According to the Banking Times article, “Criminals shifting to card-not-present fraud because of chip and PIN success,” they are on the move again. Data recently released by FICO, a leading provider of analytics and decision management technology, shows that across Europe card-not-present (CNP) fraud has dramatically increased, accounting for 72% of all fraud losses between March 2009 and March 2011. The big reason for this change? Chip and PIN technology, which has helped reduce counterfeit fraud by 60% over the same period.

In comparison, a similar study conducted three years ago found that ‘card present’ fraud accounted for 60% of Europe’s credit card fraud. But since European banks adopted the smartcard payment system, that number has dropped significantly over the past couple of years.

So, remaining consistent to their adaptive nature, it appears that cyber criminals have shifted their attention to CNP schemes like online fraud, targeting countries and business systems with weaker detection and prevention capabilities, said Martin Warwick, FICO’s Fraud Chief in Europe, the Middle East and Africa.

“Our analysis of the data shines a spotlight on the tremendous change that has occurred in Europe’s fraud landscape.”

While European credit issuers continue to leverage Chip and PIN technology as part of their defensive strategies to fight fraud, the Merchant Advisory Group (MAG) recently rolled out a recommended roadmap for a U.S. electronic payments strategy that includes Chip and PIN adoption.

Such strategies have proven to help reduce card present fraud, but as the report shows, their success has also pushed hackers into new directions. Instead of using the actual credit card to defraud businesses in person, criminals are collecting credit card and personal information and using it to commit a host of online crimes including CNP fraud, account takeover and identity fraud.

As criminals increasingly pursue online fraud opportunities around the globe, businesses that rely on online payments need effective fraud detection tools that protect the growing number of online transactions taking place within the U.K. and across international borders.

Leveraging our fraud database of more than 800 million desktop and mobile device reputations worldwide, iovation performs 6.5 million device reputation checks a day for our customers. A complementary fraud prevention solution like iovation’s ReputationManager 360 provides businesses with unique intelligence and a deeper understanding of each device accessing their website or requesting a transaction, allowing them to make quicker, better informed decisions on all online transactions even if fraudsters try to re-invent how they defraud businesses over the Internet.

The truth is, even diligent businesses running the latest security software remain vulnerable to the growing number of new and unknown forms of online fraud and abuse. Take it from Mark Patterson, co-owner of PATCO Construction Inc: when it comes to fighting ACH fraud the new FFIEC authentication guidance falls short. He says that until banks become legally liable and accountable for such online crimes, businesses will remain susceptible to online fraud.

In the BankInfoSecurity article, “Fraud: The Victim’s Perspective,” Patterson, whose small residential and commercial construction company lost over $550,000 to fraudulent ACH transactions, said that while he’s glad updates have been made to the security guidelines, they don’t go far enough. In order for small businesses to protect themselves from online crimes like ACH fraud and account takeover, they need to take it upon themselves to also incorporate their own internal policies and processes to detect fraud and abuse. Some of his recommendations include:

• Talk to your bank about the ACH fraud policy to understand if fraud losses are covered
• Monitor all online transactions for bad IP addresses, anomalies, and suspicious activity
• Run and analyze reports to recognize patterns and velocities
• Educate yourself about online threats and how bad they really are

Today, too many companies struggle to keep the security of their desktop computers and mobile devices up-to-date, which puts their customers, business and brand reputation at risk. The FFIEC Guidance was designed to outline a multi-layered approach of processes and technologies that banks need to mitigate fraud risks, but if those recommendations aren’t applied and internally enforced businesses could still have trouble identifying and stopping risky transactions.

To combat the millions of online fraud and social engineering schemes attempted on banks and businesses every day (we should know, we stop more than 150,000 fraudulent transactions every day for our clients), an effective defense-in-depth anti-fraud strategy requires the ability to recognize high-risk transactions before they are accepted. iovation’s device reputation technology goes beyond traditional blacklists and personally identifiable information (PII) to identify, re-recognize and root out fraudulent devices and accounts in real time so businesses can proactively stop bad transactions from occurring, as well as shut down hidden fraud rings that are committing repeat fraud within their IT environment.

iovation’s ReputationManager 360 is a fraud prevention solution that provides an added layer of protection for any defense-in-depth anti-fraud strategy. By leveraging the power of device identification, iovation takes complex device ID a step further and equips financial services firms and other businesses with a dynamic collection of device intelligence, association data, analytics and reporting tools that allow fraud managers to assess larger sets of attributes and apply pattern recognition algorithms and pattern-learning processes to identify fraudulent devices, anomalies, velocities and other suspicious behavior taking place on their website every day.

In the USA Today article, “Travelers at high risk of identity theft, experts say,” travelers lost a total of 11,000 mobile devices at the busiest U.S. airports this year. And that only accounts for items lost before travelers reach their intended destinations. In a study of 200 data breaches, Trustwave’s SpiderLabs found that hotels and resorts are prime targets for crooks stealing financial information, with respondents saying 38% of data thefts took place at hotels or resorts.

John Sileo, an identity theft and fraud expert who experienced identity fraud first-hand while traveling to Disney World, says people can be particularly vulnerable when they are unfamiliar with their surroundings. In his case, he suspected someone took a photo of his card number at the theme park before his bank informed him that his credit card had been shut down when someone attempted to make $3,000 worth of online charges to his card.

“Data theft goes through the roof on the road,” says Sileo, a spokesperson for CSID, an identity-protection provider.

When preparing to travel, Steve Schwartz, executive vice president of consumer services at Intersections, says there are several precautions every traveler should take to protect their personal information, including:

1. Use a credit card to book flights, hotels and arrangements: Because federal law limits the liability of card holders if your credit card is lost or fraudulent purchases are made to your card, it’s best to use a credit card to book all travel arrangements rather than a debit card, which has different federal protections that could result in additional financial losses.

2. Clear out your wallet before a thief does: As much as we would like to trust our fellow travelers, you can never be sure when criminals are scoping out airport waiting areas, hotel lobbies or public media centers looking for the right moment to steal somebody’s personal property.

3. Travel with only two credit cards: Walking around with one card and storing a backup in a hotel safe limits a thieve’s ability to swipe multiple cards and access various personal accounts.

4. Leave your social security card at home: Most of us don’t carry around our social security cards anyway, so safely storing your SSN somewhere when you’re on the road is a good idea.

5. Safely store contact numbers of card companies: In the event you find your personal possessions missing, you can quickly contact your card companies and have them stop any purchases until you locate your card or are issued a new one.

6. Never type passwords or credit card numbers over unsecured wireless networks: Doing so can allow fraudsters using special software to conduct a “man-in-the-middle” attack, which enables crooks to control and intercept messages between two legitimate users without them knowing it.

7. Never share travel plans on social networks: While vacationers are always tempted to share their travel plans or instantly post pictures over social networks, this information can let criminals known when you are away from home. It’s best to provide a recap of your business trip or vacation once you’ve returned.

While individuals can do several things to protect themselves while traveling, the same holds true for businesses.

With millions of company employees on the road at any given time, organizations need to take proper security measures to protect their business data when workers are accessing their corporate network remotely. Making sure they are regularly updating all anti-virus software, encrypting sensitive data, and having effective fraud detection and prevention tools in place to secure their private networks can help reduce the risk of fraud for their traveling employees and better protect their business assets.

For the 2011 Global Award, the Red Herring editorial team selected companies demonstrating the most innovative technologies and business models originating from over 1,000 companies from over 40 nations. The companies are judged on a range of qualitative and quantitative metrics, including technology innovation, financial performance, growth criterion, management’s execution standards, potential globalization of the strategy and market share improvement.

The 2011 Global finalists will be featured during the Red Herring event taking place at the Hyatt Regency Century Plaza on December 5-7, 2012. iovation’s CEO, Greg Pierson, will be presenting iovation’s winning strategy on Tuesday, December 6th and on the last night of the event, the Global winner will be announced. If you are attending the event and would like to schedule time to chat with Greg Pierson, please email info@iovation.com.

As we inch closer to the holiday season, a pair of recent articles highlight the increasing volume of online transactions that are just around the corner for online merchants. If there is a security takeaway from these trends, it’s that IT fraud teams better be prepared for significant increases in online transactions over the next few weeks.

The first article, “Retailers: Don’t Leave ‘Peak Week’ Money on the Table,” highlights the jump in online traffic over the four-day sales period it terms, “Peak Week.” That’s the time between Black Friday (the day after Thanksgiving) and Cyber Monday (the following Monday). According to analysts at Experian Marketing Services, each of these four days appear in the top 10 for high transaction rates. Other online traffic and retail email data results the marketing group released included:

• In 2010, online traffic to the top 500 retail sites increased 5% during Peak Week over 2009
• Email volume increased 26% in 2010 versus 2009 during Peak Week
• Black Friday online traffic increased 13% in 2010
• Black Friday is the second-biggest day for online email transactions

In the article, “Online Merchants Prepare for Cyber Weekend (Not Monday),” Ken Wisnefski, founder and CEO of the search engine marketing and E-commerce solutions firm, WebiMax, elaborated on the significance of how Peak Week, or what he calls, “Cyber Weekend,” has become much larger than a one-day retail event.

“Online retailers and merchants have largely invested in E-commerce, online ads and ramping up their website infrastructure in 2011. We’re seeing these merchants committed to making it a weekend-long buying experience versus confining the mad-dash to just one day.”

At iovation, our mission is to support our clients’ business growth by securing online transactions through highly effective fraud prevention solutions. iovation is focused on helping our subscribers manage the higher volume of risks that come with peak season online transactions, without negatively impacting the shoping experience for their customers.

As an anti-fraud security provider that helps stop more than 150,000 fraud incidents each day, we understand the importance of efficiently managing high-volume order flows. Making sure that your fraud team is prepared for the growing number of online orders over peak sales periods is critical if you’re going to get the most out of the holiday sales season.

According to the Politico article, “Free pass for dating site liars,” people can take comfort in knowing that they don’t have to worry about being prosecuted or hauled off to jail for telling a little white lie over the Internet. While this certainly makes sense, at the same time we’re still walking on shaky ground when it comes to online lies, falsifications, profile misinterpretations, or whatever you want to label it. The fact is, when it comes to identity fraud, fake accounts or other crimes on romance sites, lying is typically the basis for the crime. It sets the stage for deeper criminal activity that can cost victims both emotional and financial hardships, not to mention damage to the dating site’s reputation. 

In the recent blog, “Online Trust Remains Risky Business,” I discussed how most of us have at one time or another told some kind of little white lie on the Internet. Would this be cause for criminal prosecution? Probably not. However, if the intent is to steal or commit some type of crime against another person or business, the lie could be a violation of corporate policy covered by the Computer Fraud and Abuse Act (CFAA), which criminalizes “exceeding authorized access” of a computer.

While DoJ spokeswoman, Alisa Finelli, says it’s not the DoJ’s position that lying violates the CFAA, its current position is one that could be open for change.

“We understand the concern that is motivating these criticisms of the statute, and we are willing to work with Congress on legislative proposals in this area.”

While Congress works on legislation that clarifies what would be grounds for prosecution when it comes to lying on the Internet, to protect their members and online environments dating sites need to take action by deploying anti-fraud detection tools that help them identify risky behavior. At the moment, there may not be an actual online “lie detector” that can distinguish when a member is telling the truth or not, but there are tools available, such as iovation’s device identification service, that helps detect online scammers, spammers and bad actors attempting to mine the identity details of legitimate members.

In the article, “American Stranded in Ukraine in Online Dating Scam,” former write-in candidate for governor of Arizona, Cary Dolego, traveled to the city of Chernivti, Ukraine, eager to meet up with the woman he fell in love with online and one day hoped to marry. She never showed.

Turns out, Dolego was a victim of an online dating scam that stemmed from account takeover. Apparently, someone or some group hacked into a woman’s account on an international dating website and was communicating with Dolego on behalf of a woman named Yulia. While the woman later said the account on the dating site that Dolego had been corresponding with was hers, she claims she was not part of the scam.

While this and other similar stories continue to generate media attention about the potential dangers of online dating scams, many of the common tactics hackers use to commit fraud against good members of matchmaking sites could be avoided if the website’s fraud strategy didn’t rely so much on personally identifiable information (PII) to spot and stop fraud within their online social networks.

Unlike anti-fraud tools that collect and use PII to detect fraud online, iovation’s advanced device identification technology is not susceptible to the personal information that users are required to provide when creating new online dating profiles or accessing existing ones. By identifying the actual device used to open or access online accounts — not the user’s PII — iovation’s fraud prevention service provides dating and social networking sites real-time intelligence on more than 750 million known devices. This enables romance sites to instantly accept, deny or pull for further review suspicious transactions before they happen, as well as expose hidden associations between devices and accounts that PII-based fraud detection tools simply can’t do.

Because personal information gathered from social networking sites such as Facebook is what hackers use to open new online accounts or break into legitimate ones, dating sites need a fraud detection tool like iovation that goes beyond the user’s personal information. Without it, dating and social networking sites will remain vulnerable to profile misrepresentations, fake accounts, chargebacks, account takeovers and other online scams that fraudsters can think of using PII, which today is too easily accessible on the Internet.

As cyber criminals take advantage of various technologies to bypass businesses’ digital security efforts, any business that wants to succeed in today’s rapidly-changing business environment needs to have layered and effective security measures in place that allow them to know when they are dealing with a legitimate customer or a clever fraudster. 

In the article, “IT industry news: Identity fraud ‘a threat to businesses,’” Neil Munroe, chair of the Identity Fraud Consumer Awareness Group (IFCAG), said the growing threat of identity theft is not going away anytime soon. In other words, for businesses embracing new technology including mobile devices to offer customers multiple ways to purchase goods over the Internet, every company’s online payment process needs to have the proper protections in place if they are going to succeed and remain competitive.

The fact is fraud doesn’t stop, and in all likelihood, it never will. It merely changes methods.

While it’s true no single anti-fraud solution can stop every new type of fraud criminals can think up, iovation’s device reputation technology provides online businesses with a critical layer of fraud detection that identifies the user’s device in real-time, allowing them to stop a fraudulent transaction before it takes place. In doing so, merchants can better secure their payment processes by determining if online orders are coming from genuine customers or known fraudulent devices across any type of remote technology.  When placing iovation’s device check upfront in your fraud detection process, if the transaction is fraudulent, businesses can save money by not running subsequent and costly checks.

Today, anyone seeking federal aid for the thousands of online courses can do so while maintaining their anonymity. Without the physical checkpoints traditionally used to cross-reference and validate that applicants are who they say they are, higher education online programs are being hit with what’s being dubbed financial aid fraud, or distance-education fraud.

In the recent New York Times article, “As Online Courses Grow, So Does Financial Aid Fraud,” financial aid scams have become a serious problem. In a number of high-profiled cases, distance-education fraud rings have stolen hundreds of thousands of dollars using various techniques. For example, a woman submitted applications on behalf of 23 unknowing prison inmates that she gathered information on while working in the prison’s education department. The applications were admitted and granted more than $450,000 in federal aid, including nearly $125,000 for books, transportation and living expenses.

Other fraud rings use “straw students” who have no intention of pursuing an education or are simply unaware applications are being filed in their name. With the vast majority of colleges and universities now offering online courses, Kathleen S. Tighe, inspector general for the Department of Education, said more needs to be done to stop financial aid fraud, including clamping down on identity verification.

“Without that money there would be significantly less incentive for this particular scam. We’ll do the best we can with our resources to investigate the allegations we receive, but there are actions that can be taken to help reduce the appeal of this quick-cash-for-little-effort scam.”

Identity verification processes that provide red flags for suspicious applications give higher education programs the ability to monitor and identify online transaction anomalies, velocities and geolocation information before federal aid is approved. For example, when a single computer is applying for multiple grants under different names, fraud preventative solutions like iovation’s ReputationManager 360 help online businesses spot and stop suspicious transactions in real-time without collecting or relying on any personally identifiable information (PII).

Having effective, fraud prevention tools in place provides a multi-layered approach to help identify and stop fraudulent transactions that are costing online businesses, including higher education programs, hundreds of thousands of dollars each year.

In the InternetRetailing article, “Online shopping fraud down in first half of 2011,” during the six months ending in June, online shopping fraud including mail order and phone fraud dropped to £109.2m compared to the £118.2m in fraud losses in the first six months of 2010.

Source: Financial Fraud Action UK, Cheque & Credit Clearing Company and The UK Cards Association

While findings like these are certainly encouraging, it doesn’t mean the bad guys have given up. Far from it. While an increase in fraud protection measures play a significant role in the declining numbers, once a security hole is filled fraudsters typically turn their energies elsewhere.

DCI Paul Barnard, head of the Dedicated Cheque and Plastic Crime Unit (DCPCU), is quick to point out that while online shopping fraud losses are down, the fraudulent use of lost or stolen cards is up 20%.

“There has been an increase in old fashioned scams – criminals using distraction techniques and social engineering methods to get hold of people’s cards or phone banking details. We are urging everyone to be on their guard.”

As organized cyber criminals shift tactics, the ability to expose thieves who are fraudulently using someone else’s personal or financial information to purchase items online is essential to preventing fraud or abusive activity that impacts consumers and an online business’s bottom line. This is something iovation does every day for merchants that sell goods and services over the Internet.

Checking millions of daily transactions coming into our B2B customers’ websites against our dynamic, device reputation database that’s now 715 million deep, iovation’s ReputationManager 360 provides real-time device intelligence IT fraud teams need to instantly recognize and reject bad orders on the spot to prevent an array of fraud techniques and social engineering schemes designed to defraud today’s online businesses.

According to the article, “Cyber crime hit 431 million adults in 24 countries,” a recent Norton cybercrime report found online crime jumped 3% compared to its 2010 study, costing fraud victims more than $388 billion worldwide over the past year.

Eating up 35% of the global cybercrime bill were U.S. fraud victims, who spent $139 billion on cybercrime last year. That amounts to 141 victims per minute, an alarming statistic even for Norton’s consumer cybercrime expert, Helen Malani.

“We were astounded by the costs in terms of cash lost. The number came to more than $US388 billion globally. That’s more than the illegal drugs market in heroin, cocaine and marijuana. Cybercrime is an illegal underground economy and it needs to be taken seriously.”

According to the study, one of the biggest gains in cybercrime last year came in crimes against mobile devices, which are up 10% globally. No surprise there, considering the explosion of smartphones and tablets being used to connect to the Internet. Malani said the chief concern with mobile fraud is users inability to stay on top of security updates. She said only 20% of people accessing their mobile devices have installed the most up-to-date mobile security. With up to 80% of mobile devices improperly protected, this provides fertile ground for cybercrime activity.

Similar to any other legitimate economy, growth in the illegal underground marketplace is driven by innovation, and tapping into the next opportunity. For cyber crooks, it’s all about exploiting the latest technology before the security gaps are identified and closed.

For online businesses that allow users to access their websites and corporate networks via mobile devices, this is especially disconcerting. Operating without the tools to effectively detect when fraudulent devices are logging onto their sites and requesting transactions, organizations and their customers are vulnerable to evolving schemes such as credit card fraud, card-not-present (CNP) fraud, account takeover, phishing and identity theft.

Today, building a multi-layered fraud preventative strategy that includes device reputation technology is critical to identifying when an Internet-based device, whether it’s a PC, smartphone and tablet, is already registered or attempting to log onto a website. The device intelligence that iovation’s ReputationManager 360 provides in real-time allows online businesses to recognize when a remote device that has been used to commit fraud or abuse in the past and stop any illegal or unwanted activity before it happens.

With nearly 150 users (just in the U.S.) exposed to some type of fraud every minute, it’s time businesses gain an extra layer of protection needed to stop more advanced forms of online fraud and abuse. Performing real-time risk analysis on transactions from every country in the world, iovation has already flagged nearly 40 million fraudulent transactions for its B2B customers just this year.

We all know that the top priority for any IT fraud team is to ensure their good customers can safely and easily communicate and do business within their online environment. However, because many business websites have networking communities that bring likeminded individuals together to socialize, the potential for users or criminals to act inappropriately towards others can create problems that can impact the user experience.

For the verticals we serve, including online dating and Internet gaming and gambling websites, the social interaction that goes on between their members is core to their business and daily revenue stream. If somebody gets out of line or breaks corporate policy, it not only impacts the user’s experience, but can put the organization’s reputation at risk.

If any online business fails to maintain the trust and confidence of their paying subscribers, those customers can simply take their business elsewhere. This is why online romance sites and Internet gaming environments need to be aware of the impact member abuse can have on their bottom line.

One of the challenges of protecting networking sites from abusive behavior is stopping it before it happens. But how? While most anti-fraud measures still focus on the person connecting to a site, iovation’s ReputationManager 360 solution checks the device being used to log onto a site or request transactions against a dynamic database of more than 700 million unique devices and their reputations to give businesses deeper insight to those connecting to their network. Understanding when a device on your network — whether it’s a PC, smartphone or tablet — has been used to perpetrate abusive or fraudulent behavior on another site is valuable information fraud teams can use to prevent unwanted behavior against their members.

The bottom line is, when it comes to online services, consumers have more choices than ever. If their trust and confidence has been violated as a result of online fraud or abuse, they can walk away at any time. Organizations leveraging device reputation technology to protect their social communities have an additional layer of intelligence needed to prevent both fraudulent and abusive behavior before it impacts the user experience or results in a financial loss.

To help European financial services leaders understand how to thwart these increasing risks, iovation is scheduling one-on-one meetings with Europe’s major financial institutions at the upcoming Financial Services Technology (FST) Summit, October 4-6, in Lisbon, Portugal. If you are interested in learning about the latest online fraud trends and best practices for fraud prevention in retail banking and commercial banking, please reserve some time for us to talk.

As the world’s leading provider of fraud preventative device reputation services, iovation helps businesses assess online transaction risks before they happen. Our active partnerships with leading credit issuers, foreign exchange service providers and banking clients around the globe are designed to stop account takeovers, ID theft, ACH or debit fraud, credit application fraud and more.

Having assessed risk on more than six billion online transactions, our experience and proven expertise at recognizing a wide variety of devices that touch financial services websites — including PCs to the latest mobile phones and Android tablets — plays an essential role for many of our financial services clients, who have layered device reputation with authentication.

Because today’s cyber criminals are better at evading most fraud detection defenses, iovation’s device reputation and risk profiling services assess risks posed by any Web-enabled device in real-time to help financial services identify fraudulent transactions and stop organized criminal rings while maintaining client satisfaction and minimizing friction and client support calls to sustain a competitive position in today’s challenging marketplace.

Should you be attending the European FST Summit, I look forward to meeting you there.  If you are not attending, but would like to meet while I am in the Lisbon area, please don’t hesitate to contact me.

For banks around the globe, protecting customer accounts is becoming more challenging as cyber criminals work together to create more sophisticated attacks with the aim of defeating existing security measures. In fact, fraudsters have become so efficient at figuring out new ways to access critical data from a bank’s IT system that the article,“European banking industry lacks guidance to combat cybercrime,” suggests that the entire ecosystem — from government to banks — should take a cue from the criminals themselves.

Powered by the collaboration of over 2,300 IT, security and fraud professionals, spanning multiple industry’s worldwide, iovation’s globally shared fraud database allows subscribers to benefit from everybody’s hard work and experience fighting online fraud and abuse. For example, if a multinational bank flags a device for credit card fraud today, and that same device came to your website tomorrow, next week or next month, how valuable would that information be to you? That’s the power of device reputation.

Once again, iovation is proud to be named to Inc. magazine’s 5th annual 500/5000.

Much of our growth in terms of revenue and the size of our fraud-fighting network has been with online banks and credit card issuers. The number of device reputation queries performed by our fraud protection service has grown 938% since 2007, while the number of devices managed in our global device reputation database has increased 2,492% over the same period, reaching more than half a billion devices worldwide.

In the Inc. 5000 ranking, we are the 45th fastest-growing private company in the Portland, Ore. region, and 62nd in U.S. security companies.

As online businesses continue to build safer environments that detect and stop evolving forms of fraud and abuse, our B2B SaaS solution exposes the reputations of all types of Internet-connected devices (desktops, tablets, smartphones) and hidden relationships between devices inside and outside corporate networks. The webs of associations that iovation’s ReputationManager 360 uncovers allows organizations across multiple industries to instantly detect and shut down fraud, abuse and other online crimes before their business and customers are impacted.

For a closer look at iovation’s Inc. 5000 profile, check out Inc.’s interactive database at www.inc.com/inc5000/profile/iovation.

This casual, unwary approach toward security continues to boggle my mind, particularly in today’s highly volatile business environment. But while three-quarters of the small businesses polled said they are incorporating steps to protect their computer systems from fraudsters, Fred Graziano, head of the commercial and small business banking at TD Bank, said companies need to keep up with the latest available fraud preventative technologies and criminal tactics used by more sophisticated fraudsters.

“It’s encouraging to see that small business owners are taking steps to protect their business, but fraud protection should be a high priority and it pays to be vigilant. Given the influx of new digital technologies and operational tools available for small business owners, it’s increasingly important to learn about the latest trends and techniques used by criminals, and to be more diligent in defending against fraud.”

Graziano, along with TD bank’s director of corporate security and investigations, Robert Dunlop, offered some advice to small businesses about protecting their systems and customers from evolving fraud attacks, including:

Manage finances with secure online banking:

Closely monitoring all account activity payments and financial transfers in real time with automated fraud preventative tools helps businesses quickly identify any discrepancies and provides audit trails for all online transactions.

Protect computer systems and practice online awareness:

In Dunlop’s terms, “Being complacent about cyber protection can lead to the compromise of critical information and detrimental consequences for a business.” That about says it all.

Safely handle highly sensitive documents:

Properly storing and disposing sensitive hardcopy documents such as financial statements, credit card information and social security numbers is critical to reducing the risks of confidential data landing in the wrong hands.

Incorporate appropriate checks and balances:

A strong internal review and assessment process shows customers how serious you are about fraud and preventing criminals from perpetrating deceptive acts against your business and customers.

As small and medium-sized businesses (SMBs) struggle to make progress in stopping payments fraud, organizations of all sizes should evaluate their fraud prevention needs and prioritize accordingly. Businesses operating without proactive fraud preventative tools that effectively detect and stop new forms of financial fraud will continue to fall victim to scams that costs them thousands to millions in profits and cause irreversible damage to their corporate brands.

In the article, “North business loses $8k in online scam,” a company was recently cheated out of $8,000 by an international scam that included fraudulent credit cards and a bogus freight business. The company was duped after a customer requested its purchase to be shipped to Japan via a fake London-based freight company, where additional charges to have the product shipped were added to the bill. When the customer’s payment went through, the freight company emailed the online business saying it could not take credit card payments. It asked for a direct, non-refundable overseas cash transfer, which the business paid for. Because the initial transaction went through, over the next month the company made five additional shipping payments on similar orders, amassing $8,000.

With these and other shipping scams stealing hundreds of thousands of dollars from eCommerce companies each year, detective Pete Hayes is warning online businesses about such scams that threaten any business working online.

“Anyone in the retail business that deals with orders over the internet has to be aware. Some of the red flags that might be raised are the name Postex Air Express and if someone is asking for payment via a direct cash transfer through a credit union or similar.”

For online merchants, international eCommerce orders carry a higher risk. Accepting cross-border payments pose about a 2.5 times higher risk than domestic orders. While many of today’s screening tools focus on Address Verification Services (AVS) and IP geo-location information for specific countries and regions, they can be easily spoofed by fraudsters using anonymizing proxies and other methods to hide their true locations and identities.

With many security tools limited to geographic constraints or simply ineffective in equally screening domestic and international fraud, layering a fraud prevention service like iovation’s ReputationManager 360 as part of a business’s anti-fraud strategy is critical for detecting fraud regardless of the source or location of incoming online orders.

Instead of focusing exclusively on personal information or the user to screen transactions, iovation enables businesses to identify the device being used to screen for fraud across the Internet. Its device recognition technologies combined with real-time risk reporting and analytics help businesses around the globe identify any device (PC, smartphone or tablet) with a history of fraud such as chargebacks and shipping/re-shipping fraud, and expose hidden associations with online accounts to stop repeat offenders who may already be perpetrating fraud within a network. Doing so allows eCommerce merchants to greatly reduce fraud losses (and chargeback rates) and improve the efficiency of their fraud process and team.

In one case alone, iovation helped reduce an online retailer’s fraud losses by $1.8 billion. Read the case study by Forrester Principal Analyst, Andras Cser.

In the article, “Fraudster used Facebook to hack bank accounts,” cyber criminal Iain Wood spent 18 hours a day online collecting information posted by his neighbors on social networking sites including Facebook to figure out passwords that would defeat online banking security checks. Prior to getting caught by police, he managed to steal more than £35,000 (approx. $55,000 USD) over a two-year period.

This is just a small example of how a single hacker can stage an ongoing crime spree that impacts individual users and their banks. Prosecutor, Neil Pallister, said Wood followed and befriended several neighbors online to obtain enough personal information that helped him break into their online bank accounts.

“He would make friends with people on Facebook and got their usernames. He would try it on the bank websites, on the basis people use the same passwords. If that did not work he would fill in the security information, which he got from Facebook and Friends Reunited.”

With this type of criminal behavior taking place every day, online banks can no longer afford to rely on personal information to validate customers and detect fraud. Today, knowledge-based security defenses are leaving online businesses and their customers vulnerable to schemes that allow fraudsters to easily answer security questions and de-code passwords. Now more than ever financial institutions need to deploy security tools that go beyond the data provided by customers to access their accounts. Businesses need the ability to identify the actual device used to access online accounts to see when someone is using stolen or false information to fraudulently access another person’s account.

The fact is, fraudsters will continue to gather personal information from the Internet to fool even the latest security tools. While these fraud practices may be impossible to stop, a multi-layered security approach that includes iovation’s ReputationManager 360 allows online businesses to look beyond personally identifiable information (PII) and see when any type of Internet-connected device (PC, smartphone or tablet) with a history of fraud or abuse logs onto a website or tries to access an account using personal information. This is why having deeper insight into online transactions, without relying on the information a user provides, is essential for protecting online businesses and their customers from today’s more sophisticated, knowledge-based fraud schemes.

According to the article, “Credit card fraud is a cross-border crime,” statistics have shown in recent years that online fraud trends can differ dramatically between countries. For example, online payment fraud in the UK dropped 10% from 2009-2010, while the US experienced a 157% rise in attempted payment fraud during that same period.

Carl Clump, Group Chairman of Retail Decisions (ReD), a leading payment fraud prevention provider (and iovation partner), said this is particularly disconcerting for online merchants that do business overseas. As attack methods vary considerably in different parts of the world, e-retailers operating with a limited security scope could be leaving their networks and customers vulnerable to fraud trends for which their existing security tools are not adequately prepared.

“E-commerce businesses that only focus on fraud in their own sector will not immediately spot a new ploy that criminals have used in another industry. The narrower the retailer’s perspective of fraud, the harder it becomes to keep pace with rapidly changing fraud techniques.”

As online retailers expand their businesses abroad, the key to mitigating the risk of unknown attacks is having collective intelligence that spans beyond borders. iovation’s global Device Reputation Authority fraud database shares the firsthand experiences of 2,000 worldwide fraud analysts that have provided fraud evidence on more than 650 million Internet-connected devices across the globe that criminals use to perpetrate all types of fraud and other unwanted activities including credit card fraud, card-not-present (CNP) fraud, account takeovers, and shipping/re-shipping fraud.

Leveraging the power of device reputation goes beyond the stolen information that criminals use to commit fraud. Knowing if a device has a history of fraud or abuse, or is associated with other known fraudulent devices or online accounts helps online businesses identify and stop cyber crime in real time, no matter what country or region they are doing business in. Now businesses can adapt, protect themselves, and share information worldwide — even faster than the fraudsters.

One of the emerging markets experiencing an upswing in Internet transactions is India. According to the article, “How secure are Indian businesses?” the Internet is one of the fastest growing mediums for generating business leads for Indian small and medium-sized businesses, with 57% of SMBs now using their websites as a sales channel.

Like many emerging online markets, security concerns create an initial resistance from users to share their personal and financial data over the Internet. However, online payment options that are protected by mandated security measures and multi-factor authentication processes have provided a level of confidence with consumers that has expanded India’s current online shopping market to Rs 30 million per month, said Suvrat Saigal, Consumer Banking Director, Barclays Corporate India.

“There is a steady growth of businesses and internet users in India that rely on the medium and are quite comfortable disclosing their details online; this change can be attributed to implementation of robust security standards by banks and also increased consumer awareness.”

But while users are increasingly comfortable with shopping online, Indian businesses and their customers haven’t become complacent about the importance of securing transactions or unsolicited emails aimed at tricking users into divulging personal and financial details. In fact, with cyber criminals working around the clock to develop new ways to circumvent existing network protections, today more than ever businesses need to educate themselves and take preventative steps to mitigate the risk of evolving cyber threats, said Muralidharan R, chief operating officer, Dhanlaxmi Bank Ltd.

“When it comes to online security, the challenge is to keep the ‘Bad Guys’ out while securing the ‘Good Guys’.

As fraud schemes evolve, the truth is businesses of all sizes and markets are riding the waves together. With the challenge of distinguishing the good guys from the bad guys becoming even more difficult, companies need security solutions that go beyond the personally identifiable information (PII) that criminals use to open up an account, apply for credit, or make an online purchase using someone else’s information.

iovation’s ReputationManager 360 anti-fraud solution uses real-time risk and device reputations with comprehensive data analytics to identify when a known fraudulent device is trying to log onto a website, as well as connect the dots between bad devices and existing online accounts that may already be perpetrating fraud within a network. Having insightful device intelligence to determine whether you want to accept, deny, or pull for further review an online transaction before it takes place enables businesses to reduce fraud rates, boost productivity levels, and build a safer online shopping environment.

When it comes to fraud, SMBs, like any large organization doing business over the Internet, have a lot at stake. Having the right mix of security strategies in place is critical to your company’s brand reputation and financial health, no matter what size you are or how mature your market.

The study found that IP theft (£9.2bn) and industrial espionage (£7.6bn), combined, account for over two-thirds of the overall cost to UK businesses per annum. IP theft is largely committed against companies with high volumes of IP or IP that’s easy to hack, while industrial espionage includes stealing or exploiting non-IP data from organizations that depend on large amounts of financial transactions and monetary activities.

Other significant cyber crimes that impact UK businesses include extortion (£2.2bn), direct online theft (£1.3bn), and loss or stolen customer data (£1bn), according to the report.

Because organizations today are becoming increasingly dependent on cyber space for business commerce, communications, and daily operations and production, cyber threats pose a significant threat to individual nations, as well as the global economy. This is why reports like these are so important.

Understanding the economical impact cyber crime can have on businesses, industry, and the economy can play a critical role in setting effective security policies and implementing proactive fraud preventative strategies, such as iovation’s device reputation service, which combats new and evolving forms of cyber crime that have a negative impact on organizations across the globe.

According to the article, “Online dating scams harm ‘thousands’ in Lee County,” Stacey Payne of the Lee County Sheriff’s Office community relations department says oftentimes those seeking love online either don’t want to believe it, are embarrassed, or simply don’t mind that the person they are in love with is a scammer.

“Oftentimes the victims don’t care they are being scammed – they want that companionship. Or they don’t believe they’re being scammed. They’re in love. If a person is of sound mind they can give their money to whomever they want to give their money.”

Payne estimates that 30% of online relationships, at least in Lee County, are based on lies. Contributing factors such as an aging population and affluent places such as Gasparilla Island can make such areas prime targets for online scammers, Payne says.

Because online perpetrators focus on the emotional heartstrings of their victims, Internet dating websites need to continually educate their members on how to spot potential sweetheart scams before victims get emotionally involved. While keeping members up to speed on fraud schemes and providing tips on how they can avoid being scammed, anti-fraud security tools also play a pivotal role in identifying and stopping online fraud before it happens.

Leading fraud prevention services such as iovation ReputationManager 360 uses device reputation to not only identify and re-recognize when Internet-connected devices with a history of fraud or abuse log onto a dating website, but also reveal hidden associations between fraudulent devices and other online accounts that are already active within a community.

Just since January 1, 2011, iovation has already flagged 15 million fraudulent activities for its dating and social networking clients, further protecting the client’s brand reputation and ensuring its members have a safe experience.  Many of those activities had to do with online scams and solicitations and take place all over the world.

Exposing the connections between fraudsters working together is critical for helping online dating sites reduce fraud rates and remove bad accounts that impacts its customers’ trust and confidence.

According to the Wall Street Journal article, “Hackers Shift Attacks to Small Firms,” as small businesses make the leap to computerized systems, they are becoming prime targets for cyber thieves.

Business owner Joe Agelastri, who runs a pair of magazine shops in the Chicago-area, found out the hard way. After cyber criminals planted a software program on his cash registers, which sent customer credit-card numbers to Russia, the breach cost him around $22,000, slicing his annual profits in half. Though somewhat puzzled, Agelastri is just one of a growing number of small business owners who have experienced firsthand how prolific a problem cyber fraud has become in the SMB community.

“We thought there would be very little chance that somebody would come into a business of our size to pull off something like this.”

According to former hacker and small business security consultant, Bryce Case Jr., the “too small to hack” mentality is what hackers take advantage of. Weaker security due to budgetary limitations, combined with the fact that in the same time it takes to hack a major company cyber thieves can undetectably steal data from dozens of small companies, is playing a key role in more small companies being targeted by cyber criminals. In Case’s words:

“the juice has become worth the squeeze. Even the pizza place has addresses, names and credit-card information.”

In fact, a 2010 study by the U.S. Secret Service and Verizon Communications Inc.’s forensic analysis unit that investigates attacks found that 63% of data breaches were within companies with 100 employees or less. The WSJ article also cites that Visa estimates that 95% of the credit-card security breaches it finds come from its smallest business customers.

The problem with small businesses that are operating with inadequate security in place is a single breach can potentially cost them their business. This isn’t the case for larger companies, who generally have the budget and experts on staff to protect their assets. If anything, stories like these are lessons for small businesses, who need to overcome the mentality that they are too small to hack and take appropriate measures to safeguard their customers and valuable business assets. After all, when it comes to hacking, cyber criminals don’t discriminate.

Infographics: Hotel Credit Card Hacking © CreditDonkey

When travelers go online to research hotels to plan a vacation or business trip, things like proximity, cleanliness, amenities, and safety play a huge role in their decision-making process. But those priorities may be changing. With credit card fraud becoming more prevalent in the hotel industry, a hotel’s reputation in relation to online security and fraud risks may soon override many of the traditional considerations that consumers have for choosing hotel accommodations.

According to the article, “Hotel Guests More Likely to Be Credit Card Hacking Victims, CreditDonkey Illustrates Danger,” a study estimates that 38% of all credit card hacking involves hotels. That’s two-times more than the financial industry (19%), which surprises Charles Tran, founder of the credit card comparison website, CreditDonkey.

“We were surprised at the numbers showing that hotel visitors run the greatest risk of all for having their credit card information stolen.”

One of the reasons for these unexpected numbers may be the recession. Because the hotel industry has been hit so hard, many hotels and hotel chains have not adequately upgraded their computer security systems. This, along with the fact that travelers typically use credit cards to pay for their hotel stays, may explain why hotels have become prime targets for cyber criminals.

All of this could create a shift in priorities for travelers selecting a hotel. As a result, hotels need to make sure they implement effective anti-fraud security strategies that help reduce the risk of credit card fraud.

As cyber thieves get more sophisticated, hotels must deploy security tools that help them identify fraudulent activity before they happen. Fraud prevention tools like iovation ReputationManager 360 uses device reputations to identify in real-time when a device with a history of fraud or is associated with other known fraudulent accounts is attempting a transaction.

By recognizing or re-recognizing any type of Internet-connected device — whether it’s a PC, laptop, tablet or smartphone — before the transaction takes place, hotels can mitigate their risk of credit card fraud and other unwanted activities, all of which can have a significant impact on their brand reputation and, ultimately, their business revenues.

However, to ensure they stay one step ahead of today’s profit-driven fraudsters, banks need to use the most advanced, anti-fraud techniques to prevent criminals from gaining access to legitimate online bank accounts. Michael Grillo’s article, “Combating Online Banking Fraud – A Top 10 List,” provides a checklist of the essential fraud detection methods that all banks should consider to ensure they are doing everything they can to stop online fraud, including:

1. Apply multi-factor logon authentication for online banking systems – such as tokens with one-time password or Adaptive Authentication (risk-based authentication).
2. Utilize real-time analytics – monitor transactional behavior to determine whether activity is standard or anomalous for that customer. When high-risk activity is detected, action can be taken in real time or near-real time to stop the transfer of funds from the customer’s account. Funds can also be held until customer validation can take place (see #4 below).
3. Employ profiling – include non-financial information (IP address, login activities, and device characteristics) to build customer profiles which can be stored to monitor ongoing behavior.
4. Make use of out-of-band notification methods - utilize phone call, text message, e-mail, etc to confirm activity with customers before transactions can be completed.
5. Maintain anti-virus software – Be sure to recommend your customers keep it current on end-user machines. While not fool-proof, it can stop lesser forms of intrusion.
6. Maximize password management – Ensure password management best practices are enacted (e.g. change password every ninety days, minimum length, combination alpha-numeric, varying history, etc.).
7. Leverage dual approval and limit management capabilities in your online banking tool -End-users with transaction initiation or approval entitlements should not also have administrative rights.
8. Implement token management at ACH or Wire release – this approach provides another layer of authentication prior to finalizing the transaction.
9. Employ a prescriptive, layered approach to security – utilize security tools within your online banking solution (e.g. multi-factor authentication, limit management, etc) with a fraud prevention and detection solution (e.g. profiling, analytics, etc.)
10. Education – keep it simple but constant. Partner with your customers to ensure they are aware of today’s threats and know what tools are available today to protect themselves.

As the industry shares information about new types of fraud attacks, iovation’s ReputationManager 360 puts intelligence shared by over 2,000 fraud professionals around the globe to work. By leveraging our knowledge base of 650 million Internet-connected devices and their associations, financial services and other industries can immediately identify suspicious activities through configurable real-time, fraud detection mechanisms that include device identification, device reputation and risk profiling.

In addition to the daily monitoring of transaction anomalies, velocities, geolocation and proxy-busting technology, iovation helps leading online brands stop fraudulent transactions before they are processed, as well as roots out and rids their systems of repeat offenders and fraud rings that are unknowingly perpetrating a multitude of fraud and abuse activities over time.

“We are proud to be a new entrant to the Portland Business Journal’s Top 100 list and look forward to being a regular member of this outstanding group of companies. We fully intend to move up the list in the coming years as our growth continues to accelerate,” said Doug Shafer, CFO at iovation Inc. “We are very excited about the growth opportunities in all of the key vertical markets that we serve across the globe.”

In any economy — but even more so in today’s slow economic recovery — the key to business growth is all about customer satisfaction. Driven by a “customer first” mentality, we provide much-needed fraud protection services to online businesses around the globe. This powerful combination has played a central role in not only earning new business, but also achieving a 96% customer retention rate.

For any fraud prevention company, knowing you are delivering highly innovative and effective fraud-fighting solutions that are improving the safety and financial well-being of your customers and business partners makes all the difference. That’s what makes us tick at iovation. And we couldn’t have done this without the hard work and dedication of our amazing team, partners and customers. Thanks for working with us to make the Internet a safer place.

According to the article, “Retailers are not protecting data security,” the report found that only 46% of EMEA retailers have actually put policies in place to deal with exchanges on blogs or social networks. That’s a scary thought when you consider the increase of online and mobile interactions that are taking place around the globe. 

Although cyber threats are a growing concern with online retailers, Christine Bardwell, EMEA research manager at IDC Retail Insights, said at this point there doesn’t appear to be a sense of urgency among retailers about protecting the security of their sensitive and propriety data. The report found that there remains a wide gap between good intentions and operational execution and implementation.

As organizations increasingly depend on mobile devices such as smartphones and tablets for accepting customer payments, they can’t afford to put themselves at risk of cyber criminals targeting various gateways they believe have the least amount of protection. They need the ability to monitor all mobile traffic coming to their website and non-intrusively identify devices to make quick and easy decisions on the growing volume of Internet transactions they are experiencing.

Through a shared, database of over 600 million device reputations including PCs, smartphones, tablets, PDAs and laptops, iovation’s ReputationManager 360 works behind the scenes to help online businesses monitor traffic on every type of device accessing their websites and applications. Online retailers simply customize their unique business rules that lead to an allow, deny or review of incoming transactions (within a fraction of a second) and stops fraud upfront before product is shipped or additional damage takes place.

For online dating sites’ security teams, identifying scammers can seem like the same tedious process. As they constantly sift through the tens of thousands of personal profiles, they’re looking for that one piece of information that can help them root out potential scammers.

While there are many ways fraud teams can identify online fraudsters, the real challenge in reducing online fraud and abuse is proactively identifying criminals before they can commit a crime. More often than not, fraud teams find themselves taking a reactive approach of responding or shutting down bad accounts only after a legitimate member has fallen victim to an online crime. This may help clean up bad accounts on their websites, but it doesn’t prevent crimes from happening in the first place.

According to the article, “Online Dating Sites Warn Users of Scams,” with Internet dating scams on the rise, the security that’s offered on romance sites is becoming a priority for people seeking love online. The article also said security is influencing which sites people choose to look for love on:

“New members will be gained, not because of the match making technology being implemented, but because of the security that the online dating site can provide both in terms of physical safety as well as personal information and privacy concerns.”

With security playing a greater role in both protecting its good members and attracting new ones, online dating sites need fraud preventative solutions that go deeper into identifying bad profiles and accounts on their sites. iovation’s ReputationManager 360 anti-fraud solution goes beyond looking at the person connecting to a website, as well as the personally identifiable information (PII) that criminals provide to create fake profiles and accounts.

Using the reputation of over 600 million devices including PCs, smartphones and tablets that connect to the Internet, iovation exposes devices with histories of negative behavior that have either created accounts or are associated with accounts on their websites. In doing so, online dating and other social networking sites can proactively identify and shut down fraudsters before any damage is done to their members and corporate reputations.

According to the article, “Hackers coming in through the front door,” more and more cyber criminals are creating virtual disguises that are indistinguishable from a legitimate customers, allowing them to make what appears to be valid online purchases right under a merchant’s nose. This type of deceptive fraud tactic not only impacts online merchants’ sales and profits, but is changing the way businesses protect their online retail environments.

It’s no secret that over the years cyber crime has been one of the biggest catalysts in the evolution of online security. As fraudsters find new ways to get around existing defenses, online businesses are forced to react to new criminal tactics. While anti-fraud techniques such as additional card verification, geo-location, device fingerprinting and velocity checks have upped the ante in the ongoing cat-and-mouse game between hackers and IT security professionals, simply slapping on additional detection tools doesn’t necessary create a stronger defense.

For example, increasing levels of sensitivity for fraud tests can actually lead to a rise in false positive rates, which can result in rejecting more good orders, accepting more bad ones, dwindling profits and damaged customer relationships. In fact, CyberSource’s 2011 UK Online Fraud Report found that merchants’ average order rejection rate has increased, along with the acceptance of fraudulent orders.

One of the keys to fighting more sophisticated fraud is implementing effective security tools that combine and cross-reference data with global data sources. When it comes to fraudulent disguises, iovation’s ReputationManager 360 uses a globally shared, fraud database of more than half a billion device reputations to identify all Internet-connected devices that have been used to perpetrate fraud or abuse, or are associated with fraudulent online accounts.

The ability to instantly recognize whether an online transaction is good or bad, without having to rely on the information provided by the user, is critical to stopping more complex fraud schemes. By identifying devices requesting transactions, online retailers can reduce fraud and confidently accept more good orders, which improves the overall customer experience and increases business profits.

The Visionary section of the Magic Quadrant recognizes security vendors whose products are easy to implement and have successfully reduced online fraud for their customers.  According to Gartner’s description:

The Visionaries’ products are relatively easy to implement (when compared with many of their competitors) and have achieved very good results in reducing online fraud for their clients, often using software-as-a-service (SaaS)-based models. Often, they are more innovative than their competitors and tend to offer superior customer service, which they can afford to do, given their smaller customer base and their dedication solely to fraud detection.

Our revolutionary device reputation technology uniquely identifies and re-recognizes individual devices, including computers, smartphones and tablets, that log onto business websites and checks it with our shared global fraud and abuse database to help customers assess the transaction risk based on the likelihood that the device will commit online fraud or abuse.

In fact, Gartner’s description of Web fraud detection nearly describes what iovation’s ReputationManager 360 fraud prevention solution does to a tee: detects account takeover, detects fraudulent accounts created by a stolen or fictitious identity, and detects the use of a stolen financial account when making a financial transaction.

“We’ll stop over 50 million fraud attempts this year as we continue on our mission to make the Internet a safer place”, said Greg Pierson, founder and CEO of iovation. “We are honored to be positioned by Gartner as a Visionary and recognized in the web fraud detection market. We take pride in providing superior customers service and delivering meaningful results in the fight against online fraud and abuse.”

Being recognized as a finalist for this prestigious award, which looks at technological innovation, financial performance, execution of strategy and management strength of private technology ventures, is a testament to our continued success in protecting the world’s largest brands from online fraud and abuse like credit card fraud, account takeover, chargebacks, money laundering and identity theft, to name a few.

“This year was very rewarding,” said Alex Vieux, publisher and CEO of Red Herring. “The global economic situation has abated and there are many great companies producing really innovative and amazing products. We had a very difficult time narrowing the pool and selecting the finalists. iovation shows great promise and therefore deserves to be among the Finalists. Now we’re faced with the difficult task of selecting the Top 100 winners of Red Herring North America. We know that the 2011 crop will grow into some amazing companies that are sure to make an impact.”

Last year alone, iovation helped online businesses prevent 35 million fraud attempts to protect their customers, corporate reputations and reduce fraud losses. As cyber crime continues to put online businesses and their critical data at risk, nothing is more satisfying to me than knowing the impact our device reputation technology is having in helping our customers across multiple industries fight fraud and protect their customers and business profits from more sophisticated and damaging fraud and abuse schemes.

We look forward to sharing more during our presentation at the Red Herring North America Forum in Hollywood, California, June 13-15, 2011.

In the Internet Retailer article, “Sony data breaches highlight the fraud risks online retailers face,” it was first disclosed that hackers made off with customers’ names, street addresses, email addresses and dates of birth. However, updated reports now say that up to 10 million credit cards may have been compromised.

While the theft of personal information can lead to more phishing email, fraudulent accounts, and a host of other social engineering schemes, David Montague, president of The Fraud Practice LLC, a consulting firm that specializes in card-not-present (CNP) and online fraud prevention, said the real threat to Internet retailers would be if the criminals stole credit and debit card numbers.

“When large numbers of credit card numbers are stolen, there are more available for sale and fraud attempts increase.”

In recent years, there has been so much theft of payment card numbers that retailers now have to consider every card number as suspect, said Forrest Research analyst, Jonathan Penn. To protect their businesses and customers from an array of fraudulent activity such as credit card fraud, phishing attacks, account takeovers and identity theft, Penn says that merchants should avail themselves of the latest innovative fraud-fighting solutions like Ethoca, which aggregates data about fraud from many retailers, and iovation, which compiles a database of computers associated with fraud.

This will not be the last that we will hear of breaches of this sort. In the past, identity thieves would “dumpster dive” and clone cards at restaurants or at pumps. Today, they steal millions of cards at a time from online retailers. The sad reality is that the vast majority of the victims of this crime most likely did everything right, and yet they are still going to bear the consequences of this breach.

As part of our effort to expand our device identification, device reputation and real-time risk mitigation services for online businesses in France, I am pleased to announce that Philippe Mazurier has joined iovation as Country Manager, heading up sales and business development and is based in Montpellier.

Philippe brings strong business relationships and deep, in-market experience that will be instrumental in helping us meet online fraud protection demands in this market. He understands the serious and damaging impacts that cybercrime has on online businesses.

As we continue to serve the French market, protecting e-commerce, financial services, gaming and online communities from fraud and abuse, having a seasoned veteran in authentication and fraud prevention services representing iovation will help us serve this market even better.

To arrange meetings with Philippe to talk about any fraud or abuse issues your company is experiencing, please email france@iovation.com or call +33 (0)6 69 79 12 33.

With criminals targeting online casinos around the clock (we’ve got the data to prove it!), gaming sites need all the help they can get to rid their tables of costly criminal activity such as credit card fraud, chargebacks, account takeover and player collusion. Leveraging iovation’s global database of over 600 million unique devices, our gaming customers gain deep insight into every device, whether it’s a PC, smartphone or tablet, attempting to login or play on their site. Using customizable business rules that allow them to assess risk at various integration points, online gaming providers will spot characteristics that are consistent with fraud and abuse to stop criminals before they strike.

Based on the online gaming transactions iovation has checked since January 1, 2011, here’s a sample of what we’ve stopped and what we’ve seen:

This prestigious award is a testament to our continued commitment to reduce fraud and abuse in the online gaming industry. For 7 years now, we’ve been helping gaming sites detect cyber criminals and shut down global fraud rings so our customers can improve their business profits and maintain a reliable, trustworthy reputation with their good players.

Online crimes like credit card fraud and identity theft continue to cost businesses and individuals billions of dollars each year, and President Obama has now rattled his sabres about making it a top priority to fight cybercrime. In a recent International Business Times article, “Obama: Online Fraud Costs The Average Victim 130 Hours, $631,” we find that the Obama administration’s National Strategy for Trusted Identities in Cyberspace (NSTIC) aims at developing a program to ensure the safety and security of transactions over the Internet.

“By making online transactions more trustworthy and better protecting privacy, we will prevent costly crime, we will give businesses and consumers new confidence, and we will foster growth and untold innovation. That’s why this initiative is so important for our economy.”

The plan includes an identity ecosystem that allows willing participants to obtain a single, unique credential as a one-time digital password for users logging into a website. This would enable individuals to avoid possessing multiple usernames and passwords, and better protect them from fraud. It would also allow small businesses to go online without the expense of building their own login system. But the White House says it will not create a centralized database of information.

This exposes one of the key issues that needs to be tackled before any of these systems have a chance at success. The desire to maintain control over our individual privacy (an important goal) is often at odds with our need to manage risk (an equally important goal) – determining the proper balance will be crucial, as will the use of processes and systems that facilitate both goals. And, to be sure, those systems MUST allow for collaboration or the good guys will never be able to match the free flow of information that exists amongst criminal peers.

iovation’s Device Reputation Authority is the world’s largest, centralized device-based fraud database that combines 600 million device reputations with comprehensive data reporting and analytics for real-time fraud protection. Leveraging iovation’s fraud protection service allows businesses to proactively identify any Internet-connected device — whether it’s a PC, smartphone or tablet — attempting to log into their site to stop fraudulent transactions and other online criminal activities including credit card fraud, account takeover and identity theft.

While we know fraudsters can’t resist a sure thing, Craig Scroggie, vice president and managing director of Symantec in the Pacific region, said most of the time consumers turn a deaf ear to such warnings until it is too late. In the article, “Cybercrime to hit tablets,” Scroggie, who has warned consumers about potential threats to email, fake websites and computers in the past, is at it again. This time he says the proliferation of smartphones and tablet devices will soon face the same type of attacks PC owners have long suffered.

According to Symantec’s Internet Security Threat Report, there were 163 known vulnerabilities in mobile operating systems in 2010, a 42% increase compared to the 115 in 2009. More attacks on mobile devices can be attributed to a couple of things, most notably more people using the devices for mobile computing and Web surfing, and the fact that users are less security-savvy about malware on mobile devices.

With the major mobile platforms now ubiquitous enough to attract hackers, like clockwork, we’re seeing the same criminal pattern take its course. As a result, Symantec expects attacks on these platforms to increase in 2011. The report also found that despite having security measures in place, 45% of respondents said security was still one of the top obstacles in smart devices.

From the iovation perspective, we’re seeing increasing traffic across our subscribers from mobile devices, predominantly from smart phones, with iPhone and Android devices leading the pack. While there is fraud originating from mobiles, it’s still a relatively small fraction of the overall fraud we catch every day. It will be interesting to watch the shift as mobiles begin to overtake laptop and desktop devices as the platform of choice for everyone, fraudsters included.

In the article, “Independent Study Reveals Corporate Account Takeover Fraud Continues to Plague SMBs and Banks,” the 2011 Business Banking Trust Study found that SMBs have struggled to make progress in stopping payments fraud as 56% of businesses said they had experienced fraud within the last 12 months. While 61% said they were victimized more than once over that period, 75% of businesses participating in the study said they experienced online account takeover and/or online fraud.

With mobile banking growth rates on the rise, these findings are alarming to Dr. Larry Ponemon, chairman and founder of the Ponemon Institute, which commissioned the study. With 38% of respondents saying they access their company’s banking accounts from mobile devices such as smartphones and tablet PCs compared to 23% in 2010, Ponemon doesn’t anticipate things turning around for SMBs anytime soon..

“As online and mobile banking adoption continues to grow, the possibility for more fraud and more lost customers escalates. Endpoint security will be challenged to keep up with the growing number of devices and threats, and banks are in the best position to take the lead on proactively protecting all account holders from the wide variety of threats.”

It’s these types of findings that underscore the need for businesses to be proactive and implement fraud preventative strategies that stop new forms of financial fraud that costs businesses millions in profits each year. To protect systems from new and emerging online threats that continue to torment SMBs and the financial services industry, iovation’s ReputationManager 360 uses a combination of device identification, device reputation and risk scoring that effectively stops fraud rings that are committing account takeover, phishing schemes and other types of online fraud, regardless of whether they are using PCs, smartphones or tablets to access a financial institution’s website or mobile application.

On Monday, we were named by AlwaysOn and industry experts as one of the 2011 OnDemand Top 100 winners, which recognizes leadership and game-changing approaches and technologies likely to disrupt existing markets and entrenched players. iovation was chosen for our unique ability to detect online fraudulent activity in real-time and keep our clients’ businesses and customers safe.

By leveraging our knowledge base of half a billion device reputations to prevent fraud loss and protect our customers, iovation helps many of the world’s leading brands representing financial services, retail, travel, dating, social network and gaming industries stop 150,000 online fraudulent activities each day.

But we couldn’t do this alone. This is a highly collaborative effort. We work with more than 2,000 fraud analysts worldwide, who report and share their unique fraud experiences through our Device Reputation Authority database. The information we share on Internet devices (computers, smartphones and tablets) and their associated online accounts provides our clients with upfront intelligence they can use to recognize who is attempting to make fraudulent payments or request suspicious transactions so they can proactively stop fraud or abusive activities before they happen.

I’d like to again thank the AlwaysOn editorial staff and other industry peers for recognizing the hard work and dedication that we and all of our partners are doing to make a difference in the anti-fraud landscape.

According to the article, “Securing Internet Payments,” 70% of all fraudulent credit card transactions originate from card-not-present (CNP) transactions. This has a substantial impact on the public’s confidence using their credit card for online transactions. Lacking the capability to prevent unauthorized transactions and associated fraud and abuse ultimately trickles down to Internet-based businesses’ bottom line revenues and profits.

Because e-commerce is expanding faster than conventional transactions, financial institutions, merchants and other organizations that depend on online payments to do business need to have effective fraud preventative tools in place to identify the cardholder before the remote transaction actually takes place. Doing this requires the ability to look beyond the credit card information provided by the individual requesting the transaction.

iovation ReputationManager 360 does this by checking the reputation of the actual device being used to request the online transaction against a database of more than 550 million unique devices, some of which have been used for fraud or are associated with other devices that have been involved with fraud or abusive behavior. This allows businesses to accept, deny or review transactions to stop criminals before they cause damage to the business or customers.

Using iovation’s configurable business rules engine, financial services organizations can automatically make decisions at transaction time. Here are just a few example rules that could be written. Of course, there is not a “one size fits all” model when it comes to business rules, so these are purely examples.

If you plan to attend NACHA Payments 2011 in Austin, Texas, April 3-6, and would like to learn more about how device reputation helps protect financial institutions from CNP fraud, chargebacks, identity theft, account takeovers, and other fraudulent activities, stop by our Booth #332. I will be there along with Don Megale and we both look forward to meeting you.

But what happens when industry perception is beyond your control? Can online businesses protect themselves from consumer perceptions of the industry as a whole? And what kind of impact can consumers’ fears of shopping online have on online merchants?

In the article, “Card Fraud: Consumer Fears Cut Into Sales,” a recent ACI Worldwide survey of more than 4,000 consumers in 14 countries found that concerns around credit card fraud are not only increasing, but can also impact sales. Some of the study’s key findings included:

50% of worldwide consumers worry about credit card fraud

58% believe card fraud is increasing

65% of U.S. consumers are concerned about using their cards online

Each one of these points can impact consumers’ shopping behaviors, resulting in sales and profit losses for online retailers. While these findings can help organizations better understand consumers’ fears with using their credit cards, the information can also prompt online businesses to take additional steps to build confidence in their brands and minimize any potential losses as a result of growing concerns of shopping on the Internet.

While businesses can and should continue to educate customers about the fraud preventative measures they have in place to ensure the safety and protection of their websites and payment processes, the best strategy to instilling consumer confidence in your brand is having a comprehensive, multi-layered defense that combines a number of complementary anti-fraud solutions to proactively identify and stop credit card fraud and card-not-present (CNP) fraud from occurring in the first place.

With total losses to Internet crime topping $599 million in 2009 (the latest annual statistics), educating others about the current state of fraud, evolving fraud tactics, high at-risk groups, and best practices to identify and prevent fraud, plays a critical role in helping consumers and businesses protect themselves from online fraud.

Fraud Prevention Month is also an indicator of how much still needs to be done for businesses to adequately protect themselves and their customers from today’s growing threats.

In the article, “One in five Canadian small firms insufficiently prepared to handle fraud,” a recent survey found 80% of Canadian small business owners believe their fraud-prevention strategies are enough to protect themselves from fraud. However, 17% responded that they are not prepared to handle new types of fraud tactics.

With cyber attacks becoming more widespread, the annual education and awareness campaign focuses on the growing concerns of online fraud. According to Gail Cocker, senior vice president of commercial banking at BMO Bank of Montreal, businesses that aren’t equipped to prevent evolving fraud tactics face increasing risk that could impact their business operations.

“Fraud is a direct threat to the success of our business customers. In today’s world, business owners must understand and manage multiple risks. Fraud is an operational risk that must be managed proactively.”

While education is key to raising the business community’s awareness of potential fraud risks, regularly assessing your fraud-prevention strategies is essential to making sure you are prepared for evolving fraud techniques that are continually seeking new ways to defraud your business and customers.

With regular events going on around the globe to help organizations protect their businesses and customers from more sophisticated cyber attacks and identity theft, the iovation team spent last week talking with 800 attendees at the 2011 Merchant Risk Council (MRC) e-Commerce Payments & Risk Conference, held at the Wynn Resort in Las Vegas. Take a look at the photos published on iovation’s Facebook page.

iovation provides device reputation and real-time risk evaluation solutions to help businesses representing retail, financial services, gaming and social networking determine the level of risk associated with their Internet transactions including PCs, tablets and smartphones. By performing device reputation checks on over 7.5 million daily online transactions for our customers, we help stop more than 150,00 online fraud and abuse attempts each day.

With identity theft the clear leader of consumer complaints over the past decade, what I found most surprising is that impostor scams — the means of deceptively assuming another identity (either that of an individual or of an organizational entity) — only cracked the FTC’s Top 10 most complained-about consumer issues for the first time last year, coming in at No. 6 with over 60,000 complaints.

With impostor scams, fraudsters earn trust with their victims by impersonating anything from credible, trustworthy businesses to consumers applying for credit or purchasing items over the Internet. Whether fraudsters are attempting to defraud individuals or socially engineer businesses, identifying cleverly concocted impostor scams requires the ability to see beyond the information provided by criminals.

For online businesses, this means looking beyond the personally identifiable information (PII) supplied by individuals. Unlike most anti-fraud tools that rely on PII to identify customers logging onto websites or requesting online transactions, iovation’s ReputationManager 360 identifies the devices being used to defraud or abuse others online. Leveraging the world’s largest device reputation database that shares intelligence on more than 500 million devices and their associations, iovation provides information that online businesses can use for protection against the growing threat of impostor scams.

By taking data collected from 113 million servers globally that track cyber attacks like identity theft, phishing threats and fraud activity, the Cybercrime Index is a website that acts like a stock index, informing Internet users about the day’s biggest online threats.

Along with giving users up-to-date reports on malware activity, the Cybercrime Index is an educational tool that provides tips on how Internet users can avoid cybercrime, said Dan Nadir, senior director of consumer products at Norton.

“With the increasing sophistication of cyber threats and the staggering amount of money lost to cybercriminals, it’s important for people and businesses alike to think seriously about how they are protected online. We’re constantly trying to educate people around the dangers of online threats.”

While there’s certainly no substitute for education when it comes to keeping up with the latest trends in cybercrime, businesses in particular require fraud prevention tools and techniques that work together to effectively defend their virtual environments and customers from all types of online fraud and abuse attempts. Education and training, combined with highly effective and comprehensive security solutions like iovation’s ReputationManager 360, provide a stronger, multi-layered defense that today’s organizations need to protect their businesses from all forms of online crime, including the top threats of the day.

Through this partnership, Affirmative Technologies will offer customers iovation’s ReputationManager 360, which combines customizable business rules, risk profiles, and the shared experiences of more than 2,000 fraud analysts from leading brands worldwide, as a strategic component of its risk platform. By combining Affirmative Technologies expertise in electronic payments with our risk assessment and global device reputation solution, companies get an extra layer of security to authenticate users before they enter their secure websites.

When it comes to online payments, nothing is more important to businesses than preventing the bad guys from committing financial fraud. This partnership allows companies to verify good, bad and suspicious users before they can request a financial transaction, and in doing so, confidently accept online transactions faster and stop criminals from causing harm to their business and trusted customers.

Dr. Bernard Herdan, CEO of the National Fraud authority who runs Action Fraud, said fraudsters who take advantage of online dating sites are a particularly sinister bunch, who use clever tricks to gain the confidence and affections of legitimate site users before asking for money. He warned that nobody should ever send money to someone they’ve never met in person.

“These fraudsters are normally very attentive, ensuring there is regular contact via email, by text messages and telephone, as well as sending gifts, such as flowers. They take or create identities of generally good looking, upstanding members of society, such as successful business people or increasingly, as a US or UK soldier posted in the Middle East. Anyone using dating sites should be very cautious when getting to know someone, and never transfer money till you have met.”

Because Valentine’s Day is typically the busiest time for romantic courtships, online lonely hearts should be particularly cautious with new online romances. While the article provides several tips on how users can protect themselves to avoid online dating fraud, romance websites can also help in curbing threats by deploying effective security tools to help identify potential fraudsters that could be lurking within their virtual environments.

iovation’s ReputationManager 360 looks at information independent of what users provide online dating sites to give IT security professionals a unique insight into the devices (computers and mobile devices) that criminals use to create multiple profiles and accounts on their sites. This information exposes fraudulent devices and hidden device-account relationships to help romance sites identify and stop online fraud and abuse. To learn more, check out the whitepaper, “Online Dating: Keeping Your Members Safe from Online Scams and Predators.”

After being recognized by the international gaming and online dating communities in January as one of the top technologies for preventing fraud and increasing profitability, productivity and efficiency, we are extremely proud and honored to be recognized by industry leaders in e-Commerce as one of the most innovative fraud fighting tools for online or multi-channel retailers.

To be eligible for the awards, all entrants must be available for online or multi-channel retailers to use for the purpose of measuring, monitoring or mitigating one or more of the following: card-not-present fraud; advancing online data security; improving online payment processes; and advancing the MRC’s vision of making electronic commerce more efficient, safe and profitable.

This week, the Merchant Risk Council (MRC) announced that iovation ReputationManager 360 has been named a finalist for the 2011 MRC Emerging Technology Awards (also known as the METAwards). The awards are judged by a panel of merchants that include the likes of eBay, BestBuy.com, Go Daddy, HP, Microsoft, NCsoft, Tiffany & Co., Urban Outfitters, T-Mobile, among others. The judges recognize the most innovative and effective payment, fraud and security tools on the market. The METAwards are the MRC’s initiative to recognize the best available solutions on the market, and provide their merchant members a window into the future.

The awards will be announced at the upcoming the MRC Annual e-Commerce Payments and Risk Conference, March 23, in Las Vegas. If you are planning to attend the event, stop by our booth #217 and don’t miss our feature presentation on Thursday, March 24th at 11:00 am titled, “Circle of Fraud” with speakers Jim Houlihan of HSN, Michael Peterson of Dell, and Cory Swick of iovation.

While this and the other accolades we’ve received lately have been nothing short of overwhelming, we are extremely proud of being recognized by industry leaders and associations across multiple industries. Because we serve online retail, gaming, social community and financial services companies, the acknowledgements have been a testament to iovation’s ongoing commitment to make the Internet a safer place to interact and conduct business, as well as reinforces the positive impact we make in the everyday lives of our customers by protecting their online transactions to reduce fraud rates.

The 2011 Global Excellence Awards will be announced at an awards gala, February 16th, in San Francisco.

A recent survey conducted by the Information Security Media Group, “The Faces of Fraud: Fighting Back,” found that despite all the anti-fraud technologies banks have put in place to detect criminal activity, more than three-quarters (76%) of fraud incidents are detected by none other than their own customers. Other fraud detection points included:

48% – At the point of transaction
41% – Third-party notification
26% – At the point of origination
23% – During account audit/reconciliation

The survey also found credit/debit card fraud outpaced all other fraud types experienced by financial institutions in 2010, including:

82% – Credit/debit card 6
3% – Check 48% – Phishing/vishing
37% – ACH/wire (account takeover)
32% – Third-party POS skimming

So, how did these incidents impact financial organizations? The top non-financial losses suffered due to fraud incidents were:

45% – Loss of productivity
37% – Customer confidence and reputational loss
18% – Customer accounts (moved to other institutions)
12% – Regulatory or other compliance issues

All this seems to underscore the need for more effective fraud detection solutions. As the financial industry continues to see rampant growth of more advanced fraud threats that range from online payment and credit card scams to account takeover of legitimate bank accounts, financial institutions are hungry for new fraud detection tools that identify and help stop fraud before it impacts their business, or worse, reaches their customers.

In the article, “Report: Stolen data sold over online black market,” the security firm revealed that cyber criminals have set up shop online to buy and sell everything from stolen bank account information, credit card numbers and passwords to consulting and technical services around developing and operating fake online stores.

Impersonating hackers to gain entry into the online black market, PandaLabs researchers discovered an online catalog of an array of products and services that include:

• Credit card details – $2-$90
• Physical credit cards – $190+ cost of details
• Bank credentials – $80-$700 (with guaranteed balance)
• Online stores and pay platforms – $80-$1,500
• Designing and publishing of fake online stores – Pricing varied according to project

This is yet another prime example of how the bad guys are highly organized and have sophisticated operations that mimic traditional business techniques. Today’s cyber criminals are motivated by financial gain, and it’s operations like these that give other aspiring hackers the tools they need to defraud businesses over and over again. As criminals work together to increase their chances of success (not to mention strengthen their numbers), we, too, have to collaborate and deploy complementary anti-fraud defenses for stronger protection against more sophisticated forms of online fraud and abuse.

As the travel and leisure industry continues to fight various consumer scams, having the right fraud prevention tools in place is essential to stopping criminal activity that directly impacts businesses and consumers. This partnership complements TWS’s continued commitment to help their online merchants boost profits and operate more effectively.

By having access to half a billion device reputations and their associated devices and accounts through iovation’s ReputationManager 360 fraud protection service, TWS’s client base has the ability to avoid fraud losses by preventing sophisticated online crimes and shutting down entire fraud rings that unknowingly exist within their network.

Led by a highly qualified team of technical and sales experts experienced in international commerce and technologies, TWS provides consulting services to the travel and leisure industry, and beyond. They will market and sell our fraud prevention services to online travel merchants looking to reduce fraud losses and protect their brand.