[WEB SECURITY] Fraud detection system
Paul Johnston
paul.johnston at pentest.co.uk
Mon Jun 18 15:52:05 EDT 2012
Hi,
Some commercial risk engines can harvest additional variables at the
application layer. A common one is machine fingerprinting, so if the
transaction comes from a machine the user hasn't used before, that
increases the risk score. I think some use behavioral analysis - such as
page sequences, time spent on page, etc. Vendors tend to be secretive
about these things as the rules are easily defeated if the fraudsters
know what they are.
Paul
On 16/06/2012 19:55, Lebeau Frederic wrote:
> Hello,
>
> I'm wondering if there are some stuffs to do at application level to
> increvable efficuency of fraud detection system?
>
> Thanks
>
--
Pentest - When a tick in the box is not enough
Paul Johnston - IT Security Consultant / Tiger SST
Pentest Limited - ISO 9001 (cert 16055) / ISO 27001 (cert 558982)
Office: +44 (0) 161 233 0100
Mobile: +44 (0) 7817 219 072
Email policy: http://www.pentest.co.uk/legal.shtml#emailpolicy
Registered Number: 4217114 England & Wales
Registered Office: 26a The Downs, Altrincham, Cheshire, WA14 2PU, UK
More information about the websecurity
mailing list