VeriSign tracks buyers to fight e-fraud

With a new VeriSign service, online merchants will be able to compare credit card numbers, the names of cardholders and the Net address of buyers in order to spot scams.

Robert Lemos Staff Writer, CNET News.com
Robert Lemos
covers viruses, worms and other security threats.
Robert Lemos
3 min read
In a bid to beat Internet fraud, VeriSign is introducing a service for merchants that will compare credit card numbers, the names of cardholders and the Net address of buyers to spot scams.

The Internet services company announced on Wednesday a new Fraud Protection Service that ties geographical information from its domain registry database--which is managed by VeriSign's Network Solutions--to timing data from its credit card clearinghouse service. The technology, which the company has tested during the last 18 months on its own business, will identify transactions that have an unacceptable probability of being fraudulent.

"It is no secret that Internet commerce is hot again," said Stratton Sclavos, chairman and CEO of VeriSign. "The bad news is that it has become a very big target. As we have seen a shift in the economy, we have seen a shift in the rate of crime."

While e-commerce has grown by nearly 74 percent in the past year, the amount of fraudulent transactions has grown even faster, jumping 114 percent, Sclavos said. Combining Network Solutions geolocational data with data on the timing of online credit card transactions has worked to reduce fraud rates, he said.

The Fraud Protection Service matches up credit card numbers, the names of cardholders and the Internet addresses of the transaction originations in order to estimate validity. "We correlate all that together, and we make inductive decisions about whether that transaction is fraudulent," Sclavos said.

For example, if the service detects that a U.S. citizen's transaction is actually coming from Russia--based on the buyer's Internet address--the confidence that the transaction is valid would plummet.

"With very little learning, just by flipping the switch, we think it will recognize 50 percent of the fraud on a merchant's system," Sclavos said.

Currently, one in four computers and software packages is bought online, and one out of every eight books is bought online, Allan Trosclair, executive director of the Coalition for the Prevention of Economic Crime, said during a conference call with VeriSign.

"As (VeriSign) moves this product onto the market, I think we will see a reduction in the amount of fraud," Trosclair said.

The service, targeted at Web retailers, is the latest in a recent series of security offerings from VeriSign.

Earlier this month, the Mountain View, Calif., company signed a deal with Microsoft to integrate its digital authentication technology with Microsoft's newest version of its server operating system, Windows Server 2003.

The technology, which uses a variant of the mathematics behind encryption, lets people digitally sign data and verify their identity online. VeriSign, which makes server software that manages such signatures on a large scale, plans to launch a service that will take advantage of new features in Windows Server 2003. By working together, Microsoft and VeriSign hope to make authenticated Web services easier to use and more likely to interoperate.

In addition, VeriSign gained Merrill Lynch as a client for its new security monitoring services in late May. The company will electronically watch the computer systems of the giant investment bank and financial management company and work to prevent attacks and intrusions. The company will also be responsible for keeping Merrill Lynch's 300 computer-security devices up to date, it has said.

The fraud protection costs $19.95 a month and five cents a transaction for the basic service, which includes U.S. processing. Merchants are charged a fee of $49.95 a month and 10 cents a transaction for the enhanced service, which accepts international transactions. The service also works in conjunction with the secure transaction services from Verified by Visa and Mastercard SecureCode, according to statements by VeriSign.

Dan Moniz, staff technologist for the Electronic Frontier Foundation (EFF), worried that the service signaled the latest move by a company to offer technology that eroded the anonymity of the Internet.

"It will make anonymous transactions that much harder in the name of reducing the number of chargebacks," he said, referring to refunds made typically at the merchant's expense. "Do you start blocking people because they don't want to identify themselves?"

In the end, people that want to buy digital goods anonymously might have to subscribe to a special service and pay extra, he said.