The software runs on a company’s Web site, capturing the serial number and other hardware “fingerprints” of any PC that logs on–when a user clicks on a page, purchases a product or places a bet. If the transaction turns out to be fraudulent, the PC’s fingerprint is added to a database of computers with bad reputations. Subscribers to the service, offered by Portland, Oregon-based iovation, are alerted every time a dubious PC shows up to do business. So far 30 companies in 11 countries in North America and Europe have joined iovation’s “Reputation Manager” network. Once a firm is ripped off, the whole group is protected. “They have to suffer some pain to identify a problem,” says iovation CEO Jon Karl, “but they only have to get hit once.”
The database sorts PCs into 20 categories, which range from the use of profanity in online forums to outright fraud. It’s up to subscribers to decide whether to accept the PCs or not, or to “challenge” users with questions to better ascertain their identity. “We’ve seen a huge decrease in credit-card fraud,” says the antifraud manager for Poker.com, an online gambling company based in Brisbane, Australia. The cost of the service varies with query volume; heavy users pay less than a penny per reputation check. By contrast, U.S. businesses alone will lose $3 billion to online fraud this year, estimates Boston-based consultants Celent.
A big limitation to the database is that rather than stop fraudsters it just increases the cost of doing business. Serious crooks can circumvent the software by moving from one Internet café to another. Still, companies are likely to seek out anything that gives them an edge in shoring up their security. Privacy is another question mark. How will consumers react to their PC’s signatures being recorded? Most of iovation’s clients won’t admit that they use the service for fear of arousing the ire of Web surfers. If it works, on the other hand, the added security may become a selling point. For fraudsters, that’s bad news indeed.
