Proxy Detection web services allow instant detection of anonymous IP addresses. While the use of a proxy is not a direct indicator of fraudulent behavior, it can be a useful indicator when combined with other data elements to determine if an individual is attempting to hide their true identity. The fact is, some of the most used ISPs, like AOL and MSN, are forms of proxies, and are used by both good and bad consumers.
The fraudsters know, that is very easy to make their IP geolocation information look like it is coming from the region where their stolen credentials originated. This ability makes them look authentic, when in fact they are using a proxy to mask their true location.
Again not all proxies are equal, some are very reputable, and to cut them off would be a death-nail to your sales conversion. The goal is to use this technique to distinguish which proxies are derived from compromised computers, or from proxies that are known to be highly used by fraudsters. The generic ability to identify an anonymous proxy provides little value.
Tuesday, June 17, 2008
Has Data Breach Legislation actually impacted ID Theft?
According to a recent paper published by Sasha Romanosky, Rahul Telang and Alessandro Acquisti of the Heinz School of Public Policy and Management at Carnegie Mellon University, the data breach legislation instituted from 2002 thru 2006 has had little effect on reducing ID theft.
While the legislation has not reduced ID theft cases the debate is still ongoing if has slowed the rate of increase. It seems the rate of increase is the same in states with legislation and in those without legislation.
A fascinating study showing how the legislation has made companies more aware, vigilant and proactive, but the net result is just plain lacking. Some of the more intersting findings from the paper were:
1. 44% of consumers ignore data breach notices, Choicepoint indicated that only 10% of consumers opted for the free credit watch services.
2. Most companies under estimate the costs associated with a data breach. Choicepoint reported a cost of $26 million related to their data breach and TJ Max reported a cost of 178 million related to their data breach.
3. The impact of a data breach on a companies overall performance, sales and stock performance are temporary typically lasting less than 4 quarters.
To read more on this article go to: "Do Data Breach Disclosure Laws Reduce Identity Theft?".
While the legislation has not reduced ID theft cases the debate is still ongoing if has slowed the rate of increase. It seems the rate of increase is the same in states with legislation and in those without legislation.
A fascinating study showing how the legislation has made companies more aware, vigilant and proactive, but the net result is just plain lacking. Some of the more intersting findings from the paper were:
1. 44% of consumers ignore data breach notices, Choicepoint indicated that only 10% of consumers opted for the free credit watch services.
2. Most companies under estimate the costs associated with a data breach. Choicepoint reported a cost of $26 million related to their data breach and TJ Max reported a cost of 178 million related to their data breach.
3. The impact of a data breach on a companies overall performance, sales and stock performance are temporary typically lasting less than 4 quarters.
To read more on this article go to: "Do Data Breach Disclosure Laws Reduce Identity Theft?".
Monday, June 2, 2008
Telephone Identification
Telephone identifcation is the process of determining the type of phone being used by a consumer or end user. This technique looks up the phone number to determine where it was provisioned, and the type of phone it is associated with.
Telephone identification, or TNI, serves several important functions. First it authenticates that the number is a real "dialable" phone number. Second it will let you know where the phone was provisioned, the country, region, and city. Lastly, and most importantly it will tell you the type of phone the number is assigned to.
To read more on Device Identification: http://www.fraudpractice.com/gl-phoneID.html
Telephone identification, or TNI, serves several important functions. First it authenticates that the number is a real "dialable" phone number. Second it will let you know where the phone was provisioned, the country, region, and city. Lastly, and most importantly it will tell you the type of phone the number is assigned to.
To read more on Device Identification: http://www.fraudpractice.com/gl-phoneID.html
PCI Compliance does not Gurantee Protection from breach
While the PCI standards have done a tremndous job at helping to secure sensitive credit card data, organiztions still need to take proactive measures to secure their systems from hacking. There have been several documented cases where PCI compliant organizations have been hacked and card data has been stolen. The most notable recent case involved Hannaford Food stores where 4 million credit cards / debit cards were comprimised when fraudsters loaded malicious software on the companies 300 servers. The software allowed the fraudsters to pull and store credit card and PIN data as it was being processed from the stores.
To read more on this article go to the CS Decisions website and view the May 2008 article from Pat Pape entitled: "Secure your System".
To read more on this article go to the CS Decisions website and view the May 2008 article from Pat Pape entitled: "Secure your System".
Subscribe to:
Posts (Atom)
