by Simon Quicke
2 April 2008
Copying an enterprise-level security approach could reduce the number of resellers falling victim to cardholder-not-present (CNP) fraud.
Concentrating on the reputation of the device, rather than trying to focus on verifying the identity of the person making the order, is an alternative approach similar to the one used to determine access rights to corporate networks.
Greg Pierson, CEO at iovation, a firm which runs a device reputation database, said that it was easy for a fraudster to get hold of personal information but nowhere near as easy to mimic a computer’s identity.
Using a database that stores details on PCs and laptops, iovation has devised a system that warns a retailer if an order is being made on a machine with a bad track record, which could indicate it is being used by a serial fraudster.
"It can help if a business can reach out and establish what the reputation of the device is on the internet. Why aren’t we looking at the computer? It is the missing element," he said.
He said the move was not yet officially endorsed by the credit card companies, but iovation had talked to Visa and Mastercard and did not rule out working more closely with them in the future.
Andrew Goodwill, managing director at fraud detection service Early Warning, said the best way to combat fraud was to focus on the individual ordering the goods.
"You look at the individual ordering and the details they have given and compare them with orders that have been made with other retailers. You can’t do it on the machine," he said.
He added that fraudsters use Internet cafes and exploit shared computers in offices to make it harder to detect their activities.
