Recently I had the pleasure of speaking with Jay Johns from Iovation. Simply put, Iovation brings a level of security to online transactions unlike anything else I’ve ever seen.
Iovation’s patented technology builds historical information about every computer used to connect to an online service, including device to account relationships and types of problems associated with unique devices. ReputationManager is an iovation service that Iovation identifies suspicious devices and accounts, stops abusive and fraudulent behavior from reoccurring, and risk-shares with other sites using the service.
Sites protected by ReputationManager benefit from all methods of fraud detection at every other online service using the system. Computers used to connect to online services develop negative reputation when they are associated with specific problems. Over time, computers establish a positive reputation when they remain unassociated with problems or suspicious patterns of behavior. Beyond managing fraud and abuse, the ultimate value of iovation’s service is establishing trust which leads to improved customer service and increased revenue. Intel Capital recently led a $15 million inv*stment and will partner with iovation to accelerate growth.
Profitable since day one, Iovation could have grown organically but they saw the opportunity to take funding to expand smartly. Another announcement in two weeks is expected from anew partner.
Iovation needed the relationship with Intel more than the money. Intel’s challenge is that as the net grows, more people are concerned about commerce online. Intel can sell more machines. Iovation gets access to Intel intellectual property and resources.
Iovation’s core technology has been in service since February 2002 and the company has cultivated over $8 million in recurring revenue growth in 2007. The company anticipates handling over a 1 billion real-time reputation inquiries in 2008 from customers representing a number of verticals including financial services, retail, travel, and online gaming.
The company has been around for five years. Spawned out of the gambling industry, where they developed infrastructure software for turnkey online gambling sites. Initial product was developed to reduce fraud losses associated with the online gambling market. Then spun off as Iovation.
In a nutshell, Iovation does device fingerprinting. The fingerprint is based on information gathered about visitors to client sites. Things like IP address, cookie, software versions of the operating system, Java, Flash, etc.
Fingerprints are stored in a global blacklist: Bad behavior on one site is broadcast to partners. The more sites that use Iovation, the better the filtering is. If a different device is used to access a previously-identified fraudulent account, the new device is also flagged.
Reputation Manager is first product.
Two primary ways of identifying client.
1) Client download: bake application into download.
2) number of different components in browser session.
Iovation is not daunted by anonymous proxy server. They collect device information.
Iovation protects users and operators: They pass absolutely no personally identifiable information.
Operational efficiency is a key benefit: Two fraud managers doing the work of 20.
Iovation will not create a digital fingerprint of device unless absolutely sure they are creating a valid ID. Avoid false-positives at all costs, only block bad clients, never good. Fingerprint is sent back to Iovation with a transaction identifier. Once a device fingerprint is stored in the database, it can be looked up in real-time. If the fingerprint has been seen before, a series of checks will find out if an Iovation client has ever flagged the device with negative reputation. If so, passes an alert back to client. “We’ve seen this fingerprint, assign a negative reputation.”
Iovation can pass back 30 different categories of reputation. I had to sit down and think about that for a while. Gaming sites are more concerned about things like chip dumping, which requires a different blend of reputation attributes than a dating site or social network, which are more concerned with site and member reputation.
Iovation has clients in dating and social networking, e-commerce and gaming markets. Role Playing Games are a new category of client. Iovation is able to identify people who are pretending to be more than one person.
Other key points:
- Developed transparent device identification method.
- Social aspects of behavior or fraud management.
- Relatively agnostic, solution works well with other tools as augmentation.
- Visibility into network they never had before.
What does it look like when you are flagged by Iovation? A screen pops up with a message to call customer support. Transactions are halted without tipping off as to how the perpetrator was caught.
Pricing: ASP model. No on-site installation. SOAP server integration. One time up front license/integration fee with a per-transaction, round-trip fee.
Velocity reporting capability: Don’t have to be nailed by service to belong to blacklist. Tying together transactions and devices. Report brings together transactions and accounts in real-time.
New concept: Trickle Fraud – fraud spread out over number of weeks. Iovation catches it.
Negative Affects of Targeted Advertising
It’s straightforward to serve up ads targeted to my zip code, which appears absolutely quaint in comparison to what Iovation knows about your devices, even if it is not personally identifiable information.
With hardware level security occurring at an increasing number of websites and increased interest in reputation, I can only imagine what the marketers will come up with once they find out about Iovation.