-
MasterCard Inc. and software company Silver Tail Systems Inc. announced a partnership that will bring the latter's fraud-fighting analytics to MasterCard merchants.
February 8 -
The dollar volume of online fraud is going up, but actual incidents of fraud are decreasing, according to a report released Tuesday by CyberSource, a unit of Visa.
January 24
A new product from vendor Norse Corp. is designed to choke off online card fraud before it becomes a transaction — and before competing services from the card networks can kick in.
Norse's IPViking continuously scans more than 2 billion IP addresses, assessing them for possible risk. It uses that information, along with other information it has gathered, to create a risk score when transactions are made. Its system can halt payments before they are run through by online merchants.
That can save them time and money associated with fraudulent chargebacks, Norse says.
The product might also be a competitive threat to the networks, which sell their own fraud fighting tools. Most payment networks use transaction scoring technology today, but they tend to score transactions as they occur.
IP Viking is "complementary as well as competitive to MasterCard and Visa," says Avivah Litan, a vice president and distinguished analyst at Gartner.
IPViking joins a host of other products and services that identify fraud associated with particular IP addresses, but it adds a real-time component that might complement what Visa Inc. and MasterCard Inc. do with their own transaction scoring systems.
Visa's VisaNet service has something it calls Advanced Authorization, which bases scores on activity it sees across Visa's entire network.
MasterCard does transaction scoring with a product called Expert Monitoring System. It also partners
And vendors like The 41st Paramter Inc., Entrust Inc., Quova Inc. and Threatmetrix Inc. all offer products that include device fingerprinting plus IP monitoring.
"We are seeing a definite trend toward online merchants deploying more front-end fraud filters that are more heavily targeted," says Julie Conroy McNelley, senior analyst with Aite Group.
Norse takes a page from the fraudsters' own playbook on botnets, which criminals use by creating armies of zombie computers to shut down networks or dig for valuable consumer information. Norse claims to use millions of virtual agent machines to keep tabs on Internet fraud around the world. It monitors chat rooms for suspicious activity, interacts with potentially rogue machines, and sets up dummy websites to search for potentially bad transactions.
"We are collecting intelligence on who is searching for the 'honeypot' networks that are attractive to botnets," says Sam Glines, Norse's chief executive.
The consequences for merchants of not catching fraud can be big. Visa and MasterCard ding merchants whose fraud rates are generally above 1% of transactions. They will either be given a higher interchange rate, assessed fees, or prevented from participating in the networks, experts say.
PrismPay LLC, of Atlanta, provides gateway payment services to merchants and merchant acquirers. It also helps them fight fraud while it processes 10 million transactions per month.
In the last six months PrismPay has begun using Norse's product. PrismPay says it can locate the bad affiliate networks (which attempt to steal cards from a legitimate one) more quickly and shut down the transactions that originate from them. Since July, PrismPay says it has cut down on fraudulent chargebacks by 30%.
"If we can secure our clients and more transactions from fraudulent activity, it benefits everyone down the chain," including the banks that issue cards, says Brent Gephart, president of PrismPay.
Some merchant acquirers and processors also use similar technology, says Litan.
Chase Paymentech Solutions LLC uses something it calls Safetech Fraud Tools, which is produced by Kount Inc. The product uses both device identification and geolocation, Litan says. (Chase Paymentech did not respond to an interview request.)
"There are many different ways to skin a cat, and it's better to screen out fraud before [transactions] are sent to Visa and MasterCard," Litan says.
Though Norse's product can compete with the card networks' offerings, it could also help the networks by cutting down on the number of transactions that wind up getting sorted out in manual queues, McNelley says.
IP addresses should be used in conjunction with other fraud indicators, analysts say.
"IP addresses [are] one of the three methods of managing fraud we see that counts as low-hanging fruit, along with device identification and geolocation tracking," Eve Maler, principal analyst for security and risk at Forrester Research, wrote in an email.
IP address detection was popular about a decade ago, but fraudsters have gotten sophisticated about circumventing such controls, CyberSource says.
As such, IP address identification "is just one component of our complete arsenal," says Andrew Naumann, head of risk products for CyberSource.
