Protecting your organization against fraud is a continuous game of cat and mouse. It seems like as soon as you implement a detection mechanism, the bad guys find a way to get around it.

Device ID — the ability to uniquely identify and later recognize a user’s device — was one of the first tools enterprises used for authentication and fraud detection. Using regular and Adobe Flash cookies, you could tag a device and use that as the “something you have” component of the authentication process, thus replacing onerous hardware tokens. If a device was unknown, the enterprise could step up authentication measures.

Modern device ID solutions have become significantly more sophisticated than these early cookie-based solutions. They collect information on myriad device characteristics, both static and dynamic, including browser, operating system, internet connection and other properties. This allows security teams to create a unique fingerprint of the device, which can be used to authenticate customers or detect suspicious interactions.

While device ID remains an important and sometimes effective tool in the enterprise fraud detection arsenal, it is not nearly enough to constitute a complete fraud detection solution. Why is this?

Read the white paper: How digital banking is transforming fraud detection

Fraud Has Caught Up With Device ID Techniques

When device ID was first developed, bad actors quickly learned that they could copy cookies and use them on other devices, enabling them to appear legitimate. As the technique evolved to include things such as IP address and the type and version of browser and operating system, bad actors have reverse engineered device ID solutions and created increasingly detailed spoofing techniques to fool security algorithms.

Many malware strains today collect not only credentials, but also the data used to create a device ID. Bad actors can then manipulate their own device to appear to use the same browser extension, OS attributes and more to further impersonate their intended victim. This practice is known as device ID spoofing. Modern device ID solutions should include spoofing detection capabilities. Moreover, to keep up with the pace of sophisticated fraud activity, device ID spoofing detection must be updated daily based on ongoing research and threat intelligence.

RATs and Social Engineering

The eruption of remote access Trojans (RATs) and other similar threats has resulted in a new way for bad actors to avoid device ID-based fraud detection. An attacker using a RAT is actually using the victim’s device, which completely sidesteps any fraud detection capabilities based on device ID.

In addition to RATs, threat actors constantly develop schemes that take advantage of the weakest element of security strategy — humans — using social engineering tactics. Social engineering attacks such as business email compromise (BEC) target employees with access to company finances and trick them into making wire transfers to criminal bank accounts. In these cases, the fraudulent action comes from both the right device and the right user, something that a device ID-based fraud detection solution would be unable to detect.

Of course, the attacks that circumnavigate device ID-centric solutions are not yet simple enough to be conducted at scale. Fraudsters must invest significant time and research to complete these attacks successfully, but that doesn’t mean they should be overlooked. In fact, bad actors who employ these techniques generally target an institution’s highest-value accounts, making every successful attack potentially catastrophic.

Best Practices for Improving Fraud Strategies

What should an enterprise look for when implementing a fraud detection strategy? It should still include complex device ID as an integral feature, but it should be paired with a strong device ID spoofing tool that includes ongoing threat research and automatically adapts to new threats.

Perhaps more importantly, enterprises should think of device ID as just one tool in a multilayered identification toolbox. Device ID solutions should include additional indicators of fraudulent activity relative to the user, device, behavior or session. These can include behavioral biometrics, malware detection, phishing detection and global identity networks exposing repeated usage patterns over the multitude of these perspectives. It’s also important to consider ongoing transaction monitoring to identify accounts that might be compromised by social engineering.

From a wider security perspective, enterprises should always be wary of one-trick pony solutions. Any solution that uses device ID, biometrics or malware detection exclusively will never be enough to prevent fraud. Multilayered security solutions provide the depth needed to defeat the bad actors of today and tomorrow because they are infused with many layers of cognitive fraud detection and analytics to help prevent digital identity fraud.

In addition to highly complex device ID tools with spoofing detection, these solutions include ongoing global threat intelligence research, behavioral biometrics, malware detection, RAT detection and more. The security layers are pre-integrated, both on the technical level and on the derived risk balancing level, which helps organizations avoid the potential pitfalls of device ID-based fraud protection so they can offer their customers a seamless user experience.

Read the white paper: How digital banking is transforming fraud detection

More from Fraud Protection

Kronos Malware Reemerges with Increased Functionality

6 min read - The Evolution of Kronos Malware The Kronos malware is believed to have originated from the leaked source code of the Zeus malware, which was sold on the Russian underground in 2011. Kronos continued to evolve and a new variant of Kronos emerged in 2014 and was reportedly sold on the darknet for approximately $7,000. Kronos is typically used to download other malware and has historically been used by threat actors to deliver different types of malware to victims. After remaining…

6 min read

How Security Teams Combat Disinformation and Misinformation

4 min read - “A lie can travel halfway around the world while the truth is still putting on its shoes.” That popular quote is often attributed to Mark Twain. But since we're talking about misinformation and disinformation, you’ll be unsurprised to learn Twain never said that at all. In fact, no one knows who first strung those words together, but the idea that truth spreads slowly while lies spread quickly is at least several hundred years old. The “Twain” quote also serves to…

4 min read

A View Into Web(View) Attacks in Android

9 min read - James Kilner contributed to the technical editing of this blog. Nethanella Messer, Segev Fogel, Or Ben Nun and Liran Tiebloom contributed to the blog. Although in the PC realm it is common to see financial malware used in web attacks to commit fraud, in Android-based financial malware this is a new trend. Traditionally, financial malware in Android uses overlay techniques to steal victims’ credentials. In 2022, IBM Security Trusteer researchers discovered a new trend in financial mobile malware that targets…

9 min read

New DOJ Team Focuses on Ransomware and Cryptocurrency Crime

4 min read - While no security officer would rely on this alone, it’s good to know the U.S. Department of Justice is increasing efforts to fight cyber crime. According to a recent address in Munich by Deputy Attorney General Lisa Monaco, new efforts will focus on ransomware and cryptocurrency incidents. This makes sense since the X-Force Threat Intelligence Index 2022 named ransomware as the top attack type in 2021. What exactly is the DOJ doing to improve policing of cryptocurrency and other cyber…

4 min read