US outfit Iovation, has launched a new service that detects online fraud using the unusual technique of logging the precise behaviour and history of client computers.
Instead of simply analysing generalised patterns of behaviour to look for rogue transactions, ieSnare’s DevicePrint system takes the technology a step further by uploading a piece of software to each computer and monitoring its hardware, software and network connection configuration.
Any actions carried out from this PC are then related, via a central database matching system in the ieSnare reputation service, to registered accounts. This approach makes is much harder for criminals to register multiple accounts – sometimes numbering in the thousands - from the same PC using stolen credit card details before extracting cash from the system by manipulating its weaknesses.
The issue is a major one for online businesses as they are held liable for credit card fraud carried out on their systems.
Iovation CEO Greg Pierson said the software had already been used on US gaming websites to stop a series of complex frauds involving large numbers of fake accounts laundering money through the game playing process. Fraudsters were able to exploit the open nature of the Internet to aid their scam.
“Before our system, connections were anonymous. They all looked the same as there was no history,” said Pierson. The ieSnare system would make it easy to spot such problems immediately. “It is not typical for a single device (PC) to set up 10 accounts.”
The service could be used by any online business in practice but was best used by larger enterprises which had users logging on regularly to carry out transactions.
He dismissed privacy concerns about software being loaded on to each PC to link to the device reputation service. This could be carried out as a software application or using ActiveX, but users would always need to be asked for their permission. It monitored only that data required to identify the PC itself.
Sold as a service, the cost of the service would depend on the number of customers of a particular company accessing it. He characterised that as fractions of a cent per user access.