• Our Solutions
• Customers
• Partners
• News & Events
• Blog
  • Latest Blog Posts
  • About the Authors
  • Subscribe to Blog via Email
• Company
• Resource Center

August 10, 2009

The New Perimeter in Online Fraud Detection: Device Identification is First

As if we need another real-world story as proof that online fraudsters are getting far more sophisticated and getting away with their crimes—when Bank Technology News gives us a doozy. “On the Backs Of Mules: An ACH Fraud Scheme” tells the story of how fraudsters with a well-thought-out plan infiltrated a community bank by way of an innocent customer’s credentials. They then used intermediaries to steal tens of thousands of dollars—less than the amount at risk but still a lot of money for the not-for-profit bank customer.

The story is a compelling read that offers lessons for banks and any organization doing business online. There are three approaches to detecting fraud that rely on different kinds of data: behavioral data, personal data and device data. The only fraud detection approach that does not require any information about or from the person is device identification. That doesn’t mean that one approach is better than another—but device identification does bring a new dimension to online fraud prevention that is very effective by itself or additive to other fraud prevention technologies.

Had device identification technology been in place when the fraudsters in this story first attempted to login to the bank with stolen credentials, ThreatMetrix would have identified the computer(s) and might have turned them away based on information gleaned from their machine/session including: a negative reputation from known experience elsewhere on the worldwide web, a match to a local blacklist of “bad” computers, velocity checks that revealed suspicious behavior, use of a hidden proxy attempting to mask an IP address or true geographic point of origin. Device identification could have stopped the fraudsters before they gained access to the bank for reconnaissance.

Had the fraudsters successfully gained entry by way of stolen credentials, then behavioral fraud detection would have monitored their activity early in their pursuit and likely identified anomalous behavior that would alert the bank to the scheme. Device identification isn’t a silver bullet to fight online fraud, but it is the new front line that can detect fraud in real time.

- Tom

Posted by Tom Grubb Categories: Account Compromise. Device Detection. Device Fingerprint. Device ID. Device Identification. Identity Theft. online banking. Online Fraud Trends

Leave a Comment

Click here to cancel reply.

Name (required)

Mail (will not be published) (required)

Website

• < Previous Article
• Next Article >

• Translator

  

• Share Our Posts

• Subscribe

  Subscribe Via Email
  Subscribe to our RSS Feed
  Follow us on Twitter

• Top Posts

  • Not Another Word: European Commission Law Requires Explicit Consent
  • The Other Side of Facebook’s IPO
  • Hackers Don’t Have to Worry About Police at the Door as Much as a Hellfire Missile Down the Chimney
  • Robbing the Cradle…Literally – Child Identity Theft Rising
  • The Google Web

• Additional Resources

  	Ponemon Study: Consumer Attitudes on Privacy & Fraud Prevention
  	Executive Primer: Using Device ID for Fraud Prevention
  	Technical White Paper: Device Intelligence In-depth

• Categories

  Select Category Account Compromise  (37) Adknowledge  (1) Advanced Persistent Threats  (1) Analyst  (1) Analysts and Research  (12) Anonymous  (8) Anonymous Attacks  (13) bank fraud  (30) Bank of America fraud  (1) BART  (1) Botnets  (28) Brian Krebs  (2) Carberp  (1) Carberp banking Trojan  (1) Chinese cyber attacks  (5) Citibank hacking  (1) Citigroup account hacking  (3) Cloud computing  (18) Comerica Bank  (2) Comerica Bank Fraud  (3) ComodoHacker  (1) Conflicker worm  (1) Cookie wiping  (15) Cookieless Device Identification  (82) Credit Card Fraud  (27) Credit Card Transactions  (53) Cyber Attacks  (42) Cyber Monday  (4) Cyber warfare  (23) cybercriminals  (19) cybersecurity  (15) Cyworld account hacking  (1) Dark Market  (3) Dasient  (2) Data Breaches  (2) Data Privacy Day  (2) Dating fraud  (9) Device Detection  (100) Device Fingerprint  (120) Device ID  (116) Device Identification  (139) Electronic Crimes Task Force  (1) Electronic Frontier Foundation  (1) Epsilon Account Hacking  (1) Epsilon Data Breach  (6) European privacy  (1) European privacy laws  (1) Events  (12) Facebook  (9) Facebook account hacking  (2) Facebook IPO  (1) FFIEC  (8) FFIEC Banking Guidelines  (11) FTC on stolen child identities  (1) Gaming Fraud  (3) Google  (1) Government Fraud  (22) Hackers  (23) Hacking  (27) Humor  (1) IAPP  (1) Identity Theft  (56) IMF Cyberattack  (1) IP Address Cloaking  (1) IRS Fraud  (2) Kerry-McCain Commercial Privacy Bill of Rights  (2) Killer apps  (1) Krebs  (1) KrebsonSecurity  (1) Law and Enforcement  (17) Lulz Security Attacks  (11) LulzSec  (5) Malware  (14) malware prevention  (8) malware protection  (10) man-in-the-browser attack  (10) Micropayments  (4) microtransactions  (2) MitB  (9) mobile payments  (14) monetization platform  (1) mules  (1) mules in fraud  (1) National Cybersecurity Awareness Month  (4) Nato Fraud  (6) New Account Registration  (25) New York cyber attack  (1) NSA  (2) online banking  (46) Online Credit Card Transactions  (53) Online Fraud  (104) Online Fraud Trends  (69) Patco Construction Lawsuit  (2) Patco online banking fraud  (1) Payments Management  (11) PBS account hacking  (1) PC Fingerprint  (69) Pentagon  (11) personally identifiable information  (65) PII  (65) Ponemon Institute  (10) PrECISE  (1) Privacy  (14) Proxies  (8) Ramnit malware  (1) Red Herring Global 100  (1) RSA  (4) RSA Fraud  (7) RSA hacking of SecurID  (1) Russian cyber attacks  (6) San Francisco City College Hacking  (1) Sega account hacking  (6) Sega fraud  (6) Social Media Fraud  (9) Social Networks  (17) Social Security Fraud  (8) Sony  (6) Sony PlayStation  (10) Sony Playstation hacking  (1) SOPA  (1) South Africa’s Postbank Hacking  (1) State of Texas Stolen Social Security Numbers  (1) Statfor Global Intelligence Service hacking  (1) Stolen identities  (14) Stop Online Piracy Act  (1) Stuxnet  (2) Super Rewards  (1) ThreatMetrix  (68) ThreatMetrix Cybercrime Defender Platform  (10) ThreatMetrix Fraud Facts  (29) ThreatMetrix User Conference  (11) Toshiba Fraud  (3) Trojans  (1) TrustDefender Client  (11) TrustDefender Cloud  (11) TrustDefender ID  (11) TrustDefender Labs  (1) Twitter  (2) U.S. Department of Homeland Security  (1) Uncategorized  (67) Virtual currency  (2) virtual goods  (1) Web Application Security  (2) Wordpress.com Hacking  (1) Worldpress.com Hacking  (1) Zappos  (1) Zappos hacking  (1) Zeus Trojan  (7)

• Blog Archives

  Select Month February 2012  (2) January 2012  (11) December 2011  (9) November 2011  (10) October 2011  (12) September 2011  (5) August 2011  (12) July 2011  (5) June 2011  (15) May 2011  (4) April 2011  (3) March 2011  (5) February 2011  (2) December 2010  (2) November 2010  (2) October 2010  (3) September 2010  (1) August 2010  (3) July 2010  (3) June 2010  (3) May 2010  (4) April 2010  (4) March 2010  (3) February 2010  (4) January 2010  (1) December 2009  (1) November 2009  (3) October 2009  (4) September 2009  (4) August 2009  (2) July 2009  (3) June 2009  (5) May 2009  (6) April 2009  (1) February 2009  (5) January 2009  (6)

• Other Resources

  • Banking Analytics Blog
  • CalvinAyre Blog
  • Dark Reading
  • eCommerce Tactics
  • eWeek Security Watch Blog
  • Inside Social Games
  • Javelin Strategy
  • Online Dating Post
  • Online Personals Watch
  • Payment News
  • Scam Detectives Blog
  • Shop.org
  • Social Networking Watch
  • The Fraud Blog
  • Virtual Goods

Become Our Customer | Contact Support | Schedule a Demo
© 2012 Threatmetrix All Rights Reserved. Privacy Policy | Site Map | Terms of Service