Infographics: Hotel Credit Card Hacking © CreditDonkey

When travelers go online to research hotels to plan a vacation or business trip, things like proximity, cleanliness, amenities, and safety play a huge role in their decision-making process. But those priorities may be changing. With credit card fraud becoming more prevalent in the hotel industry, a hotel’s reputation in relation to online security and fraud risks may soon override many of the traditional considerations that consumers have for choosing hotel accommodations.

According to the article, “Hotel Guests More Likely to Be Credit Card Hacking Victims, CreditDonkey Illustrates Danger,” a study estimates that 38% of all credit card hacking involves hotels. That’s two-times more than the financial industry (19%), which surprises Charles Tran, founder of the credit card comparison website, CreditDonkey.

“We were surprised at the numbers showing that hotel visitors run the greatest risk of all for having their credit card information stolen.”

One of the reasons for these unexpected numbers may be the recession. Because the hotel industry has been hit so hard, many hotels and hotel chains have not adequately upgraded their computer security systems. This, along with the fact that travelers typically use credit cards to pay for their hotel stays, may explain why hotels have become prime targets for cyber criminals.

All of this could create a shift in priorities for travelers selecting a hotel. As a result, hotels need to make sure they implement effective anti-fraud security strategies that help reduce the risk of credit card fraud.

As cyber thieves get more sophisticated, hotels must deploy security tools that help them identify fraudulent activity before they happen. Fraud prevention tools like iovation ReputationManager 360 uses device reputations to identify in real-time when a device with a history of fraud or is associated with other known fraudulent accounts is attempting a transaction.

By recognizing or re-recognizing any type of Internet-connected device — whether it’s a PC, laptop, tablet or smartphone — before the transaction takes place, hotels can mitigate their risk of credit card fraud and other unwanted activities, all of which can have a significant impact on their brand reputation and, ultimately, their business revenues.

For years now, it’s become customary for companies to write off a certain percentage of online transactions on the P&L to account for the fraud they assume will get passed their anti-fraud defenses. But is accepting a certain amount of fraud loss any way to combat a problem that’s increasingly impacting sales revenues and taking a bite out of your bottom line?

To reduce fraud rates, social networking sites are using their own social verification systems to determine whether the person at the other end of a Web transaction is actually who they say they are. According to the article, “How your social network can protect your credit card,” social networking sites like Facebook collect various pieces of information about a user’s personal network to identify a person and reduce fraudulent activities such as credit card fraud, account takeover and account hijacking within their network. (more…)

Every day iovation assesses risk on more than 7.5 million transactions for the online customers that we protect around the globe. France ranks third by country, just behind the United States and United Kingdom, in the total volume of Internet traffic from any country that we protect. As you would imagine, France is a very important market for us. It is growing and as we continue to expand our international footprint, France will play a vital and strategic part in our growth.

As part of our effort to expand our device identification, device reputation and real-time risk mitigation services for online businesses in France, I am pleased to announce that Philippe Mazurier has joined iovation as Country Manager, heading up sales and business development and is based in Montpellier.

Philippe brings strong business relationships and deep, in-market experience that will be instrumental in helping us meet online fraud protection demands in this market. He understands the serious and damaging impacts that cybercrime has on online businesses.

As we continue to serve the French market, protecting e-commerce, financial services, gaming and online communities from fraud and abuse, having a seasoned veteran in authentication and fraud prevention services representing iovation will help us serve this market even better.

To arrange meetings with Philippe to talk about any fraud or abuse issues your company is experiencing, please email france@iovation.com or call +33 (0)6 69 79 12 33.

Since our inception, the online gaming industry has been a very important sector for us. This is why I am so excited that iovation’s ReputationManager 360 has been awarded Casino Journal’s Top 20 Most Innovative Technologies in Gaming Award, which recognizes outstanding fraud prevention services helping international online gaming companies stop fraud and abuse.

With criminals targeting online casinos around the clock (we’ve got the data to prove it!), gaming sites need all the help they can get to rid their tables of costly criminal activity such as credit card fraud, chargebacks, account takeover and player collusion. Leveraging iovation’s global database of over 600 million unique devices, our gaming customers gain deep insight into every device, whether it’s a PC, smartphone or tablet, attempting to login or play on their site. Using customizable business rules that allow them to assess risk at various integration points, online gaming providers will spot characteristics that are consistent with fraud and abuse to stop criminals before they strike. (more…)

With fraud more pervasive than ever, one would think organizations and their financial institutions are taking every precaution to prevent malicious activities like corporate account takeover and fraud. But a recent study found that over the past year, there has been little to no improvement in small and medium-sized businesses’ ability to prevent fraudsters from stealing money from small business accounts that have been compromised.

In the article, “Independent Study Reveals Corporate Account Takeover Fraud Continues to Plague SMBs and Banks,” the 2011 Business Banking Trust Study found that SMBs have struggled to make progress in stopping payments fraud as 56% of businesses said they had experienced fraud within the last 12 months. While 61% said they were victimized more than once over that period, 75% of businesses participating in the study said they experienced online account takeover and/or online fraud.

With mobile banking growth rates on the rise, these findings are alarming to Dr. Larry Ponemon, chairman and founder of the Ponemon Institute, which commissioned the study. With 38% of respondents saying they access their company’s banking accounts from mobile devices such as smartphones and tablet PCs compared to 23% in 2010, Ponemon doesn’t anticipate things turning around for SMBs anytime soon.. (more…)

Fraud prevention requires layers of defense. Mature fraud organizations often have several layers that interrogate the transaction details such as name, address, and credit card details, device reputation that starts with device identification, and risk scoring on rules developed over time to detect fraud attempts as well as predict new types of attacks.

In order for the business rules engines to be productive, the rules they operate on need to reflect the particular risks the organization faces. When it comes to customizing business rules, this is not a “one size fits all” model. Giving a retailer, financial institution, or gaming company the ability to easily create and manage rules that are run against their transactions requires a tool that makes it simple to see, add, edit, and experiment with rules.

The iovation business rules editor provides great flexibility in managing the set of rules to be reviewed for transactions such as login, account creation, account change, and checkout. Rule sets are the collections of rules for each end-customer touch point. Rules can be added with a familiar drag-and-drop, enabled and disabled with one click, parameters can be adjusted, and lists of common items can be managed and included. An example of a list is a ‘risky ISP list’, where the user can create a list of risky ISPs and use that same list in multiple rules. If the list changes, all rules leveraging that list will be immediately updated. New rules can be evaluated without impacting scoring results by giving them a zero weight and tracking how frequently they are triggered.

The iovation rules editor provides additional flexibility to help you keep up with the evolution of fraud while protecting your business.

iovation knows that when your business is on the line, speed and reliability matter.  Whether it is page load times for your customers, or the speed in which we can provide you real-time reputation analysis, every millisecond counts.

There are many facets to building a highly available, lightning fast infrastructure (which we will cover in more depth in future blog posts), but today I would like to start at the very beginning with our DNS architecture.

The first thing that happens when an iovation ReputationManager 360 customer (or a customer’s end user) tries to connect is a DNS (Domain Name System) lookup to convert a name (like www.iovation.com) to an IP address (74.121.28.140).  This DNS query must complete before any further interaction with the service can proceed. (more…)

While overall percentages of online fraud continue to climb, one of our partners in fighting cyber crime, Retail Decisions (ReD), reported that card payment fraud in the UK dropped an estimated 15% last year. According to the article, “ReD Estimates a 15% Drop in UK Card Payment Fraud in 2009,” the value of online, mail order and telephone order fraud dipped to GBP278 million in 2009 from GBP328 million in 2008.

Retail Decisions CEO, Carl Clump, credits innovations in fraud prevention technologies for the estimated 15% decline over the past year. This defied the trend where overall CNP (card not present) fraud losses have grown consistently over the past five years. Despite the total drop in losses, Clump was quick to point out that the current trend, which would continue well into 2010, may not be here to stay. (more…)

According to ComScore, a Virginia-based firm that tracks online shopping, consumers have already purchased over $19 billion worth of products online this holiday season. That’s an increase of 3% over last year. While that’s good news for online merchants, Mike Cronin points out in his article, ’Tis the season to be wary of online scams, that it also provides new opportunities for online scammers.

Much like online businesses, cyber criminals are working around the clock this time of year. But instead of sending out legitimate emails promoting online sales, fraudsters are sending out emails containing bogus links that closely resemble real retail websites. While their intent is to steal credit card information from unsuspecting online shoppers, the real victims in this crime will end up being online merchants. (more…)

There was a blog post recently on Wallet Pop titled “Online theft not the main cause for identity fraud.” In it, author Josh Smith does a good job calling out the differences between identity theft and identity fraud. In short, identity theft is when someone’s personal identity information has been stolen; identity fraud is when that stolen information is used to commit financial fraud or some other kind of crime. While the two are inevitably related to one another, they are not the same thing.

In the case of identity theft, it’s a common myth that malware, botnets, and other internet scams are to blame; however, Smith cites a study done by Travelers Insurance that actually shows that the majority (78%) of incidents of identity theft actually occur offline. This indicates that peoples’ fears may have been, at least in part, misplaced. Individuals would benefit from an increased awareness and vigilance in all aspects of their life, not just online.

This being said, there still remains the question of identity fraud: what happens once someone’s personal information has been compromised? This is where online businesses still need to be on high alert, because online sites (and not physical stores) will likely remain the No. 1 target of identity fraud. Here’s why:  (more…)

The BBC News has posted a report that the Serious Organized Crime Agency (SOCA), based in the UK, is warning individuals to avoid online money-making schemes that turn them into unsuspecting “money mules.” The article explains:

Fraudsters are using a variety of bogus and legitimate recruitment channels to con job-hunters into thinking they have found genuine employment. But in each case the job comes down to asking the victim to receive relatively small amounts of money into their own account and then move them onwards to another bank.

The result is that unsuspecting individuals can become liable for stolen money being funneled through their accounts and end up suffering the consequences. As an essential component of many types of fraud, money laundering is a big problem because it enables criminals to move money around without being traced to the initial theft. This not only affects online banking, but it is also a problem anywhere money changes hands—like online casinos or auction sites. (more…)

On the heels of our previous post about increased shipping fraud during the holidays, eWeek has just reported that click fraud is also anticipated to increase dramatically in the coming months:

“As we head into Q4 and the busiest season for online shopping and Internet use by those considered inexperienced users, click fraud will likely run rampant as scammers seek to tap into the increased attention, experts warned.”

Click fraud (which is when affiliate sites dishonestly increase online ad traffic in order to gain unearned revenue) is one of many types of fraud becoming more common with the use of botnets. In addition to click fraud, many other types of fraud—including spam, phishing attacks, and identity theft—are gaining in prevalence with the use of botnets. The result is that consumer PCs are under siege and individuals and businesses alike bear the cost. (more…)

Holiday shopping season is upon us; combine that with the current unemployment rate, and online fraud is likely to reach an all-time high this year. This correlation may not immediately make sense, since many people think Internet crime is only perpetrated by organized fraud rings and overseas master criminals, using botnets and committing identity theft.

But while that kind of fraud certainly does exist, there is another type of fraud that can be equally troublesome and, to some extent, even harder to combat: fraud committed by individuals using their own legitimate information. A very common example of this kind of crime is shipping fraud and it takes several different forms. Here are a few examples and tips on how companies can address this problem. (more…)

U.S. President Barak Obama has officially declared October as National Cyber Security Awareness Month and has addressed the Nation detailing the importance of our national infrastructure.

President Obama makes some important points indicating that our networks and IT infrastructure are important national assets and it is imperative to protect them. Acknowledging the growing strength of online spending, President Obama says, “The Internet and e-commerce are keys to our economic competitiveness.”

Cyber thieves are costing the U.S. and other countries billions of dollars in fraud losses every year; this is in addition to the significant impact that individuals suffer as a result of identity theft and the propagation of malware on personal computers. Obama calls on a public/private partnership to address this threat and secure our networks.

Regardless of your political leanings, providing a safe environment for online business is an important goal for our country and the rest of the world. There is no doubt that our online activities are under siege and jeopardized by an increasing cyber threat. Thwarting this threat and providing a safe environment for online businesses and individuals is a key mission for iovation and our customers.

“More than one in five people (in Australia) have fallen victim to credit card fraudsters or computer hackers.” This statistic comes from an article on Australian news site AdelaideNow, which details the findings of a recent report on credit and identity theft in the country. Apparently credit card fraud is up 23 percent from last year, and the blame is being placed on “Australia’s lapse in deploying anti-fraud technology.” (more…)