When an identity thief fleeces a financial firm or retailer with stolen credit-card numbers, there’s no stopping the fraudster from returning to the website armed with yet another stolen identity. Now companies are trying to make it that much harder by tagging the thief’s PC with “device reputation” software.

The software runs on a company’s website, capturing the serial number and other hardware “fingerprints” of any PC that logs on—when a user clicks on a page, purchases a product or places a bet. If the transaction turns out to be fraudulent, the PC’s fingerprint is added to a database of computers with bad reputations. Subscribers to the service, offered by Oregon-based iovation, are alerted every time a dubious PC shows up to do business. So far 30 companies in 11 countries in America and Europe have joined iovation’s “Reputation Manager” network. Once a firm is ripped off, the whole group is protected. “They have to suffer some pain to identify a problem,” says iovation CEO Jon Karl, “but they only have to get hit once.”

The database sorts PCs into 20 categories, which range from the use of profanity in online forums to outright fraud. It’s up to subscribers to decide whether to accept the PCs or not, or to “challenge” users with questions to better ascertain their identity. “We’ve seen a huge decrease in credit-card fraud,” says the antifraud manager for Poker.com, an online gambling company based in Brisbane, Australia. The cost of the service varies with query volume; heavy users pay less than a penny per reputation check. By contrast, US businesses alone will lose $3 billion to online fraud this year, estimates Boston-based consultants Celent.

... contd.