Future-Proofing Device Recognition: Building Similarity into Fraud Detection to Protect User Privacy and Build Trust

As the stalwart of fraud detection for the last decade, device recognition – of laptops, smartphones, tablets etc - has formed the basis for many rule-based policies and machine-learning models to detect fraud.

Many organizations talk about a layered defense strategy, that starts with device recognition and layers multiple additional capabilities such as behavioral analytics, digital identity data and additional authentication checks. But the painful truth is that hard-to-detect fraud is still getting through.

So, what’s not working? Is device recognition getting less effective as a tool for detecting unusual behavior? Is it harder to spot genuinely high-risk behavior in amongst the grey noise of more locked down, generic operating systems? To best answer this question, it’s worth going on an evolutionary journey of device recognition technology. Let’s look at the evidence.

How do you observe Device Behaviour?

In an online transaction, your device is essentially like the face of a user when they meet the website; while your name, account number and other data is simply being communicated second hand.

Imagine asking a friend to share a piece of information that they would only divulge to you. If you visit them in person, they can look at you from all angles; study your reactions, watch your gait and mannerisms, and take hundreds of other cues from you to prove you are you.

If you are not physically present, however, your friend will make a judgement based on the information they are given. Your name under a static photo of you isn’t going to add much trust. But a phone or video call gives more information, context, and cues that your friend will use to verify your authenticity.

The same principle applies when it comes to devices. As a device is interacting with a website, the website’s author can carefully watch it from all angles. The web browser, the network that it’s connecting with, the operating system it’s running and the user on the other end, all influence how the device interacts with a website. All these components can be measured by careful and observant software.

How does Device Recognition detect unusual and high risk behavior?

Device recognition has long been one of the foundational pillars of fraud prevention, as it is one of the most straightforward indicators of risk. There are two main situations where a website wants to carefully identify devices to protect itself and its users

1. Finding two different devices that are doing something that is connected. For example, a different laptop logging into your bank account.
2. Finding a single device doing multiple unusual / unrelated things. For example, a single computer attempting to log into several different bank accounts.

In both these cases, the more reliably we can compare devices, the more reliably we can detect potential high-risk behavior before it causes harm.

Download the full whitepaper to carry on reading