According to the article, “Online dating scams harm ‘thousands’ in Lee County,” Stacey Payne of the Lee County Sheriff’s Office community relations department says oftentimes those seeking love online either don’t want to believe it, are embarrassed, or simply don’t mind that the person they are in love with is a scammer.

“Oftentimes the victims don’t care they are being scammed – they want that companionship. Or they don’t believe they’re being scammed. They’re in love. If a person is of sound mind they can give their money to whomever they want to give their money.”

Payne estimates that 30% of online relationships, at least in Lee County, are based on lies. Contributing factors such as an aging population and affluent places such as Gasparilla Island can make such areas prime targets for online scammers, Payne says.

Because online perpetrators focus on the emotional heartstrings of their victims, Internet dating websites need to continually educate their members on how to spot potential sweetheart scams before victims get emotionally involved. While keeping members up to speed on fraud schemes and providing tips on how they can avoid being scammed, anti-fraud security tools also play a pivotal role in identifying and stopping online fraud before it happens.

Leading fraud prevention services such as iovation ReputationManager 360 uses device reputation to not only identify and re-recognize when Internet-connected devices with a history of fraud or abuse log onto a dating website, but also reveal hidden associations between fraudulent devices and other online accounts that are already active within a community.

Just since January 1, 2011, iovation has already flagged 15 million fraudulent activities for its dating and social networking clients, further protecting the client’s brand reputation and ensuring its members have a safe experience.  Many of those activities had to do with online scams and solicitations and take place all over the world.

Exposing the connections between fraudsters working together is critical for helping online dating sites reduce fraud rates and remove bad accounts that impacts its customers’ trust and confidence.

Botnet and malware based reputation. There are device reputation services that derive online reputation for devices or IP addresses through detection of malware infection or botnet characteristics. A good example of a service like this is Cisco’s Ironport Senderbase service. Here this reputation is used to fight spam, phishing, and malware propagation. The question for online businesses is how relevant is this data when used to combat fraudulent purchases or bogus account setup. In evaluating this question it is helpful to look at the various uses of botnets. There is a good submission on botnets in Wikipedia that describes the various uses of botnets. The top uses of botnets in this article are as follows:

1. Botnets are used to propagate denial of service attacks.
2. They are used for spam and phishing distribution. This use of botnets is so prevalent that they call them spambots.
3. Finally, they are used to harvest data usually either account information, personal information, or credit data.

While botnets can have correlation to online fraud, a large collection of computers that have been associated with an infection or malware is not the same thing as an online fraud reputation database. Think of botnets as the miners of the raw materials to commit online fraud. Typically that data is sent off the compromised PC to a central location where the identity data is collected and resold on the Internet. The actual fraud occurs on different PCs.

Fraud and abuse based device reputation. These reputation services, like iovation’s, track actual histories of fraud and abuse that are associated with a given device by its device fingerprint. iovation tracks over 30 types of online fraud and abuse ranging from credit card fraud to affiliate fraud and customer harassment. Tracking the actual abuses reported for a given device gives our customer actionable information with a very low false positive rate and information that is specifically relevant to their business. iovation has profiled well over 1 billion devices and tracks the unique reputation of over 120 million online devices allowing us to provide unique insight that is unmatched by other services.

Botnet and malware based reputation services are no doubt valuable at combating enterprise security exploitations, but their value simply doesn’t extend to protecting online businesses in the same way. If you are thinking about evaluating a device fingerprinting or device reputation service, be sure to ask the following questions:

1. How many devices do you profile on a daily basis and how many have you profiled in the past year?  This will give an important sense of the scale of the organization.
2. Do you track device reputations, or are you entirely risk based? Device reputation is distinct from device risk in that it identifies a device and its fraudulent history with certainty instead of assigning a likelihood that it is fraudulent.
3. If you say you have identified a fraudulent device, what type of fraudulent activity have you verified? Is this a history of an actual fraud, i.e. a credit card chargeback, or is it simply an infected PC?
4. Can you provide granularity to the reputation that is specifically relevant to my business? Is your fraud reputation one-size-fit all or do you track specific categories of fraud?

Many businesses are looking at this new category of device reputation and seeing how it can help their business. It is important to consider how that reputation is built and how effective it will be in stopping online fraud and abuse.