BLOG
(425) 522-4110
info@rpgc.com
logoRPGClogoRPGC
    • Services
      • Payment Operations
        • Payments
          Workshop
        • Authorization Analysis
        • Payment Fee Analysis
        • Fraud Rules Analysis
        • RFP and Vendor Management
        • Chargeback Management Evaluation
        • Project Support & Acceleration
      • Developing a Global Payments Strategy
        • Payment Product Review
        • Design and Review: Payments Infrastructure
        • Market Research
        • Go-To-Market Strategies
        • Compliance Support
        • Payments Due Diligence for Investments, Mergers & Acquisitions
        • Payment Systems Vendor Report
      • Payments Education
        • 101: Introduction to Payment Processing
        • 201: Economics of Payment Processing
        • 301: Global/Xborder Payments
        • 302: Mobile Wallets & Mobile Payments
        • 400: Order Your Own Course!
      • Close
    • Resources
    • Stories
    • About Us
    • Contact

An ID fraudsters can’t shake: Device identification & reputation

August 5, 2020adminUncategorizedNo Comments

Guest Post by our partners at Paladin Fraud Group

In the ongoing game of cat and mouse between fraudsters and organizations with an online presence, two forces are paramount: preventing fraud while also minimizing friction for the user. Add too many steps in the user’s authentication process, they’ll drop off. Which is why fraud prevention experts continue creating fresh ways to confirm a person is who they say they are—without even interrupting their browsing or buying experience.

Hence the magic of device identification and reputation intelligence: there’s no need to disrupt the user directly in the event the device is linked to positive reputation. On the other hand, transactions can be auto rejected when attempted on a device associated with risky or fraudulent activity.

Device identification (usually shortened to “device ID”) prevents fraud by analyzing devices and associated identities—and it can translate across digital channels, on desktop, on mobile browsers, and in native mobile applications too. This helps organizations verify identity, assess and mitigate risk in real-time, and optimize the customer experience.

Numerous types of data can be collected from a device. Hundreds of different attributes allow organizations to uniquely recognize the device interacting with their systems by constructing a “device fingerprint.” By looking at these attributes, organizations can identify risks—such as, for example, if the device has been compromised from jailbreaking or rooting, or if certain attributes aren’t consistent with the device type. This makes it much easier to assess the likelihood that a device is providing an accurate OR spoofed IP address. Additional device characteristics that are collected include:

  • Screen resolution
  • Browser version
  • User agent
  • Local time zone
  • CPU architecture
  • List of plugins
  • Browser Language

Fraud prevention providers who offer device ID and reputation services often go above and beyond standard factors most commonly used to assess risk by building associations and connections between related sets of devices and accounts. This allows organizations to not only recognize the same device in the future, but also able to do so as the device moves between different businesses and industries.

Device ID solutions can further differentiate by allowing users to provide input or evidence related to specific devices as a way to share information about devices involved with fraud and abuse.

For example: a fraud ring uses a set of devices to commit fraud. Eventually, they are caught and the devices they used get blocked and flagged, and the set of users are added to a negative reputation report. If the fraud ring switches to different devices, the device reputation history of the blocked devices will continue to be associated with their new devices, and thus their malicious efforts will continue to be mitigated.

Device ID and reputation offer organizations a great way to avoid collection of personal information, an increasingly important notion considering the number of data protection regulations popping up around the globe. These types of solutions do not require sensitive personal information (such as names or physical addresses) in order to identify a device.

The browser integration traditionally includes JavaScript collectors that can be incorporated into any relevant web page to access detailed browser session information. Hundreds of attributes can be collected and analyzed to produce a persistent device identifier and identify potentially fraudulent behavior. ID collection can also be tied to specific actions, such as a form submission, based on technical and business requirements. Examples of pages where data collection is typically enabled include the account open page, login page, account change/update page, and checkout/payment page.

In the mobile environment, a Software Development Kit (SDK) can be incorporated into mobile applications to access detailed mobile device information. More than a hundred device attributes and operating system attributes can be collected and analyzed to produce a persistent device identifier.

In our 2020 edition of the Paladin Vendor Report, we featured a number of solution providers offering Device ID & Reputation solutions through either proprietary offerings or through a series of partnership options, including:

  • Accertify, powered by InAuth
  • ACI
  • Arvato Financial Solutions
  • CyberSource Decision Manager
  • Kount
  • NS8
  • NuData Device Recognition
  • Sift
  • Transunion

The 2020 Paladin Vendor Report not only covers device ID and reputation technologies—it spans the full spectrum of current technology and solutions in the fraud prevention landscape today. Download the full Paladin Vendor Report here: http://paladinfraud.com/mrc-trends-2020/  And stay tuned for upcoming posts highlighting even more fraud-fighting technologies that organizations are turning to today.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recent Posts

  • Cracking Open the Payments Orchestration Layer
  • The Forgotten Element of Payment Orchestration: Real-Time Ledgers
  • Fraud prevention platforms: An evolution from rules engines to one-stop shop.
  • An ID fraudsters can’t shake: Device identification & reputation
  • Fitting 3D-Secure with payments architecture

Recent Comments

    Archives

    • May 2022
    • September 2020
    • August 2020
    • July 2020
    • June 2020
    • March 2020
    • December 2019
    • August 2019
    • July 2018
    • March 2018
    • November 2017
    • October 2017

    Categories

    • Merchant Payments
    • Uncategorized

    Meta

    • Log in
    • Entries feed
    • Comments feed
    • WordPress.org

    MENU

    • About
    • Blog
    • Contact Us
    • Resources
    • Stories
    • Legal Notice
    • Privacy

    Services

    • Payment Operations
      • Payments
        Workshop
      • Authorization Analysis
      • Fraud Rules Analysis
      • Payment Fee Analysis
      • Chargeback Management Evaluation
      • RFP Management
      • Project Support & Acceleration
    • Developing a Global Payments Strategy
      • Payment Product Review
      • Design and Review: Payments Infrastructure
      • Market Research
      • Go-To-Market Strategies
      • Compliance Support
      • Payments Due Diligence for Investments, Mergers & Acquisitions
      • Payment Systems Vendor Report
    • Payments Education
      • 101: Introduction to Payment Processing
      • 201: Economics of Payment Processing
      • 301: Global/Xborder Payments
      • 302: Mobile Wallets & Mobile Payments
      • 400: Order Your Own Course!
    108 2nd Ave. S. #504, Kirkland, WA, 98033-2626 U.S.A.
    +1 425 522 4110
    info@rpgc.com
    LinkedIn
    Copyright © 2019 RPGC Group, LLC. All rights reserved.

    Access RPGC Content