Experience is key, and experience requires time. The newer something is, the less you know about it and how well it will work for your needs, or – in the case of the accounts and devices that consumers use every day – the amount of risk it presents to your business.
A new device may represent higher risk until it establishes itself with good transactions over a period of time. To that end, new accounts are often given reduced capabilities, such as lower deposit or transfer limits. But what if you didn’t have to wait? What if the device had been seen for over six months by other iovation customers and showed no associations with fraud across the entire iovation network? Would that help you to reduce concern that the device may carry risk?
Leverage device reputation to help detect and prevent fraud
iovation's tracking of account and device history, including age and reputation, enhances the risk insights we draw from the 29 million transactions we protect every day. In fact, during the three month period we sampled below, 42% of our transactions come from devices with histories that are over six months. By holding onto device history beyond six months, we don’t risk missing the reputation history on nearly half the transactions, and are therefore able to better protect our customers with more complete data.
Since we know the history of a device is so important, we have expanded our capabilities within our device reputation software to provide insights on how long the device or how long the account has been in iovation’s system. Fraud analysts can now apply these additional layers of context to a broader fraud strategy.
Device reputation provides real-time risk assessment
Knowing the age of the device and account can provide insight in several different scenarios. For example, newer accounts and devices can be treated with higher scrutiny until they establish a history of good transactions. Combined with insights to other higher risk activities such as odd velocity patterns or geolocation mismatches, the age of the device and age of account rules can provide valuable real-time risk assessment. Similarly, when a new device attempts to access an older account, this may indicate account takeover (ATO). Step-up to multi-factor authentication to ensure the new device should have access to those established accounts.
While new accounts and devices show a more obvious risk, it is also worth noting the risk of older devices, especially those associated with fraud. As the chart below shows, cybercriminals also use older devices when attempting to commit fraud. For that reason, iovation maintains secure device and account history on those associated with fraud long enough to provide value while still balancing regulatory requirements, as these devices will often reappear when fraudsters believe they are no longer being tracked.