There are some definite misunderstandings about the lifecycle of fraud. The very first phase is infection – and regardless of HOW it happens, the victim’s machine has been compromised. You may have no knowledge of this fact and no control. All of that compromised data is off in the ether and has been sold. The next phase is to make sure that the next set of fraudsters can validate those compromised accounts and make sure they got their money’s worth. It’s only at the last phase – theft – that any money movement occurs. We call this out because there are a lot of organizations out there who have built their entire solution on this last phase. We would say you are about two weeks too late as the crime actually began much earlier.
So how can you protect your organization? Here are five take-aways to consider:
- User / device trust. Do this user and device share a history? Has this user seen of been associated with this device historically? It may not be fraud but it is something we watch for.
- User / device compatibility. Does the user align with devices they’ve used in the past? What are the attributes of the device with respect to user preferences, profile and so on.
- Device hostility. Look at its behavior across your ecosystem. How many identities has it been associating with? Is it associated with a number of personal attributes or focused on risky activities?
- Malware. Does this device configuration suggest malware? Because we have information about the device itself, we can show that it’s been infected.
- Device reputation. Has this device been associated with previous crimes? There are some organizations who have built their entire solution around device reputation. We believe this is interesting to include but it’s more important to look at everything in the context across your entire ecosystem rather that focus on just one area.
Want to learn more? Listen to this on-demand webinar “Where the WWW..wild things are – when good data is exploited for fraudulent gain”.
