Comments on: Iovation Prevents Online Fraud And Abuse http://onlinedatingpost.com/archives/2008/02/iovation-prevents-online-fraud-and-abuse/ Online Dating Industry Consulting & Commentary Sun, 21 Mar 2010 01:13:13 +0000 http://wordpress.org/?v=2.9.2 hourly 1 By: ComputerWorld explains what’s under the covers of eHarmony · eHarmony Blog http://onlinedatingpost.com/archives/2008/02/iovation-prevents-online-fraud-and-abuse/comment-page-1/#comment-235627 ComputerWorld explains what’s under the covers of eHarmony · eHarmony Blog Sat, 14 Feb 2009 18:42:55 +0000 http://onlinedatingpost.com/archives/2008/02/iovation-prevents-online-fraud-and-abuse/#comment-235627 [...] is the very first time I’ve heard that eHarmony uses Iovation. Read what one of our readers, David Evan, wrote about it in February last [...] [...] is the very first time I’ve heard that eHarmony uses Iovation. Read what one of our readers, David Evan, wrote about it in February last [...]

]]> By: thatMartin http://onlinedatingpost.com/archives/2008/02/iovation-prevents-online-fraud-and-abuse/comment-page-1/#comment-149840 thatMartin Thu, 14 Feb 2008 23:30:21 +0000 http://onlinedatingpost.com/archives/2008/02/iovation-prevents-online-fraud-and-abuse/#comment-149840 Let's look at the Iovation system from a different angle: When CPU chip-makers (Intel, ...) planned to implement a unique ID that would be readable by software, privacy advocates won and our CPUs have no such IDs so fingerprinting is more complicated and less reliable. To be exact, it is not even possible without popping up warnings about plugins or components being downloaded and requiring users to make additional steps so forget about mass adoption by marketers - no one will allow an ActiveX component to be able to see the banners. I am sure many companies fighting spam/scammers/fraud used these same steps: 1. log all problematic IPs, ban them, (fraud now comes from unique IPs never seen before) 2. use simple cookies to flag them (fraud now comes from uncookied fraudsters) 3. ban all anonymous proxy traffic, (fraudsters always have one more proxy or other service usable in this way) 4. add poor-man's fingerprinting using various data passed from the browser (now you have false positives and fraud still goes through now and then) 5. use more advanced tagging (I won't go into details to avoid misuse) (fraud is a bit less of a problem at this stage but it's still there) 6. now you realize that you have a huge anti-fraud system that catches 2/3 of it but the fraud traffic has trippled since you implemented it. Logical next step is to use some fingerprinting technique that can distinguish 2 brand new computers sitting in the same room. You realize this can not be done reliably from a bare browser - a browser plugin/component is needed since it can access a lot of unique data. When you swallow the fact that you will lose quite a lot of visitors due to some weird warning message popping up in their face plus endless compatibility problems you think you finally have a solid gun to fight. You develop the required components and hope your community becomes fraud free. Right? Wrong! You can not use your new system because Iovation has this wheel patented! So you either have to buy from them or live with the scammers. Maybe I am not 100% right but this is how I see it. Happy Valentine's! Martin Let’s look at the Iovation system from a different angle:

When CPU chip-makers (Intel, …) planned to implement a unique ID that would be readable by software, privacy advocates won and our CPUs have no such IDs so fingerprinting is more complicated and less reliable.
To be exact, it is not even possible without popping up warnings about plugins or components being downloaded and requiring users to make additional steps so forget about mass adoption by marketers – no one will allow an ActiveX component to be able to see the banners.
I am sure many companies fighting spam/scammers/fraud used these same steps:
1. log all problematic IPs, ban them, (fraud now comes from unique IPs never seen before)
2. use simple cookies to flag them (fraud now comes from uncookied fraudsters)
3. ban all anonymous proxy traffic, (fraudsters always have one more proxy or other service usable in this way)
4. add poor-man’s fingerprinting using various data passed from the browser (now you have false positives and fraud still goes through now and then)
5. use more advanced tagging (I won’t go into details to avoid misuse) (fraud is a bit less of a problem at this stage but it’s still there)
6. now you realize that you have a huge anti-fraud system that catches 2/3 of it but the fraud traffic has trippled since you implemented it. Logical next step is to use some fingerprinting technique that can distinguish 2 brand new computers sitting in the same room. You realize this can not be done reliably from a bare browser – a browser plugin/component is needed since it can access a lot of unique data.
When you swallow the fact that you will lose quite a lot of visitors due to some weird warning message popping up in their face plus endless compatibility problems you think you finally have a solid gun to fight. You develop the required components and hope your community becomes fraud free.
Right?
Wrong!
You can not use your new system because Iovation has this wheel patented! So you either have to buy from them or live with the scammers.
Maybe I am not 100% right but this is how I see it.

Happy Valentine’s!

Martin

]]>