Identifying Cyber Thieves By Their Computers
Written by Evan SchumanIn the ongoing E-Commerce battle to identify fraudsters as early as possible, one payment security firm is pushing a methodology for fingerprinting a cyber thief’s computer and to then be on the lookout for it.
The laptop label that the company, Cybersource, uses is not actually based on the computer’s unique identification, as such data can’t be easily learned by the clues they drop when surfing. Instead, it’s based on the intersection of several routine characteristics, which combined make it fairly likely it’s the same machine, said Cory Siddens, a Cybersource senior product manager.
Some of the individual details would include the browser version, the exact operating system ID and the time differential on the system’s clock ("clock drift"), Siddens said. Another detail might be browser language.
If a retailer noticed four different orders with different names and addresses, possibly even originating from different IP addresses, but saw they were all coming from a machine that shared some unusual characteristics, it would be a good reason to flag those purchases for additional inquiry, along with the recent orders placed from that machine, Siddens said.
-Marc
March 10th, 2008 at 2:41 pm
Combined with behavioral footprints this indeed would be a useful tool–and potentially merely a trap. Such tools always have false positives.
–Glenn