As we discussed in our earlier Heartbleed post, there are several new vulnerabilities online and in the mobile space increasing the challenges that security professionals face. Fraud education is a necessity for companies to help mitigate future fraud occurences and another critical component when assessing online and mobile fraud is device intelligence. In order to be fraud-ready, there are three areas within device intelligence that companies must understand and address: device recognition, device configuration and device behavior.
Online situational awareness starts with device recognition. In fraudulent activity there are no human users on online sites, only devices claiming to represent them. Companies need to be able to detect high-risk fraud events. A number of analytical capabilities are built on top of device recognition:
- Tracking the device’s history with the user and evaluating its trust level.
- Tracking the device across multiple users and evaluating whether the device is impersonating them.
- Maintaining a list of devices previously associated with confirmed fraud.
- Correlation of seemingly unrelated frauds to a common fraud ring and profiling its method of operation.
The next level of situational awareness is built around the ability to evaluate a device’s configuration in order to identify fraudulent access attempts. This analysis should include the following capabilities:
- Make sure the configuration is compatible with the user it claims to represent.
- Check out internal inconsistencies suggesting an attempt to deceive.
- Review whether there any indications of malware present.
Finally, online situational awareness should include robust capabilities for profiling a device’s behavior both within individual accounts and across multiple users:
- Validate that the device focus is not on activity types often associated with fraud staging.
- Confirm that the timing of the activities do not seem designed to avoid detection rules.
By proactively managing online channel risk and combining device recognition with a powerful risk engine, organizations can uncover and prevent future fraud trends and potential attacks.