very challenging for a great majority of retailers across all categories. Yet the Merchant Risk Council has grown in both membership and participation. Why do you think this is?

Tom Donlea: Well, I like to think that our membership base is savvy enough to understand that it’s more vital to address fraud risk, security risk, and electronic payment issues during these hard times. They’re trying to squeeze cost out of operational systems, maximize the number of transactions they can take online, and the consumers, where they are as far as their level of safety with doing business online. MRC is bridging the gap between the merchant community and the issuer community, which includes financial institutions, who often times provide the primary interactions for that consumer in relationship to making payments online.

We’re developing forums that are allowing these communities to communicate with each other, and break down artificial walls that really do affect the consumer’s experience of placing a transaction online. We want the banks who are issuing credit cards and the retailers who are hoping to accept those legitimate transactions to have open communication and improve the industry through those efforts. We also provide active year-round forums for networking, for education, and then for advocating on behalf of our merchant members. The members that belong to the MRC, they benefit from having a distribution list that allows them to interact with their peers and competitors in a non-competitive way.

We provide benchmarking studies. We provide online learning. We have in-person conferences. We’re also expanding into Europe. I’m not sure that we talked about that but it’s very exciting for us. Then, we also have active year-round committees where folks are, again, focusing on common issues that need to be addressed by an industry group in order to improve the industry for the better. Now, more than ever, the MRC is providing resources that allow our members to address their current fraud and secured payment processes, improve their productivity, and increase profitability. Really, what we’re trying to do is make sure our members are looking out further on the horizon and are prepared for those challenges in our three program areas for fraud, security issues, and related payments on a global basis so that they’re really prepared for the future.

iovation: Certainly, the Merchant Risk Council plays a very important role in addressing online fraud and abuse. I really appreciate you taking the time today, Tom, to share with us some of the insights from the Merchant Risk Council and your members.

Tom Donlea: That’s great, Scott. We appreciate the chance to talk with you and we appreciate iovation’s involvement in the MRC.

To learn more about iovation’s fraud-fighting solutions that enable online retailers to prevent thousands of fraudulent activities each day—including credit card fraud, shipping fraud, identity theft, carding and more—watch this video, titled Preventing Fraud and Abuse in Online Retail.