How Device Identification Defeats Online Fraud Whitepaper



Similar documents
Top 10 Anti-fraud Tips: The Cybersecurity Breach Aftermath

WHITE PAPER. Internet Gambling Sites. Expose Fraud Rings and Stop Repeat Offenders with Device Reputation

WHITE PAPER. Credit Issuers. Stop Application Fraud at the Source With Device Reputation

Device Fingerprinting and Fraud Protection Whitepaper

WHITE PAPER Moving Beyond the FFIEC Guidelines

ADVANCED FRAUD TOOLS TRIGGERED RULES

Closing the Biggest Security Hole in Web Application Delivery

White Paper. FFIEC Authentication Compliance Using SecureAuth IdP

Beyond passwords: Protect the mobile enterprise with smarter security solutions

Online Payment Fraud. IP Intelligence is one of the top five techniques used to detect and prevent online fraud

Online Cash Manager Security Guide

White paper. Phishing, Vishing and Smishing: Old Threats Present New Risks

Card Not Present Fraud Webinar Transcript

WHY YOU NEED AN SSL CERTIFICATE

How Retailers Can Automate the Screening Process for Online Fraud While Preserving the Customer Shopping Experience

WHITEPAPER. Fraud Protection for Native Mobile Applications Benefits for Business Owners and End Users

RSA Adaptive Authentication For ecommerce

Supplement to Authentication in an Internet Banking Environment

Reduce Fraud: Stop Fraudsters Before They Strike

1. Any requesting personal information, or asking you to verify an account, is usually a scam... even if it looks authentic.

Evaluating DMARC Effectiveness for the Financial Services Industry

AVOIDING ONLINE THREATS CYBER SECURITY MYTHS, FACTS, TIPS. ftrsecure.com

A Practical Guide to Anomaly Detection

ADAPTIVE AUTHENTICATION ADAPTER FOR JUNIPER SSL VPNS. Adaptive Authentication in Juniper SSL VPN Environments. Solution Brief

Five Trends to Track in E-Commerce Fraud

Guide to credit card security

Best Practices Guide to Electronic Banking

WHITEPAPER. OFAC Compliance. Best Practices in Knowing Where and With Whom You Are Conducting Business

Helping you to protect yourself against fraud and financial crime

How To Protect Your Online Banking From Fraud

RSA Adaptive Authentication and Citrix NetScaler SDX Platform Overview

ONLINE AND MOBILE BANKING, YOUR RISKS COVERED

WHY YOU NEED AN SSL CERTIFICATE

Malware & Botnets. Botnets

6 Steps to SIP trunking security. How securing your network secures your phone lines.

FFIEC CONSUMER GUIDANCE

ThreatMetrix Cybercrime Report: Q1 2015

white paper 5 Steps to Secure Internet SSO Overview

Five Steps Towards Effective Fraud Management

& INTERNET FRAUD

CUSTOMERS & CRIMINALS: USE WEB SESSION INTELLIGENCE TO DETECT WHO IS WHO ONLINE

Cyber Security. Securing Your Mobile and Online Banking Transactions

Gladiator NetTeller Enterprise Security Monitoring Online Fraud Detection INFORMATION SECURITY & RISK MANAGEMENT

ACI Response to FFIEC Guidance

Contents Security Centre

Best Practices: Reducing the Risks of Corporate Account Takeovers

Using Voice Biometrics in the Call Center. Best Practices for Authentication and Anti-Fraud Technology Deployment

Whitepaper on AuthShield Two Factor Authentication and Access integration with Microsoft outlook using any Mail Exchange Servers

Extended SSL Certificates

Prevent Malware attacks with F5 WebSafe and MobileSafe. Alfredo Vistola Security Solution Architect, EMEA

User Behaviour Analytics

location of optional horizontal pic Corporate and Investment Banking Business Online Information Security

Anti-Phishing Best Practices for ISPs and Mailbox Providers

Protecting Online Customers from Man-inthe-Browser and Man-in-the-Middle Attacks

Knowledge Based Authentication [KBA] is not just for onboarding new customers

Using an Identity Confirmation Quiz Indiana s Journey

Driving License. National Insurance Number

Understanding and Combating Online Fraud in 2014

Layered security in authentication. An effective defense against Phishing and Pharming

THE 2014 THREAT DETECTION CHECKLIST. Six ways to tell a criminal from a customer.

Online Payment Processing What You Need to Know. PayPal Business Guide

Kaspersky Fraud Prevention: a Comprehensive Protection Solution for Online and Mobile Banking

Product. Onboard Advisor Minimize Account Risk Through a Single, Integrated Onboarding Solution

Stopping the Flow of Health Care Fraud with Technology, Data and Analytics

Combating Cybercrime A Collective Global Response

XYPRO Technology Brief: Stronger User Security with Device-centric Authentication

Security Best Practices

Best Practices in Account Takeover

Phishing Past, Present and Future

Deception scams drive increase in financial fraud

Protection from Fraud and Identity Theft

KASPERSKY FRAUD PREVENTION PLATFORM COVERING ONLINE AND MOBILE BANKING RISKS

Strong Authentication: Enabling Efficiency and Maximizing Security in Your Microsoft Environment

Blackbaud Merchant Services Web Portal Guide

WHITE PAPER Fighting Banking Fraud Without Driving Away Customers

Bad Ads Trend Alert: Shining a Light on Tech Support Advertising Scams. May TrustInAds.org. Keeping people safe from bad online ads

Improve Your Call Center Performance 7 Ways A Dynamic KBA Solution Helps. An IDology, Inc. Whitepaper

PayPoint.net Gateway Guide to Identifying Fraud Risks

TrustDefender Mobile Technical Brief

FRAUD PREVENTION IN M-COMMERCE: ARE YOU FUTURE PROOFED? A Chase Paymentech Paper

Security Bank of California Internet Banking Security Awareness

Transcription:

How Device Identification Defeats Online Fraud Whitepaper Verify New Account Originations Authorize Payments and Transactions Authenticate User Logins

Overview The Internet makes it fast and easy for people to connect with other people, to buy things, move money and engage anyone anywhere in the world instantly. Before the Internet, fraud was mostly a paper-based scheme like check kiting, embezzlement, and forgery. But the benefits that the Internet offers businesses and consumers are also available to fraudsters: speed, global reach, efficiency, convenience with opportunity, accessibility and anonymity that have made fraud a top concern for consumers, governments and businesses everywhere. Like the dog in the famous New Yorker cartoon that tells the other No one can tell you re a dog on the Internet, it s very hard to tell if the person at your website is who they claim to be. The doors that provide entry to good customers online are the same doors that fraudsters use to gain entry: logins, new account registration, and online purchases (card not present). The keys that enable people to pass through these doors are credentials, identities, account numbers, credit cards and personal information. Cyber criminals steal this information by tricking unsuspecting consumers into giving it to them unwittingly, or using technology to silently take over their computers and impersonate them or capture their keystrokes. Profile the Device Supposing you could tell whether a visitor to your website was more likely to commit a fraud or conduct a legitimate transaction before you had any personal information such as their account number or name. Just imagine the positive impact on your business. It s all made possible using a sophisticated technology called Device Identification. Device identification from ThreatMetrix profiles the computer instead of the person visiting your website. It s the impersonal side of personal computers the operating system, browser, Internet connection and more that enables device identification to help you decide whether to proceed, challenge or prevent a web transaction. Device identification is made possible through advances in computer capabilities that make use of stores of both static and dynamic data managed by browsers, operating systems, and Internet connections to perform their work. The data available from these sources is sufficient to establish a unique handle for a visiting computer to be referenced and recognized on the worldwide web. These data also provide insights that help you decide whether (or how much) you should trust a computer visiting your website. Device Identification: A New Way to Detect Online Fraud There are three ways to detect online fraud. Each relies on a different source of information: check the person, watch what they do and profile their computer. All are valuable and ideally all three should be used together. 2

Check the person (personal history) When you have personal information such as a name or account number, a quick reference to Prior Account Activity Records and Credit History databases will enable you to assess risk based on what you know about them. The drawbacks to using PII (personally identifiable information) are 1) users reluctance to provide them (e.g. they don t trust your Web site) and 2) if a fraudster is using stolen identities or credentials they can in effect be you online and gain authorized entry. Watch what they do (personal behavior) Technology that monitors what a person does after they have gained access can provide useful insights that help you decide whether to trust the person to continue transacting. Here again, if a fraudster successfully gains entry using lost or stolen credentials they re already past the front gates. Profile the computer (device identification) Collect anonymous information from a visiting computer and its connection to the Internet to reliably identify the computer and assess its risk. When many device characteristics are drawn from multiple sources in the computer and analyzed, they reveal hidden truths that help determine risk. Device risk, measured in seconds, delivers a valuable measure of risk with or without historical and behavioral anti-fraud tools. How Device Identification Helps Control Online Fraud There s more to device identification than the initial risk assessment based on what the computer s characteristics reveal through anomalies. Once you can reference computers (or mobile phones, ipads, etc.) visiting your website by their unique machine identities also called their device fingerprint you can see fraudulent patterns and behaviors linked to a computer that might otherwise go undetected. IP addresses are an often-used but undependable handle many companies employ in an attempt to link activity to individual computers. But IP addresses are unreliable because they can be shared by many computers or hidden behind proxies that mask the true IP address and thereby hide the true geo-location. A computer s fingerprint gives you a powerful perspective to see activity on your website in a new light that helps you detect and stop fraud: Volume: Fraudsters use computers in ways that legitimate web visitors don t. For example, an abnormally high volume of transactions originating from a single computer using multiple credit cards and personal information is a telling indicator to risk. 3

Transactions: You can use a computer s device fingerprint to group transactions from a single computer over multiple visits to your website, or group transactions by characteristics such as the ISP and location. Accounts: IP addresses can be shared or spoofed whereas the computer s device fingerprint quickly reveals when someone s lost or stolen credentials are making the rounds on the Internet for others to abuse. Device ID enables you to validate users or restrict access to subscriptions and hosted applications. Device Reputation: The device ID can be used cross-reference a match in a shared list of device fingerprints and corresponding reputation information built on the experience of others who have submitted and flagged them based on suspicious or fraudulent activity. Increased Automation: The advent of botnets and fraud tool kits provide an evolving and ever ready fraud threat platform, allowing fraud attempts to be spoofed from nearly every geography and computer network. Even without a pandemic doomsday scenario, it s clear that the threat is real and very present, and the burden should not rest solely on the shoulders of fraud prevention and loss prevention staff because fraud management is not just about loss prevention, it is strategic to the operations of most major online businesses today. Eight Advantages To Device ID Stop fraud before it happens. The computer reveals risk before the person so you can decide whether to accept, challenge or reject within seconds. No personal data required. You don t need to wait for or rely on information about the person to detect fraud or recognize a customer because device ID uses anonymous computer characteristics. Returning computers are verified instantly by the unique characteristics of their computer. Instant validation that s entirely transparent to your customer enables better and smarter delivery of online services. Block returning fraudsters already flagged. The ability to instantly identify returning fraudsters by their computer enables you to block them from entering your website. More convenient and less risk to customers. The use of device ID can add an additional form of authentication that does not rely on personally identifiable information (PII) and passwords for verification. Fraudsters can steal (PII) to impersonate someone, but they can t steal a computer s unique device identity. 4

No prior history required. Even without prior contact with a computer visiting your website for the first time, its anonymous characteristics give you insights that help you detect fraud. Increases effectiveness of other anti-fraud tools. Device identification is a powerful addition to home-grown and off-the-shelf anti-fraud tools. Device risk adds context to make better decisions more quickly. Effective for all three entry points on a website where fraud can occur: logins, new account registrations and online payments. Conclusion The motivation, means and opportunity for the bad guys to commit online fraud put increasing pressure on consumers and the companies they engage with to do more to prevent fraud. Consumer concern for becoming a victim of online fraud when they re banking, shopping, networking with friends or dating is on the rise thanks to a constant drumbeat of warnings to protect their online identity and Internet scams reported in the news. Consumers can and will shoulder only so much of the burden to protect themselves they expect their providers to employ the latest technology that will keep them safe. Device identification can help manage risk earlier in online transactions by detecting fraud sooner and providing customers a better online experience. ThreatMetrix device identification offers companies a proven device identification technology with distinct advantages that deliver smarter, faster and more affordable device-based risk management About ThreatMetrix, Inc ThreatMetrix (www.threatmetrix.com) helps companies control online fraud and abuse in real time so they can acquire more customers faster, reduce costs, and increase customer satisfaction. ThreatMetrix simple and costeffective Software-As-A-Service (SaaS) approach to implementation enables companies to get results in hours or days, rather than weeks or months. ThreatMetrix serves a rapidly growing customer base in the U.S. and around the world across a variety of industries including online retail, financial, social networks, and alternative payments. Contact Us USA Corporate Headquarters: ThreatMetrix Inc. 5150 El Camino Real, Suite D-30 Los Altos, CA 94022 Telephone: +1.650.625.1451 Fax: +1.888.675.3451 EMEA Headquarters: ThreatMetrix Inc. 16-18 Malvern Ave Chatswood, Sydney NSW 2067 Australia Telephone:+612 9411 4499 www.threatmetrix.com www.threatmetrix.com/fraudsandends 5

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information