According to the NY Times article, “Cyber Monday Shopping Surpasses Expectations,” both ComScore and IBM Benchmark reported that the $1.3 billion spent by online shoppers represented up to a 33% increase in online sales over last year. This followed record-breaking Black Friday weekend sales of $52.4 billion, which CNN Money reported is a 16% jump over 2010. Either way you cut it, there’s little doubt that retail and online sales over the weekend could make for a very profitable holiday season for merchants.

At iovation, we help our clients know who to trust online, by quickly recognizing their good online customers and isolating the fraudsters through shared device intelligence. By identifying bad actors upfront and flagging suspicious transactions in real-time, we help merchants decline fraudulent orders faster, minimize chargebacks and take more good business with confidence — all especially important during the holiday’s peak traffic.

Looking at iovation’s device reputation network on Black Friday and Cyber Monday, we found some interesting trends and year-over-year comparisons during the two hottest shopping days of the year, including:

• 400% increase in the rate of fraudulent transactions (from 1% to 4%) on Black Friday
• 25% increase in the rate of fraudulent transactions (from 3% to 4%) on Cyber Monday
• 15% greater transaction volume on Cyber Monday compared to Black Friday
• 4% mobile fraud rate on both Black Friday and Cyber Monday

While it was no surprise that credit card fraud, shipping fraud and account takeovers topped the list of fraud types reported to iovation’s database on these days, a noticeable drop in the share of mobile shopping activity was very unexpected.

Despite several industry surveys forecasting significant increases in mobile purchases over the holidays, iovation saw mobile transactions decrease as a share of overall activity on Black Friday and Cyber Monday. While mobile transactions usually account for 5% of queries to iovation’s service, mobile’s share of overall retail transactions dropped to 3.2% on Black Friday and 2.7% on Cyber Monday. At this point any conclusions would be only speculative as to why mobile transactions were down during these peak periods. Are consumers not ready to make purchases over their smartphones? Is the user experience of a smartphone checkout too cumbersome compared to the convenience of a desktop?  As retailers look to the mobile market as an increasingly important channel, it will be critical that they solve these issues.

1. When handing your card to a clerk or cashier, pay close attention. The card should be swiped through a point of sale terminal or keyboard card reader once, maybe twice. If your card is swiped through an additional reader, the card number may have been stolen.

2. Shop only at trusted sites. Phantom websites appear online all year round. They look legitimate, resembling well-known online retailers. But only do business those you recognize. Established online merchants are best.

3. Unsolicited emails that request sensitive data such as credit card numbers or lead you to a too-good-to-be-true offer are most likely phishing emails. Don’t disclose your information, and don’t click unknown links.

4. Check your credit card statements daily, if possible. Once a week is sufficient. Refute any unauthorized withdrawals or transactions within the time limit stipulated by your bank. For most credit cards, it’s 60 days, and for debit cards the limit can be 30 days or less.

Internet crime schemes steal millions of dollars annually from victims. If you are looking for more helpful tips, the Internet Crime Complaint Center is a great resource. Their site provides preventative measures that help you be more informed prior to making purchases on the Internet.

Holiday schemes will be in full force this year. Charge or purchase wisely.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses identity theft in front of the National Speakers Association. (Disclosures)

Computerworld reports:

“Tony Perez III, of Hammond, Indiana, pleaded guilty to the charges on April 4. In his plea, Perez said he sold counterfeit credit cards encoded with stolen account information. Perez found customers through criminal ‘carding forums,’ Internet discussion groups set up to aid in the buying and selling of stolen financial account information and related services.”

“During a June 2010 search of Perez’s residence, Secret Service agents found 20,987 stolen credit card accounts on his computers, in his email messages, in an online account and on counterfeit credit cards he was in the process of manufacturing, according to court documents. Credit card companies have reported more than US$3.1 million in fraudulent charges associated with those accounts, court documents said.”

Carding is a full time profession for thousands of hackers worldwide. Retailers’, banks’, credit card processors’, and many other corporations’ databases often contain millions of credit card numbers, and are targeted in “advanced persistent threats.” Any entity that accepts credit cards online or in the physical world is a ripe target for fraud.

It’s in the retailer’s best interest to put online fraud prevention measures in place to thwart credit card fraud use on their sites. This not only helps them keep their chargebacks and fees low, but it also protects their brand reputation with their loyal customers. But how can retailers detect when fraudsters are stealing from their websites in the first place?

Before verifying identity and credit information, first make sure that the computer, tablet or smartphone connecting to the site is not a known fraudulent device – one used to steal from your business in the past, or from other online businesses.

Would you like to know if the device is acting suspicious such as masking its IP address or constantly changing its characteristics between transactions? Is it opening an excessive number of new accounts, or are new countries suddenly accessing your customer’s existing accounts?

There are many indicators of risk and companies like Oregon-based iovation Inc. helps online businesses set up fraud and risk rules in advance so that as transactions come in, the rules run and all checks in a fraction of a second. This device identification service can stop the transaction right then and there.

Carders are just one piece of the cybercrime puzzle. Having a defense-in-depth approach to fraud prevention is essential. And sharing fraud intelligence with other businesses can only help you catch more fraud, and meanwhile, take more business with confidence.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses another databreach on Good Morning America. (Disclosures)

According to the article, “Cyber crime hit 431 million adults in 24 countries,” a recent Norton cybercrime report found online crime jumped 3% compared to its 2010 study, costing fraud victims more than $388 billion worldwide over the past year.

Eating up 35% of the global cybercrime bill were U.S. fraud victims, who spent $139 billion on cybercrime last year. That amounts to 141 victims per minute, an alarming statistic even for Norton’s consumer cybercrime expert, Helen Malani.

“We were astounded by the costs in terms of cash lost. The number came to more than $US388 billion globally. That’s more than the illegal drugs market in heroin, cocaine and marijuana. Cybercrime is an illegal underground economy and it needs to be taken seriously.”

According to the study, one of the biggest gains in cybercrime last year came in crimes against mobile devices, which are up 10% globally. No surprise there, considering the explosion of smartphones and tablets being used to connect to the Internet. Malani said the chief concern with mobile fraud is users inability to stay on top of security updates. She said only 20% of people accessing their mobile devices have installed the most up-to-date mobile security. With up to 80% of mobile devices improperly protected, this provides fertile ground for cybercrime activity.

Similar to any other legitimate economy, growth in the illegal underground marketplace is driven by innovation, and tapping into the next opportunity. For cyber crooks, it’s all about exploiting the latest technology before the security gaps are identified and closed.

For online businesses that allow users to access their websites and corporate networks via mobile devices, this is especially disconcerting. Operating without the tools to effectively detect when fraudulent devices are logging onto their sites and requesting transactions, organizations and their customers are vulnerable to evolving schemes such as credit card fraud, card-not-present (CNP) fraud, account takeover, phishing and identity theft.

Today, building a multi-layered fraud preventative strategy that includes device reputation technology is critical to identifying when an Internet-based device, whether it’s a PC, smartphone and tablet, is already registered or attempting to log onto a website. The device intelligence that iovation’s ReputationManager 360 provides in real-time allows online businesses to recognize when a remote device that has been used to commit fraud or abuse in the past and stop any illegal or unwanted activity before it happens.

With nearly 150 users (just in the U.S.) exposed to some type of fraud every minute, it’s time businesses gain an extra layer of protection needed to stop more advanced forms of online fraud and abuse. Performing real-time risk analysis on transactions from every country in the world, iovation has already flagged nearly 40 million fraudulent transactions for its B2B customers just this year.

Their main concern was that companies could set up shop, accept tons of credit card charges, and then vanish, leaving the banks short. Mail order fraud was also big. A stolen credit card could be used to place orders over the phone, and when the fraudulent charges were discovered, merchants would suffer from chargebacks.

At the time, it wasn’t even necessary to provide a correct expiration date, as long as the card wasn’t already expired. Then credit card companies began verifying billing addresses to authenticate mail orders. Eventually, an additional verification code was added to cards, referred to as a CVC or CVV. We still use these codes today, but they can be fraudulently obtained in a number of ways.

When merchants moved from catalogs to websites, IP addresses were used to track transactions. But bad guys figured out how to spoof them.

Now we have a number of new technologies designed to fight credit card fraud. The most effective and widely implemented is device reputation, an effective online fraud prevention method that helps protect retailers from fraudulent CNP transactions by examining the computer or other device for a history of unwanted behavior, plus any suspicious activity at the time of transaction.

If a customer’s PC, smartphone, or tablet indicates an abnormally high level of risk, the merchant can reject the purchase in advance. iovation, the global leader in device reputation, flagged 35 million online transactions as high-risk in the last year for its clients and will flag 50 million or more by the end of 2011.

Protect yourself from credit card fraud by checking your statements regularly. Set up your own email alerts so that at a minimum, you are notified of any transactions over your specified amount occur on your account. Businesses set up triggers and alerts to protect themselves, shouldn’t you?

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses credit and debit card fraud on CNBC. Disclosures

Network World reports, “The Financial Services Information Sharing and Analysis Center (FS-ISAC) polled 77 financial institutions and asked how many account takeovers occurred in 2009 and during the first six months of 2010. The FS-ISAC consists of a group of banks that shares threat information and interacts with the federal government on critical infrastructure issues. Its members include Citi, Prudential, Bank of America, JPMorgan Chase, Goldman Sachs and Wells Fargo, among others.”

Account takeover occurs when thieves infiltrate your existing bank or credit card account and siphon out your money. This typically occurs after your account has been hacked or your credit card or personal identity has been stolen.

21 of the institutions polled reported a total of 108 commercial account takeovers during the first six months of 2010, compared to 86 for the full year of 2009.

In 2010, 36% of fraud attempts were successfully thwarted, whereas 2009, fraud was only prevented 20% of the time.

I have previously referenced a report from Javelin Strategy: “When examining account takeover trends, the two most popular tactics for fraudsters were adding their name as a registered user on an account or changing the physical address of the account. In 2010, changing the physical address became the most popular method, with 44 percent of account takeover incidents conducted this way.”

Unfortunately, FS-ISAC’s study failed to disclose what methods were used to thwart the account takeovers. Many financial institutions are protecting their users and themselves by incorporating device identification, device reputation, and risk profiling services to keep scammers out. Oregon-based iovation Inc. offers the world’s leading device reputation service, ReputationManager 360, which is used by leading financial institutions to help mitigate these types of risk in their online channel.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses discussesonline banking security on CBS Boston. Disclosures

This casual, unwary approach toward security continues to boggle my mind, particularly in today’s highly volatile business environment. But while three-quarters of the small businesses polled said they are incorporating steps to protect their computer systems from fraudsters, Fred Graziano, head of the commercial and small business banking at TD Bank, said companies need to keep up with the latest available fraud preventative technologies and criminal tactics used by more sophisticated fraudsters.

“It’s encouraging to see that small business owners are taking steps to protect their business, but fraud protection should be a high priority and it pays to be vigilant. Given the influx of new digital technologies and operational tools available for small business owners, it’s increasingly important to learn about the latest trends and techniques used by criminals, and to be more diligent in defending against fraud.”

Graziano, along with TD bank’s director of corporate security and investigations, Robert Dunlop, offered some advice to small businesses about protecting their systems and customers from evolving fraud attacks, including:

Manage finances with secure online banking:

Closely monitoring all account activity payments and financial transfers in real time with automated fraud preventative tools helps businesses quickly identify any discrepancies and provides audit trails for all online transactions.

Protect computer systems and practice online awareness:

In Dunlop’s terms, “Being complacent about cyber protection can lead to the compromise of critical information and detrimental consequences for a business.” That about says it all.

Safely handle highly sensitive documents:

Properly storing and disposing sensitive hardcopy documents such as financial statements, credit card information and social security numbers is critical to reducing the risks of confidential data landing in the wrong hands.

Incorporate appropriate checks and balances:

A strong internal review and assessment process shows customers how serious you are about fraud and preventing criminals from perpetrating deceptive acts against your business and customers.

As small and medium-sized businesses (SMBs) struggle to make progress in stopping payments fraud, organizations of all sizes should evaluate their fraud prevention needs and prioritize accordingly. Businesses operating without proactive fraud preventative tools that effectively detect and stop new forms of financial fraud will continue to fall victim to scams that costs them thousands to millions in profits and cause irreversible damage to their corporate brands.

In the article, “North business loses $8k in online scam,” a company was recently cheated out of $8,000 by an international scam that included fraudulent credit cards and a bogus freight business. The company was duped after a customer requested its purchase to be shipped to Japan via a fake London-based freight company, where additional charges to have the product shipped were added to the bill. When the customer’s payment went through, the freight company emailed the online business saying it could not take credit card payments. It asked for a direct, non-refundable overseas cash transfer, which the business paid for. Because the initial transaction went through, over the next month the company made five additional shipping payments on similar orders, amassing $8,000.

With these and other shipping scams stealing hundreds of thousands of dollars from eCommerce companies each year, detective Pete Hayes is warning online businesses about such scams that threaten any business working online.

“Anyone in the retail business that deals with orders over the internet has to be aware. Some of the red flags that might be raised are the name Postex Air Express and if someone is asking for payment via a direct cash transfer through a credit union or similar.”

For online merchants, international eCommerce orders carry a higher risk. Accepting cross-border payments pose about a 2.5 times higher risk than domestic orders. While many of today’s screening tools focus on Address Verification Services (AVS) and IP geo-location information for specific countries and regions, they can be easily spoofed by fraudsters using anonymizing proxies and other methods to hide their true locations and identities.

With many security tools limited to geographic constraints or simply ineffective in equally screening domestic and international fraud, layering a fraud prevention service like iovation’s ReputationManager 360 as part of a business’s anti-fraud strategy is critical for detecting fraud regardless of the source or location of incoming online orders.

Instead of focusing exclusively on personal information or the user to screen transactions, iovation enables businesses to identify the device being used to screen for fraud across the Internet. Its device recognition technologies combined with real-time risk reporting and analytics help businesses around the globe identify any device (PC, smartphone or tablet) with a history of fraud such as chargebacks and shipping/re-shipping fraud, and expose hidden associations with online accounts to stop repeat offenders who may already be perpetrating fraud within a network. Doing so allows eCommerce merchants to greatly reduce fraud losses (and chargeback rates) and improve the efficiency of their fraud process and team.

In one case alone, iovation helped reduce an online retailer’s fraud losses by $1.8 billion. Read the case study by Forrester Principal Analyst, Andras Cser.

According to the article, “Credit card fraud is a cross-border crime,” statistics have shown in recent years that online fraud trends can differ dramatically between countries. For example, online payment fraud in the UK dropped 10% from 2009-2010, while the US experienced a 157% rise in attempted payment fraud during that same period.

Carl Clump, Group Chairman of Retail Decisions (ReD), a leading payment fraud prevention provider (and iovation partner), said this is particularly disconcerting for online merchants that do business overseas. As attack methods vary considerably in different parts of the world, e-retailers operating with a limited security scope could be leaving their networks and customers vulnerable to fraud trends for which their existing security tools are not adequately prepared.

“E-commerce businesses that only focus on fraud in their own sector will not immediately spot a new ploy that criminals have used in another industry. The narrower the retailer’s perspective of fraud, the harder it becomes to keep pace with rapidly changing fraud techniques.”

As online retailers expand their businesses abroad, the key to mitigating the risk of unknown attacks is having collective intelligence that spans beyond borders. iovation’s global Device Reputation Authority fraud database shares the firsthand experiences of 2,000 worldwide fraud analysts that have provided fraud evidence on more than 650 million Internet-connected devices across the globe that criminals use to perpetrate all types of fraud and other unwanted activities including credit card fraud, card-not-present (CNP) fraud, account takeovers, and shipping/re-shipping fraud.

Leveraging the power of device reputation goes beyond the stolen information that criminals use to commit fraud. Knowing if a device has a history of fraud or abuse, or is associated with other known fraudulent devices or online accounts helps online businesses identify and stop cyber crime in real time, no matter what country or region they are doing business in. Now businesses can adapt, protect themselves, and share information worldwide — even faster than the fraudsters.

Infographics: Hotel Credit Card Hacking © CreditDonkey

When travelers go online to research hotels to plan a vacation or business trip, things like proximity, cleanliness, amenities, and safety play a huge role in their decision-making process. But those priorities may be changing. With credit card fraud becoming more prevalent in the hotel industry, a hotel’s reputation in relation to online security and fraud risks may soon override many of the traditional considerations that consumers have for choosing hotel accommodations.

According to the article, “Hotel Guests More Likely to Be Credit Card Hacking Victims, CreditDonkey Illustrates Danger,” a study estimates that 38% of all credit card hacking involves hotels. That’s two-times more than the financial industry (19%), which surprises Charles Tran, founder of the credit card comparison website, CreditDonkey.

“We were surprised at the numbers showing that hotel visitors run the greatest risk of all for having their credit card information stolen.”

One of the reasons for these unexpected numbers may be the recession. Because the hotel industry has been hit so hard, many hotels and hotel chains have not adequately upgraded their computer security systems. This, along with the fact that travelers typically use credit cards to pay for their hotel stays, may explain why hotels have become prime targets for cyber criminals.

All of this could create a shift in priorities for travelers selecting a hotel. As a result, hotels need to make sure they implement effective anti-fraud security strategies that help reduce the risk of credit card fraud.

As cyber thieves get more sophisticated, hotels must deploy security tools that help them identify fraudulent activity before they happen. Fraud prevention tools like iovation ReputationManager 360 uses device reputations to identify in real-time when a device with a history of fraud or is associated with other known fraudulent accounts is attempting a transaction.

By recognizing or re-recognizing any type of Internet-connected device — whether it’s a PC, laptop, tablet or smartphone — before the transaction takes place, hotels can mitigate their risk of credit card fraud and other unwanted activities, all of which can have a significant impact on their brand reputation and, ultimately, their business revenues.

To reduce fraud rates, social networking sites are using their own social verification systems to determine whether the person at the other end of a Web transaction is actually who they say they are. According to the article, “How your social network can protect your credit card,” social networking sites like Facebook collect various pieces of information about a user’s personal network to identify a person and reduce fraudulent activities such as credit card fraud, account takeover and account hijacking within their network. But while the social networking giant and others prefer to keep their data to themselves, think about the possibilities this type of information could have in the fight against global fraud.

With so many credit card details and social security numbers now in the hands of organized cyber criminals, we need a broader mindset if we are going to truly stop the growing fraud problem that stretches across continents, technologies and industries.

By sharing intelligence on more than 600 million Internet-connected devices including PCs, smartphones and tablets, iovation’s ReputationManager 360 fraud prevention solution allows businesses across all industries to see if a device requesting an online transaction has a history of fraud, or is associated with known fraudulent accounts or devices, before the transaction takes place. With a nearly 30% device crossover rate between industries, we understand how important working together and sharing critical information is to fighting online fraud and abuse. This is how we are able to help our cross-industry customers stop 35 million online fraudulent transactions and activities a year.

Much like any legitimate user, fraudsters come in from computers or devices they’ve used before. Having the goods on bad guys’ devices enables businesses to decide whether to deny, accept, or pull for review any pending transactions to prevent credit card fraud and other unwanted behavior. As a result, businesses don’t have to write off future online transactions that are ultimately impacting their sales revenues and bottom line.

But what happens when industry perception is beyond your control? Can online businesses protect themselves from consumer perceptions of the industry as a whole? And what kind of impact can consumers’ fears of shopping online have on online merchants?

In the article, “Card Fraud: Consumer Fears Cut Into Sales,” a recent ACI Worldwide survey of more than 4,000 consumers in 14 countries found that concerns around credit card fraud are not only increasing, but can also impact sales. Some of the study’s key findings included:

50% of worldwide consumers worry about credit card fraud

58% believe card fraud is increasing

65% of U.S. consumers are concerned about using their cards online

Each one of these points can impact consumers’ shopping behaviors, resulting in sales and profit losses for online retailers. While these findings can help organizations better understand consumers’ fears with using their credit cards, the information can also prompt online businesses to take additional steps to build confidence in their brands and minimize any potential losses as a result of growing concerns of shopping on the Internet.

While businesses can and should continue to educate customers about the fraud preventative measures they have in place to ensure the safety and protection of their websites and payment processes, the best strategy to instilling consumer confidence in your brand is having a comprehensive, multi-layered defense that combines a number of complementary anti-fraud solutions to proactively identify and stop credit card fraud and card-not-present (CNP) fraud from occurring in the first place.

But Râmnicu Vâlcea is different. Wired describes the odd contrast between flapping clotheslines and the luxury Mercedes-Benz dealership in this small Romanian town, where young men in expensive jewelry drive luxury cars, all paid for with money from eBay scams, Craigslist scams, advanced fee scams, ATM skimming, phishing, infiltrating databases, new account fraud, and account takeover fraud.

Early scams were obvious but successful. English is a second language to Romanian scammers, so over the past decade, consumers caught on to the broken English and typos typical of phishing emails or classified scams. Romanian scammers responded by hiring English speakers to clean up their communication and give them an appearance of legitimacy.

Over time, U.S. authorities and corporations who were being defrauded caught on to Romania being the hub of organized computer crime, and so began flagging wire transfers, product shipments, and credit card orders. In response, scammers developed a distribution chain involving “mules,” who often ship products or collect money in countries like the United Kingdom, in order to avoid authorities monitoring Romanian IP addresses.

There are sophisticated anti-fraud companies that work around the clock to stay ahead of scammers to make the Internet a safer place to conduct business and interact. One such company is iovation. They have a highly effective fraud protection service called ReputationManager 360 offering device reputation management to determine if a PC, smartphone, or tablet has been used to commit fraud, regardless of the country of origin. Their device reputation management is the only solution that leverages the shared experience of global brands across numerous industries, with thousands of fraud professionals from major online brands reporting and sharing fraud and abuse attempts each day.

The same cyber criminals targeting banks and retailers working hard to collect and sell stolen personal data, including names, addresses, Social Security numbers, and credit card details, are using those stolen identities to win big in defrauding online gambling sites.

And as more people turn to online poker, bingo, sportsbooks, and betting sites, cyber criminals are developing more sophisticated ways to take advantage of legitimate players and the gambling sites themselves. Financial fraud such as chargebacks and money laundering are major issues for gambling operators, not to mention player collusion and bonus abuse. Plus, the operators have the responsibility of keeping problem gamblers (self-excluders) from re-entering their sites.

Bonus incentives, as explained in this case study on WagerWorks, are offered to attract new players to games and to increase overall play time, but these incentives also attract the attention of cyber criminals since they can set up multiple accounts under stolen identities, and take advantage of the free money offered for each new account.

Gambling sites, like banks and retailers, are forced to deal with a wide spectrum of Internet crimes and other in-game abuses that cost the industry hundreds of millions of dollars in fraud losses each year.

Many gambling sites have increased efforts to detect suspicious players, but Internet-savvy criminals have learned to mask their true identities, changing account information to circumvent conventional methods of fraud detection.

It is increasingly necessary for online casinos to deploy more effective solutions, which analyzes information beyond that which is supplied by users. By starting the fraud detection process with a device reputation check from companies like iovation, gambling sites can stop problem players within a fraction of a second and avoid further checks and fees when the device is known to be associated with fraud. According to Chrystian Terry, Director of Casino Operations at WagerWorks, “iovation helped us shut down 20 sophisticated rings. Imagine the lifetime value of bonuses on nearly 300 accounts – that’s tens of thousands of pounds! The service paid for itself on the first day.”

At the recent Caribbean Gaming Show and Conference in Santo Domingo, Max Anhoury, Vice President of Global Sales at iovation, shared in his presentation to attendees that 350,000 fraudulent attempts within gambling sites alone have been reported and shared in their global knowledge base in the last 12 months. And while iovation’s database of half a billion devices typically sees about 2% of devices within most industries associated with negative behavior, within the online gambling industry, that number increases to 5% of devices associated with fraud. That’s approximately 500,000 “known unique devices” trying to defraud gambling sites. Sites armed with device reputation know when these bad devices touch their gaming sites and can keep them out.

The online casino industry has an opportunity to work in tandem with merchants, banks, travel sites and even shipping companies to share data that helps pinpoint the devices responsible for fraudulent activity. Shared device reputation intelligence makes this possible for the first time.

I like to expose the flaws in our systems, to find what makes us vulnerable. Much of my “research” (or my “antics,” as some would say) is prompted by my desire to learn more about the scumbags of society, who prey on others. So I sign up for online dating sites, create a profile as a woman, and wait for men to contact me. My research has led me to discover some particularly shady methods scammers use to target emotionally vulnerable victims. The most common is an advanced fee scam involving a wire transfer.

A divorced mother of three in Britain was taken for £80,000 by a scammer posing as a US soldier. It began when a man who called himself Sergeant Ray Smith introduced himself on a dating website. Soon they were chatting and emailing regularly, and then he was calling her on the phone and asking her to wire him money.

Twenty years ago, online dating wasn’t even a thought. Ten years ago, it was weird. Five years ago, it was new and exciting. Today, it’s as normal as milk and bread. If you are looking for a mate online, you will eventually find someone. Most of my friends who’ve tried it were successful. But by the time a new technology becomes normalized, scammers, who are usually ahead of the curve, are lying in wait. As online dating gradually gained popularity and acceptance, scammers were coming up with ways to take advantage and perfecting their craft. And now it’s a full-time job for them. They know all the new scams and come up with better ways of executing the old ones.

It blows me away that these scams are even possible. In many cases, the same scammers maintain multiple profiles on different dating sites, and the dating sites do almost nothing to prevent or police this.

We caught up with anti-fraud provider iovation to see what dating sites around the world were reporting about fraudster activities.

In the last 90 days, 230,000 fraud and abuse attempts were reported to iovation from dating sites alone, including:

• Spamming – 90,000
• Scams and solicitations – 30,000
• Inappropriate content – 20,000
• Chat abuse – 17,000
• Profile misrepresentation – 15,000
• Credit card fraud – 14,000
• Identity mining / phishing attempts – 12,000

iovation has many more categories specific to dating, including bullying, account takeovers, under age members, and so on. What’s unique to their globally shared system is that their clients can choose what to take action on or not. For example, a dating site may choose to not care about cheating in online gaming sites, but set up rules to trigger multiple account creations looking for profile misrepresentation. Dating sites can specify which type of behavior to protect their users from.

If more sites incorporated device reputation checks for suspicious computer history and investigated for characteristics consistent with fraudulent use, they’d be able to deny criminals, often before the first time they tried to sign up.

New account fraud refers to financial identity theft in which the victim’s personal identifying information and good credit standing are used to create new accounts, which are then used to obtain products and services. Stolen Social Security numbers are often used to commit new account fraud.

Since the thief typically submits a different mailing address when applying for new accounts, the victim never receives the bills and may remain unaware of their existence until creditors come seeking payment for debts the thief has accumulated in the victim’s name.

Variations on new account fraud include:

Utility fraud, in which the identity thief opens new utility accounts, such as gas, electric, phone, or cable, in the victim’s name, accounts for as much as 20% of all instances of identity theft.

Loan fraud accounts for approximately 10% of instances of identity theft. In order to obtain a loan of any kind, applicants are nearly always required to provide a Social Security number.

Credit card fraud is the most lucrative type of new account fraud, and the most prevalent, accounting for almost half of all identity theft cases. Simply put, identity thieves love credit cards because they are the easiest accounts to open, and they can quickly be turned into cash.

The availability of instant credit means instant identity theft. Identity thieves froth at the mouth when they obtain personal identification information and are in range of a major retailer.

An identity theft protection service can help mitigate the risk of new account fraud by monitoring your credit for new account activity, as well as by monitoring the Internet for your personal information.

One cool company that’s watching your back is iovation. iovation spots cyber criminals by analyzing the device reputation of the computers they use to connect to a website. They investigate for suspicious history and check for characteristics consistent with fraudulent users. And the best part is that iovation can prevent a criminal from using stolen data to open a new account in the first place.

According to Scott Waddell, Vice President of Technology at iovation Inc., “iovation sees identity thieves carry out their attacks in very short-time windows to exploit their newly stolen credentials. What might typically look like one transaction to a single business is often a shotgun attack across our globally shared view. One device may be opening a new credit card account, then going to an online retailer, then applying for instant credit all within minutes, and iovation can detect that through velocity triggers and shared experience across subscribers to alert the affected businesses and thwart the attacks. That’s great for the protected businesses and for the consumers who would otherwise be dealing with fraudulent charges made under their identities.”

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses Social Security Numbers as National IDs on Fox News. (Disclosures)

In the article, “Report: Stolen data sold over online black market,” the security firm revealed that cyber criminals have set up shop online to buy and sell everything from stolen bank account information, credit card numbers and passwords to consulting and technical services around developing and operating fake online stores.

Impersonating hackers to gain entry into the online black market, PandaLabs researchers discovered an online catalog of an array of products and services that include:

• Credit card details – $2-$90
• Physical credit cards – $190+ cost of details
• Bank credentials – $80-$700 (with guaranteed balance)
• Online stores and pay platforms – $80-$1,500
• Designing and publishing of fake online stores – Pricing varied according to project

This is yet another prime example of how the bad guys are highly organized and have sophisticated operations that mimic traditional business techniques. Today’s cyber criminals are motivated by financial gain, and it’s operations like these that give other aspiring hackers the tools they need to defraud businesses over and over again. As criminals work together to increase their chances of success (not to mention strengthen their numbers), we, too, have to collaborate and deploy complementary anti-fraud defenses for stronger protection against more sophisticated forms of online fraud and abuse.

According to the article, “Watch out for credit card hackers this Christmas,” Rob McAdam of Pure Hacking, an organization dedicated to helping businesses protect their information assets, said it’s just not large corporations that hackers are targeting during the holiday season, but mid-sized retailers are becoming more and more affected by security breaches involving credit cards.

“We are typically finding larger retailers that rely on reputable payment gateways and who have made data security a priority are no longer the main targets for fraud.”

As Cyber Monday is just days away, experts forecast online sales to break the $887 million spent last year. For many global merchants where holiday sales are already in full swing, iovation is actively involved helping them prevent fraud and keep chargebacks and related fees to a low.

Merchants are effectively leveraging iovation’s device reputation network (with over 450 million unique devices) to know whether those devices connecting to their websites have been involved in credit card fraud, shipping fraud, account takeovers, phishing and identity theft, and if the transactions coming from those devices are suspicious or considered to be high risk.

After a three-year investigation by the FBI and the UK’s Serious Organized Crime Agency (SOCA), British authorities announced they have arrested the sophisticated network of cyber criminals behind DarkMarket, one of the world’s top criminal websites. The site, which operated out of an unassuming London Internet café, was an international cyber supermarket for stolen credit card and bank account information that officials say has cost the banking industry tens of millions of dollars.

According to a recent article, “Welcome to DarkMarket: a global shop for cybercrime and banking fraud,” the DarkMarket site was an online superstore of personal data, viruses, tutorials, and a whole host of other resources for fraudsters. In order to gain access to the site, which was by invitation only, those wanting to become members had to offer up details of 100 compromised credit cards – 50 each to two separate members who would then test the cards in the market to see if the information was valid. If the information was usable, the applicant would gain entrance to the site. If not, access would be denied.

Once in, members could trade everything from credit card details to bank account PIN numbers obtained through hacking, phishing scams, and ATM skimming devices. The site even had a crime “menu,” where for very reasonable prices, members could purchase, among other things:

• Information needed for online transactions ($3-$10 depending on quality)
• Credit card images ($30 each)
• Bank logins (2% of available balance)
• Billing details needed for opening or taking over accounts ($150 for accounts of $10k balances, $300 for accounts with balances of $20k)

Of the estimated 2,000 members who had access to the site, so far the bust has led to the arrest of more than 60 members who are scattered throughout the globe, in countries including the UK, United States, Canada, Germany, France Turkey, Israel and Russia.

The scope and reach of the DarkMarket website underscores the magnitude of such an operation, as well as the growing problem of organized fraud. With more personal information accessible over the Internet, cyber criminals have built thriving illegal networks to buy, sell and trade financial data and share information on how to defraud all types of online businesses. Certainly businesses are dealing with an increasingly sophisticated threat and must continually evolve and be vigilant to defend their businesses from attack.