Web Transactions and Device Reputation – iovation Lead the Innovation

Written By: Nigel Stanley
Published:
Content Copyright © 2008 Bloor. All Rights Reserved.

Most people would like to believe they have a good
reputation, maybe as a parent, business partner or professional. But what about
the reputation of the devices they use on a day to day basis?

Imagine the millions of online transactions that occur each
day as users buy all manner of goods across the internet. Most of these
transactions will pass off without problem as the majority of customers are
honest and simply want to make a purchase. Unfortunately, as we know, there are
a minority of people out there trying to get away with stealing goods online
using fraudulent credit cards. ‘Card holder not present’ crime, as it is called,
is escalating as shop based transactions become more secure due to chip and pin
cards.

Many online retailers will trust the credentials entered by
the potential shopper after undertaking some basic security checks such as
ensuring the credit card is registered at the delivery address. The problem is
that criminals can get around such basic checks, as is evident by the massive
increase in card frauds.

An interesting way of dealing with this issue has been
created by a company called iovation
who, incidentally, have recently
attracted growth capital of $15m in support of their business plans.

iovation are interested in device reputation, which is
literally the reputation of your computer or other hand held device as it is
used on the internet.

Instead of checking user credentials, the iovation product
checks the attributes of a device to create a fingerprint which uniquely
identifies that device on the internet. The details of the attributes that are aggregated to create this
fingerprint remain confidential but would typically be things such as hardware
serial numbers through to more obscure configuration and third party software
settings. In a similar way in which a pathologist can identify a body based on
dental records a device can be identified with increasing levels of confidence
as more attributes are confirmed.

Of course advanced hackers would obscure many of these
attributes with spoofing techniques but many others are hidden away from all
but the most sophisticated black hat.

Once a device has been uniquely identified its usage history
can be checked to see if it has been used to undertake any real or potentially
fraudulent transactions across the internet. If so, the vendor can then block
the device on the basis that the attempted transaction is possibly a fraud.

Device reputation management is a relatively new market in
the world of IT security. A number of retailers have attempted versions of this
but are unlikely to have gone as deep as the specialists at iovation. Is this a
perfect solution to online fraud? Of course not, but placed into a retailer’s
armoury as an adjunct to other good security practices it will offer a better
sense of security than many have seen for a long time.

iovation has a way to go to build the new device reputation
market but coupled with the company’s switched-on CEO, a desire to build a
solid business from the start and $15m in growth capital, this could be one to
watch.