Establishing a data center in Amsterdam will allow Iovation Inc. to provide faster fraud protection for its European clients. But it also will put the online security provider in the heart of a growing global fraud menace.
The Portland, Ore.-based company opened the center April 25.
Online merchants and financial institutions in Europe and Africa using Iovation’s ReputationManager 360 software to screen online transactions for potential fraud represent the main service focus of the new data center, Scott Waddell, Iovation vice president of technology, tells PaymentsSource.
ReputationManager360 provides deep analysis of the Internet devices used by a client’s customers, essentially exposing the reputation of that device and seeking information on other devices that same customer has used. In March, Iovation fraud protection helped law-enforcement officials solve a fraud-ring operation in Kirkland, Wash. (see story).
Even before opening the new European center, Iovation was busy dealing with cybercriminals in Europe. The company revealed in late April the number of fraudulent transaction attempts it stopped in Europe was 60% greater than a year earlier, with the number of attempts increasing every quarter since January last year.
In the past year, Iovation estimates it stopped 15 million fraudulent online transactions in Europe.
The growth of online business in Europe was a key reason Iovation felt it needed a European data center, Waddell says. “It’s a strategic location for us, and will help us reduce [fraud screening] data-load time when end-users are visiting our clients’ sites,” he adds.
In addition, a data center in Europe will enable Iovation fraud managers to obtain “higher quality data from customers” regarding fraud attempts in that region, thus cutting down the likelihood of encountering a time-zone challenge if they were working with Iovation data centers in Portland or Seattle, Waddell notes.
Iovation reports 43% of its business stems from international clients, with Europe providing the most.
As such, European fraud growth played a key role in Iovation determining it needed a presence in what amounts to a dangerous region for launching cyberattacks.
“The bad guys are in Romania, Russia and North Africa,” Waddell says. “It does help us to have a data center in the region, as it makes for easier law-enforcement support and sharing of forensic information.”
However, to follow European regulations regarding the category of data provider Iovation represents, the company does not store any data at the new center, including information that law-enforcement officials would use in investigating crimes.
“The data is still held at the other centers in the U.S. because we don’t want to get tied up in regulations [in Europe],” Waddell explains. “You could say our new center is providing faster service for the Web end-users, but any data sent from our clients is stored in the U.S.”
Still, Amsterdam serves as a good location for a data center because the Netherlands has established itself as a high-tech country, making the transition for Iovation easier because of reasonable costs in establishing bandwidths and placing servers, Waddell says.
Now Iovation can concentrate on providing protection against what its research has revealed, which is that Croatia appears to be an epicenter for credit card fraud attacks, and Lithuania triggers the most online gambling fraud attacks.
Fraudsters go after online merchants and financial institutions with online services because of the “window of opportunity” to exploit stolen credentials, Waddell notes.
“They will steal a credit card number through a man-in-browser on someone’s home computer, then use it to go online and make as many purchases as possible in a short period of time,” Waddell says.
In addition, cybercrooks obtain card-data lists on the black market and use the information online to make purchases until they are stopped, he says.
“They use a ‘shot-gun’ approach in committing fraud online, just seeing what they can hit and get away with,” Waddell notes.
Iovation protects the Web properties of about 300 clients, but the new data center could help attract new clients in Europe, Waddell contends. “They will feel more comfortable knowing the company has a local presence,” he adds.
While it may be beneficial to Iovation to be closer to where fraud attacks originate, it is going to be “much nicer to be close to their clients,” Avivah Litan, a vice president and distinguished analyst at Gartner Inc., a Stamford, Conn.-based market research company, tells PaymentsSource.
“The biggest argument for setting up a data center in Europe would be providing faster data and being in the same time zone as your clients,” Litan says. “I don’t know that being any closer to the criminals in Europe makes a difference, though it could if Iovation were able to track proxy servers the bad guys were using there.”
In addition, European regulators “don’t like data to leave the continent,” Litan says.
Julie Conroy McNelley, senior analyst and fraud expert with Boston-based Aite Group, agrees with the data-dilemma aspect, saying a major advantage for Iovation will be avoiding rigorous European privacy laws regarding data transfer from companies viewed as data processors.
“Europe doesn’t allow PII (personally identifiable information) to leave its borders,” McNelley tells PaymentsSource.
Waddell says Iovation does not collect or store what would be considered PII data, though some European countries categorize Internet protocol addresses as PII.
What do you think about this? Send us your feedback. Click Here.