Today’s cybercriminals have countless tools at their disposal to create elaborate fraud schemes. Businesses must keep up to protect themselves and their customers. Dan Pinto, co-founder and CEO of Fingerprint, will discuss how device intelligence can future-proof fraud prevention.
Gary Drenik: Let’s start by understanding the landscape. What should consumers know about how the threat of fraud has evolved over the past few years?
Dan Pinto: Automation and the availability of cheap cloud computing resources make it possible for just about anyone to launch sophisticated cyberattacks. Bad actors also have more ways to conceal their identities — such as private browsing, VPNs, and anti-tracking browser settings — making online fraud more advanced than ever.
While generative AI has opened up a world of possibilities for employees all over the world, it has also enabled fraudsters to build more sophisticated schemes more quickly. Fraudsters can impersonate executives and write very personalized, legitimate-looking emails that can fool even the most informed individuals. Automation also allows bad actors to create multiple realistic fake websites and send out huge amounts of messages in a short amount of time.
Bot technology has also greatly improved over the last few years. These automated software applications can carry out large-scale operations with minimal effort and mimic human behaviors better than ever before. Some bots can even pass CAPTCHA tests better than humans.
However, device intelligence solutions such as Fingerprint give businesses a tool to protect themselves and their customers. Cybercriminals may be using newer technology to commit crimes, but fundamentally, if you can detect the physical device executing the attacks, you can help mitigate the damage. Fingerprint can do this better than any other solution in the market.
Drenik: Fingerprint relies on device intelligence to detect and prevent fraud. Can you explain what this means in layman’s terms? Can you share some insights into how these technologies work and how they are superior to traditional methods of fraud detection?
Pinto: Device intelligence uses dozens of signals to create a highly accurate unique identifier for each device, allowing a website to recognize returning visitors for months regardless of how hard they try to hide their identity.
Traditional device fingerprinting relies only on device attributes like screen resolution and OS version, which can change over time. Device identification layers on additional device and behavior signals, like VPN use or browser tampering, to create a more precise and stable identifier. Behavior analysis flags visitors engaging in suspicious behavior, such as unusual login attempts, excessive account creation or atypical transaction patterns.
Businesses can use these detailed signals to reliably distinguish potentially malicious devices from trusted users, enabling fraud prevention and reducing friction for legitimate visitors.
Drenik: Bots and automated attacks remain a challenge. Can you share how businesses are addressing this issue in popular consumer environments like online gaming and e-commerce and why it’s crucial for the industry’s future?
Pinto: Both online gaming and e-commerce’s continued growth depends on preventing bot activity. E-commerce fraud costs businesses millions of dollars annually. In online gaming, bots disrupt the in-game economy, giving some participants an unfair advantage and eroding players’ trust in the game.
To counter these threats, businesses are using verification and identification tools to strengthen their fraud detection strategies. Websites and apps verify their users via CAPTCHA and multi-factor identification, while device intelligence helps businesses stop account takeovers, promo abuse, card testing, multi-accounting, and other damaging behavior.
For example, businesses can use device intelligence to identify when someone creates multiple accounts in the same browser, even when visitors try to conceal their identity. Companies can also determine if a fraudster is returning to make multiple transactions on different credit cards or has been previously associated with fraudulent activity like chargebacks. Additionally, device intelligence detects when an account is accessed from a new/unknown device, triggering additional authentication.
Drenik: Browser fingerprinting and VPN detection are key components of Fingerprint’s software. How are these features contributing to a more secure environment in the financial services sector, and what role do they play in setting industry standards?
Pinto: Fingerprint’s device identification approach balances security with consumer privacy. The amount of anonymous web traffic is increasing. According to a recent Prosper Insights & Analytics survey, 34% of respondents turned on private browsing, signaling consumers’ growing desire for anonymity. This trend poses challenges for traditional fingerprinting approaches, but Fingerprint is resilient to anti-fingerprinting measures without compromising user privacy.
Fingerprint enables financial institutions to identify devices accurately, even in incognito mode, to better recognize known and trusted users without knowing their identity. VPN detection flags high-risk logins from VPN connections, such as visitors with obscured locations or mismatched browser and IP time zones, signaling the need for additional authentication. In a single month, Fingerprint identified 21 million users browsing with a VPN and 14 million in incognito mode. Our technology is pioneering new levels of device identification accuracy, ushering in an era of fraud detection that protects privacy.
Drenik: How do you see consumers inadvertently putting themselves at risk, and what advice would you offer to help them protect their online security better?
Pinto: One of the most common mistakes people make is not keeping their device and browser security updated. It seems like a small thing, but neglecting updates allows for exploitable vulnerabilities. If your device is not sufficiently protected, especially from Zero-Day vulnerabilities, there’s a higher likelihood of inadvertently becoming part of the fraud scheme.
The importance of creating complex, unique passwords is well-known. However, a surprisingly low percentage of people actually practice this, which puts all of their accounts at risk. And increasing cyber-attack sophistication is quickly eroding password security, so you should choose multi-factor authentication and passkeys wherever possible. Password managers and single sign-on (such as Google SSO) are effective tools to secure your accounts.
Drenik: Looking ahead, how can businesses in retail, gaming, and finance proactively adapt to consumer habits and security practices?
Pinto: Protecting finances from fraud in real time is crucial to prevent potential losses and ensure profits. Ultimately, businesses must adopt security tools to protect their users and their organizations.
Device intelligence allows companies to spot credential stuffing, account takeover (ATO) instances and suspicious login attempts. Then, businesses can leverage multi-factor authentication to verify the user’s identity, stopping bots and scammers in their tracks. Device intelligence also flags fishy activity, such as large purchases or multiple payment failures, after login and blocks suspicious users to avoid chargebacks and refund abuse.
Finding the right balance between security and convenience is key to a successful business strategy. Device intelligence identifies trusted users, enabling businesses to remove friction during critical user actions or conversion points without compromising safety.
Drenik: Thanks, Dan, for your insights on device intelligence and fraud prevention.
Read the full article here