For some time now I’ve been writing about the importance of businesses working together to combat cyber crime. Echoing this sentiment is retired Air Force General Dale Meyerrose, who sat down this week with The New New Internet to discuss the importance of building partnerships, the challenges of building those alliances, and the question of who is ultimately responsible for protecting critical infrastructures in cyberspace.

In the article, “Cybersecurity Partnerships are Absolutely Critical, says Gen. Dale Meyerrose,” Meyerrose, now the VP for Cyberspace Solutions at Harris Corporation, expressed his concerns surrounding cybersecurity and the economic impact of cyber crime:

“The [issue] of most concern to me is cyber crime… elements of cyber crime, particularly economically for our country, have come to the point where we need to really be concerned. There have been estimates that we’ve lost over a trillion dollars a year to cyber crime in the last couple years. And it now exceeds all other crime in terms of the amount of money.” (more…)

The Merchant Risk Council, which brings U.S. businesses together to help combat online fraud and abuse, is taking its experience abroad. The Seattle-based association announced that in April it will launch MRC Europe to help European merchants improve their e-payments strategies and share best practices for managing online payment risk.  The inaugural event will take place April 21 and 22 in Brussels, Belgium at the NH Hotel du Grand Sablon.

Executive Director, Tom Donlea, said expanding the merchant-led program is a natural extension for the MRC because both the U.S. and Europe share common problems associated with online payment fraud.

“U.S. and European online merchants face many of the same fraud issues, security risks and payment challenges—there are nuances that MRC Europe will adapt to best serve European merchants.”

As a longtime member of the MRC, we’ve seen first-hand the contributions made by the association towards fighting online fraud and abuse. The group’s success is fueled by its members who have all committed to working together—by sharing information and experience, and establishing best practices—in order to reduce the security and payment risks that all online merchants around the globe must face.

True collaboration between businesses, for the purpose of combating online fraud, is what iovation has always advocated. Especially as we continue to see increasing device crossover in our own database, we see the clear value of a network of companies sharing resources, tools and experiences. This becomes increasingly important if businesses want to stay ahead of cyber criminals who are already internationally organized and only continue to strengthen their networks and skills. The truth is that nobody can do it alone. To combat online fraud successfully, it takes the efforts of groups like the Merchant Risk Council to bring together global businesses, industry experts, law enforcement and others to make the Internet a safe place to do business. The launch of MRC Europe, in my opinion, is another step in the right direction.

Identity fraud, and the number of its victims, continues to rise each year.

According to a recent article,  “Number of identity fraud victims jumps,” a Javelin Strategy & Research survey found that the total number of ID fraud victims in the U.S. rose to last years to 11.1 million—a 12% increase over the year before. The study also found that 2009 losses due to ID fraud totaled  $54 billion (in comparison  $48 billion in 2008).

But why, with so many anti-fraud management solutions and techniques available, does ID fraud continue to climb year-over-year? According to James Van Dyke, president and founder of Javelin, the continual evolution of technology is one of three main factors contributing to the increase of Identity fraud. Van Dyke sees online crime continuing to escalate, due to: (more…)

It’s been said that the best offense is a good defense. But how do you defend against something that’s always changing? That’s an important question for IT security professionals who know that it’s only a matter of time before cyber criminals find ways to take advantage of the inherent weaknesses in even the best technologies.

The harsh reality is that today’s cyber criminals are so tech savvy and innovative that staying one step ahead of them isn’t always possible. That’s why, when it comes to network security, a good defense should be made up of several different layers. That way, even if a hacker is able to exploit vulnerability in one layer of the system, he may be stopped or slowed down by another. This strategy, known as defense in depth, essentially allows organizations to protect the integrity of their systems by slowing hackers down and buying security professionals the time they need to respond to a security breach once it has occurred. This mitigates the damage that malicious hackers can do, even if they are able to make it past initial barriers. (more…)

A recent survey revealed that the overall perception of online fraud continues to be a growing concern for both online merchants and consumers. The result, not surprisingly, is a lack of consumer confidence and, therefore, the loss of profits for online businesses. An article, “Online retailers see fraud as a major threat,” summarizes the findings of Cybersource’s 2010 UK Online Fraud Report, and includes some eye-opening statistics about how fraud – and the perception of fraud – directly impacts the shopping habits of online consumers and the fraud policies of Internet businesses.

From the point of view of retailers, the survey found:

• 57% of merchants see online fraud as the greatest threat to their business
• Merchants expect to lose an average of 1.8% of their income to online fraud
• Merchants reject 4.6% of online orders due to suspicion of fraud

When it came to consumer attitudes about fraud, the study found:

• 71% of all consumers had concerns about online fraud
• 50% of people still don’t shop online in the UK (representing a large untapped market)
• 78% said they would never use their mobile phone to make purchases (more…)

A recent fraud study conducted by Javelin Strategy & Research and LexisNexis confirmed what we already knew: identity fraud is on the rise, and so are the losses that online merchants face. What we learned from the report, however, is that the impact on retailers is much worse than originally thought.

Based on the study results released by LexisNexis, U.S. retailers incurred losses of $191 billion in 2008 due to identity theft, stolen merchandise and fees associated with chargebacks. Even more alarming is the fact that, between the three primary groups surveyed—merchants, financial institutions and consumers—the cost of fraud to retailers is almost 10 times greater than the losses absorbed by financial institutions and 20 times greater than the losses suffered by individual consumers. (more…)

After a three-year investigation by the FBI and the UK’s Serious Organized Crime Agency (SOCA), British authorities announced they have arrested the sophisticated network of cyber criminals behind DarkMarket, one of the world’s top criminal websites. The site, which operated out of an unassuming London Internet café, was an international cyber supermarket for stolen credit card and bank account information that officials say has cost the banking industry tens of millions of dollars. (more…)

How much money has the world lost to e-crime so far? … A trillion dollars. That’s the estimated annual cost of e-crime worldwide, according to a recent article, “National online-fraud helpline to launch in April.” Despite the staggering losses attributed to online crime, victims of such crimes—both individuals and businesses—have not had a simple option for reporting them. Hopefully this is about to improve, with the UK’s new Action Fraud helpline, one of the first attempts at streamlining a call-in process for victims to report online crime.

I commend the National Fraud Reporting Centre (NFRC) for getting the hotline going. The helpline will allow individuals and small businesses to report cyber crime to a central agency, simplifying what would otherwise be a confusing process involving potentially several different government ag encies. A similar effort in the U.S., the Internet Crime Complain Center (IC3), currently allows individuals to file complaints of internet fraud through its website. (more…)

Velocity-based rules have long been used by merchants to help identify potentially fraudulent online behavior. Typically, velocity-based rules function by looking at commonalities in personal information, across accounts and transactions. For example, a warning may be set off if multiple accounts, or multiple orders, all have different names but the same shipping address. Another example might be if multiple accounts were all set up using the same password.

Unfortunately, these kinds of velocity checks are of limited value against more sophisticated fraudsters who have the information, the technology, and the general savvy to set up multiple accounts that all, on paper, look completely different—different names, different credit card numbers, different shipping addresses, different IP addresses. (more…)

Well it’s been a good year for our blog. We’ve tried to address a number of topics all relevant to helping businesses fight online fraud. As the year wraps up, I thought it would be a good time to summarize some of the themes from the year and highlight some of our posts. While we touched on a number of topics, a few main themes remained consistent:

Device reputation is an important component of best practice fraud management – 2009 was a difficult year for business, but one trend that emerged was an increased visibility into how valuable device fingerprinting and reputation solutions can be as part of any sophisticated fraud prevention architecture. Some of our articles on this topic:

• The First Five Benefits You Will See From Device Reputation
• Not All IP Addresses are Created Equally
• Device Fingerprinting Techniques – Several Choices

Online retailers are under attack – Online retailers continue to find themselves under attack and we touched on this topic a number of times this year. Here are some of the highlights: (more…)

Yesterday, President Obama took an important step toward putting cyber security front and center by appointing Howard Schmidt as cyber security coordinator. Not only will this significantly aide in advancing the current administration’s cyber security initiatives—it’s also a critical step forward in the private sector’s fight against cyber crime.

Given the impact that cyber crime has on our economy, online businesses especially have a lot riding on the success of these government initiatives. A recent report from LexisNexis estimates that U.S. businesses lose $191 billion annually from computer related crimes. This is why Mr. Schmidt’s combined experience in both government and the private sector will hopefully be an important asset, allowing him to simultaneously understand the issues currently facing businesses and be able to cut through the red tape on Capitol Hill to make real change happen. (more…)

There was a time when spam wasn’t considered dangerous; it was merely obnoxious. Unfortunately, it seems that time is quickly coming to an end. For example, take the recent article on CNN.com: “Cyber crime poses threat to e-commerce.” The article—about increasing trends in online spam and related fraud—cites a statistic from antivirus-software provider Symantec which claims that the percentage of spam that contains malicious software has increased 900% over last year.

Additionally, as perpetrators of online crime get smarter and savvier, it’s becoming increasingly difficult to distinguish between legitimate email and spam. Especially during the holidays—a busy time for fraudsters, as we’ve already discussed—there are plenty of opportunities to take advantage of the upswing in online shopping for Christmas. For example, take a look at the top 10 subject lines for seasonal spam, as reported in the December issue of Symantec’s monthly report, State of Spam: (more…)

If you’re curious to know what’s topping people’s wish lists this holiday season, just take a look at online sales. No big surprise, electronics are where it’s at. Based on information provided by fraud prevention experts (and iovation partner) Retail Decisions (ReD), the top-ten list of products sold online during Black Friday was dominated by GPS systems, televisions, digital cameras and video game consoles.

Besides providing statistics on what online purchases people were spending their hard-earned money on during Black Friday, ReD also noted that online criminals were out in force, busy spending other people’s money. “Whilst online retailers witnessed a huge upturn in sales this Black Friday, fraudsters are also ’spending’ more, with an average value of $248 per transaction online, 23% more than the average genuine customer,” said ReD’s CEO, Carl Clump. (more…)

According to ComScore, a Virginia-based firm that tracks online shopping, consumers have already purchased over $19 billion worth of products online this holiday season. That’s an increase of 3% over last year. While that’s good news for online merchants, Mike Cronin points out in his article, ’Tis the season to be wary of online scams, that it also provides new opportunities for online scammers.

Much like online businesses, cyber criminals are working around the clock this time of year. But instead of sending out legitimate emails promoting online sales, fraudsters are sending out emails containing bogus links that closely resemble real retail websites. While their intent is to steal credit card information from unsuspecting online shoppers, the real victims in this crime will end up being online merchants. (more…)

There was a blog post recently on Wallet Pop titled “Online theft not the main cause for identity fraud.” In it, author Josh Smith does a good job calling out the differences between identity theft and identity fraud. In short, identity theft is when someone’s personal identity information has been stolen; identity fraud is when that stolen information is used to commit financial fraud or some other kind of crime. While the two are inevitably related to one another, they are not the same thing.

In the case of identity theft, it’s a common myth that malware, botnets, and other internet scams are to blame; however, Smith cites a study done by Travelers Insurance that actually shows that the majority (78%) of incidents of identity theft actually occur offline. This indicates that peoples’ fears may have been, at least in part, misplaced. Individuals would benefit from an increased awareness and vigilance in all aspects of their life, not just online.

This being said, there still remains the question of identity fraud: what happens once someone’s personal information has been compromised? This is where online businesses still need to be on high alert, because online sites (and not physical stores) will likely remain the No. 1 target of identity fraud. Here’s why:  (more…)