How Device Identification Helps Keep The Three Doors to Online Fraud Closed
What’s the difference between a fraudster scamming an airline and one scamming a social gaming site…or an etailer or a dating site? Fraud is always a game of deception for some purpose whether it’s stealing money or online gaming for free. But the strategy and tactics employed by a fraudster can be quite different depending on the target and objectives.
In the past two weeks ThreatMetrix attended or sponsored several industry focused events: Internet Retailer Conference and Exhibition, The Airline Reporting Corporation (ARC) Fraud Prevention Conference, The Social Gaming Summit and iDate 2009. Each industry gathering had its own spin on fraud concerns but they all had this in common: everyone is more concerned than ever about the rapid spread online fraud.
At the ARC conference I heard about the latest and greatest schemes to defraud airlines. They illustrate the complexities unique to online ticketing. The number of entities in the chain between consumer and merchant combined with the complexities of booking travel on a global scale in real-time pose serious challenges to fighting fraud. Credit card fraud was top of mind at ARC, but there are three possible points of entry online that present fraudsters with opportunity to pursue their objectives: new account sign-ups, account logins and online purchases.
Which of the three poses the highest fraud risk to your business depends on your business. For example, online dating and social gaming services are exposed to all three types of fraud, whereas etailers focus most of their fraud detection effort on preventing credit card fraud. This difference points to an important advantage in real time device identification: it’s very effective at detecting fraud across all industries, applications (new accounts, logins and card not present), fraud schemes, geographies and devices. Organizations typically employ multiple fraud fighting tools-device ID stands out for its unique ability to detect fraud (and identify customers) before you know anything about the person visiting your web site.
- Tom
Leave a Comment
How is device identification different from using an IP Address to identify a computer?
AirlineAnon
The device ID is much more reliable both for uniquely identifying a connected device and as a rich source of information to manage online fraud risk.
ThreatMetrix derives a device ID that is truly unique to a physical device whereas an IP address might service many physical machines. It’s a simple matter for anyone to hide an IP address by way of a hidden proxy to assume false IP credentials — in other words, to get a true identity you have to by-pass a hidden proxy (ThreatMetrix does) to get to the true IP address and an accurate profile.
ThreatMetrix device ID is instantly derived from over 150 attributes drawn from the computer and the TCP/IP packets. Our device ID provides a reliable, consistent point of reference to the same computer each and every time we or a ThreatMetrix customer encounters it. ThreatMetrix device ID offers a more reliable method to reference a connected device than its IP address.
Tom Grubb