OPW INTERVIEW -- May 26, 2007 -- For the last three years at the internet dating and social networking conference I’ve heard requests for a service for sharing scammer IP addresses amongst dating companies. I never quite got around to setting up such a sharing service. Instead, I’d like to introduce you to iovation. They provide a device fingerprinting and and sharing service that goes way beyond the simple scammer IP address list sharing service I’d considered setting up. - Mark Brooks
What does iovation do?
We are the device reputation authority for the Internet. We’re building a real time platform that an online entity can reach out to understand something about the reputation of the laptops, PDA’s, cell phones, the physical devices that consumers use to connect to the web and ultimately to an online service.
The founders of iovation founded a previous business that we sold in 2004 for several hundred million dollars. The technology that under pins what Iovation is doing today was really born in this company.
How does iovation work?
We track every device that is used to connect to an online service and identify that device uniquely in the world, not unique to network A but unique period. When that device, in the future, connects to network B, network C, etc. we will still see it as the same unique device (laptop 101, for sake of discussion).
In addition to identifying devices uniquely in the world, we associate logins to a network to all the physical devices that they ever used to connect to that platform. When an account causes a problem on a network, understanding device to account relationships helps you understand all other accounts and all other devices related to that problem. Now what a network can do is associate the problem that occurred through account Bob but not just stop there. They can then understand all the physical devices that account Bob has ever used to connect to their network. They can then understand all other accounts that have ever used those devices and you can see how this could go from there. Account to multiple devices to multiple accounts to other devices, etc. We are identifying an entire collection of accounts and devices related through common log ins.
Many abusers of online retailers, social networks, and dating services require consumption of massive numbers of accounts. And generally speaking good Internet citizens don’t have that same type of behavior. So far first starters device to account relationships help identify potential problems that require investigation. More valuable is that we stop the revolving door that exists on those networks. When most networks experience a problem with an account, they simply close the account, the problem is it doesn’t really do anything. So the actual individual behind that abusive account isn’t prevented from coming right back and potentially getting another chair, I mean right back into the network through the same computer and setting up another fraudulent identity and repeating the behavior you’re trying to stop in the first place.
So what we are doing again through this platform we’re building is help organizations to better understand all related accounts and devices and shut them all off and prevent them from coming back and continuing the abuse.
Most important of all, we share reputation; we share the problems that are experienced with physical devices across all of the networks that use our platform. So if a computer is associated with say posting inappropriate content at site A, if in several months down the road that same computer attaches to a different social network, even if that computer has never before connected to that second social network, they will be made aware of the problem that occurred on network A, if they’re both subscribers to our system. They get to make a better business decision as to what to do. It doesn’t mean they have to deny access, it just means they will be informed of that fact and they get to make a business call.
What industries do you work with?
We have a strong presence in the gaming industry, so massive multi-player online games. We’re also strong in financial services and e-commerce/online retail.
How can you help online dating companies specifically?
We have both online dating services and social networks coming to us with different issues but the issues are related to behavioral problems more than financial problems. Those networks, of course, some of them take financial transactions and when there are financial transactions taking place virtually there’s generally a use of financial instruments. So we can certainly help address that problem. (credit card chargebacks, for example).
But the thing that is unique to social networks and online dating services is that some of the abuses taking place there are not finance related, they are behavior related, posting of inappropriate content for example, stalking kids or using a platform to spam other accounts, using a platform to perpetrate other types of fraud against members, the so called Nigerian scam for example. So those types of non-financial related frauds aren’t addressed by many of the other risk mitigation platforms. And while the cost may not be “financial” in terms of actual dollars and cents; it is indeed financial if it affects the reputation of the site—and creates a sense of lost confidence in the safety of the site. This of course then can mushroom, and affect the reputation of the entire industry—so this is more than just an individual network problem; it’s a macro problem facing the entire online dating industry.
So I believe the reason there’s been tremendous interest among social networks and dating sites for what we’re doing is that we happen to have a platform that, in fact, helps stop the revolving door that exists relating to behavioral abuses and behavioral problems of those networks. Our system works the same way for say preventing the posting of inappropriate content at a social network or using a dating site to spam other members as it does when it’s being used by an online retail site to stop the passing of stolen credit cards. Same exact technology implemented in the same exact way, used exactly the same way, it’s just that it’s being targeted to stop one type of abuse in one vertical and a different type of abuse in another vertical but it’s the same platform. So we’re allowing clients to share the information across multiple industries. And interestingly, we’re seeing very interesting cross-over; namely, a device associated with credit card fraud at a traditional eCommerce site that is trying to establish an account at a dating site. This is potentially very predictive information.
Ultimately, we don’t make the decision as to whether a device is allowed to set up accounts or post content or interact or transact with a site. We allow each of our subscribers to set up rules that are unique to each of their businesses. We follow rules that are unique to our subscribers. That’s a very important distinction.
The other thing that is very important to understand is you don’t have to share to use our service. So we do have, although it’s a very small number, but a few of our current customers don’t share. That is an option. The catch is if they don’t share they don’t get the benefit of seeing device reputation data from other subscribers..
Can you work with other device print vendors?
Yes, although we haven’t had this come up. We’ve never been asked to do that but we are certainly open to it. What makes us valuable is our reputation authority. We believe that we do device printing as well if not better then anybody else in the world. But the real value of what we are building is a reputation authority. If we had a potential customer that had their own device printing technique or they liked the device printing solution of some other organization, we would be happy to try and incorporate that.
How many devices do you currently have on record?
I believe the current number is 8 ½ million.
Over how many years?
Iovation is in its 3rd year as a company; but the device reputation database was established five years ago (going back to our previous company), and has been growing from there.
What are iovation’s goals for 2007 with the online personals industry?
In ’07 we want to have a marquee subscriber to our service that we can work with as a partner to understand the issues that are unique to that vertical and make sure that we can understand those problems and can work with other social networks as a partner.
This post also appears on SocialNetworkingWatch
The solution to keep out scammers and spammers is a good step in the right direction however it does not go far enough when you consider a scenario where the person in question can easily use internet cafes and different account details to continue to commit frauds and spam.
A more rigorous solution is needed to tackle the scamming and spamming issues.
Posted by: April | Jun 05, 2007 at 04:12 AM
I find it exciting to see this sort of thing being implemented to address behavioural problems. The behaviour of members of a site can make or break the reputation of any new dating site so technology to help analyse and filter known trouble makers by their hardware would be great.
Posted by: Geoff | Jun 05, 2007 at 01:05 PM
Hi April,
iovation's ReputationManager does provide you with facilities to manage internet cafe PCs; allow them, block them, keep a watchful eye on them.
Three questions I always ask are 1) What percentage of your current site traffic is coming from cafe PCs? 2) What percentage of your fraud is occurring on these cafe PCs? 3) Should you continue to allow site access from a cafe PC that has committed fraud on your or another's internet site? (For that matter, should you allow any cafe PCs to access your site? What are you loosing vs. what are you gaining?)
The answer to these questions tends to vary from merchant to merchant as does the effective set of fraud procedures to deal with this issue.
Posted by: TheFraudKahuna | Jun 05, 2007 at 03:41 PM
It's important to trace the source of traffic so you can determine if your site has a variety of visitors.
Posted by: internet payment solutions | Apr 06, 2011 at 06:11 AM