Online transactions over Tor 30 times more likely to be fraudulent

A study by iovation found that more than 30 percent of transactions obscured by The Onion Router are fraudulent.

You know that mantra some like to throw out in response to privacy concerns--"If you don't have anything to hide, you shouldn't be worried."? Well, for many users of Tor, that phrase may hold true, but a good percentage of those obscuring their identity with the onion router are doing so because they do have something to hide. 

In case you're not familiar with "the onion router", more commonly referred to as Tor, here's a brief explanation. Tor is a privacy protocol intended to help people surf the Web anonymously. The name--onion router--is apparently a reference to the many layers Tor uses to redirect traffic along a complex pathway across the Internet to mask the true location and identity of the user.

Use of Tor seems to have spiked recently, most likely as a response to revelations about NSA data gathering efforts on the Internet. Some of those people might be disappointed to learn that Tor does not provide absolute anonymity. It just obscures your identity and makes it harder to track you--not impossible. 

“Cybercriminals are always looking for ways to fly under the radar,” said Scott Waddell, Chief Technology Officer at iovation. “While Tor on its surface appears to be for the greater good, it is disproportionately used for fraudulent and abusive transactions. Of note, Tor use more than doubled in August, likely due to a massive botnet leveraging Tor for command and control communications.”

The fraud findings were produced by iovation by analyzing  240 million transactions conducted in August 2013 originating from the 1.5 billion devices it has in its device reputation database. Transactions utilizing Tor were identified by iovation by leveraging technology it developed to correlate transactions to IP addresses that are part of Tor.

iovation is offering that same that same fraud correlation technology to customers. It's a free feature for customers of iovation's ReputationManager 360 service. The service helps customers identify high-risk devices and transactions--specifically those using Tor--to gain an additional level of insight in the battle to reduce fraudulent activity. 

To comment on this article and other CSO content, visit our Facebook page or our Twitter stream.
Insider: Hacking the elections: myths and realities
Notice to our Readers
We're now using social media to take your comments and feedback. Learn more about this here.