Tonight the 2012 ICE Totally Gaming Conference & Exhibition kicked off at 8 Northumberland in London with the Totally Gaming Awards banquet. Celebrity presenter Katie Derham hosted the banquet, which was designed to cover all gaming sectors along with media, marketing, and outstanding contribution awards. The 2012 awards were open to all suppliers and operators in the European gaming market and recognized and rewarded innovation, as well as great products and services from the gaming industry.

Here are some of tonight’s 2012 Totally Gaming Award winners:

• 888.com for Best Online Product of the Year (iovation was a finalist)
• Betfair for iPhone for Best Mobile Gaming Product
• Holland Casino Amsterdam for Best Casino Operator
• Jan Jones and Ron Goudsmit for Outstanding Service to the Land-Based Industry
• Wes Himes for Outstanding Service to the Remote Industry
• Novomatic for the Media Award
• Inspired Gaming Group for Best Betting Product
• Casinos Austria for Best Marketing Campaign
• Casino Cosmopol Sun vaal for Best Casino 
• Raff Ltd for Best Lottery Product
• JMC Global for Best Street Supplier 

Next up on the ICE agenda is the Combating Cybercrime in Gaming conference at Earls Court. Starting Tuesday, January 24th, attendees will find a great line-up of topics, including jurisdictional approaches to investigating cybercrime, knowing “who” and “where” your gaming customers are, implementing strategies to reduce data leakage from your network, cybercrime hotspots and forecasting future threats, and staying ahead of mobile gaming fraudsters.

iovation’s vice president of global sales, Max Anhoury, leads the mobile gaming fraud panel at 2:00 pm, titled Staying One Step Ahead of Mobile Fraudsters, to help attendees understand the latest cybercrime threats and how gaming operators can better protect their business, brand and customers.  Joining Mr. Anhoury will be Darwyn Palenzuela, Chief Technology Officer at Smart Gaming Group and Christina Thakor-Rakin, Head of Operations at Virgin Games. iovation will be sharing worldwide mobile device trends from its global reputation database of more than 800 million unique devices, which includes PCs, laptops, smartphones, tablets and consoles.  (more…)

iovation is continually developing new features to meet customer business challenges, keep pace with the constantly changing Internet environment, respond to great customer ideas, and meet our own internal strategic goals.

It’s been a busy year with a ton of new features and enhancements ranging from big to small. We thought we’d take a moment to share with you some of the highlights from 2011.

As with any technology, there are many, many things that go into a new feature including design, development, testing, documentation, integration and other operational requirements. We won’t go into that amount of detail here, but instead will focus on the primary achievements within each of the four principle areas of specialization at iovation, which include:

The PCI Security Standards Council is an open global forum, launched in 2006, that is responsible for the development, management, education, and awareness of the PCI Security Standards, including the Data Security Standard (PCI DSS), Payment Application Data Security Standard (PA-DSS), and PIN Transaction Security (PTS) requirements.

Now, after five years of pushing standards out to merchants and retailers, a Verizon study has found that 79% of retailers are noncompliant. That means your credit card data is at risk in 8 out of 10 transactions.

InformationWeek reports numerous reasons why credit and debit card data is at risk. The first is that the burden posed by PCI causes businesses to view PCI as a nuisance, rather than a standard. Instead of working towards better security, they shun it. (more…)

For the first time in six years, the Federal Financial Institutions Examination Council (FFIEC) has issued new guidelines for banks to protect financial transactions targeted by today’s sophisticated cyber criminals.

In the recent Network World article, “Federal agency issues new security rules for financial institutions,” the FFIEC is instructing financial institutions to deploy layered security systems and recommends they update their risk assessments to detect anomalies and effectively respond to suspicious activity as more profit-driven hackers focus on business computers to perpetrate fraudulent online transactions.

According to the IC3 Annual Internet Crime Reports:

Cyber crime complaints have risen substantially each year since 2005, particularly with respect to commercial accounts.  Fraudsters are responsible for losses of hundreds of millions of dollars resulting from online account takeovers and unauthorized funds transfers.

The new rules instruct banks and financial institutions to focus their network defenses on layered security that involves fraud monitoring, dual customer authorization through different access devices, out-of-band verification, and technologies that limit the fraudulent transactional use of an account.

According to Scott Waddell, Vice President of Technology at iovation, who has been helping the nation’s largest financial institutions and credit issuers implement layered defense programs for years:

We’re glad to see the FFIEC guidelines catching up to the device reputation best practices that our customers enjoy. Complex device recognition, reputation, and real-time risk assessment are powerful additions to any bank’s fraud-fighting arsenal.    (more…)

The security strategy of “defense-in-depth” allows a system or an organization to prevent an attack by coordinating complementary defense techniques, taking advantage of the strengths of each one while relying on the combination to shore up weaknesses in the others.  The end result is a more complex and nuanced system that is resilient to a much greater number of attacks.

In a similar vein, we can see that any single device recognition strategy on the Web is going to run into some serious limitations, mostly related to the quality and the variety of the data that can be collected from a browser.  There are a number of sources of data that we can use to construct a view of a device on the Web, but most of them can be manipulated, and all of them have problems with uniqueness.  How to build a system that is resilient to so much data uncertainty?  Yeah, I know you’re already a step ahead of me – we design in depth. (more…)

As iovation continues to expand its subscriber-base across multiple industries, the number of shared devices (meaning those devices seen at multiple sites) continues to rise. As we see this cross-over between subscribers rise, new and existing subscribers have a greater chance of encountering devices that already have a reputation. This increases the proactive value of device reputation and directly supports the significance of having a shared device database.

The increase in the number of shared devices can in part be understood by analyzing the population of “reactivated” devices. Reactivated devices are devices that iovation re-identifies after having not seen the device for more than 90 days. By studying these devices in contrast to the device population as a whole, it is clear that iovation’s expanding customer base is a significant contributor to this trend as a vast majority of reactivated devices have been seen in multiple customer networks. (more…)

When I talk with fraud managers, they often express concern that the benefits of a reputation-based system won’t be instantly apparent. While a reputation service inherently becomes more valuable over time as companies log their fraud experiences into the system, it’s worth pointing out that device recognition and device reputation provide a number of benefits that can have an immediate effect, such as the following:

• Expose relationships between transactions –Device recognition gives fraud management teams instant visibility into the relationships between all online transactions (fraudulent or not). This provides immediate value in assisting with investigations and resolving issues.
• Receive velocity alerts –The number of purchases, applications, account creations, etc. that originate from one user in a given period of time is highly indicative of fraudulent behavior. For example, wouldn’t it be valuable to know that in the span of one hour, ten credit card applications were all submitted by one person? Unfortunately, since most fraudsters use fake or stolen identities, this can be incredibly hard to detect—unless you focus on the device. With device recognition, you can monitor the velocity of transactions coming from a single device, regardless of the identities provided.

(more…)