As we inch closer to the holiday season, a pair of recent articles highlight the increasing volume of online transactions that are just around the corner for online merchants. If there is a security takeaway from these trends, it’s that IT fraud teams better be prepared for significant increases in online transactions over the next few weeks.

The first article, “Retailers: Don’t Leave ‘Peak Week’ Money on the Table,” highlights the jump in online traffic over the four-day sales period it terms, “Peak Week.” That’s the time between Black Friday (the day after Thanksgiving) and Cyber Monday (the following Monday). According to analysts at Experian Marketing Services, each of these four days appear in the top 10 for high transaction rates. Other online traffic and retail email data results the marketing group released included:

• In 2010, online traffic to the top 500 retail sites increased 5% during Peak Week over 2009
• Email volume increased 26% in 2010 versus 2009 during Peak Week
• Black Friday online traffic increased 13% in 2010
• Black Friday is the second-biggest day for online email transactions

In the article, “Online Merchants Prepare for Cyber Weekend (Not Monday),” Ken Wisnefski, founder and CEO of the search engine marketing and E-commerce solutions firm, WebiMax, elaborated on the significance of how Peak Week, or what he calls, “Cyber Weekend,” has become much larger than a one-day retail event.

“Online retailers and merchants have largely invested in E-commerce, online ads and ramping up their website infrastructure in 2011. We’re seeing these merchants committed to making it a weekend-long buying experience versus confining the mad-dash to just one day.”

At iovation, our mission is to support our clients’ business growth by securing online transactions through highly effective fraud prevention solutions. iovation is focused on helping our subscribers manage the higher volume of risks that come with peak season online transactions, without negatively impacting the shoping experience for their customers.

As an anti-fraud security provider that helps stop more than 150,000 fraud incidents each day, we understand the importance of efficiently managing high-volume order flows. Making sure that your fraud team is prepared for the growing number of online orders over peak sales periods is critical if you’re going to get the most out of the holiday sales season.

According to the article, “Securing Internet Payments,” 70% of all fraudulent credit card transactions originate from card-not-present (CNP) transactions. This has a substantial impact on the public’s confidence using their credit card for online transactions. Lacking the capability to prevent unauthorized transactions and associated fraud and abuse ultimately trickles down to Internet-based businesses’ bottom line revenues and profits.

Because e-commerce is expanding faster than conventional transactions, financial institutions, merchants and other organizations that depend on online payments to do business need to have effective fraud preventative tools in place to identify the cardholder before the remote transaction actually takes place. Doing this requires the ability to look beyond the credit card information provided by the individual requesting the transaction.

iovation ReputationManager 360 does this by checking the reputation of the actual device being used to request the online transaction against a database of more than 550 million unique devices, some of which have been used for fraud or are associated with other devices that have been involved with fraud or abusive behavior. This allows businesses to accept, deny or review transactions to stop criminals before they cause damage to the business or customers.

Using iovation’s configurable business rules engine, financial services organizations can automatically make decisions at transaction time. Here are just a few example rules that could be written. Of course, there is not a “one size fits all” model when it comes to business rules, so these are purely examples.

If you plan to attend NACHA Payments 2011 in Austin, Texas, April 3-6, and would like to learn more about how device reputation helps protect financial institutions from CNP fraud, chargebacks, identity theft, account takeovers, and other fraudulent activities, stop by our Booth #332. I will be there along with Don Megale and we both look forward to meeting you.

Through this partnership, Affirmative Technologies will offer customers iovation’s ReputationManager 360, which combines customizable business rules, risk profiles, and the shared experiences of more than 2,000 fraud analysts from leading brands worldwide, as a strategic component of its risk platform. By combining Affirmative Technologies expertise in electronic payments with our risk assessment and global device reputation solution, companies get an extra layer of security to authenticate users before they enter their secure websites.

When it comes to online payments, nothing is more important to businesses than preventing the bad guys from committing financial fraud. This partnership allows companies to verify good, bad and suspicious users before they can request a financial transaction, and in doing so, confidently accept online transactions faster and stop criminals from causing harm to their business and trusted customers.

With cybercrime more prevalent during the holiday rush, this got me thinking about what gifts would be at the top of fraud manager’s wish lists, and how iovation can help fulfill those holiday wishes. Here is my list of the top gifts fraud managers would like to see this holiday season:

1. Secure online and mobile transactions: Online and mobile payments are the lifeblood of many companies today. Having the right tools to secure both online and mobile transactions is critical to mitigating fraud risks. In addition to identifying computers accessing their online stores, iovation helps companies assess risk on all transactions from iPads, tablets, and mobile devices including iPhones, Android, Blackberries, and many other brands.

2. Multi-layered security defense (“defense-in-depth”): Any anti-fraud strategy that doesn’t work together with other defenses can leave weaknesses in the system that cybercriminals take advantage of to perpetrate fraud and abuse. Inclusion of iovation’s ReputationManager 360 solution helps provide a multi-layered security strategy that allows organizations to prevent attacks by coordinating multiple defense techniques that complement each other, filling in the gaps of existing anti-fraud tools.

3. Early recognition of bad guys through their devices: As fraudsters continuously provide false or stolen information to create multiple online profiles to apply for credit online and access websites, companies cannot expect to effectively catch criminals with tools that rely solely on the data provided by the user. iovation’s 4 billion device reputation checks enable businesses to identify devices with a history of online fraud or abuse to help businesses stop criminal activity such as credit card fraud, account takeovers and identity theft, no matter what information the user has provided.

4. Eliminating heavy burden of manual reviews: As the volume of online orders increases during the holidays, organizations need a way to reduce the number of orders they review. By accurately identifying devices with fraud history, as well as devices and accounts associated with fraudulent or abusive behavior, in real-time, iovation significantly reduces the number of suspicious online orders that need to be reviewed, easing the heavy burden of manual reviews.

5. Expediting legitimate, good orders: Of course, accepting more good orders from satisfied customers is the key to growing profits. Leveraging iovation’s device intelligence through the Device Reputation Authority database enables companies to gain the confidence they need to block bad orders and accept good orders faster through more precise risk management. As a result, organizations can better protect their good customers while increasing their operational efficiencies and overall business revenues.

Sure, we’d all like to sleep as quiet as a mouse come Christmas Eve. This holiday, iovation is providing online businesses with the protection they need to safeguard their IT environments so they can get a crime-free, good night’s sleep.

In a nutshell, merchants must take a proactive approach by adopting tailored fraud and risk management solutions to protect their businesses. As fraudsters become more sophisticated, Badran said protecting an online business environment from fraudulent orders and safeguarding cardholder data is critical to overall business revenues and brand reputation.

“Merchants risk incurring damage to their reputation and brand, and the consequences associated with loss of trust from customers are difficult to overcome. Merchants simply cannot ignore the impact of fraud to their business and their bottom line.”

According to Badran, one way to help mitigate bad orders is to implement fraud and risk scoring tools that provide multiple data points beyond the actual card data. Information such as velocity behavior, bill to/ship to address, IP address and device ID can help merchants set parameters for their businesses and score online transactions.

“Fraud scoring tools can help in making the right automated decisions quicker and more effectively during high-volume periods so that you are able to accept more good orders and reduce the number that may result in chargebacks.”

One way iovation helps online merchants make decisions in an efficient and effective manner is by offering customizable real-time business rules.  Within the latest release of ReputationManager 360, weighted business rules allow our customers to define a set of rules that, taken together, reflect a more accurate measure of risk for each transaction.

Here’s how Weighted Business Rules work:

1. Define the rules to be used at a specific website interaction point such as login or checkout
2. Assign a weight that reflects the risk associated with each rule
3. Set threshold limits to reflect Accept, Deny or Review (A, D, R) real-time responses
4. Once implemented, all rules will be tested within the set and a Transaction Score will be calculated for those rules that were ‘true’
5. The real-time response (A, D, R) returned is determined by where the Transaction Score falls within the thresholds.

In the example above, an online business has chosen to create a rule set that contains rules for:

• Velocity (such as the number of devices that touch a particular account within a period of time)
• Evidence (such as financial fraud evidence exists on this account)
• Geolocation (such as a high-risk IP range)
• Anonymous Proxy (such as users hiding their IP address or making it appear they are coming from another location)
• Anomaly (such as a timezone/geolocation mismatch)

While all business rules were checked, only two returned a ‘true’ response, velocity and evidence.  The weights associated with these two rules created a Transaction Score of -125.  The threshold previously set by the business states that anything less than -100 would automatically return a ‘deny’ response for this transaction, hence rejecting the high-risk transaction.

Within each of these rule categories, multiple rules exist and can be applied and customized by our customers.  Additional categories such as Risk Profiles and Watch Lists are also available. Based on the customized business rules set, iovation’s customers are able to automatically Accept, Deny or Review any transaction at any integration point — including (but not limited to) account creation, login, account change, deposit or withdrawal and checkout.  As a result, online businesses can accept good orders faster and reduce bad ones without impacting the business process or end user experience.

I recently sat down with Failsafe’s chief operating officer, Patrick Sallnert, to discuss some of the top online payment challenges facing today’s merchants, its integrated e-commerce platform, Certo Payment Gateway, and how our partnership will help provide safe and secure online payment services for merchant customers.

Max Anhoury: We are very excited to be partnered with Failsafe Payments and your Certo Payment Gateway. Would you please tell our readers about Failsafe Payments and how it got started?

Patrick Sallnert: Failsafe Payments was created in 2007 as a regular billing company by a very experienced team within e-payments. Our goal early on was to make it easy for merchants to find suitable billing solutions along with an easy API or payment page integration along with excellent customer support. In 2008, we established Failsafe Payments North America with an office in Cleveland, Ohio, and it was around this time I started to think about the product that would later become Certo Payment Gateway.

MA: What do you see as the major payment challenges facing online merchants today?

PS: I am glad you asked that question as this was exactly the reason for creating the Certo Payment Gateway. There are so many alternative payment brands, services and solutions out there that it’s difficult for merchants to keep track of them. Enabling these solutions requires a lot technical expertise for all the integrations. We have done all that for them, and make it affordable by not including any ridiculous set-up or monthly fees. We charge a per transaction fee. That’s it. Merchants can pick and choose the solution right for them, and we help them with the paperwork towards each partner and service they want to enable. The more payment methods a merchant can offer, local or international, smaller brands and bigger brands, the more sales and conversions they will experience. We will also integrate MSPs, banks and shopping carts.

MA: The Certo Payment Gateway is quite complex. Would you explain how it works, who uses it, and how you intend to offer iovation towards your customers?

PS: Certo Payment Gateway is extremely complex, but not for the intended customers. The customers we are targeting are merchants that want to sell their goods or services locally and internationally. We also offer a white labeled solution for MSPs. That, too, without the set-up fees others are charging. We were even quoted a $50,000 USD set-up fee from one of our competitors. I was flabbergasted to say the least.

iovation’s solution will be offered to our merchants that use our payment page integration. We simply enable it when the merchant wants us to. We have customized iovation ReputationManager so the merchant does not have to think about any other aspects than their core business, which is selling their goods or services and maximizing profits.

MA: Mitigating risk in online transactions is something both of our companies are very familiar with. Can you tell us why you chose the fraud protection partners that you did, and the benefits that will be passed on to your merchants?

PS: We have our own MPI software for 3-D Secure transactions that we can enable for any merchant that wants to process with 3-D Secure, as long as the acquiring bank supports it. Basically, we chose the top providers of different kind of fraud screening to pass on the possibility to choose the best ones for that particular merchant and their types of goods or services. Of course, merchants can enable several for comprehensive, multi-layered approach. iovation’s device reputation service is a perfect fit in our portfolio of integrated partners. Our merchants can enable fraud screening solutions immediately, without doing all the technical integrations and tweaking. In that sense, we’ve done the work for them.

MA: Thanks Patrick.  We are very excited about teaming up with Failsafe Payments, and look forward to helping provide your online merchants with solutions that improve their business and mitigate risk of online payment fraud.

For more information on Failsafe Payments, visit failsafepayments.com.

One of the ways merchants are countering online payment scams such as credit card fraud and identity theft is by adding fraud prevention services that help determine whether or not an online transaction is high risk. A recent trend has seen leading credit issuers and payment companies partnering with security providers to minimize fraud risk when accepting payments online.

iovation has teamed up with payment management companies such as Litle & Co. to combine our experience and expertise to help online businesses increase their payment security, minimizing risk. But the expertise doesn’t stop there. With iovation offering the world’s largest global fraud database of over 275 million unique devices, companies instantly gain access to thousands of worldwide fraud analysts’ intelligence and experience with online fraud and abuse. Businesses that incorporate fraud services such as iovation’s device reputation technology into their fraud prevention strategy benefit from:

• Minimizing fraud risk of accepting bad payments online
• Reducing losses from fraud exposure
• Decreasing costly manual transactions reviews
• Increasing payment process efficiency

Companies trying to combat rapidly evolving forms of online payment fraud on their own will only lose out in what has clearly become a global arms race with cyber criminals. That’s why inclusion of fraud services has become a key differentiator of payment processing.

In the article, “Internet fraud’s U.S. price tag put at $550 million,” Donald Brackman, director of the National White Collar Crime Center (NW3C), said the growing figures can be largely attributed to increasingly sophisticated online schemes and cyber criminals’ ability to hide their true identities online.

“Criminals are continuing to take full advantage of the anonymity afforded them by the Internet. They are also developing increasingly sophisticated means of defrauding unsuspecting consumers.”

FBI special agent, Charles Pavelites, added that another reason the numbers continue to climb year over year is the simple fact that more people are using the Internet than ever, which increases the overall pool of online criminals and potential victims.

Findings like these underscore the ongoing need for individuals and businesses to stay on top of emerging threats, take all necessary precautions around unsolicited emails and Web sites they’re providing personal information or making online payments on, and, of course, make sure they’re using the latest anti-virus software and solutions. The key to evolving cyber crimes is the fact that criminals are taking advantage of the latest technology and techniques to defraud anyone they can. Shouldn’t we be doing the same to protect ourselves?