Report: Q & A – Why New York is the nation’s top online fraud center, and which transactions are riskiest

By Guest Contributor
April 23, 2012

By Connie Loizos

NEW YORK, April 23 (PeHUB) – If you’re wondering which city in the country is the epicenter of online fraud, it’s New York.

So says ThreatMetrix, a seven-year-old company that combats online fraud by “fingerprinting” the devices used to commit it. The firm has convinced roughly 700 customers – which represent more than 5,000 Websites – to employ its cybercrime-fighting services. (Thomson Reuters is among them.)Earlier this afternoon, I caught up with Alisdair Faulkner, ThreatMetrix’s chief products officer, to find out why New York is particularly attractive to hackers, and where else in the country fraud is becoming rife. Our conversation has been edited for length.

According to your report, New York is the biggest target of high-risk fraud transactions, based on roughly a billion transactions that you monitored in the first quarter by U.S.-based e-commerce merchants. First, what does “high risk” mean, as opposed to low risk?

High-risk transactions are transactions we were confident would result in a fraudulent transaction, as opposed to low-risk transactions, which look benign and like they might be good transactions, perhaps because the credit card address matches the device’s IP address and doesn’t look instead like it’s coming from behind a hidden proxy. On average, 2 to 5 percent of credit card orders are high-risk fraud attempts, based on what we’re seeing.

Any theories about why New York sees the greatest percentage of these?

Some of it is: why mark someone on the subway when you can just steal their credit card? With online theft, it’s harder to be convicted; it’s harder to be tracked down. Because [attackers] aren’t directly in touch with their victims, they might also feel less like someone is getting hurt directly. New York is also a major trading city. It’s easier to peddle goods once you’ve stolen them than in many other places.

Given how wired San Francisco is, I was surprised to see that it ranks seventh on your list.

It’s complete speculation, but I think San Francisco may be so low on the list [comparatively] because so many [residents] are Mac users. If you walk into a café in San Francisco, nearly every laptop has an Apple on it, and pretty much every other device, too. And Apples have historically enjoyed better security; it’s harder to infect them and to steal someone’s details.

Yet many of those San Franciscans are downloading apps, and many social app developers don’t employ or promote the tightest privacy controls, as we were all made very aware a couple of months ago. How tightly correlated are privacy and fraud?

It’s a fraud risk, absolutely. If your email is in the hands of a fraudster, phishing attacks follow. It’s very easy then to send you a targeted email that says, ‘I’m a friend who wants to connect with you on [XYZ recognizable service],’ Whenever data gets leaked, fraud follows. The two are absolutely correlated.

Which types of transactions are most risky?

We find that e-commerce and digital goods have higher attack rates. When I say e-commerce, I mean e-tailers versus digital goods, which tend to be music downloads or virtual goods. The latter have much higher fraud attempt rates but lower losses, because with virtual goods, you’re losing, say, a virtual cow. The attempt rate is slightly lower when it comes to online retailers because it’s [more complicated]: you not only have to secure a credit card but line up a physical address where the goods can be delivered.

What types of transactions would consumers be most surprised to discover can be dangerous?

In general, people don’t think about networks like Twitter and Facebook [creating problems for them], but we’re in a generation where we probably tend to overshare, and people are only as protected as their most weakly protected friends. The person who always clicks on links and likes to share content that, unbeknownst to them, may be infected [creates entrée for fraud]. If your Facebook friend’s account is hacked or phished, [a hacker] can get access to all your data, too.

What’s the best advice you can give consumers, especially without a corporate IT department trying to protect them?

First, make sure your machine is always up to date. If it starts running slow for any reason, take notice. Also, use at least two browsers. You can use one for Web searches. Use the other to conduct all your ecommerce transactions and lock it down; don’t install any plug-ins and only visit trusted sites.

The top 10 list of U.S. cities for fraud origination, ranked from highest to lowest:

  1. New York
  2. Atlanta
  3. Chicago
  4. Los Angeles
  5. Omaha
  6. Dallas
  7. San Francisco
  8. Houston
  9. Washington D.C.
  10. Lexington, KY

Note: Chart list courtesy of ThreatMetrix

(This article was first published by <a href=”” target=_new”>PeHUB</a>, a Thomson Reuters interactive forum for the global private equity community.)


We welcome comments that advance the story through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can flag it to our editors by using the report abuse links. Views expressed in the comments do not represent those of Reuters. For more information on our comment policy, see

I have to express my love for your generosity giving support to men who should have help with in this area. Your very own commitment to passing the message throughout appeared to be particularly good and has in every case enabled guys like me to attain their pursuits. Your amazing useful information can mean a great deal to me and still more to my peers. Best wishes; from everyone of us.

You made several nice points there. I did a search on the theme and found most persons will go along with with your blog.

Thank you for sharing superb informations. Your website is very cool. I am impressed by the details that you have on this blog. It reveals how nicely you perceive this subject. Bookmarked this web page, will come back for extra articles. You, my pal, ROCK! I found just the info I already searched everywhere and just could not come across. What an ideal site.

hi!,I like your writing very a lot! share we be in contact more about your post on AOL? I need a specialist on this space to solve my problem. May be that’s you! Taking a look forward to peer you.

After I originally left a comment I appear to have clicked on the -Notify me when new comments are added- checkbox and from now on whenever a comment is added I receive four emails with the exact same comment. There has to be a way you can remove me from that service? Thanks!|

Hello. excellent job. I did not imagine this. This is a remarkable story. Thanks!

Normally I don’t read article on blogs, however I would like to say that this write-up very forced me to take a look at and do so! Your writing taste has been surprised me. Thank you, quite great article.

Thanks for some other wonderful article. The place else may anybody get that type of info in such a perfect approach of writing? I have a presentation subsequent week, and I’m on the search for such information.

You made some nice points there. I did a search on the issue and found most guys will agree with your website.

Thank you for sharing your thoughts. I truly appreciate your efforts and I am waiting for your further write ups thanks once again.|

Good day! Would you mind if I share your blog with my facebook group? There’s a lot of people that I think would really enjoy your content. Please let me know. Cheers|

Ahaa, its fastidious discussion on the topic of this article at this place at this weblog, I have read all that, so at this time me also commenting here.|

I do not even know the way I finished up here, but I believed this post used to be good. I don’t realize who you might be but definitely you are going to a well-known blogger if you aren’t already. Cheers!|