In a growing problem for e-commerce, many attempts to conduct fraudulent online purchase transactions can come from a single computer controlled by malicious software. But new technology known as digital fingerprinting is helping to recognize when such computers are the source of fraudulent orders.
“We’ve seen a lift in the fraud-detection rate with digital fingerprints added to our system when we score order transactions for risk,” says Cory Siddens, product manager for order screening at CyberSource Corp.
CyberSource has installed into its Decision Manager risk management system digital fingerprinting technology from ThreatMetrix. Both companies offer their technology in an on-demand model, and CyberSource is offering the ThreatMetrix technology in its on-demand Decision Manager system at no additional cost, Siddens says.
ThreatMetrix says its technology is designed to determine whether a networked computer device used to make e-commerce transactions is one of millions of compromised computers the company tracks through its ThreatMetrix Global Fraud Network.
Online retailers using the CyberSource Decision Manager application, for example, can see several characteristics of the devices used to place orders on their web sites along with information on the people placing the orders, Siddens says. So in addition to information such as the name, credit card number and billing address used by someone placing an order, the Decision Manager system with ThreatMetrix will also reveal information like browser specifications and the most recent time of rebooting tied to the computer device used to conduct online transactions.
If the same collection of device characteristics appears in a large number of transactions from a large number of different credit card accounts, it indicates a high probability that a single device is being used to process fraudulent transactions, Siddens says.
Under normal shopping activity with low incidence of fraud, a single computer device would be used by only one or just a few people, Siddens says. But in fraudulent activity, particularly when it’s automatically processed in high volume through compromised computers, the same computer device is likely to process transactions with a large number of stolen consumer identities and credit card accounts.
The ThreatMetrix technology alerts users whenever it appears that a single device is being used to conduct a high volume of transactions. Merchants will typically set business rules to generate alerts whenever such information reaches a particular threshold, Siddens says. A rule in Decision Manager might determine, for example, that whenever more than five credit card accounts appear to be using the same computer device to make online purchases, it flags those transactions for manual review by a merchant’s risk management team.
It may be possible for criminals using such techniques to figure out how to prevent digital fingerprinting of their computer devices. But in such cases merchants using the ThreatMetrix technology would know to suspect fraud whenever transaction data didn’t also include information on the devices, Siddens says.