At the end of the day, whichever company offers the best method for blocking those with ‘malicious intent’ from entering online communities, wins. That means blocking people who want to do harm by spamming, scamming, or being obscene or obnoxious to other community members.

The case for bg checks and Honesty Online:
Background checks are great as a consumer forward filter/test. They inspire a feeling of safety. BG checks, from what I understand, are most adept at identifying sex offenders and felons, especially where social security and current and prior address information is available. They’re a good branding element, most especially for high-end dating sites and services, and I’m a rather surprised more dating sites are not offering background checks today. The trick to a good bg check is to bring together multiple data sources and cost under $10. Honesty Online hits that price point, and does just that.

The case for iovation:
iovation is an entirely different animal. It offers a behind the scenes service to essentially allow dating sites to work together to share information on the ‘reputations’ of over 60 million unique computers worldwide. Some of which that have been associated with various forms of community abuse. They provide device-based information that is collected independent of the customer’s personal and financial information. Info that allows online businesses to take immediate action against devices that repeatedly try to log on or create new profiles using false info. iovation does that while still protecting the privacy of the user. How those sites react to that abuse is up to them. The value is in the network, and the sharing of info on the ‘bad guys.’

I think if a company is considering one or the other, they are in a muddle. This isn’t a one or the other question. Honesty Online is a consumer facing service that is justifiable as a branding element. It’s fed by a myriad of databases. iovation is a low cost, very much behind the scenes service with a database fed by other online communities and businesses. Both help improve safety, in their own way. I recommend considering using both, but if you’re considering one or the other, go back to the drawing board and re-examine your goals.

Mark Brooks
Editor, Online Personals Watch
Principal Consultant, Courtland Brooks
212-444-1636

I agree that it would be negligent to perform background checks using information that could be found embedded in a credit card. I can’t speak for other verification/background-check services, but ours uses PII that goes well beyond what could be determined from a stolen credit card, or even from “dumpster diving” outside an individual’s house or place of business. Only after having verified the individual’s identity do we perform a background check. As for using an easily-doctored photocopy of a driver’s license for identity verification, well, that fits my definition of negligent.

I really don’t know the economics of organized fraud — how much a typical fraudulent transaction nets a fraudster, and whether $12 (thanks for that data point) is an acceptable overhead cost. I imagine that the fraud industry has its low- and high-ticket segments, and that higher-margin activity would still be profitable.

I mentioned IP address monitoring only because the device-reputation company in question explicitly states that they use IP location data as part of their service; whether theirs is a “mature” solution is not for me to judge.

As for disgruntled employees, they are a well-recognized class of security risk. Sound security management requires dispassionate assessment of security threats, including current or former insiders.

Background checks are all too easy to defeat, we read about it in the news all the time. Databases aren’t linked across agencies, local or federal, and even that information is suspect due to human errors.

This device reputation is just another layer in the evolution of fraud management. It’s a solution that doesn’t require personal information.

Considering that even in your best case scenario of a $180 PC, no one is going to swap out PC’s every time they create a new, fake account, the barrier is just too high. Even at $12 a PC (current MIT project) it’s too expensive for organized crime to constantly change the device.

Also, almost none of the mature solutions around device identification are based on IP address anymore. Those generation 1 solutions were obviously easy to defeat.

I think that a better argument would have been to advocate that social sites require better information (such as a photocopy of driver’s license) as proof before background checks than just asking for user supplied information with no verification.

And lastly, I have to say that I lost heart in this article when I read the last paragraph looking for a disgruntled employee. That really sounds like integrity from honestly online. Shameful.