We currently rely on easily counterfeited identification, and we transmit credit card applications using the phone, fax, Internet, or snail mail, all of which are relatively anonymous methods.

Fraudulent credit card applications are the most lucrative form of credit card fraud. Identity thieves love credit cards because they are the easiest accounts to open, and they allow thieves to quickly turn data into cash. Meanwhile, consumers don’t find out that credit cards have been opened in their names until they are denied credit or bill collectors start calling.

Identity thieves use any number of tricks to fool banks, retailers, and creditors into approving their online credit applications, extending credit that leaves the creditor on the line for losses.

It doesn’t need to be this way.
(more…)

The Merchant Risk Council (MRC) represents the largest and most influential constituency focused exclusively on making eCommerce more safe and secure. iovation is a proud sponsor of the Merchant Risk Council and brings you this interview and podcast with Executive Director, Tom Donlea.

Listen to the Podcast >

iovation: This is Scott Olson on behalf of iovation. I am here with Tom Donlea, the Executive Director of the Merchant Risk Council. Hi Tom.

Tom Donlea: Hi Scott.

iovation: Tom, as the Executive Director of the Merchant Risk Council, you lead this trade association made up of merchants, vendors, e-commerce management professionals, and law enforcement. I imagine this role gives you a great deal of insight into the key issues facing online merchants. After having just completed the Merchant Risk Council semi-annual platinum meeting and now preparing for the upcoming conference in March, is there one topic you would say is getting more attention than others?

Tom Donlea: Yes, Scott. I think for the MRC it has clearly been the economy. A lot of our merchants are increasingly focused on managing their costs and minimizing losses. They are getting a lot of pressure, so they are coming to the MRC with some very specific requests; three in fact. The first thing is they are looking for benchmarking data. They want to look at their costs, the resources they are using, and investments that they should put toward managing fraud risk. (more…)

I came across a good article this morning on detecting and avoiding phoney fraud alerts.  The problem is that I found myself thinking yet again that as online sites employ even more identity-based fraud management solutions to combat online fraud, the likelihood of these phishing attacks to succeed goes up.  More and more often we are being asked for increasing amounts of personal information to validate our identity.

There are two problems with this.  First, we are training online users that providing personal information in addition to credit credentials, i.e. color of your first car, your pet’s name, etc. is required to complete a transaction.  As this has become the norm it  is harder to spot phishing attacks.  Second, we are feeding the online databases created by botnets with increasingly personal information that the scammers can use to bypass these same checks.

I truly believe that the long term viability of solutions that require input of substantial personal information is in question.  To fight fraud, account takeover and identity theft, we should move more to systems that do not require this information like a variety of multi-factor authentication tokens, device fingerprinting, and smart cards.