When talking to people on the street about fraud and abuse in multiplayer online games, they are often surprised that such a thing even exists! But the reality is that once a game reaches a certain level of popularity, it becomes equally attractive to the dark side.

Nexon America is one gaming publisher that takes this threat very seriously! They not only fight fraud and abuse head-on; they take a proactive approach with the assumption that every possible flavor of abuse will be attempted and they’re armed and ready for it.

At a recent fraud prevention user group for iovation’s gaming clients during E3 in Los Angeles, Nexon led discussions on preventing account takeovers, chargebacks and gold farming with other fraud professionals who attended. Gold farming (stealing virtual goods or using stolen credit cards to obtain them) is a serious abuse that destroys in-game economies and contributes to poor player experience. Additional topics that were covered during the iovation user group included friendly fraud, code hacking, password education, blacklists and biometrics, just to name a few. (more…)

Friendly fraud occurs when a customer makes an online purchase with a credit card and then, once the merchandise has arrived, calls the credit card company, claims never to have received the item, and requests a chargeback. The merchant has no way of proving the legitimacy of this card-not-present transaction, and is forced to refund the customer’s money.

According to a study released by LexisNexis Risk Solutions, retailers lost more than $139 billion to fraud last year, with friendly fraud accounting for one fifth of those losses.

The problem for you, the consumer, is that banks and merchants tend not to believe identity theft victims, because friendly fraud complicates the reimbursement process. It’s not uncommon for victims to be required to sign affidavits and have them notarized.

Online merchants need a better system. Device reputation would be one step in the right direction. While a customer is placing an order, device identification technology recognizes and re-recognizes PCs, smartphones, or tablets used to access online businesses across the Internet. Then, device reputation technology determines whether or not device the being used has a history of fraud (including histories of friendly fraud) or if high risk is assessed at transaction time. When a particular transaction is reported as fraudulent, that information goes into a globally shared knowledge base and the fraudster’s device and its related accounts are flagged in order to prevent repeated attempts under new identities. This protects the merchant and honest consumers from billions of dollars in losses to fraud.

For many online merchants, friendly fraud is a persistent problem. Without the right security tools in place, it is difficult to identify whether or not a customer is committing fraud.

According to the article, “Friend and Foe? Combating E-Commerce ‘Friendly Fraud’,” financial cybercrime against card-not-present (CNP) retailers can take many forms. While MasterCard says 70% of all e-commerce chargebacks are identified as fraud, more and more cardholders are committing friendly fraud due to buyers’ remorse or financial hardships. Although merchants are doing everything they can to reduce refund rates – from conducting operational assessments, marketing data analysis, and adopting a payer authentication program – they still don’t have the information needed to proactively identify and prevent friendly fraud before it happens.

While some merchants feel friendly fraud is impossible to prevent, there are solutions available that enable online businesses to proactively identify computers that have a habit of committing friendly chargebacks.

iovation ReputationManager 360 will assess risk on incoming transactions and identify whether the device being used has committed friendly chargebacks on other websites. By leveraging known intelligence and inference of risk while website visitors interact with a business’s website, they can “deny” incoming transactions when risk levels thresholds are met.

When businesses choose to “review” transactions associated with friendly chargeback histories, they will research the transaction, account or device within the ReputationManager portal. Here they will see all the other subscriber evidence related to that particular customer.

In the unfortunate event that a merchant is hit with a friendly chargeback, they will then place evidence against that account to avoid repeat offenses such as additional fraudulent orders. Merchants choose between 32 different types of fraud or abuse when placing evidence in the ReputationManager portal.

Utilizing device reputation as a best practice for fraud protection is critical to reducing fraud losses and boosting profitability, gaining operational efficiencies with the fraud prevention process, and ensuring that good customers have a safe and positive experience while interacting on your website.

While friendly fraud is nothing new, according to an industry study it remains a prevalent problem throughout the online retail community. In the article, “Merchants’ Battle Against Friendly Fraud Will Be A Protracted One — Across Two Fronts,” LexisNexis found that friendly fraud accounted for more than one-third of the total fraud losses for online-only merchants in 2009, costing them .4% of their total annual revenue. While that number dropped slightly for the largest e-commerce merchants to about 24% of their total fraud losses, it still represented a significant amount of lost revenue last year.

Definition of friendly fraud: Any transaction, contested by a customer, where the merchant suspects that the customer or a personal associate (child, spouse) legitimately authorized the transaction in question. (more…)