Archive for the ‘Social Networks’ Category

It may be big news, but it’s not exactly news. Likely the only people who didn’t know it was coming are two Bushmen in Tanzania and some San Quentin cons stuck in solitary. Yes, it has arrived. Facebook has filed to go public.

The IPO, or Initial Public Offering, is for $5 billion. And, according to CNBC “[t]he company is currently looking at a valuation of $75 billion to $100 billion, which would be one of the largest initial public offerings in U.S. history.” Oh and one more thing. Again according to CNBC, “[t]he current winner in the race for Facebook equity, with nearly $500 million, is Russian entrepreneur Yuri Milner, head of investment group DST.”

This is the kind of nuts and bolts you can read about anywhere.

Now, here’s something that’s really news. As Facebook goes public, the public’s privacy just goes.

Of Facebook’s latest move, ThreatMetrix’s Chief Products Officer, a highly-respected industry security expert, Alisdair Faulkner, says, “You can’t put a value on your privacy, but with Facebook filing for an IPO you can now put a price on your friends. That may just become the rallying cry that privacy advocates need to force greater government intervention.”

“Unfortunately, Facebook and its advertisers aren’t the only ones making money from this social network,” continued Faulkner. “Users have come to feel Facebook is secure and they can trust it to protect both their personal data and that of their friends. Hackers are taking advantage of that misplaced trust.”

“In January alone, 45,000 usernames and passwords were stolen by Ramnit malware and the traditionally banking-focused Trojan, Carberp, started targeting Facebook users to trick them into handing over e-cash,” said Faulkner.

A BBC story on the cybertheft reported security researchers saying, “We suspect that the attackers behind Ramnit are using the stolen credentials to login into victims’ Facebook accounts and to transmit malicious links to their friends, thereby magnifying the malware’s spread. They added that “cybercriminals are taking advantage of the fact that users tend to use the same password in various web-based services to gain remote access to corporate networks.”

Faulkner notes that “Twitter’s recent acquisition of Dasient, the anti-malware company, is an acknowledgement that social networks are not only a goldmine of personal data for hackers, but the best malware distribution platform ever invented.”

So if Facebook users can’t trust Facebook to protect their assets, who can they trust? They can trust any social network that uses the type of security ThreatMetrix™ provides.

Without relying on passwords, user names and cookies to protect its clients, the ThreatMetrix™ Cybercrime Defender Platform uses anonymous data from the computer, its connection to the Internet and contextual data from a transaction to sniff out cybercriminals. The ThreatMetrix Cybercrime Defender Platform is the first industry solution that integrates sophisticated malware detection and advanced device identification technologies in a single, unified platform. This unified approach to cybersecurity is a game changer. By integrating malware detection and device identification with shared, centralized intelligence, ThreatMetrix delivers the unique ability to protect the integrity of entire online transactions.

Just released in a second edition, Inside Cyber Warfare: Mapping the Cyber Underworld by Jeffrey Carr, is a wide-ranging overview of virtually every type of online illicit activity from cyber spying and cyber stealing to malicious malware attacks and identity theft.

Carr, a cyber intelligence expert is a columnist for Symantec’s Security Focus. A writer who specializes in investigating cyber attacks against governments and infrastructures, he’s been quoted in The New York Times, Washington Post, The Guardian, Business Week, Parameters, and Wired. Carr was also principal Investigator for Project Grey Goose, an Open Source intelligence investigation into the Russian cyber attacks on Georgia in August, 2008.

With a foreword by former Secretary of Homeland Security, Michael Chertoff and guest essays, including an essay by former senior advisor to the Director of National Intelligence and Cyber Coordination Executive,  Melissa Hathaway, Inside Cyber Warfare is encyclopedic in scope as it takes up :

·      The Conficker Worm: The Cyber Equivalent of an Extinction Event?

·      Africa: The Future Home of the World’s Largest Botnet?

·      The StopGeorgia.ru Project Forum

·      The Russian Information War

·      The Gaza Cyber War between Israeli and Arabic Hackers during Operation Cast Lead

·      Control the Voice of the Opposition by Controlling the Content in Cyberspace: Nigeria

·      Are Non-state Hackers a Protected Asset?

·     The Legal Status of Cyber Warfare

·      The Antarctic Treaty System and Space Law

·      The Law of Armed Conflict

·      Is This an Act of Cyber Warfare?

·      Responding to International Cyber Attacks as Acts of War

·      Analyzing Cyber Attacks under Jus ad Bellum – whether entering into a war would be a just war

·      The Korean DDoS Attacks (July 2009)

·      One Year After the RU-GE War (the War between Russia and Georgia)  Social Networking Sites Fall to DDoS Attack

·      Ingushetia Conflict, August 2009

·      Pakistani Hackers and Facebook

·      TwitterGate: A Real-World Example of a Social Engineering Attack with Dire Consequences

·      False Identities

·      Components of a Bulletproof Network

·      The Bulletproof Network of StopGeorgia.ru

·      SORM-2

·      The Kremlin and the Russian Internet

·      A Three-Tier Model of Command and Control

·      Organized Crime in Cyberspace

·      Russian Organized Crime and the Kremlin

·      Using Open Source Internet Data

·      Team Cymru and Its Darknet Report

·      Using WHOIS

·      Weaponizing Malware

·      The Role of Cyber in Military Doctrine

·      China Military Doctrine

·      A Cyber Early Warning Model

·      Advice for Policymakers from the Field

·      When It Comes to Cyber Warfare: Shoot the Hostage

·      The United States Should Use Active Defenses to Defend Its Critical Information Systems

·      Scenarios and Options to Responding to Cyber Attacks

·      Whole-of-Nation Cyber Security

·      Conducting Operations in the Cyber-Space-Time Continuum

·      Anarchist Clusters: Anonymous, LulzSec, and the Anti-Sec Movement

·      Social Networks: The Geopolitical Strategy of Russian Investment in Social Media

·      Globalization: How Huawei Bypassed US Monitoring by Partnering with Symantec

·      The Russian Federation: Information Warfare Framework

·      Russia: The Information Security State

·      Russian Ministry of Defense

·      Internal Security Services: Federal Security Service (FSB), Ministry of Interior (MVD), and Federal Security Organization (FSO)

·      Russian Federation Ministry of Communications and Mass Communications (Minsvyaz)

·      Cyber Warfare Capabilities for: Australia – Brazil – Canada – Czech Republic – Democratic People’s Republic of Korea – Estonia – European Union – France – Germany – India – Iran – Israel – Italy – Kenya – Myanmar – NATO – Netherlands – Nigeria – Pakistan – People’s Republic of China – Poland – Republic of Korea – Russian Federation – Singapore – South Africa – Sweden – Taiwan (Republic of China) – Turkey – United Kingdom

·      US Department of Defense Cyber Command and Organizational Structure

·      Active Defense for Cyber: A Legal Framework for Covert Countermeasures

·      Covert Action

·      Cyber Active Defenses as Covert Action Under International Law

The book covers much more in 316 pages that are topical while, at the same time, providing in-depth analyses of the often dark underbelly of cyberspace.

For maximum protection from cyberspace’s dark underbelly, there’s one company that stands out — ThreatMetrix. ThreatMetrix offers superior solutions that can’t be compromised by break-ins. ThreatMetrix solutions protect against bad scripts and fraudulent account logins, payments and transactions.  With customized rules for each, ThreatMetrix solutions are designed to interdict attacks of fraud and other criminal behavior in real-time, while passively and transparently profiling users — without collecting extraneous personal identity information such as Social Security Numbers, birth dates and mother’s maiden names.

How far will a gamer go to get virtual currency? Well, let’s just say it’s probably safer to get between a lion and raw meat. Which is why Super Rewards has a fraud protection system for detecting fraud better and faster than any monetization platform on the market today.

Not familiar with Super Rewards? It’s the platform for online games and social networks on the Adknowledge ad network. Super Rewards delivers targeted advertising offers to millions of global website and social network users and lets gamers earn in-game points by filling out surveys, watching videos or subscribing to online services.

Adam Caplan, vice president virtual currency, Adknowledge comments, “Some users are so passionate about the games they play that they will go to extraordinary lengths to acquire excess virtual currency, including abusing advertising offers that we make available on our platform. In other cases, fraudsters will use stolen credit cards or other abusive payment mechanisms to accumulate virtual currency to sell to others in the game for profit. It’s critical for us to separate the abusers from the vast majority of users who are interested in the brands and the products they sign up for, or validly pay for the virtual currency they use.”

How Super Rewards Three-Pronged Approach Works to Prevent Fraud and Abuse:

Automated Security Internal Systems: Super Rewards’ internal automated systems prevent fraud through the use of pattern recognition velocity management, identification of bots and spam, and monitoring of other high-risk activities.

Manual Review 24/7 Manual Reviews in Real Time: Super Rewards’ fraud management team monitors complaints and uses data gathered by internal systems to make decisions based on user activity and patterns. This process makes it possible to identify suspicious activity and manually block users who are trying to abuse the system.

Fraud Filter Powered by ThreatMetrix: ThreatMetrix enables Super Rewards to instantly review and analyze transactions based on ThreatMetrix’s tracking of global fraud networks.

Using a variety of device- and transaction-related data, ThreatMetrix builds a “contextual score” that delivers all the information Super Rewards needs to make a thoughtful “go, no-go” decision about a customer. The data that’s collected is deep intelligence about the user’s device, key transaction details and past behavior, both on-site and globally. With ThreatMetrix, Super Rewards is able to customize the rules within its system, allowing the company to specify in real-time what is considered potential abuse or risk. And, through this partnership, Super Rewards can quickly identify and block fraud and system abuse.

Right up there — or down there — with recent approval ratings for Congress (15%) and the President (41%) are consumer approval ratings for not getting taken in online (21%).

A joint study — “Mobile Payments & Online Shopping Survey of U.S. Consumers” —  by ThreatMetrix and The Ponemon Institute, which is dedicated to advancing responsible information and privacy management practices in business and government, determined that three in four consumers have either some concerns (53%) or serious concerns (26%) about online fraud. Forty-three percent reported already having been victimized, up a full percentage point from a study done earlier this year.

Despite the fact that most consumers have doubts about Web security, one-third say they intend to buy more online than in brick-and-mortar stores this holiday shopping season. “While consumers continue to show a preference for the convenience of shopping and browsing online, their concerns about becoming a victim of online fraud is also growing,” said Bert Rankin, vice president of marketing, ThreatMetrix. “With mobile thrown into the shopping mix, which is even more apparent this year, consumers and retailers alike need to be well equipped against fraudsters in every possible channel.”

Rankin pointed out that nearly one in three consumers believed the fraud risk was lower on a smartphone or tablet than desktop or laptop. When a group of consumers considered extremely active Internet users were included, that number increased to 39%.

Huh?

Anyway…

According to Dr. Larry Ponemon, chairman and founder of The Ponemon Institute, “Consumers who have a high propensity to use the Internet for shopping, banking, gaming, social media interactions, and other activities, appear to have a stronger sense of security online — which is not exclusive only to desktops and laptops.  While these users may be savvier when it comes to the digital channel, their safety net may not always be there. Online transactions are a two-way street. While they may think they’re taking the necessary precautions to avoid online fraud, the sites they’re visiting must also be implementing online fraud prevention tactics.”

Adds Julie Conroy McNelley, senior fraud and risk analyst at the Aite Group, “Mobile, in particular, is difficult to protect from fraud. With around 4,000 different device types to secure, it’s often a daunting task. On top of that, few consumers are using anti-virus or anti-spyware software on their mobile devices. Mobile, just like more traditional e-commerce transactions from a desktop, has the potential to become a hotbed for fraud.”

So what devices will shoppers use for Cyber Monday and the upcoming holidays? Forty-nine percent indicated they’d use their desktop or laptop. Thirty-seven percent opted for a smartphone, and 12% a tablet. In fact, one in four respondents already used their smartphone or tablet to make a mobile payment of some kind, with the majority using either PayPal or credit cards for the transaction.

Extremely active Internet users tended toward smartphones (49%) and tablets (17%) with only 34% saying they’d use their desktop or laptop. Of this group 40% said their online purchases would likely exceed ones done in-store.

The most popular purchases using a mobile payments option on a smartphone or tablet are music downloads (77%), online service subscriptions or memberships (75%) and apps for smartphone or tablets (73%). Consumer electronics ranked slightly above clothing, at 48% and 43%, respectively.

For a free Executive Research Summary of the “Mobile Payments & Online Shopping Survey of U.S. Consumers” download it here.”

On one point in the study, there was overwhelming agreement. A whopping 84% of survey respondents said they thought it was important that a retailer express a commitment to protecting them from fraud.  And protecting online companies from cybercriminals is what ThreatMetrix does better than anybody.

The ThreatMetrix Cloud-Based Fraud Prevention Platform, incorporating ThreatMetrix SmartID™ cookieless device identification, provides online businesses with the ability to protect themselves and their customers by verifying new accounts, authorizing payments and transactions and authenticating user logins in real-time — without relying on personally identifiable information (PII) such as birth dates, maiden names and Social Security numbers. And this protection is assured no matter which devices consumers may use.

Oh the start of a new school year.  Bright young faces beaming at the prospect of learning and eager to get started. Parents relaxing, content in the knowledge that everything is under control because, looking ahead, they purchased school supplies and clothes in June before the start of summer vacation. College kids yearning for the opportunity to learn and make their parents proud in return for all the tuition and support.

Get real. Kids with hollow eyes are wandering aimlessly in circles muttering about the demise of a summer that vanished like the last iced beer at a company picnic. Parents are stretched to the limit running from store to store for clothes that’ll have their fashion-wise kids fitting-in without resembling escaped felons. College kids are sticker-shocked by the price of books at the university book store which just so happens to be out of stock of every book that’s required.

Okay…maybe not all, but a lot of problems could be solved if only there were more time. And, with online shopping, there is. That’s why back-to-school represents one of the biggest shopping seasons in the U.S. This year, consumers are expected to spend more than $68 billion on books, apparel, paper, pencils, backpacks and other school supplies, according to the National Retail Federation. Of that, an increasing amount is likely to be spent with online retailers. Internet Retailer cites that 31.7% percent of consumers buying supplies for K-12 students will shop online this year, up from 30.8% last year. And for college purchases, 33.4% of consumers are planning to purchase on the web, up from 28.6% in 2010.

Along with the convenience, speed and huge selection of online shopping options to ease the pressure of the back-to-school crunch comes the cyber criminal.  “It’s no surprise that retailers, especially those in the education sector, see a peak in transactions throughout August and September, as consumers are purchasing for back-to-school and even pre-holiday,” said Alisdair Faulkner, chief products officer, ThreatMetrix. “In this high-traffic season, it’s important for merchants to take preventative measures in order to protect their customers, and themselves, from being victims of online fraud.”

Five Channels Open to Online Fraud

1. Online Purchases: For customers buying everything from PE workout gear to dorm furniture, school clothes, textbooks and laptops online, retail sites can integrate alternative payment options into their checkout. BillMyParents, which uses ThreatMetrix to avoid scammers, is just one company that partners with retail sites to provide a safe way for teens and young adults to shop online. The site integrates a “BillMyParents” payment button next to each product or in the shopping cart. Selected items are emailed to parents, who manage and approve requests.

2. Online Book Rentals: Textbook rental sites are increasingly popular because they provide a convenient, cost-effective way to buy textbooks. Rental sites have to protect themselves from cyber criminals, who use fake credit cards to rent books, then resell them, making a tidy little profit with no overhead.

3. Banking: College students, leaving home for the first time, often open bank and loan accounts for the first time. Credit card companies, in particular, use this window of opportunity to ramp up efforts to target college campuses. According to a recent ThreatMetrix consumer survey, 88% of consumers said they would not do business with banks or credit card and online payment processors if they had doubts about their security measures. While the financial services industry is targeted by cyber criminals 24/7, it’s important to have fraud prevention solutions in place with increased traffic during the back-to-school shopping.

4. Social Media: Students use social networking and online groups for class and extra-curricular activities. Cyber criminals use these same online groups and social networks exclusively for extra-curricular activities like sending spam, infecting computers or testing stolen credit cards for available balances.

5. Gaming: While gaming is often viewed as a simple social activity, it’s an industry that is far from protected against fraud and online criminals. For example, there has recently been an upswing in targeted breaches on everything from small online games to large networks like Sony’s PlayStation.

Alisdair Faulkner notes, “Merchants must leverage smarter fraud prevention technology in order to differentiate between the good and bad buyers.”

And the best way for online businesses to differentiate between the good guys and the bad guys are solutions from ThreatMetrix.  The ThreatMetrix™ Cloud-Based Fraud Prevention Platform, incorporates ThreatMetrix™ SmartID cookieless device identification to provide online businesses with the ability to protect themselves and their customers by verifying new accounts, authorizing payments and transactions and authenticating user logins in real-time — without relying on personally identifiable information (PII). So, even in a worst case scenario where a breach has occurred, the cyber criminals never have access to personal information such as birth dates, maiden names and Social Security numbers.

Virtual Goods are expected to grow by 40 Percent in 2011, according to a new study by Inside Network and reported in the New York Times. That’s great news for virtual goods scammers:  with more virtual goods exchanging hands there’s more goods for the taking.  And, with hundreds of millions of gamers logging in every month and thousands more creating new accounts every minute virtual goods theft and cybercrime are bound to climb too. Will virtual goods theft rates grow even faster?  I wouldn’t be surprised.

There are lots of creative ways for cybercriminals to make virtual crime pay real cash, and no doubt they will invent new ones.  It will take more vigilance on the part of players to project their personal identities and more investment by the gaming companies to protect their customers with next generation fraud control technology like ThreatMetrix—one of the companies mentioned in the report.

-          Tom

P.S.  Check out this new column by PayPal’s Peter Martin – he discusses the three threats facing digital goods vendors:   account takeover, stolen financials and “not-so-friendly fraud.”

I am blogging this while standing at the ThreatMetrix booth on the last day of iDate 2010 Miami Beach.  The online dating world is an interesting industry – a global industry comprised of many interconnected pieces.  The online dating world has all the essential ingredients to make a great story:  love, sex, money and crime commingling at Internet speed.  Human desire is the engine that drives the online dating world, and online ads and money are the lubricant.  Where you find love, sex and money you’re going to find fraudsters.

There is a dating site for just about any kind of whatever-it-is that attracts people to one another that you can imagine – and some that you probably can’t.  In fact anyone can start their own niche dating site—yes you too can use a web dating application platform to build your own niche dating site that caters to whatever crowd hasn’t been sliced off into a niche dating site yet.  How about a dating site for dating site scammers…or perhaps something narrower like a dating site for dating site scammers who read Shakespeare?  Web dating has a tribal quality to it that helps makes it all work.  Of course scammers have figured out that hope springs eternal on dating sites where there’s an endless supply of people, many of whom will fall for their scams.

Most dating sites are aware of the scammer element to the business and the risk they pose to their members and their brand.  Scammers are their arch nemesis; I spoke to a few at iDate who described scammers in very personal terms—they really want to nail them—it’s personal. The larger the membership, the more the business has to invest in people and technology to try and keep the creeps away from their customers.  It’s not unusual to hear of a large dating site with 10 or more full time fraud analysts dedicated to staying ahead of the scammers.  Device identification has become more common in the online dating and social networking world.  The ability to bypass a hidden proxy to get the true IP address and IP geolocation in real time of the computers visiting a website is one of the most effective ways to spot a scammer on a dating site (just ask our customers).

Dating sites are susceptible to all three types of fraud: account origination (new member fraud), login fraud and payment fraud (CNP, or card not present). The ability to conveniently and securely accept web payments and avoid chargebacks is critical to the online dating business.  Payment processors and alternative payment services are a key part of making it all work.

And what’s next big thing in online dating?  Mobile of course.  When I asked conference attendees what their big takeaway was from the conference, anything to do with mobile was top of mind.  One person explained that mobile is hot to online dating “because it gives people a way to react instantly any time and anywhere…they don’t have to limit themselves to the time they’re tethered to their computers.”

The brave new world of online dating gives new meaning to the old proverb love is blind: when anyone can be someone else online, how can you be sure that lovesyababy422 in Miami is the hotty she claims to be flirting with you—or an offshore scammer named Gromyko setting you up?

- Tom

The online dating world will converge in Miami in a few weeks at the annual iDate 2010 conference billed as “the largest industry gathering of the year” that covers all business aspects of the dating and social networking markets.   ThreatMetrix will be exhibiting at iDate in booth #506, if you’re attending the conference let us know and we can set up a time to meet.

Online dating and matchmaking is over a $1.1 billion dollar industry in the U.S. alone, according to IBISWorld (www.ibisworld.com), the world’s largest independent publisher of U.S. industry research. The heightened awareness in the online dating world around scams and scammers is likely to push the topic into the sessions and conversations at iDate.  ThreatMetrix helps dating sites identify and stop online dating scammers.  Dave Perez, CEO of EDating for Free—a ThreatMetrix customer—underscores the importance of fraud prevention for his online dating sites this way: “We typically process over 350 new registrations a day.  We’ve significantly reduced the number of scammers that gain access to our site’s functionality while reducing the time spent determining who to register or deny to less than 30 seconds.  ThreatMetrix is a ‘no-brainer’ for dating sites like ours. It has made our site a safer, better protected community while enhancing the user experience.”

Online dating companies – like any other online community or subscription site – are subject to fraudsters around the world. In the case of Christian Dating for Free, one scenario involved overseas fraudsters from Nigeria who pretended to be located in the U.S. and then attempted to extract money using a money order scam.  After establishing the confidence of another community user, the overseas fraudster would send a fake money order and ask the U.S.-based user to deposit it into their bank account and wire money back to them in Nigeria via Western Union. Unfortunately, in most instances the money order turned out to be fraudulent and the user was responsible for paying back the money to their bank.

Once a scammer is tagged by ThreatMetrix, they do not receive a confirmation email on their next registration attempt. ThreatMetrix data is integrated to a Christian Dating for Free home grown dashboard so that their staff can quickly and easily review registrant data to determine whether or not to block a user.

Doron Kim, president and founder of Edating for Free, Inc., parent company of Christian Dating for Free, Catholic Dating for Free, and Black Christian Dating for Free explains that “With ThreatMetrix, we can see the bad guys right away.  Now we see the true data, true city, true IP, and true ISP. In less than five seconds, we can determine if a user who claims that they are in Boston is actually using an IP in Lagos.”

Trust is the bedrock on which online dating services are built. Members must trust one another and they must trust their dating sites to do their best to protect them from scammers. Nobody wants their mystery date to be a dud—let alone a scammer.

David Evans, a dating industry expert who publishes the Online Dating Insider has some great pre-conference tips for the Internet Dating conference that I recommend you check out if you’re headed to iDate 2010 in Miami.

- Tom

Thankfully our comic strip illustrator Andy Warner returned from an extended break with a new episode in our ongoing cartoon series starring  two online fraudsters Gromyko and Natasha. Every comic tells a different story of web fraud through the schemes of these two determined cyber criminals.

The latest installment is based on the very real challenge of online dating fraud that exposes millions of consumers around the world to scammers trolling dating sites using love to mask their true intent. Here it is:

If you want to learn more about online dating scams check out this earlier blog entry Fraudster seeks SWF with loaded bank account willing to be duped then read how Chellaul uses ThreatMetrix to keep the scammers out of their dating network.

You can read all the ThreatMetrix comic installments here.

- Tom

In case you haven’t heard, there’s real money in virtual goods—serious money. Just read this weeks’ TechCrunch article on how the big three (Zynga, Playfish and Playdom) rake in a combined $335M in estimated revenue. The combined number of monthly users named in the TechCrunch article pushes 300 million. Need more proof that virtual goods are hot? For the second day in a row virtual goods made TechCrunch in a report about Live Gamer, an online marketplace for players to trade and buy video game virtual goods. The TechCrunch article says “Live Gamer has over 72 customers and supports over 56 million registered users across all of partner implementations, exceeding 3 million micro-transactions per month.”

The TechCrunch article goes on to explain the revenue model for social gaming like this: “Get new users playing for free, give them incentives to message all their friends to signup, hit them hard for cash or lead generation for revenue, and move them up the levels. Rinse. Repeat.” Of course the hard cash exchanges hands in the form of an online credit card transaction—and whenever lots of money, credit card purchases and millions of transactions come together on the Internet there’s online fraud.

This interview by Michael Zenke of MMO web daily Massively with John Smedley, CEO of Sony Online Entertainment reveals one of the areas where fraud rears its ugly head in online gaming: gold farming. Gold farming describes when a player tries to acquire items of value in a massively multiplayer online role-playing game (MMORPG) to sell for in-game currency. SOE’s Smedley comments on the high cost of chargebacks in gold farming:

Massively: Earlier you mentioned the problem of farmers with regards to Station Access. I know that’s something the company feels very strongly about?

John Smedley: I think the issue of farming is higher on the radar now than it ever has been. The behinds the scenes things are really frustration. A lot of these farmers are essentially stealing from us. What they do is they charge us back all the time. They use a credit card–sometimes stolen, sometimes not – to buy an account key. They use the account for a month, and then they call the credit card company and charge it back. We have suffered nearly a million dollars just in fines over the past six months; it’s getting extremely expensive for us. What’s happening is that when they do this all the time, the credit card companies come back to us and say “You have a higher than normal chargeback rate, therefore we’ll charge you fines on top of that.” We’re really trying to get on top of that. We’re taking our current efforts up about five notches to Defcon 1 on this issue. They bug us even more than they bug our customers, and we’re definitely taking steps to implement rigorous anti-farming efforts.

It’s actually really amazing to sit and watch these people work. I’ve personally sat with them as they’re tracking a farmer, and you’ll see a mob spawn – this guy’s got a bot that within half a second has them moving towards the creature even if it’s halfway across the zone. It’s a serious problem.

Massively: And you can’t fight the chargebacks with the credit card companies?

John Smedley: No, and the reason for that is very simple. Visa and MasterCard have these rules about chargebacks, and I personally think they’re antiqued. Digital delivery isn’t covered by their rules very well. So if you order something from Amazon and pay thirty bucks for a book, if it doesn’t show up at your house you can fight it because you can say “I never received that thing.” They do not cover that with digital delivery. In my opinion the world has changed a lot and I think that needs to be addressed.

ThreatMetrix device identification can (and does) help detect and prevent in social networks, social gaming and virtual goods payments—to stop fraud and authorize good customers more quickly with less hassle.

Virtual goods is on the news radar this week because the Virtual Goods Summit hits San Francisco on Thursday and Friday. VG Summit 2009 is definitely on ThreatMetrix’s radar since we’ll be there both days as a sponsor.

The 3rd annual Virtual Goods Summit will take place in San Francisco, CA on October 29-30, 2009. The event will bring together thought leaders in this space to talk about what’s changed, what’s working, and the key challenges facing the industry. This year’s lineup features executives from the leading companies in the virtual goods ecosystem, including Tencent, Playfish, DeNa Global, Nexon, Zynga, Playdom, Bigpoint, IMVU, Outspark, Zong, PayPal, Perfect World, MyYearbook, InComm, NHN, Ning, TrialPay, Super Rewards, Viximo, Offerpal Media, Serious Business, Slide, Giant Interactive, and many others. An assembled panel of experts will share their thoughts on key issues such as trends in monetization in the United States and Asia, key learnings on how to best drive revenue from social games via virtual goods, market sizing estimates for the US and global virtual goods opportunities, and similarities and differences between user behavior in the United States and Asia

In addition to the exciting lineup at this year’s edition of the annual must-attend event in the virtual goods space, the Virtual Goods Summit is expanding in 2009 with the creation of “Virtual Goods Summit University” or VGSU. VGSU will offer attendees the opportunity to go in-depth on the fundamental business practices and capabilities required for success with a virtual goods business model. The Virtual Goods Summit University will cover some of the most important issues facing publishers today, including how to get started with virtual currencies, how to manage a virtual economy, key decisions when rolling out a payments infrastructure, and how to manage multiple virtual currencies.

If you’re thinking of going but you haven’t purchased tickets yet, you can save 15% on tickets by using the code THREATMETRIX at checkout when registering at Eventbrite.

- Tom