Marco Spoerrle, Exposing Device History Reduces ‘Friendly Fraud’ Rates
For many online merchants, friendly fraud is a persistent problem. Without the right security tools in place, it is difficult to identify whether or not a customer is committing fraud.
According to the article, “Friend and Foe? Combating E-Commerce ‘Friendly Fraud’,” financial cybercrime against card-not-present (CNP) retailers can take many forms. While MasterCard says 70% of [...]
Dr Akif Khan of CyberSource and Greg Pierson of iovation talk to eGaming Review about the ways in which their companies are fighting fraud within the online gaming arena
MANAGING THE THREAT of online fraud is a tricky business; overly stringent
precautionary measures can put players off, while seemingly lax security can affect client confidence, particularly where payments are
involved. Offering unobtrusive fraud-prevention measures while reassuring the customer is increasingly important as fraudsters come up with new ways to attack gaming sites. CyberSource’s Dr Akif Khan and iovation’s Greg Pierson tell eGaming Review about the latest developments in fraud prevention and how their companies are keeping the bad guys at bay.
eGaming Review (eGR): How does fraud prevention affect legitimate clients, and what measures can be taken to avoid the loss of good custom?
Dr Akif Khan (AK): Some fraud-screening tools can operate too rigidly, resulting in good customers being turned away unnecessarily. To help avoid the loss of good custom, egaming merchants should invest in an automated solution that enables them to build rules specific to their customers’ behaviour. In addition, focus should be given to recognising good behaviour rather than just trying to spot bad behaviour. Having an adaptable fraud solution, rather than a ‘one size fits all’ approach will help to prevent the loss of legitimate customers while still minimising fraud.
Greg Pierson (GP): The impact of fraud prevention on legitimate customers varies tremendously depending on the risk-mitigation techniques used and the approach taken when responding to potential threats. Ideally, fraud management should be invisible to your customers, preventing threats in the background, in real-time, while protecting the identity and privacy of your customers.
We suggest looking for solutions which offer low false-positive rates so that good players are not mistaken for bad ones, along with solutions which do not interrupt the player experience, but provide efficiencies in the review process, are highly scalable and enable you to respond to requests appropriately.
eGR: What unique services does your offering provide to guard against fraud efficiently and com-prehensively?
AK: The most effective way to protect businesses from online fraud is to use a combination of anti-fraud tools, gathering as much information about each transaction as possible.
CyberSource Decision Manager includes over 200 validation tests and services (such as device fingerprinting, velocity checking and IP geolocation) to help egaming companies catch fraudulent behaviour sooner and more accurately. Each order is simultaneously compared with data collected from thousands of merchants worldwide, to highlight anomalies that may signal fraud.
GP: iovation provides a real-time service which exposes the reputation of computers that connect to your business. We have a database of over 350 million unique computers from every country in the world and our shared platform allows gaming sites to benefit from the traffic, relationships and information provided by thousands of global fraud analysts, representing more than 300 major online brands. Besides knowing when a bad device touches your site, our multi-layered approach also looks at transaction anomalies, velocity rules, profile risk and associated accounts and devices to identify fraudsters. Combining fact-based evidence with inference of risk helps sort the good from the bad at transaction time with nearly zero false-positives.
On average, our gaming customers see a 40% uplift on fraud stopped by leveraging global information, as opposed to just looking at the activity on their own site. In the past 90 days, our platform has stopped 5.6 million fraud attempts. Of these, four million were caught because of activity within individual sites, with the remainder identified through activity on other sites. If a device has defrauded several other gaming sites, why not use this information to avoid the problem in the first place?
eGR: What new forms of fraud have been noted in 2010, and how can these be guarded against? What do you do to keep one step ahead of fraudsters?
AK: Fraudsters are always finding new ways to commit fraud. During 2010 we’ve seen an increase in the number of fraud attacks involving botnets. Fraudsters have long been able to use proxy servers to circumvent IP geolocation checks, but the latest evolution of this trend is organised criminals distributing malware onto innocent people’s computers via phishing sites or email attachments.
This malware effectively turns the computer into a proxy server through which the fraudster can
send transactions, unbeknown to the genuine user of the computer. When a criminal has infected a
large group of computers it is known as a ‘botnet’, which becomes a valuable commodity to rent out
to other fraudsters to use, as it enables them to
hide their location behind a large network of
proxy servers.
One way that egaming merchants can guard against this is to use a vendor with strong device fingerprinting and proxy piercing capability.
GP: So far this year, we are seeing high levels of attempted credit card fraud, collusion, affiliate fraud and account take-overs. Sharing information is key to staying ahead of the fraudsters. Our platform allows gaming sites to benefit from the knowledge of traffic and experience at other sites. Moreover, our platform helps sites benefit from all the fraud management tools and resources across all the business we protect.
eGR: How important is technology to the prevention of crime and fraud in the egaming sector, and what kinds of technologies have been developed recently in response to fraud?
AK: Technology is a critical component in winning the battle against fraud. The most recent innovations in CyberSource’s toolset include powerful device fingerprinting capabilities that enable merchants to accurately and uniquely identify a computer that is being used to transact on their website. This is done passively without interfering with the customer experience, and helps egaming merchants spot fraudsters who are registering multiple times under different identities, for example.
Another cutting-edge feature is the ability to pierce through proxies to establish the true IP location from which the transaction data is originating. If a fraudster was sitting in, say, Vietnam but routing transactions through a proxy in, say, France, this technology would be able to accurately identify their true location and not be fooled by the proxy. This has proven to be exceptionally useful for our merchants.
GP: Technology is necessary to manage risk at scale and optimise operational efficiencies. But technology, people and processes have to work together. We continually add new rules and capabilities to our platform, giving our subscribers greater flexibility and control over the activity on their website by incorporating deep intelligence about end-user devices, associated accounts, and shared history. Alerting sites the moment a bad device touches their business and identifying risks in real-time based on device characteristics and behaviour has already flagged nearly 16 million fraudulent transactions for our clients in the first six months of this year.
eGR: To what extent is the increasing role of alternative payment methods becoming integral to online crime?
GP: The attack surface has increased significantly with the proliferation of alternative payment methods. Every new payment method, like every new feature, creates potential new ways for bad guys to damage your business and exploit your customer base. Multi-layered risk-mitigation strategies and sharing across verticals, geographies and fraud teams is critical.
eGR: How important is choosing the right payment provider in the prevention of fraud?
AK: Merchants should choose a provider that can offer a comprehensive fraud-management solution worldwide. Each business is unique, so it is critical that both organisations work together to define requirements and determine the most suitable approach, whether this is supporting an in-house fraud team or fully outsourcing. Merchants should also work with a provider that offers global coverage and understands ecommerce across the world, not just in the local region. After all, fraudsters are not limited by geographical boundaries.
GP: Choosing a payment provider, or a complimentary set of payment-service providers, is an important decision. Some solutions leave the risk for you to manage, some leverage sophisticated anti-fraud technologies, while others assume the risk. Payments are just one aspect of your business subject to fraud and abuse. No combination of payment-service providers is going to help you stop fraudsters from returning to your site to set up new accounts. Nor will payment-service providers help you uncover account take-over attempts, underage players, chat abuse, chip dumping and other fraud and abuse attempts outside of the payment process.
Specific end-user interactions need the right level of protection, based on what is at risk. The mix of tools you use and the flexibility of individual solutions can help you customise an approach appropriate for individual points of interaction and their associated risk. Ultimately, it’s about balancing risk with customer experience, revenue, and other factors that are important to your business.
(c) WWW.EGRMAGAZINE.COM AUGUST 2010
http://www2.iovation.com/e/1692/es-pdf-egr-fraudroundtable-pdf/I7OGW/204834332
http://marcospoerrle.blogspot.com/
http://marcospoerrle.com/blog/
https://twitter.com/marcospoerrle
https://twitter.com/spoerrle
http://www.facebook.com/pages/Marco-Spoerrle/108765315840487
http://advertising-marketing-techniques.marcospoerrle.net/
Jobs: Software Update to Address iOS 4 Performance Issues on iPhone 3G ‘Coming Soon’ Marco Spoerrle: http://bit.ly/a12sgW
Advertising Apple AppleCare Blog Book Facebook FBI iPhone Marco Spoerrle marcospoerrle.com market your business Marketing During Recession Marketing Ideas Privacy Sales and Marketing Security Social Media Social Networking social networks Spoerrle Strategies to Help Teacher Tips for Newbies traffic www.marcospoerrle.com Your Business Grow YouTube
Google today announced an update to its Google Mobile App for the iPad, iPhone, and iPod touch, bringing push notifications for Gmail and Google Calendar.
Ever missed an appointment or important email because you were away from your desk? Now Google Mobile App can help with push notifications from your Google account to your iPhone — an icon badge shows you’ve got new mail in Gmail, and Google Calendar event reminders appear right on your home screen.
Also included in the update is as-you-type results for searches on flight info, weather, stock quotes and currency conversions.
The update appears to just be going live now, and may not yet be appearing for all users.
http://marcospoerrle.blogspot.com/
http://marcospoerrle.com/blog/
https://twitter.com/marcospoerrle
https://twitter.com/spoerrle
http://www.facebook.com/pages/Marco-Spoerrle/108765315840487
http://advertising-marketing-techniques.marcospoerrle.net/
posted by Eric Slivka on Monday August 23, 2010 01:47 PM
Facebook Sues Teacher Resource for Using the Word “Book” – Marco Spoerrle
Facebook is suing a company called Teachbook, which operates a social networking site for teachers, apparently because it has “book” in its name and “competes” with Facebook. Teachbook is described as “a professional community for teachers”. Sounds like a threat to Facebook’s existence doesn’t it?
Do you think Facebook should be suing Teachbook? Tell us what you think.
Ryan Tate at Valleywag draws on some irony, saying, “Imagine: Someone ripping off the name of an existing social networking tool for his own site. Why, that hasn’t been done since 2004 when some punk kid at Harvard registered TheFacebook.com while college administrators were already developing their own ‘online facebook.’”
The beginning of the suit reads:
Facebook has become a worldwide social, cultural and political phenomenon. With fame comes imitation. Here, Defendant Teachbook.com LLC rides on the coattails of the fame and enormous goodwill of the FACEBOOK trademark. Misappropriating the distinctive BOOK portion of Facebook’s trademark, Defendant has created its own competing online networking community in a blatant attempt to become Facebook “for Teachers.” Despite Facebook’s protests, Defendant has willfully and deliberately persisted in its misappropriation of the Facebook brand, forcing Facebook to protect its user community and the strength of the Famous FACEBOOK trademark through this action.
They’re protecting us – the user community.
When a user (teacher) joins Teachbook, the site promises the ability to manage a professional profile and all info in the account by choosing to share with admins, colleagues, parents, or public. It lets teachers create lesson plans, instructional videos, and other teaching resources. It lets users manage their classroom communications with secure parent-teacher communication tools (gradebook, events calendar, classroom newsletter, homework space). It lets teachers communicate with colleagues through discussion, chat, blogs, etc. It lets them create and manage online courses and instructional modules. It lets teachers manage student grades by recording, calculating, and sharing them within the Gradebook. (I wonder if Facebook knows they’re using the word “gradebook” too).
Facebook drops the following stats in its case for why others shouldn’t be able to use the word “book” in their names:
- Those users spend over 700 billion minutes per month on Facebook.com.
- Facebook is the second most trafficked site in the U.S.
- Over 150 million Facebook users also engage with FB through third-party sites each month
- Over a million sites have implemented tools Facebook makes available
- Through Facebook, users can interact with over 900 million objects (individual and community pages, groups, and events) and 30 billion pieces of content (web links, news stories, blog posts, notes, photo albums, etc.).
“Through this usage, Facebook has permeated the web and Facebook users are accustomed to seeing and expect to see Facebook across the world wide web, not just on the Facebook site,” the suit proclaims. “Facebook, and its FACEBOOK trademark, are famous.”
The suit also mentions that Facebook owns a number of U.S. registrations for the mark FACEBOOK, covering a variety of goods and services, such as online networking services, chat functions, electronic media, online journals with user-defined content and electronic publishing services, and software to enable uploading, tagging, and sharing of electronic media or info.
By this logic, other companies that use either “Face” or “Book” may have to fear. It’s unclear what the company’s stance on the word “the” is, as Facebook was first called “The Facebook”. “The” is only slightly more common than “book”, especially in the teaching profession, I would imagine. Since “the” is no longer part of the Facbook brand, I’m guessing they won’t pursue that.
It’s also worth noting that Facebook just launched a product called “Facebook Places” , even though Google (their direct competitor) already had a product called ”Google Places”.
This suit comes at a time when Facebook is becoming much more integrated with not only the web, as the company pointed out, but the real world as well. Facebook Places is bringing physical locations to Facebook, and other third-parties are also coming up with different ways to connect physical objects (not just places) to Facebook. Watch out, books!
The entire suit can be read here (pdf).
There are about ten common Facebook marketing tactics. (You can probably think of more, but most are a derivative of one of these ten.) It may surprise you to learn that five of these tactics don’t even work — that’s fully half! Now, no Fire God will suddenly appear to smite you if you happen to have done one of the following things. They are definitely mistakes, but they aren’t irreversible. In fact, they’re really only mistakes in one sense of the word.
My perception of these as “mistakes” isn’t about breaches of the unwritten Facebook etiquette either – I dance on those lines myself from time to time.
Rather, I’m calling them mistakes from a perspective of effectiveness, versus the alternative behavior. Whether they’re wrong in terms of just coming across as rude or politically incorrect is another matter altogether.
Having said that, off we go.
Mistake #1 – Posting Signature Links on Profile Walls with Your Introduction
I asked someone why they did this once, especially since I’d already been to their site and purchased the item they were selling on that page.
She said: “I saw someone else do it.”
“How did it make you feel?” I asked.
“I felt kind of used. But I figured if that’s what it takes to be successful, that’s what I’ll do, even if it doesn’t seem quite right.”
Now that’s deep.
I understand though, because once I made the vow to become successful, I also made a vow to do “whatever it takes”. At the time I thought it meant hard selling and being pushy. I later found it meant hard work, and doing what’s right even if there’s a lazier, easier way.
Even if this was once effective in terms of getting clicks from random profile visits, Facebook is now much more stream-driven than it is profile-driven.
And that’s a huge part of why this is a mistake in terms of effectiveness.
Not to mention that people who see these postings as rude or attempts to spam can rémove or hide them. They may even drop you as a connection, which cuts you off not just from them, but from their network.
You’re not missing out on anything by omitting that signature link. Your name, hyperlinked to your profile IS your signature link. If your profile is set up correctly, prospects will get to your site from there.
Mistake #2 – Pitching
If you want to pitch people on Facebook, purchase an ad on Facebook.
It doesn’t have to be a Facebook ad – purchase one in a popular Facebook application. No matter how good your elevator pitch is in real life, it doesn’t translate in online networking. Let me give you a hypothetical example from the real world.
Imagine you go to an after-work bar. People go there to relax with work friends, to meet potential mates, on actual dates, and to get to know other people in the business.
You’re unwinding with colleagues when someone walks up, and without forewarning, tries to sell you some steak knives. When you stare blankly, they shrug, and move on to the next person.
We all may chuckle to ourselves, and wonder what that person is thinking… but are you ever the knife salesman when you’re on Facebook?
Honestly, when I first came here, I was tempted to be.
Thank God my better judgement stopped me. I’m telling you that to say this – if you’ve been the knife salesman don’t be ashamed, you didn’t know any better. It’s not like they issue marketing lessons with your incorporation papers.
Just make a vow, right now, to always check yourself before you post. Ask yourself “Am I Networking or Pitching?”
Mistake #3 – Artificial Bonding
I’d respect a person more who was upfront with me, and said they were hoping we could work together, or do some business, than someone who pretended to care about me in order to get me to have a conversation that they could then direct to their pitch.
I wouldn’t purchase from them, at least not then. But at least I’d still respect them, which means I could change my mind in the future.
Pretending to like people until you get the chance to try to sell to them is really just pitching with a little bad foreplay first.
Bad foreplay isn’t better than none at all.
Mistake #4 – Favoring Uphill Marketing Over Downhill Marketing
Again, this is a mistake in terms of how effective it is. In my own experience, as well as in case studies of clients, it always works out better when you create a fantastic marketplace presence and people are drawn to you in droves, seeking to do business with you, rathere than the alternative.
The alternative, of course, is when you go out and pursue customers and clients one by one.
That’s not to say that you should stop advertising, bidding on projects, or being a go-getter in any way.
It means that while you’re doing that, also create a situation where customers are flowing towards you, seeking you out, asking for help.
It’s much less work to get from interest to sale when they come to you.
Mistake #5 – Fishing on Dry Land
A long, long time ago, I was in a network marketing company. Now defunct, the products they have greatly enhanced, possibly even saved, my life. The products were targeted to people who cared about being healthier and eco-friendly.
By Tinu AbayomiPaul (c) 2010
http://marcospoerrle.blogspot.com/
http://marcospoerrle.com/blog/
https://twitter.com/marcospoerrle
https://twitter.com/spoerrle
http://www.facebook.com/pages/Marco-Spoerrle/108765315840487
posted by arn on Thursday July 08, 2010 05:39 PM
BoyGeniusReports posts pictures of one customer’s iPhone 4 having caught fire. The photos come from an AT&T source after the customer brought the iPhone 4 in.
It’s the first time our guy has seen this happen (us too), but the brand new iPhone 4 caught on fire while being hooked up to a computer using the Apple USB cable that accompanied the device. The customer wanted to exchange the iPhone — obviously — for a new, non-charred unit however the AT&T store in question was out of stock. An Apple Store did confirm to our AT&T connection that this did appear to be a defective USB port and not some sort of user error. Our source went onto say that the phone bezel was extremely hot (obviously), and it slightly burned the customers hand.
Apple’s iPod nano has in the past been linked to overheating and potential fires. Apple issued replacements for those iPod nanos that dated back to 2005-2006.
So far, this seems to be an isolated incident.
http://twitter.com/marcospoerrle
http://www.facebook.com/pages/Marco-Spoerrle/108765315840487