Moving Beyond the Device: Three-part Executive Summary
Device Identification—an online fraud prevention tool that only recently has begun to gain mainstream acceptance—establishes a unique ID for a device attempting to access a Website. Devices are assigned tokens that can be tracked across multiple user transactions, providing a unique identifier that makes it possible to differentiate one entity from all the other entities accessing the site. A new white paper from Sarasota, Fla.-based e-commerce payments consultancy The Fraud Practice describes methods required to integrate Device Identification into an overall fraud solution. CardNotPresent.com will offer an executive summary of the detailed document in three parts. Today: Part III.
Three Logical Areas for Device ID Integration
Because device identification is just one tool within your overall solution, it’s important to understand the methods you can employ to move beyond the device. There are three logical areas to employ Device Identification within your overall fraud solution: authentication, profiling and blocking.
- Authentication is the intent to establish the quality, uniqueness and validity of an end user’s identity within your fraud solution. Authentication techniques also offer the strongest means in which to reduce device identification’s limitation to detect first time fraud. Methods for improving results with device identification by combining it with authentication include aggregated scoring, consumer identity authentication and consumer identity verification.
- While authentication focuses on connecting and validating the profile a consumer presents, profiling compares the profile a consumer presents against known good and bad populations to determine if there is risk. Device identification allows businesses to detect patterns of behavior that may be high risk. Using device ID, a business can differentiate trustworthy transactions from potentially fraudulent transactions by incorporating behavioral detection techniques: Number of different devices, Frequency of change in device, Amount of Identity Morphing you should typically see with a device.
- Blocking refers to methods of using device identification to prevent high risk activity and block the return of known bad customers. The term “bad” is used instead of “fraudulent” because you may want to exclude not just fraudsters, but also those consumers that are simply associated with bad business in the past. Likewise, you may block based on the velocity in which a consumer is making purchases to limit exposure—not because you think they are a fraudster. Blocking is typically implemented by means of lists, which you can tie to device ID for an additional data point to stop repeat offenders, and velocities, which are used to screen for how many times something happens or how many different use cases are associated with a single profile element.
David’s research has been made possible by funding from Kount, Inc.