The month of February provided another stark reminder that cyber criminals continue to be on the prowl in online dating communities.

According to a recent Toronto Sun article, “Money scammers target online daters,” Durham Regional Police received several reports—all during the weeks following Valentine’s day—from women claiming they had been scammed by men they met online. After several months of courtship and communications with these men, women then said they were asked to wire money overseas to help with work-related charity efforts. Some women were also conned into providing personal identification and financial details to the suspects and were debited “substantial amounts of money from their personal accounts.” (more…)

It’s been said that the best offense is a good defense. But how do you defend against something that’s always changing? That’s an important question for IT security professionals who know that it’s only a matter of time before cyber criminals find ways to take advantage of the inherent weaknesses in even the best technologies.

The harsh reality is that today’s cyber criminals are so tech savvy and innovative that staying one step ahead of them isn’t always possible. That’s why, when it comes to network security, a good defense should be made up of several different layers. That way, even if a hacker is able to exploit vulnerability in one layer of the system, he may be stopped or slowed down by another. This strategy, known as defense in depth, essentially allows organizations to protect the integrity of their systems by slowing hackers down and buying security professionals the time they need to respond to a security breach once it has occurred. This mitigates the damage that malicious hackers can do, even if they are able to make it past initial barriers. (more…)

There has been some recent discussion in different articles regarding whether or not device identification (also referred to as device fingerprinting) constitutes a violation of privacy, in the context of fighting online fraud. The topic came up recently at a panel at RSA on the Benefits and Dangers of Device Fingerprinting. Device fingerprinting provides significant benefits for online businesses; it provides an additional factor for authentication, used by many online banks, and aides in the fight against fraud by identifying computers that have been used in the past for fraudulent activities and stopping future transactions from those systems.

The argument against this type of technology, however, is that the device information could be collected and sold, constituting a violation of privacy of the online user. What needs to be taken into consideration, however, is how device fingerprinting compares with existing identity-based fraud prevention techniques. Device fingerprinting solutions, such as the device reputation system offered by iovation, ideally work to reduce fraud while simultaneously protecting the privacy of the individual. iovation’s ReputationManager service, as an example, collects and requires no personal information from our customers. Our online service is completely incapable of assigning any online activity to an individual and we market it that way.

The reality is that device fingerprinting systems provide online businesses with some of the only fraud management tools that don’t rely heavily on personally identifiable information. Instead of decrying privacy violations, privacy advocates should be looking to embrace systems that achieve the purpose of reducing online fraud while still protecting the privacy of good online users.