The banking software vendors Corillian Corp. and Cyota Inc. have incorporated Quova Inc.'s GeoPoint into their fraud-prevention systems.
GeoPoint uses computer users' unique Internet Protocol addresses to find out the country or city a suspected scam artist is working from when accessing a Quova customer's Web page. That can be "a key piece of evidence" in tracking down fraudsters, said Jim Maloney, Corillian's chief security executive.
Corillian, of Portland, Ore., added GeoPoint to its Fraud Detection System, which it offers to banks along with Corillian's other online banking applications.
The Corillian platform monitors people's Web surfing patterns and was created to spot criminals attempting, for example, to create a phishing Web site. The platform monitors which pages they look at and in what order they do so, as well as log-in attempts and any other activity at a bank's site.
Corillian, which is still integrating GeoPoint, plans to make its enhanced software package available in April, Mr. Maloney said. He said his company had previously included a different vendor's geographic location technology in its anti-fraud package but switched to Quova, of Mountain View, Calif., because it had a more effective database.
"Quova brought more to the table," Mr. Maloney said.
Cyota, of New York, added Quova's technology to the eVision system that Cyota introduced in February. eVision helps banks spot suspicious activities as banking customers log in and perform transactions.
In the case of phishers (who build bogus bank Web sites to get people to reveal their user names and passwords), determining that a computer is in another country can be a first step to squelching fraud.
Ariana-Michele Moore, an analyst at Celent Communications LLC in Boston, said "a lot of those scams come from overseas."
George Tubin, a senior analyst at TowerGroup Inc., the Needham, Mass., research unit of MasterCard International, said using IP addresses to locate an online banking customer is "a fantastic idea at this point for the entire banking industry."
He said keylogger programs, which record users' activities and transmit them electronically to a criminal, are becoming an increasingly common way to steal bank account information.
"The only defense against this is going to be stronger authentication" practices, Mr. Tubin said.
Those practices could include determining from where a user is accessing a banking site and comparing that with the location of the customer's residence or workplace. "I think the industry has to assume that the username and password are going to get compromised," Mr. Tubin said.
Mr. Maloney said some countries pop up frequently as "hacker hotspots," especially South Korea, China, and Russia.
He said Corillian used its previous provider's location technology to track a series of suspicious transactions to Riga, Latvia. It turned out that criminals had infiltrated accounts belonging to five members of an American credit union, which he would not name.
After the software determined that the unauthorized activities had all originated in Latvia, the bank investigated and found that all the customers had vacationed there shortly before, Mr. Maloney said. Four of them accessed their accounts using public Internet kiosks and computers in public libraries; the computers had been infected with keylogger applications that surreptitiously stole their banking passwords. The fifth member lost a wallet, including a card that had the customer's log-in name and password.
John Linton, Quova's vice president for business development, said this service will "be a real eye-opener" for banks.
"There's no silver bullet to this problem, because it's kind of like an arms race," he said. "You always have to stay a step ahead of this cybercrime."
Last year EverBank Financial Corp. of Jacksonville, Fla., announced that it was using Quova's service to determine whether new customers were applying for accounts from computers that matched the location listed on the application. EverBank operates primarily online.
Corillian said last month that it planned to expand its fraud-detection service's customer base by going outside banking into areas such as e-commerce sites and online dating. Mr. Maloney said Quova, which already has customers in those industries, will "introduce us to those clients."
