Frederic
Yes, you have to come up with some rules, but it could be implemented in a manner that collects all anomalies and analyses that data. And as Greg says, it depends on the context.
What you might consider to be fraudulent for one user you might let another user get away with (within limits).
Colin
----- Original Message -----
From: Lebeau Frederic
[mailto:frederic.lebeau@websurf.be]
To: Colin Watson
[mailto:colin@watsonhall.com]
Sent: Mon, 18 Jun 2012 20:56:53 +0100
Subject:
Re: Fraud detection system
Hello,
i m avare about this project ans we havé starter its implémentation in our
applications.
However, it s not like intelligent system which analisis behaviors. It
requires some programmation each time we would like to detect new patterns
and scenarion? Right? Am i wrong?
However, the idea of the project is very good ;)
Le lundi 18 juin 2012, Colin Watson a écrit :
Frederic
If your application can assess a user's behaviour, it could also make
decisions on business-rules concerning attempted fraud, or signal
information that might be of use to external fraud analysis engines which
often do not know the context of a suspicious event.
I contribute some effort to OWASP's AppSensor project, which provides some
ideas along these lines:
https://www.owasp.org/index.php/OWASP_AppSensor_Project
http://www.owasp.org/download/jmanico/owasp_podcast_51.mp3
Hello,
I'm wondering if there are some stuffs to do at application level to
increvable efficuency of fraud detection system?
Thanks
Frederic
Yes, you have to come up with some rules, but it could be implemented in a manner that collects all anomalies and analyses that data. And as Greg says, it depends on the context.
What you might consider to be fraudulent for one user you might let another user get away with (within limits).
Colin
----- Original Message -----
From: Lebeau Frederic
[mailto:frederic.lebeau@websurf.be]
To: Colin Watson
[mailto:colin@watsonhall.com]
Sent: Mon, 18 Jun 2012 20:56:53 +0100
Subject:
Re: Fraud detection system
> Hello,
> i m avare about this project ans we havé starter its implémentation in our
> applications.
> However, it s not like intelligent system which analisis behaviors. It
> requires some programmation each time we would like to detect new patterns
> and scenarion? Right? Am i wrong?
>
> However, the idea of the project is very good ;)
>
> Le lundi 18 juin 2012, Colin Watson a écrit :
>
> > Frederic
> >
> > If your application can assess a user's behaviour, it could also make
> > decisions on business-rules concerning attempted fraud, or signal
> > information that might be of use to external fraud analysis engines which
> > often do not know the context of a suspicious event.
> >
> > I contribute some effort to OWASP's AppSensor project, which provides some
> > ideas along these lines:
> >
> > https://www.owasp.org/index.php/OWASP_AppSensor_Project
> >
> > http://www.owasp.org/download/jmanico/owasp_podcast_51.mp3
> >
> >
> >
> http://michael-coates.blogspot.com/2010/06/online-presentation-thursday-automated.html
> >
> >
> >
> http://www.crosstalkonline.org/storage/issue-archives/2011/201109/201109-0-Issue.pdf
> >
> >
> >
> http://www.jtmelton.com/2012/05/01/year-of-security-for-java-week-18-perform-application-layer-intrusion-detection/
> >
> > Regards
> >
> > Colin
> >
> >
> > ----- Original Message -----
> > From: Lebeau Frederic
> > [mailto:frederic.lebeau@websurf.be <javascript:;>]
> > To: websecurity@webappsec.org <javascript:;>
> > Sent: Sat,
> > 16 Jun 2012 19:55:14 +0100
> > Subject: [WEB SECURITY] Fraud detection system
> >
> >
> > > Hello,
> > >
> > > I'm wondering if there are some stuffs to do at application level to
> > > increvable efficuency of fraud detection system?
> > >
> > > Thanks
> > >
> >
>