October 20, 2017
October 16, 2017
Posted September 6, 2016
When it comes to preventing loan fraud, is it time to give a “thumbs down” to device fingerprinting?
Without a doubt, device fingerprinting plays a crucial role in any anti-fraud operation. By capturing a fixed set of device attributes—browser configuration, operating system, screen resolution and more—it can identify computers and mobile devices used to commit fraud, so you can avoid becoming the next victim.
These days, however, device fingerprinting alone is proving insufficient for preventing loan fraud, primarily for these three reasons:
Knowing you won’t fall victim to a perpetrator using the same device a second time is great. But it’s still cold comfort while you (or an earlier victim) are paying the price for that first time.
Device fingerprinting only works if the attributes that make up a fingerprint never change. That’s almost never the case. After all, attributes are altered every time a user makes a device update. Which means, for instance, if an attribute includes enabled cookies, simply disabling them gives the device a new fingerprint.
Cybercriminals often use location- and identity-cloaking tools to fake attributes and make sessions from a single device appear to be originating from different devices, using different browsers and operating systems.
But there are ways to overcome these challenges.
Disabling Device-Based Differentiation
To understand rapidly evolving dynamics of anti-fraud operations, consider one major online lender that found itself face-to-face with the limitations of standard device fingerprinting.
The lender, which focuses on providing quick personal loans to borrowers — many with sub-optimal credit histories — had become one of the fastest-growing online lenders in the US and Europe.
Of course, that designation also made it one of the biggest targets for fraudulent loan applications.
The problem: Its device fingerprinting solution couldn’t differentiate prospective borrowers from fraudsters if cookies were disabled on connecting devices.
What’s more, it was unable to enhance its anti-fraud efforts by correlating other attributes, like email addresses, to devices it had fingerprinted.
That’s when they turned to us for help.
First-Time Protection: Augmenting Device-Centric Anti-Fraud Solutions
In working with the lender, we identified four must-have capabilities beyond device fingerprinting alone to prevent online loan fraud:
Together, these key capabilities can do more than just identify a device that has just been used to commit fraud. It can help predictively stop that notorious “first time” from ever happening—to you or anyone else.
Blasting Past the Status Quo
In fact, by establishing these competencies, that leading online lender has since been able to cut fraud a full 50%. Plus, being able to differentiate between good and bad loan applicants with more accuracy and confidence has helped it increase the number of approved, quality loans by over 2%.
To get more details, check out a full case study on the initiative here. You might just gain some important insights for evolving your own device fingerprinting solution enough to earn it a “thumbs up” from everyone—except perhaps, the fraudsters.