When it comes to studying the impact of online fraud, the discussion always turns financial. For online retailers whose business models rely on Internet transactions to generate revenue, fraud losses that range anywhere from tens of thousands to millions of dollars a year can have a significant impact on their overall business profits.

This is why combating increasingly sophisticated fraud techniques requires online merchants to identify fraudulent orders faster and boost the efficiency of their fraud management functions, without increasing overhead. For one North America retailer whose fraud losses were eating into profits and affecting the customer experience, implementing the right fraud prevention service enabled them to drop annual fraud losses from a peak of $2 million to $180,000.

In our newly downloadable case study, “Online Retailer Uses New Fraud Detection Systems To Cut Fraud Loss Rates,” Forrester Research principal analyst, Andras Cser, shares how the online merchant was able to reduce fraud loss by $1.8 million after deploying iovation’s ReputationManager 360 along with our partner’s case management system. (more…)

As we wrap up the third quarter of 2010, iovation continues to see significant growth in the total number of device reputation checks performed for online businesses, along with the number of unique devices managed in the Device Reputation Authority (DRA) database.

With only three months remaining, iovation has already increased the annual growth rate for processed transactions by 67% over 2009. With more than 3.9 billion cumulative device reputation checks processed for e-commerce, financial, travel, gaming and online communities today, we expect to break 4 billion early in Q4.

We’ve also increased the overall number of unique devices by 110% over last year. Starting in 2006 with 5 million devices in our system, we now manage more than 390 million unique devices (including PCs, Macs, iPads, iPhones, Blackberries, Android, etc.). Surpassing 400 million unique devices is just on the cusp.

With cybercrime fraud losses more than doubling in 2009, Internet-based businesses need security solutions that allow them to proactively identify and make educated decisions on all incoming transactions. Through fraud and abuse evidence submitted by our worldwide, cross-industry subscriber base, iovation ReputationManager 360 combines device and account profiles, analytics, custom reporting, real-time business rules, device anomalies, and the experience and expertise of over 2,000 fraud analysts to help customers make quick, confident decisions on every online transaction request.

When it comes to managing risk for online transactions, we get a lot of questions about how our approach compares to other commercial solutions. Establishing business rules and risk scoring in combination with device reputation ranks high among topics of interest. Simply put, iovation uses the device and transaction data available to any vendor, and combines it with the strongest database of historical device risk data available on the market today.

Risk scoring, when you boil it down, is the simple process of taking the data you have available about a given transaction and the device requesting that transaction, and measuring characteristics that would lead you to believe that it is either valid or risky. Most device-based risk scores, including those offered by iovation, incorporate common types of risk elements in their scoring. These may include:

• Velocity-based Rules – Measuring device activity in a given time frame
• Transaction Anomalies – Device characteristics that indicate the device is masking its identity, such as using an anonymizing proxy, or disabling technologies like flash

(more…)

The month of February provided another stark reminder that cyber criminals continue to be on the prowl in online dating communities.

According to a recent Toronto Sun article, “Money scammers target online daters,” Durham Regional Police received several reports—all during the weeks following Valentine’s day—from women claiming they had been scammed by men they met online. After several months of courtship and communications with these men, women then said they were asked to wire money overseas to help with work-related charity efforts. Some women were also conned into providing personal identification and financial details to the suspects and were debited “substantial amounts of money from their personal accounts.” (more…)

It’s been said that the best offense is a good defense. But how do you defend against something that’s always changing? That’s an important question for IT security professionals who know that it’s only a matter of time before cyber criminals find ways to take advantage of the inherent weaknesses in even the best technologies.

The harsh reality is that today’s cyber criminals are so tech savvy and innovative that staying one step ahead of them isn’t always possible. That’s why, when it comes to network security, a good defense should be made up of several different layers. That way, even if a hacker is able to exploit vulnerability in one layer of the system, he may be stopped or slowed down by another. This strategy, known as defense in depth, essentially allows organizations to protect the integrity of their systems by slowing hackers down and buying security professionals the time they need to respond to a security breach once it has occurred. This mitigates the damage that malicious hackers can do, even if they are able to make it past initial barriers. (more…)

There has been some recent discussion in different articles regarding whether or not device identification (also referred to as device fingerprinting) constitutes a violation of privacy, in the context of fighting online fraud. The topic came up recently at a panel at RSA on the Benefits and Dangers of Device Fingerprinting. Device fingerprinting provides significant benefits for online businesses; it provides an additional factor for authentication, used by many online banks, and aides in the fight against fraud by identifying computers that have been used in the past for fraudulent activities and stopping future transactions from those systems.

The argument against this type of technology, however, is that the device information could be collected and sold, constituting a violation of privacy of the online user. What needs to be taken into consideration, however, is how device fingerprinting compares with existing identity-based fraud prevention techniques. Device fingerprinting solutions, such as the device reputation system offered by iovation, ideally work to reduce fraud while simultaneously protecting the privacy of the individual. iovation’s ReputationManager service, as an example, collects and requires no personal information from our customers. Our online service is completely incapable of assigning any online activity to an individual and we market it that way.

The reality is that device fingerprinting systems provide online businesses with some of the only fraud management tools that don’t rely heavily on personally identifiable information. Instead of decrying privacy violations, privacy advocates should be looking to embrace systems that achieve the purpose of reducing online fraud while still protecting the privacy of good online users.