Archive for the ‘Payments Management’ Category

ThreatMetrix is hosting its first annual user conference for ThreatMetrix customers and security professionals at the Monterey Plaza Hotel and Spa in Monterey, California, Octobert 9 – 10.  Hey, just because you’re fighting bad guys is no reason you can’t do it from one of the most beautiful places on the planet.

Themed “Defeating Online Fraud and Promoting E-Commerce Together,” the conference will feature:

• Reed Taussig, ThreatMetrix CEO and president, who will formally open the summit and provide an industry overview.
• Rhonda MacLean, founder of MacLean Risk Partners LLC, a consulting firm that provides strategic advisory services. Prior to founding MacLean Risk Partners, MacLean was the global leader of Information Security and Risk for Barclays, PLC in London, England and Bank of America, headquartered in Charlotte, NC. For over 12 years MacLean was responsible for the respective banks’ security policies; information risk management; security and risk technology implementations; cyber investigations; computer forensics; and general information risk management awareness.
• Steven Boutelle, Lieutenant General, U.S. Army (Retired) and former chief information officer of the U.S. Army, responsible for the U.S. Army’s use of information technology.
• Julie Conroy McNelley, senior analyst with the Aite Group’s Retail Banking practice, covers fraud, data security, anti-money laundering, and compliance issues. McNelley brings to Aite Group more than a decade of hands-on product management experience working with financial institutions, payment processors, and risk management companies.
• ThreatMetrix customer presentations representing financial services, e-commerce and social networking/Web 2.0 companies.
• ThreatMetrix product development roadmap presentation by Alisdair Faulkner, chief products officer, ThreatMetrix.

Online registration for the ThreatMetrix 2011 Fraud Fighters Summit will be available beginning August 1 at http://threatmetrix.com/news-events/2011-fraud-fighters-summit. Attendance is limited, so it’s recommended that interested parties register at their earliest convenience.

“Hosting our first global user conference is a natural evolution in ThreatMetrix’s rapid growth and development,” said Bert Rankin, vice president of marketing, ThreatMetrix. “Members of the ThreatMetrix user community and prospects will benefit by learning proven fraud fighting strategies and best practices from recognized industry thought leaders, industry peers, and ThreatMetrix product experts. At this conference we intend to convey how ThreatMetrix is leading the charge to protect businesses with the most effective first perimeter of defense against online fraud.”

ThreatMetrix is exhibiting in Booth 1216 at the world’s largest e-commerce event this week, IRCE 2011. In its seventh year running, IRCE will round up more than 7,000 e-tailers at the San Diego Convention Center for four days of e-commerce-centric workshops, sessions and networking.

According to Internet Retailer, online retailers experienced losses of $2.7 billion or .9 percent of total revenues in 2010.  The real real losses  are obviously higher as most online retailers are reluctant to divulge their overall exposure  to and losses from  fraud.

The challenge for e-tailers is to screen more online orders while keeping order rejection and fraud rates as low as possible to maximize sales and profits.

Automation is a critical addition that helps e-merchants scale their efforts more efficiently and cost effectively than growing their fraud staff. International card-not-present (CNP) transactions pose an additional challenge to e-tailers who adopt higher rejection rates to reduce their risk — at the expense of more sales. Digital downloads like music and images also present a unique challenge for fraud detection with a fulfillment window of seconds rather than hours. While they must minimize fraud, e-tailers must also use every tool at their disposal to make their customer’s online purchase as hassle-free and simple as possible, or risk losing to a competitor just a click away.

ThreatMetrix device profiling brings a new and powerful approach to fighting fraud and enabling e-commerce that helps merchants manage CNP payments risk in real-time without relying on personally identifiable information (PII). ThreatMetrix device profiling goes beyond browser fingerprinting to identify the device, bypass proxies and detect the use of botnets to offer e-merchants an additional layer of protection that reduces lost sales from false negatives, reduces fraud chargebacks and chargeback fees and files, and minimizes fraud management expense by reducing the number of transactions sent for manual review.

Bert Rankin, vice president of marketing, and other ThreatMetrix employees will be exhibiting at Booth 1216, offering attendees insight into the latest in online fraud prevention around mobile transactions, ticketing, social media and Web 2.0, as well as emerging fraud technologies like the ThreatMetrix Cloud-Based Fraud Prevention Platform.

This year’s IRCE is built on a forward-looking theme: “E-Commerce Shifts into Overdrive—The Race is On.” The event is specifically designed to give e-tailers practical information they need to compete in today’s growing e-commerce market, and ThreatMetrix is looking forward to being part of that conversation.

Explorer 9 and Firefox 4 upgrades permit users to prevent sites from using cookies to track their movements. But, to delete Adobe Flash local shared objects (LSOs) or cookies, users had to go to the Adobe Flash Website.

Now Google Chrome, which is bundled with Flash, makes clearing Flash cookies as easy as…well…pie. All it takes is a few clicks from within the browser and no LSOs. That may be great for user privacy, but it’s hell and dollars to pay for online merchants, banks and social networks, all of whom depend on cookies stopping fraudsters. In fact, today, banking on cookies detecting fraudsters has about as much chance of success as Osama Bin Laden’s relying on messengers.

So what do “smart cookies” do when cookies don’t work?  They turn to ThreatMetrix SmartID™ which detects fraudsters even if they’ve wiped their cookies. Without cookies or cookie equivalents, ThreatMetrix SmartID enables companies to stop online fraud, and, at the same time, protect customer privacy.

ThreatMetrix and the Ponemon Institute have announced the second set of findings from their recent survey around consumers’ reactions to online fraud today. This second round of data was gathered from survey questions around behavioral advertising specifically, on the heels of the recent McCain-Kerry privacy bill.

The study revealed the majority of consumers are comfortable with online behavioral tracking for fraud prevention purposes, but remain hesitant around advertising and promotional purposes. The results are outlined in a report, “Consumers’ Reaction to Online Fraud.”

Other highlights of the findings include:

• Seventy-four percent of consumers expressed some level of concern about online advertisers collecting and using their information for future promotional activity. Half of the respondents, however, feel it acceptable to use information about their online behavior as long as it’s to detect potential fraudsters.

• Twenty-four percent of consumers said they don’t think behavioral targeting in any form is appropriate, whereas 26% said it is okay for online businesses to use their information to either send them ads or monitor potential fraudsters.

• Only 16 % of consumers said that advance consent is necessary for each transaction, when asked about the extent of obtaining consent to use their online behavior information for fraud detection. One third said consent was not necessary at all, while the majority (36%) said consent only once in advance is sufficient.

• The majority of consumers (70%) reported that if they were assured their personal information was not collected when used for fraud detection purposes, they were comfortable with an online business authenticating their identity through a digital fingerprint. Another 22% said they were unsure.

The research also looked at consumer sentiment about fraud prevention across the banking, social media and Web 2.0 industries and mobile channel. For more information about the findings, download a copy of the report at http://info.threatmetrix.com/ConsumerSurveyOnlineFraud2011.html.

ThreatMetrix and the Ponemon Institute reveal the first set of findings from their 2011 consumer survey, focused on consumer awareness and confidence in online fraud prevention: “Consumers’ Reaction to Online Fraud.” Most notably, the study found that 85% of survey respondents reported being worried and dissatisfied with the level of online protection businesses are providing to stop fraudsters today. Forty-two percent of respondents indicated that they have been the victim of online fraud, and of those, 80% said they did not report the crime and only 19% said they reported it only to the online business directly.

Other highlights of the findings include:

• Survey respondents who expressed concern over online fraud said they felt online merchants, banks and social networks need to take additional steps to prevent fraudsters from stealing consumer information.

• Consumers expressed much more willingness to share data like ISP, computer serial number, type and make, rather than information like date of birth and telephone number.

• Consumers have an overall positive perception about companies that use authentication and fraud detection tools to prevent online fraud. Fifty-six percent even indicated they are ‘more willing’ to shop or browse an online business if they know that company is taking specific measures toward combating fraud.

The research also looked at consumer sentiment about fraud prevention across the banking, social media and Web 2.0 industries and mobile channel. For more information about the findings, download a copy of the report at http://info.threatmetrix.com/ConsumerSurveyOnlineFraud2011.html.

At the 2011 Merchant Risk Council Annual e-Commerce Payments & Risk Conference, ThreatMetrix will be announcing the availability of the ThreatMetrix™ Cloud-Based Fraud Prevention Platform, incorporating cookieless device identification and enhanced mobile authentication. This platform will make it easy for banks, merchants, online businesses, payment gateways and payment providers to detect and screen for fraud.

The Threatmetrix Cloud Based Fraud Prevention Platform represents the third-generation of device identification technology.  Threat Metrix device intelligence has evolved from IP address, to browser attributes, to packet fingerprinting intelligence to stay one step ahead of increasingly sophisticated fraud attacks and competitive vendors. ThreatMetrix goes beyond first generation device identification technologies that are limited to IP address and browser attributes with ThreatMetrix SmartID™, a key component of the ThreatMetrix Cloud-Based Fraud Prevention Platform.

ThreatMetrix SmartID, which incorporates unique TCP/IP packet fingerprint detection, cross correlates and scores device fingerprint attributes and behavior with session and browser cookies to more accurately establish and authenticate a device identity. Attributes collected from the IP address and browser are easy to manipulate. For example, common browser plugins allow fraudsters to change the apparent browser and version that the Web server sees with a click of a button.

ThreatMetrix SmartID device identification overcomes these limitations by adding packet fingerprinting intelligence for greater accuracy and spoof protection. Because the information is collected as part of the standard networking and browser security model, there is no possibility of leakage of personal information, no interruption to the customer’s online experience, and no additional software or browser plugins to download or accept.

Some of the new features include:

• Enterprise Risk Engine
• Global Network Intelligence
• Queue Management
• Customizable Alerting
• Online Portal and Dashboard for Transaction Monitoring and Link Analysis
• Bulletproof Security and Privacy Protection

“The ThreatMetrix Cloud-Based Fraud Prevention Platform provides companies with the ability to authenticate payments, new accounts and returning customers online regardless of the device involved – be it a smartphone, personal or tablet computer – without requiring a forklift install of hardware or software,” said Reed Taussig, president and CEO, ThreatMetrix. “A smarter approach to device identification combined with aggregated fraud intelligence in the cloud allows customers to benefit from proactive protection without needing to share personally identifiable information.”

For more details on the new features, check out our press release.

Findings from the recent AWPG report reveal that fraud remains a serious issue in the credit card/payments information category. This is often downplayed to account for rises in cases of smaller categories such as Classified Advertising and Banking. These categories, however, only account for less than 10% of all phishing cases. Statistics show that more than one-third of phishing attempts to steal credentials are directed at collecting credit card/payments information, making this the largest category affected by fraudsters.

One reason this issue may not seem as relevant might be the decrease in brand attacks since 2009. It is important to keep in mind, however, that while the number of brands hijacked by phishing attacks is down 22% from October 2009, fraudsters are finding unique ways to target specific brands through personalized phishing attempts that make these efforts more difficult to track.

According to ThreatMetrix Chief Product Officer Alisdair Faulkner in a recent Security Week article, the attacks on the credit card/payment information category may be decreasing, but continue to affect the largest number of people: “‘Unfortunately the pain is not just felt by the brands targeted by phishing attacks, it is every other online business that is then attacked with the stolen identity and credit card information,’” he said.

Within a period of 24 hours (from Feb. 1 – Feb. 2) ThreatMetrix detected 135,000 fraudulent transactions attempted against 350 of the top online companies, data we pulled for Security Week.

Stolen consumer information continues to be a serious issue. It is essential that innovative efforts continue to block fraudsters before they have the opportunity to cause significant damage. Statistics like those gathered from the AWPG report illustrate the rapid pace the fraud protection industry needs to move in order to maintain a solid approach to fraud prevention.

CyberSource just released an excellent white paper titled Improving Automated Screening to Overcome Increasingly Sophisticated Fraud that’s stuffed full of valuable advice and insights by Paul Brock, one of their top fraud management consultants.  You may think “clean fraud” sounds like an oxymoron but it fits as a description of fraudsters getting better (cleaner) at applying more complete and accurate personal data from stolen identities/credit cards to commit fraud. Brock’s knowledge and experience are well-worth reading in this white paper—he’s on the front lines of fighting online fraud, helping customers take and keep control over fraud 24 x 7.

You can request a copy of the CyberSource white paper here.

Brock’s premise is that because fraudsters have gotten smarter about using more and better personal data and strategies (“clean” fraud) to make it appear as though they are legitimate customers, organizations need to adopt more and better fraud prevention tools and strategies to control fraud.  He points to ThreatMetrix’s Fraud Network, “combined with cross-merchant transaction histories” as providing an effective strategy for detecting “clean” fraud.

Here are just some of the valuable points that Brock discusses in this paper:

• Next-generation device identification solutions, those that offer “both browser fingerprint and packet signature inspection,” deliver a new and rich source of information about the computer/device, it’s internet connection and it’s behavior that go beyond the “ just the apparent identities involved in the transaction”
• Device identification technology opens a new avenue of correlation that can be used in fraud screening: you have an additional element that can be examined with regard to velocity, and for detecting identity morphing.
• Device fingerprinting must go beyond the surface of identifying the transacting device, to identify whether additional suspicious activities might be at work. In the process of collecting the device identification attributes, your implementation of device fingerprinting should also interrogate the device about how it is being used and how it may be under the control of another device.

There’s a ton of great information in the white paper, get a copy and learn how to stay ahead of clean fraud.

- Tom

We surveyed 185 attendees who stopped by our booth at last week’s NACHA Payments 2010 Conference in Seattle to take their pulse on web fraud.  Payments 2010 brings together  payments industry professionals from Risk Management, Online Fraud Detection, Loss Prevention, Card Services, Retail Banking, Internet/Electronic/Mobile banking and more.  Here are the Payments 2010 survey results with comments  including relevant comparisons to the MRC 2010 conference survey results where we asked the same questions to 211 attendees.

Slightly more than four-fifths of the Payments 2010 respondents said they think stopping online fraudsters at their first attempt is more important than making it fast and easy for customers to transact online. The MRC 2010 conference attendees were about evenly split on this question.

Slightly more than half of the respondents said they are more at risk for collecting personally identifiable information than their customers are for providing it.

Respondents cited Account logins as their top requirement for fraud protection, followed closely by New account creation and CNP.

About thirty percent of the respondents said they needed all three types of fraud protection: new account origination, logins and card not present.

In case you haven’t heard, there’s real money in virtual goods—serious money. Just read this weeks’ TechCrunch article on how the big three (Zynga, Playfish and Playdom) rake in a combined $335M in estimated revenue. The combined number of monthly users named in the TechCrunch article pushes 300 million. Need more proof that virtual goods are hot? For the second day in a row virtual goods made TechCrunch in a report about Live Gamer, an online marketplace for players to trade and buy video game virtual goods. The TechCrunch article says “Live Gamer has over 72 customers and supports over 56 million registered users across all of partner implementations, exceeding 3 million micro-transactions per month.”

The TechCrunch article goes on to explain the revenue model for social gaming like this: “Get new users playing for free, give them incentives to message all their friends to signup, hit them hard for cash or lead generation for revenue, and move them up the levels. Rinse. Repeat.” Of course the hard cash exchanges hands in the form of an online credit card transaction—and whenever lots of money, credit card purchases and millions of transactions come together on the Internet there’s online fraud.

This interview by Michael Zenke of MMO web daily Massively with John Smedley, CEO of Sony Online Entertainment reveals one of the areas where fraud rears its ugly head in online gaming: gold farming. Gold farming describes when a player tries to acquire items of value in a massively multiplayer online role-playing game (MMORPG) to sell for in-game currency. SOE’s Smedley comments on the high cost of chargebacks in gold farming:

Massively: Earlier you mentioned the problem of farmers with regards to Station Access. I know that’s something the company feels very strongly about?

John Smedley: I think the issue of farming is higher on the radar now than it ever has been. The behinds the scenes things are really frustration. A lot of these farmers are essentially stealing from us. What they do is they charge us back all the time. They use a credit card–sometimes stolen, sometimes not – to buy an account key. They use the account for a month, and then they call the credit card company and charge it back. We have suffered nearly a million dollars just in fines over the past six months; it’s getting extremely expensive for us. What’s happening is that when they do this all the time, the credit card companies come back to us and say “You have a higher than normal chargeback rate, therefore we’ll charge you fines on top of that.” We’re really trying to get on top of that. We’re taking our current efforts up about five notches to Defcon 1 on this issue. They bug us even more than they bug our customers, and we’re definitely taking steps to implement rigorous anti-farming efforts.

It’s actually really amazing to sit and watch these people work. I’ve personally sat with them as they’re tracking a farmer, and you’ll see a mob spawn – this guy’s got a bot that within half a second has them moving towards the creature even if it’s halfway across the zone. It’s a serious problem.

Massively: And you can’t fight the chargebacks with the credit card companies?

John Smedley: No, and the reason for that is very simple. Visa and MasterCard have these rules about chargebacks, and I personally think they’re antiqued. Digital delivery isn’t covered by their rules very well. So if you order something from Amazon and pay thirty bucks for a book, if it doesn’t show up at your house you can fight it because you can say “I never received that thing.” They do not cover that with digital delivery. In my opinion the world has changed a lot and I think that needs to be addressed.

ThreatMetrix device identification can (and does) help detect and prevent in social networks, social gaming and virtual goods payments—to stop fraud and authorize good customers more quickly with less hassle.

Virtual goods is on the news radar this week because the Virtual Goods Summit hits San Francisco on Thursday and Friday. VG Summit 2009 is definitely on ThreatMetrix’s radar since we’ll be there both days as a sponsor.

The 3rd annual Virtual Goods Summit will take place in San Francisco, CA on October 29-30, 2009. The event will bring together thought leaders in this space to talk about what’s changed, what’s working, and the key challenges facing the industry. This year’s lineup features executives from the leading companies in the virtual goods ecosystem, including Tencent, Playfish, DeNa Global, Nexon, Zynga, Playdom, Bigpoint, IMVU, Outspark, Zong, PayPal, Perfect World, MyYearbook, InComm, NHN, Ning, TrialPay, Super Rewards, Viximo, Offerpal Media, Serious Business, Slide, Giant Interactive, and many others. An assembled panel of experts will share their thoughts on key issues such as trends in monetization in the United States and Asia, key learnings on how to best drive revenue from social games via virtual goods, market sizing estimates for the US and global virtual goods opportunities, and similarities and differences between user behavior in the United States and Asia

In addition to the exciting lineup at this year’s edition of the annual must-attend event in the virtual goods space, the Virtual Goods Summit is expanding in 2009 with the creation of “Virtual Goods Summit University” or VGSU. VGSU will offer attendees the opportunity to go in-depth on the fundamental business practices and capabilities required for success with a virtual goods business model. The Virtual Goods Summit University will cover some of the most important issues facing publishers today, including how to get started with virtual currencies, how to manage a virtual economy, key decisions when rolling out a payments infrastructure, and how to manage multiple virtual currencies.

If you’re thinking of going but you haven’t purchased tickets yet, you can save 15% on tickets by using the code THREATMETRIX at checkout when registering at Eventbrite.

- Tom