Scribd Logo
Upload

Welcome to Scribd!

  • ThreatMetrix CyberSource Epayments Summit 2009

    Uploaded by

    ThreatMetrix
    205 views9 pages
    - Evolution of Fraud Attacks - Compromised Identities and Devices "Perfect Storm" - You cant trust the person if you cant trust the device - Case Study - Technology Comparisons - True IP and Instant Proxy Detection - Packet Level Device Identification - Merchant Considerations

    Original Title

    ThreatMetrix CyberSource ePayments Summit 2009

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    PDF or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    - Evolution of Fraud Attacks - Compromised Identities and Devices "Perfect Storm" - You cant trust the person if you cant trust the device - Case Study - Technology Comparisons - True IP and Instant Proxy Detection - Packet Level Device Identification - Merchant Considerations

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF or read online from Scribd
    Flag for inappropriate content
    Download as pdf
    205 views9 pages

    ThreatMetrix CyberSource Epayments Summit 2009

    Uploaded by

    ThreatMetrix
    - Evolution of Fraud Attacks - Compromised Identities and Devices "Perfect Storm" - You cant trust the person if you cant trust the device - Case Study - Technology Comparisons - True IP and Instant Proxy Detection - Packet Level Device Identification - Merchant Considerations

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF or read online from Scribd
    Flag for inappropriate content
    Download as pdf
    of 9

    Online Fraud Prevention

    Technology Trends

    Title Page
    Picture
    Representing Alisdair Faulkner
    VP Products
    ThreatMetrix, Inc.
    Topic
    <Company Logo>
    Evolution of Online
    Fraud Attacks

    • In 2007 11% of influenza


    viruses were found to be
    resistant to Tamiflu
    • One year later, 99% were
    found to be resistant

    What does this mean for


    fraud in next 2-3 years?
    Compromised
    Identities and
    Devices:
    a ‘perfect storm’
    You can’t trust
    the person if you
    can’t trust the
    device
    – 12 million active
    – 200 million profiled
    – 100,000 new devices per day
    – Global top-3 countries
    • US
    • China
    • Brazil
    – Compromised PCs used to
    steal Credit Card details
    – What’s new is that botnet
    drones are also facilitating
    transactions

    Botnets and Proxies make IP Velocity


    and Geolocation Ineffective
    Case Study: Voice Top-Ups

    With IP Intelligence [Fraud stopped on 5th try]


    Account Cookies Javascript Payment Payment Payment
    Created Login IP Address IP Geo Enabled Enabled Dollars Currency Response
    12/9/2008 5:28 lehung 216.127.92.39 US no no 20 usd Reject
    12/9/2008 5:26 truyen2 216.127.92.39 US no no 20 usd Accept
    12/9/2008 5:24 truyen4 216.127.92.39 US no no 20 usd Accept
    12/9/2008 5:22 hungkt16 216.127.92.39 US no no 20 usd Accept
    12/9/2008 5:19 jtungss 216.127.92.39 US no no 20 usd Accept

    With Device Intelligence [Fraud Stopped 1st time]


    Account Proxy Ip Proxy True Ip
    Created Login Device ID Proxy Ip Geo Type True IP Geo
    12/9/2008 5:28 lehung cc4fa496c54511dd800000163e119596 216.127.92.39 US hidden 58.187.21.118 VN
    12/9/2008 5:26 truyen2 cc4fa496c54511dd800000163e119596 216.127.92.39 US hidden 58.187.21.118 VN
    12/9/2008 5:24 truyen4 cc4fa496c54511dd800000163e119596 216.127.92.39 US hidden 58.187.21.118 VN
    12/9/2008 5:22 hungkt16 cc4fa496c54511dd800000163e119596 216.127.92.39 US hidden 58.187.21.118 VN
    12/9/2008 5:19 jtungss cc4fa496c54511dd800000163e119596 216.127.92.39 US hidden 58.187.21.118 VN
    Technology Comparison

    Different ways to detect proxies?

    Techniques to identify devices?


    True IP and Instant Proxy Identification

    • Net of capture problem


    Standard Proxy
    Attribution  IP Reputation • IP address moving target
    • Easy to subvert

    • First-time protection
    Instant Proxy
    Attribution Proxy Bypass • Instantaneous detection
    True IP / True Geo • Risk classification
    • Hard to subvert
    TimeZone / Geo
    HTTP Fingerprinting
    TCP/IP Fingerprinting
    Packet Fingerprinting
    Content Encoding
    Packet-Level Device Identification

    Standard
     Browser Profiling
    I BLE
    Identification  Browser Tagging ERT
    U BV
     IP Geolocation S 210.123.30.15

    Deep Packet  Proxy Bypass Subversion Resistant


    Inspection  True IP / True Geo
     TimeZone / Geo
     HTTP Fingerprinting
     TCP/IP Fingerprinting
     CPU Time-stamping
     Botnet Detection
     IP Forensics
     Real-Time Matching Strategies
    Considerations

    How should you be thinking about the


    composition of technologies as you evolve
    your operations?

    • No silver bullet
    • Device identification requires a holistic view of the device
    • Look for real-time solution
    • Subversion resistant
    • Flexible and able to integrate with existing work flow

    You might also like