Hello,
I'm wondering if there are some stuffs to do at application level to
increvable efficuency of fraud detection system?
Thanks
On 16.06.2012 at 20:55 Lebeau Frederic wrote:
Hello,
I'm wondering if there are some stuffs to do at application level to increvable efficuency of fraud detection system?
Fraud is activity which cannot be detected at this layer. You should look for fraud detection software for your transaction system at the backend.
Things the can be detected on the web-layer: SQL-injection, XSS and other vulnerabilities on the eb-layer.
just my few cents
--
Grisu
Hi,
Some commercial risk engines can harvest additional variables at the
application layer. A common one is machine fingerprinting, so if the
transaction comes from a machine the user hasn't used before, that
increases the risk score. I think some use behavioral analysis - such as
page sequences, time spent on page, etc. Vendors tend to be secretive
about these things as the rules are easily defeated if the fraudsters
know what they are.
Paul
On 16/06/2012 19:55, Lebeau Frederic wrote:
Hello,
I'm wondering if there are some stuffs to do at application level to
increvable efficuency of fraud detection system?
Thanks
--
Pentest - When a tick in the box is not enough
Paul Johnston - IT Security Consultant / Tiger SST
Pentest Limited - ISO 9001 (cert 16055) / ISO 27001 (cert 558982)
Office: +44 (0) 161 233 0100
Mobile: +44 (0) 7817 219 072
Email policy: http://www.pentest.co.uk/legal.shtml#emailpolicy
Registered Number: 4217114 England & Wales
Registered Office: 26a The Downs, Altrincham, Cheshire, WA14 2PU, UK
On Mon, Jun 18, 2012 at 10:53 AM, Christoph Gruber list@guru.at wrote:
Fraud is activity which cannot be detected at this layer. You should look for fraud detection software for your transaction system at the backend.
That seems like a claim that needs more proof or more explanation.
I would say you can look for attempts at fraud at the web application
layer. If a user is presented a form that includes a dropdown with
some options and they send back a POST that includes options they
don't have access to this is a detectable fraudulent action. When
faced with that behavior some applications will simply deny the action
while others will log it and block access - the appropriate behavior
depends on the context.
Regards,
Greg
--
Director Security Services | +1-720-310-5623
Skype: greg.knaddison | http://twitter.com/greggles | http://acquia.com
Am 18.06.2012 um 22:01 schrieb Greg Knaddison:
On Mon, Jun 18, 2012 at 10:53 AM, Christoph Gruber list@guru.at wrote:
Fraud is activity which cannot be detected at this layer. You should look for fraud detection software for your transaction system at the backend.
That seems like a claim that needs more proof or more explanation.
I would say you can look for attempts at fraud at the web application
layer.
Yes you can, but you will never be sure.
If a user is presented a form that includes a dropdown with
some options and they send back a POST that includes options they
don't have access to this is a detectable fraudulent action. When
faced with that behavior some applications will simply deny the action
while others will log it and block access - the appropriate behavior
depends on the context.
Fraud is much more than fumbling around with parameters in forms.
Fraud can be done by using only valid operations.
Just my few cents
--
Grisu
Am 18.06.2012 21:52, schrieb Paul Johnston:
Hi,
Some commercial risk engines can harvest additional variables at the
application layer. A common one is machine fingerprinting, so if the
transaction comes from a machine the user hasn't used before, that
increases the risk score. I think some use behavioral analysis - such as
page sequences, time spent on page, etc. Vendors tend to be secretive
about these things as the rules are easily defeated if the fraudsters
know what they are.
Paul
On 16/06/2012 19:55, Lebeau Frederic wrote:
Hello,
I'm wondering if there are some stuffs to do at application level to
increvable efficuency of fraud detection system?
Thanks
Some WAFs have such detections, it's often called "scoring".
The actions to be done when a score limit is reach can be just
blocking the request or even blocking based on IP, some can
send messages to network firewalls to do more blocking, etc. etc.
Achim