Iovation Inc. considers protecting online merchants from hackers looking to steal payment card data a top priority, but the security vendor also can boast of some crime-solving skills.
Iovation fraud-prevention software ReputationManager 360 played a key role in helping the Kirkland, Wash., police recently bust an alleged fraud ring that was using card data from 15 cardholders and targeting 20 major retailers in piling up tens of thousands of dollars in fraudulent counterfeit card charges, the company reported March 22.
Iovation executives and Kirkland police will share their story at the Merchant Risk Council’s e-Commerce Payment and Risk Conference March 29 in Las Vegas, informing attendees how they collaborated to sniff out the hackers.
Those attendees are likely to hear quite a bit about the cloud-based ReputationManager 360 software, which sits at the core of Iovation’s fraud-prevention offerings by using device identification to provide merchants valuable information about a transaction’s origin.
ReputationManager 360 helps retailers or credit issuers determine whether a transaction could pose a potential fraud threat based on a client’s specific business rules for evaluating the transaction, Jon Karl, Iovation vice president of corporate development, tells PaymentsSource.
Portland, Ore.-based Iovation delivers a reputation score and recommendation for each transaction it reviews, allowing the client to determine whether to allow, deny or further review the transaction, Karl adds.
“More often than not, Iovation already has experience with a customer through our shared subscriber network of 900 million devices when it first shows up at any particular subscriber’s business,” Karl says.
ReputationManager 360 provides deep analysis by focusing on the Internet devices used by a client’s customer. “When a customer logs in from device A, we’re not just exposing the reputation of that device,” Karl explains. “We’re actually exposing the reputation of all devices used by that customer, as groups of related devices are an excellent proxy for unique but anonymous customers.”
Iovation places the software in the area of a website the retailer considers the most risky. “The software can become part of an account setup, an account charge, the checkout page, or any other page,” Karl says.
The software provides a response to retailers within a half-second after a customer initiates a transaction. “We provide real-time response to the billions of transactions we check every single day, and we are stopping over 150,000 online-fraud transactions a day,” Karl adds.
Iovation, which sells the software-as-a-service to retailers through direct channels or independent sales organizations, bases monthly pricing on client use or how often the client calls the Iovation service desk to check on the reputation or risk of a particular device involved in an online transaction, Karl says.
The company doesn’t seek out a role in crime investigations; police more often come forward with a request to Iovation for information, Karl notes.
“It is even more common that fraud analysts interacting with our ReputationManager 360 administrative console can obtain most of the information they would need on their own,” Karl suggests.
The Kirkland fraud case started as a small incident in which police were eyeing a suspect who may have victimized one cardholder by completing $5,000 in fraudulent charges at electronics and department stores. ReputationManager 360 data helped police tie in more than a dozen additional victims, leading police to discover the hacker was operating out of various hotel rooms and working with other hackers in the Kirkland area.
In an Iovation press release, Kirkland police Det. Adam Haas said the case was unusual because it was not exclusively an online or offline crime.
“Offline clues helped, but the online digital bread crumbs sniffed out by Iovation were critical in tying everything together, leading to a much bigger crime ring than we originally suspected,” Haas said.
Police rely on banks, retailers and e-commerce companies to be the first line of defense in payment-data fraud cases, Julie Conroy McNelley, senior analyst and fraud expert with Boston-based Aite Group, tells PaymentsSource.
“The banks and retailers have to investigate and figure out what is going on, and then go to the police for help in pursuing it legally,” McNelley says. “The Kirkland case with Iovation worked well because it was in a small town and the crimes were in a specific geographic area.”
More often, police have difficulty providing time and resources to pursue card-data crimes, resulting in low prosecution rates, McNelley contends.
In early 2011, Iovation completed a deal with Ukash in the United Kingdom to establish security for the Ukash prepaid voucher service (
What do you think about this? Send us your feedback.
