Harder for Retailers, Easier For Fraudsters
We are always intrigued to see what Brian Krebs has to say on Krebs on Security, his blog about fraud and security in the online world.
Krebs recently posted an article, “AntiDetect Helps Thieves Hide Digital Fingerprints,” with a video demonstrating how the latest software “AntiDetect version 188.8.131.52” helps fraudsters change the digital fingerprint on their computer. While this is not new to the underground world of cybercrime, it shows us how much easier it is for fraudsters to make purchases online and how much more difficult it’s getting for online retailers to stop them.
With dozens of tools created to help bad guys commit fraud, online retailers are under a great deal of pressure to keep one step ahead of the fraudsters. And, as I have noted before, most online retailers are not fraud detection and prevention experts.
Seeing how little effort it takes to change a device fingerprint is a stark reminder that throwing a few tools together in the hopes of scaring away or stopping a fraudster in his tracks before he steals from you is a crapshoot at best. Trying to keep up with fraudsters is more than a full-time job -- it’s something best left to the experts.
The video illustrates just how much damage can be done in minutes; the fraudster quickly steals more than $200 worth of goods that will then be sold and turned into cash. Given a few hours, this guy could steal tens of thousands of dollars worth of goods. Retailers with a fraud system that relies heavily on device fingerprinting or IP/geo-location techniques alone are at great risk for this kind of scenario.
To truly reduce fraud, online retailers MUST have a system of several interlocking technologies, designed to work together without relying too heavily on one type of detection method over another. Device fingerprinting and IP/geo-location are great tools, but they are even better when they work in conjunction with velocity checking, linking technology, proxy detection, scoring and re-scoring techniques, among others, and provide the retailer with in-depth information about each transaction. Without this type of detection and prevention system in place, online retailers will continue to be easy targets for cybercriminals.