Linda Musthaler's CIO-level look at the latest networking technologies and their benefits and pitfalls.
At the recent Web 2.0 Expo, PayPal’s senior director of global risk management, Katherine Hutchison, warned that online fraud is on the rise. There are many factors behind this rise, not the least of which is the rapid growth of the underground cybercrime economy. Criminals have established vast botnets comprised of millions of computers that are unknowingly controlled by malicious masters.
In 2008, the Georgia Tech Information Security Center (GTISC) estimated as many as 15% of online computers were part of a botnet – up from 10% in 2007 – and it’s likely to get worse. For example, there’s evidence that the recent Conficker virus is out to create an even greater population of bot computers. (See: Conficker awakens, starts scamming)
With so many bot devices now in place, criminals are able to easily hide both their locations and their identities to commit their assaults. As a result, the online fraud problem is growing bigger and wider. It exists anywhere where someone creates a new account, logs in to an account, or makes a card not present (CNP) credit purchase. Here are just a few examples of places where fraudsters are doing their dirty work.
• E-commerce sites of every ilk, where someone makes a purchase using stolen credit card information.
• Social networks and online dating sites, where fraudsters create accounts or use stolen credentials to establish trust and
confidence and then betray that trust for financial gain.
• Banks and financial institutions where the criminal applies for a credit card or logs in with stolen credentials in order
to steal funds.
• Private business portals for trusted business partners or customers that are compromised by someone with stolen or fake
credentials.
• Federal, state and local government Web sites where fraudsters acquire benefits and services they are not entitled to.
This threat from compromised computers has given rise to a new security discipline whereby the device used in a transaction is quickly profiled in order to assess the risk from allowing that device’s transaction to proceed. Known as “device fingerprinting,” the process is rapidly gaining interest and adoption. As evidence, consider a critical indicator from the latest CyberSource fraud report: 7% of the online $25M+ e-merchants use device fingerprinting today and 47% said they plan to implement it in 2009.
Linda Musthaler is a principal analyst with Essential Solutions Corporation.
Rss FeedRss Feed
The Leader in Network Knowledge
Comments (5)
Device Finger PrintingBy Anonymous on April 20, 2009, 11:19 am http://findarticles.com/p/articles/mi_m4PRN/is_2009_March_4/ai_n31412259/
Reply | Read entire comment
Device Finger PrintingBy Anonymous on April 20, 2009, 2:48 pmKnowing the state of everything connected to your network is a critical step securing your transactions. http://www.lumeta.com/news/pr041509.asp
Reply | Read entire comment
Device Finger PrintingBy Anonymous on April 21, 2009, 3:13 amOf course it can be a solution, even if not definitive. however any data about false positive device classification?
Reply | Read entire comment
Device fingerprinting defends against online fraudBy Anonymous on April 21, 2009, 6:49 amThats good info and update on fingerprinting defends by author.In fact bot device are modern weapons for this cyber criminals. Social sites and e commerce are major...
Reply | Read entire comment
ScaryBy Anonymous on September 4, 2009, 8:06 pmIt is scary that all these frauds go on. I can't believe there are so many online scams going on out their. They seem to be growing by leaps and bounds too. http://www.report-online-scams.com
Reply | Read entire comment
View all comments