This post discusses technical methods, including device identification, employed by DupZapper to detect online fraud and attempts of customers to conceal real identities or create multiple accounts.
In the previous post we’ve covered how to detect and prevent fraud in online gaming and other online industries by looking at the common types of fraud and multiple accounts being a tell-tale sign of the most. In this, specific technical methods employed by DupZapper to fight fraud by detecting customers with multiple accounts and attempts to prevent detection are reviewed.
Device Identification and Fingerprinting
Device identification and fingerprinting have been a cornerstone for detecting online fraud for a very long time. They are sometimes confused and it is important to remember the difference for having a further informed discussion.
Device identification employs various methods to store a unique identifier onto a customer’s machine and use it for tracking customer’s device by retrieving it later. These methods include regular cookies, special persistent types of cookies such as Flash and Silverlight cookies, HTML5 storage and so on.
Principal benefit of using device identification is that it provides a definitive information when it works. If you can verify that two customers had the same persistent cookie then you know will full confidence that they used the same device. Historically a cookie used in this manner has been called ‘Device ID’, thus the method’s name. Irregardless of a vendor device identification performs device identification exclusively by storing a random tracking value on customer’s device.
The major drawback is that it relies on a browser to store the tracking data on customer’s machine. In the past, some types of cookies could have been shared between browsers and erasing cookie in browser didn’t necessarily delete it from the customer’s device. This was widely considered a privacy invasion and recent coordinated efforts of privacy groups and major browser vendors resulted in many improvements in how private and incognito modes work. As a result, reliability of this method has been severely reduced, making it easier even for non tech-savvy user to delete tracking data.
All this considered, device identification is still very efficient in detecting majority of amateur attempts that may not be big individually, but form a significant threat together. Device identification is fairly simple to use from customer service perspective, as it provides a simple to understand result.
To build upon traditional device identification and overcome anti-detection measures employed by fraudsters DupZapper uses more recent technique called device fingerprinting.
Unlike device identification, which uses tracking cookie to detect what device it talks to, device fingerprinting collects data about the physical device: screen settings, installed graphics adapter, locale, installed operating system and software. It is much harder to overcome as it does not rely on storing any values on customer devices that can be erased. Instead, a computer algorithm is run on a customer’s machine to collect all particulars and calculate a single value that depends on hardware and operating system - device fingerprint.
By the nature, this method relies on customer’s device sending a fingerprint to the system to be tracked. DupZapper uses a number of proprietary techniques to detect if customer has attempted to prevent device fingerprinting from working correctly. Device fingerprinting can be prevented to occur, but there will be an indication that it happened, alerting about a suspicious customer behaviour.
The major limitation of device fingerprinting is that it can produce false positives on very similar devices. For example, in office setting centrally managed computers may be running exactly same hardware and software in exact same configuration. The same is often the case for internet cafes.
However, for most machines device fingerprinting produces very reliable result that cannot be easily hidden. You can see how unique is your fingerprint on the Panopticlick service maintained by Electronic Frontier Foundation, which uses a device fingerprinting technique similar to DupZapper’s, but older, to perform detection.
Registration data checks
DupZapper uses advanced techniques to check customer registration data for possible inconsistencies. One major feature is geographic location verification. In addition to simple GeoIP consistency checks offered by competing providers, DupZapper compares location of customer’s IP address, customer’s phone and customer’s postal address. This feature is configurable, because in some locations some inconsistencies may be a norm. For example, it is common for customers in Catalunya, Spain to use mobile internet from operator in Andorra. Thus, reliability of this feature may vary depending on where the customer is based.
DupZapper also attempts to detect duplicate accounts using various customer information. For example, a fraudster may take an effort to obtain several independent devices and internet connections to escape detection by purely technical means and still will use shared password across the accounts for the sake of simplicity. Similar typos pattern in postal address is another tell-tale factor to improve detection reliability.
When DupZapper was created, our team has carefully considered application scope of each methods available. DupZapper uses device identification, device fingerprinting, database checks and other smart technologies to detect links between multiple accounts maintained by the same customer or any oddities when there are signs of a customer trying to hide real identity. Various collected data are processed by proprietary algorithms and results are offered in simple to comprehend manner that requires to detect suspicious fraudulent accounts very efficiently.