Posted on February 16th, 2009 by Alisdair Faulkner
I had the pleasure of sharing a panel with Tom Sullivan at the annual Cybersource ePayment Summit 2009 on trends in fraud and payments management. Tom is Sr. Director, Global Payments & Risk at Expedia and is also Chair of the Merchant Risk Council and a leading authority on payments and ecommerce fraud. The session was moderated by Paul Brock Sr Manager Manage Services for Cybersource.
Online Fraud Prevention Technology Trends Title Page Picture Representing Topic Alisdair Faulkner VP Products ThreatMetrix, Inc. Evolution of Online Fraud Attacks In 2007 11% of influenza viruses were found to be resistant to Tamiflu One year later, 99% were found to be resistant What does this mean for fraud in next 2-3 years? Compromised Identities and Devices: a ‘perfect storm’ You can’t trust the person if you can’t trust the device 12 million active 200 million profiled 100,000 new devices per day Global top-3 countries US China Brazil Compromised PCs used to steal Credit Card details – What’s new is that botnet drones are also facilitating transactions Botnets and Proxies make IP Velocity and Geolocation Ineffective Case Study: Voice Top-Ups With IP Intelligence [Fraud stopped on 5th try] Created 12/9/2008 5:28 12/9/2008 5:26 12/9/2008 5:24 12/9/2008 5:22 12/9/2008 5:19 Account Login lehung truyen2 truyen4 hungkt16 jtungss IP Address IP Geo US US US US US Cookies Enabled no no no no no Javascript Enabled no no no no no Payment Dollars 20 20 20 20 20 Payment Currency usd usd usd usd usd Payment Response Reject Accept Accept Accept Accept With Device Intelligence [Fraud Stopped 1st time] Created 12/9/2008 5:28 12/9/2008 5:26 12/9/2008 5:24 12/9/2008 5:22 12/9/2008 5:19 Account Login lehung Device ID cc4fa496c54511dd800000163e119596 cc4fa496c54511dd800000163e119596 cc4fa496c54511dd800000163e119596 cc4fa496c54511dd800000163e119596 cc4fa496c54511dd800000163e119596 Proxy Ip Proxy Ip Geo US US US US US Proxy Type hidden hidden hidden hidden hidden True IP True Ip Geo VN VN VN VN VN Technology Comparison Different ways to detect proxies? Techniques to identify devices? True IP and Instant Proxy Identification Standard Proxy Attribution IP Reputation Proxy Bypass True IP / True Geo TimeZone / Geo HTTP Fingerprinting TCP/IP Fingerprinting Packet Fingerprinting Content Encoding Net of capture problem IP address moving target Easy to subvert First-time protection Instantaneous detection Risk classification Hard to subvert Instant Proxy Attribution Packet-Level Device Identification E IBL T ER V UB210.123.30.15 S Standard Identification Browser Profiling Browser Tagging IP Geolocation Deep Packet Inspection Proxy Bypass Subversion Resistant True IP / True Geo TimeZone / Geo HTTP Fingerprinting TCP/IP Fingerprinting CPU Time-stamping Botnet Detection IP Forensics Real-Time Matching Strategies Considerations How should you be thinking about the composition of technologies as you evolve your operations? No silver bullet Device identification requires a holistic view of the device Look for real-time solution Subversion resistant Flexible and able to integrate with existing work flow
My talk covered the growing trend in use of compromised computers in order to bypass existing fraud filters, and a comparison of device identification technologies emerging to solve the problem while Tom fielded questions from Paul and the floor on the impact of the economy on managing fraud effectively and efficiently.
The Cybersource Summit provided an excellent opportunity for fraud experts to discuss fraud, botnets and device identification one-on-one with peers from leading online companies including Apple, Microsoft, Yahoo and Visa. Looking forward to the next.
Stay tuned for an announcement on the inaugural ThreatMetrix Botnet Ecommerce report.
