Interview with RISK IDENT on the basics of device identification

To stop the fraudsters, its important to be one step ahead of them. With the motto “Think like a Fraudster” in mind and by possessing certain device identification key resources it is possible to stop online fraud.

What exactly is device identification? What are the main strengths and weaknesses of this technique? What is device identification?

Device identification consists of two main features: re-identifying a device and estimating the risk of a particular device.

Re-identifying a device

A device re-identification determines if a particular device has been seen before. Strictly speaking, a so called re-identification occurs when e.g. a new order is placed from a particular device, where the device attributes correlate to a previous completed order. The device fingerprinting algorithm determines the distance and significance between these transactions - based on the collected device attributes. On a high significance between the connected transactions, we call the connection an “Exact-Match”. If the match can’t be exact (not 100% the same device), we call the match a “Smart-Match”.

For example, we can re-identify a device that we have seen before committing fraud at customer X and warn customer Y when the device tries to buy something before the transaction is completed.

Determine the risk of a device

On a new order, the risk of a device is determined by the current device attributes and its connection to previously recognized devices.

Device attributes

To determine the risk of a device, our device fingerprinting solution collects multiple data points from different device layers such as Browser, Operating System and Network. In total we collect over 1000 data points.

Layers of device attributes & manipulation scale

The goal of a fraudster is to manipulate these attributes to hide his device identity.

Browser

The Browser information contains details which are determined by the browser itself. These info can start with the user agent, which gives details about the current used browser type & version, and can go further up to time zone and system time of the device.

Operating System

• WebGL

• Canvas Fingerprint

• Processor

• Virtual Machine Detection

• Battery Level

Network

• ISP / VPN

• TCP/IP packaging / SYN

• Geo Location

The strength of device identification

Device fingerprinting has four key strengths: building connection between identities, identifying risky attributes of a device, transparent identification method and fully data compliance.

Connections

Creating connections between identities is an important step in order to detect fraud. A device becomes suspicious when multiple identities/customers ordered using the same device. In big fraud cases hundreds of identities are connected to each other.

Risky attributes

The collected information of a device can be used to determine risk; for instance geo-Location, keyboard language, time zone, browser version and many more can be a real good indicator to see suspicious behaviour. Here are a few examples:

Geo-Location - an order comes from a device which is located in a risky country;
Keyboard Language - a German customer has suddenly a Russian keyboard layout;
Time zone - the ISP geo-location is not matching with the given time zone.

Transparent identification

One of the key features of device fingerprinting is that it runs frictionless in the background of the authentication system, without disrupting the customer. A customer doesn’t realise that a fingerprint is taken. However, methods like 3D Secure and Two Factor Authentication are much more interfering to the customer experience and can decrease the merchants’ conversion rate.

Data compliance

Our device fingerprinting solution Device Ident is completely anonymously and fulfils the GDPR regulation. This is a great advantage and makes it possible to be included in banking services, without the need for NDA’s or other agreements.

Can fraudsters apply similar tools, such as device identification, to conduct online fraud? If so, how are they applying it?

Yes, they can, and they do it. Fraudsters started to build their own anti-fraud prevention software tools. The goal: To prevent tools like device fingerprinting from identifying fraud.

And they don’t stop here. Fraudsters not only created their own tools, but they also make businesses out of this and start selling it. Multilogin and Antidetect are just two examples of these tools.

To see how Multilogin works you can check out their site here - https://multilogin.com/.

Multilogin advertises the old way, where the fraudster used to be unhappy, because he had to use multiple physical devices in order to commit fraud.

The screenshot from the software Antidetect shows how you can obfuscate all possible attributes of a device.

These tools enable fraudsters to manipulate the attributes of a device, which makes it possible to turn a e.g. Windows PC into a mobile device. This prevents the device connection (like Exact-Id) from working and former attributes, which were used in rules to determine fraud, are not valid anymore.

How can we identify these bad actors and uncover their true device?

The most important ingredient is to understand how a true device looks like. We see millions of devices every month and we know exactly how fraudulent and legit devices look like. Thanks to our intelligent true device detection algorithm, we can identify these manipulations and inform the merchant.

Why is this topic important for our readers, be they end-point consumers or providers of services in the payment industry?

Fraudsters are always trying to catch up. It is an arms race between fraudsters and us as a solution providers. It is important to understand their constantly evolving approaches and to also tackle these with the latest technology. The new development we see is that fraudsters are not hiding anymore but go public with the fraud-services they offer. They offer their tools for fraud committing services in the same way we offer our services in fraud prevention for customers - it is a professional industry.

Screenshot from the terms of service, see https://multilogin.com/terms-of-service/

The funny thing is, they advise you to not do any fraudulent activity. But to be honest: What else could you do with such a software?

About Felix Eckhardt

Felix Eckhardt was with RISK IDENT at its inception. Initially taking up the position of senior software engineer, he helped RISK IDENT get on its feet as the chief architect behind the company’s second fraud prevention product, FRIDA. A year after the company’s founding, Felix became the CTO and remained in the position until he moved to Australia in 2016. While abroad, he acted as Senior Software Developer developing data-driven solutions for telecoms and marketing industries for two years.

About RISK IDENT

Result-driven fraud prevention solutions engineered by RISK IDENT protect global ecommerce, telecommunication and financial businesses. Reducing identity theft, account takeovers, payment fraud, and account/loan application fraud on all channels is made simple with cost-effective products that use extensive domain knowledge and machine learning technology tailor made for tier-one enterprises.