All Internet transactions have something in common: they originate from a web-enabled computing device, be it a desktop computer, laptop, tablet, mobile phone, smart watch, or even a gaming console. Every one of these devices has hundreds of attributes that, when looked at in aggregate, can form a unique identifying fingerprint. This fingerprint is a more reliable way to identify repeat visitors to your digital properties than personally identifiable information (PII), which is easily altered and abused. Thus, device recognition seeks to identify the device being used to conduct an online transaction. As a first line of defense against online fraud, device recognition can be a powerful tool to identify high-risk patterns of behavior.
According to research by Stone Temple, more web traffic originates from mobile devices than from desktop computers. Furthermore, the lead mobile traffic has over desktop traffic is only expected to grow. People are moving around more, and they’re taking their mobile devices with them—oftentimes more than one. Our tendency to conduct Internet transactions on the go makes IP-based fraud solutions more vulnerable to false positives as well as fraud misses.
Next-generation device recognition looks at more than a device’s IP address. It takes into account hundreds of unique attributes to identify a device, such as the type and version of OS running on it, and the number of applications downloaded to it.
It’s important to note that device recognition must be kept separate from personal identity. If it isn’t, and the identity is corrupt or inaccurate, then the device recognition data is compromised and can’t be trusted.
Device Recognition: Device Risk and Behavior
The device itself—how it’s running, what it’s running, and where it’s running—can say a lot about the intent of the person behind it. Fraudsters attempt to hide who and where they are by altering their device properties between transactions. Legitimate customers, on the other hand, are less likely to manipulate their device data to avoid identification.
The following behaviors can indicate that the user has malicious intent:
- Using evasion techniques. Tor networks, VPNs, and anonymous proxy servers are designed to enable users to communicate on the Internet anonymously. These tools can help conceal the user’s location, making it difficult to trace Internet activity.
- Demonstrating device anomalies. Incongruent or unusual details like location mismatches, time zone and IP address changes, too many devices per account, and exceeded transaction velocity thresholds can all point to a device that is being used by a fraud ring instead of a legitimate user.
- Performing a transaction from a high-risk location, IP address, or ISP where fraud frequently occurs. Users who behave in this manner may be more likely to commit fraud.
- Using jailbroken or rooted devices. If its operating system is compromised by being jailbroken or rooted, a device is at an extreme risk for being infected with malware, such as a botnet, or for being operated by a person who is using device-altering software to mask their true identity.
- Using a virtual machine or mobile emulator. Legitimate users rarely use a virtual machine or mobile emulator. Fraudsters on the other hand, use them to automate fraud attacks and to quickly switch between different (virtual) devices to fool standard fraud prevention measures.
All of these behaviors increase the risk that the user is attempting to defraud your organization. Device intelligence takes these attributes into account to create a risk profile. The organization can then set business rules regarding devices that meet pre-determined thresholds. Perhaps you decide to block them outright or flag them for further investigation.