A new product from vendor Norse Corp. hopes to choke off online card fraud before it becomes a transaction–and before competing services from the card networks can kick in.
Norse's IPViking claims to scan more than 2 billion IP addresses in nanoseconds, creating a risk score for each and depositing them into buckets of possible risk. It can halt payments initiated from these addresses before online merchants run them. That can save them time and money associated with fraudulent charge-backs, Norse says.
The product might also be a competitive threat to the networks, which sell their own fraud-fighting tools. Most payment networks use transaction-scoring technology, but they tend to score transactions as they occur.
IPViking is "complementary as well as competitive to MasterCard and Visa," says Avivah Litan, a vice president and distinguished analyst at Gartner.
It joins a host of other products and services that identify fraud associated with particular IP addresses, but it adds an immediate component that might complement what Visa Inc. and MasterCard Worldwide do with their own transaction-scoring systems.
Visa's VisaNet switch has something it calls Advanced Authorization, which bases scores on activity it sees across Visa's entire network. Through its CyberSource Corp. unit it has also begun to use IP addresses and device fingerprinting.
MasterCard does transaction scoring with its Expert Monitoring System. It also partners with Silver Tail Systems Inc. to protect online merchants by scoring behavior on websites and online banking sites.
And such vendors as The 41st Paramter Inc., Entrust Inc., Quova Inc. and Threatmetrix Inc. all offer products that include device fingerprinting plus IP monitoring.
"We are seeing a definite trend toward online merchants deploying more front-end fraud filters that are more heavily targeted," says Julie Conroy McNelley, senior analyst with Aite Group.
Norse takes a page from the fraudsters' own playbook on botnets, which criminals use by creating armies of zombie computers to shut down networks or dig for valuable consumer information. Norse claims to use millions of virtual agent machines to keep tabs on Internet fraud around the world. It monitors chat rooms for suspicious activity, interacts with potentially rogue machines, and sets up dummy websites to search for potentially bad transactions.
"We are collecting intelligence on who is searching for the 'honeypot' networks that are attractive to botnets," says Sam Glines, Norse's chief executive.
The consequences for merchants of not catching fraud can be big. Visa and MasterCard ding merchants whose fraud rates are generally above 1% of transactions. They either will give such merchants a higher interchange rate or assessed fees, or prevent them from participating in the networks, experts say.
PrismPay LLC, of Atlanta, provides gateway payment services to merchants and merchant acquirers. It also helps them fight fraud while it processes 10 million transactions per month.
In the past six months, PrismPay has begun using Norse's product. PrismPay says it can locate the bad affiliate networks (which attempt to steal cards from a legitimate one) more quickly and shut down the transactions that originate from them. Since July, PrismPay says it has cut down on fraudulent charge-backs by 30%.
"If we can secure our clients and more transactions from fraudulent activity, it benefits everyone down the chain," including the banks that issue cards, says Brent Gephart, PrismPay president.
Some merchant acquirers and processors also use similar technology, says Litan.
Chase Paymentech Solutions LLC uses something it calls Safetech Fraud Tools, which is produced by Kount Inc. The product uses both device identification and geolocation, Litan says. Chase Paymentech did not respond to an interview request.
"There are many different ways to skin a cat, and it's better to screen out fraud before [transactions] are sent to Visa and MasterCard," Litan says.
Though Norse's product can compete with the card networks' offerings, it could also help the networks by cutting down on the number of transactions that wind up getting sorted out in manual queues, McNelley says.
IP addresses should be used in conjunction with other fraud indicators, analysts say.
"IP addresses [are] one of the three methods of managing fraud we see that counts as low-hanging fruit, along with device identification and geolocation tracking," Eve Maler, principal analyst for security and risk at Forrester Research, wrote in an email.
IP address detection was popular about a decade ago, but fraudsters have gotten sophisticated about circumventing such controls, CyberSource says.
As such, IP address identification "is just one component of our complete arsenal," says Andrew Naumann, head of risk products for CyberSource.
What do you think about this? Send us your feedback.
