Device ID was one of the first methods organizations used to prevent fraud and authenticate users. It’s still in widespread use, but device authentication isn’t nearly as strong an identity solution as many think.
Device ID authenticates users by looking at certain characteristics, like browser, internet connection, mobile provider, or operating system, to link a device back to a particular individual. Say you attempt to login to your banking app from a new device. Your bank’s device ID solution will pick up on the change, flag your session, and ask for further authentication to prove your identity.
Because device ID has been around for awhile now, cybercriminals have figured out how to bypass these controls by disguising their actions and pretending to be a legitimate user.
How Fraudsters Circumvent Device ID
Cybercriminals defeat device ID by masking their use of a mobile phone, tablet, or computer or by taking over a user’s device directly. Their top four tactics are device spoofing, malware attacks, RAT attacks, and social engineering.
Armed with information about a user’s device, fraudsters can make their own device appear to be that of a legitimate user’s. Cybercriminals collect data that is the basis of device ID and then mask their activity by replicating a operating system, internet connection, or other identifying data, allowing them to get inside a previously identified and authenticated device. By using proxy IP addresses, fraudsters also are able to get around geolocation tracking.
Cyber criminals often use malware to steal an individual’s personal information, which they then use to commit fraud. Fraudsters have also developed malware variants that capture the data needed to form a device ID. Following a successful malware attack, criminals can engage in device spoofing to bypass device ID controls. Criminals also use malware attacks to take over a user’s device and initiate fraudulent activity. Because the actions appear to be coming from a legitimate device, device ID is unable to identify the criminal activity. Once installed, malware can lie dormant on a device until a criminal triggers it, making it even harder to detect and stop.
RAT attacks are hitting companies hard. RATs bypass device ID solutions completely by giving fraudsters direct access to and control over a user’s device. Once inside, fraudsters can initiate money transfers, make purchases, or complete any other action a user would make. RAT attacks go undetected for an average of 170 days.
Fraudsters use social engineering to deceive consumers into taking action from their own device. The most common forms are phishing, vishing, and smishing. Fraudsters trick individuals into handing over personal information, initiating transactions, or clicking on a link that downloads malware or a virus to their device. Social engineers will pose as a bank, insurance company, or other legitimate organization, preying on human trust to exploit victims. Because the fraud is executed by a legitimate user from their verified device, device ID is unable to detect social engineering schemes.
It’s easy for fraudsters to pretend to be someone they are not online. Personal credentials are readily available and device ID data is available for harvesting. To detect device spoofing, malware, RATs, and social engineering, authentication solutions need to go beyond looking at information users know or have to instead focus on the strongest identity factor, “Who You Are,” which is based on user behavior.
Monitoring user behavior is the most reliable way to authenticate an individual no matter where they are or what device they are using. Cybercriminals can replicate a device ID or take over a user’s device, but they can’t steal or replicate a user’s behavior.
Based on this reality, BioCatch compares the behavior of the same user in a regular session to detect subtle changes such as signs on hesitation and duress, as well as others. A combination of those changes drives the cognitive insights that indicate this type of scam is occurring. For example, since the user is instructed on the phone, there can be some pausing or hesitation. There is some information they are not familiar with like the fraudster’s account, so signs of segmented typing will show up. To combat malware and other automated attacks, BioCatch has reframed the problem by taking an approach that singles out any deviation from the legitimate user’s behavior by applying behavioral biometric analysis to all activities. With BioCatch you can detect when it’s not the user performing an activity such as a login, payment or account opening, detecting all types of attacks including bot activity, Trojans and other adversaries. In other words, the BioCatch platform makes the Trojans attack ineffective due to its’ ability to detect indicators of abnormal activity for any user, leveraging innovative technology that is powered by Machine Learning and takes into account user behavior traits and cognitive thinking insights.
The next time a cybercriminal attempts to take over a device using their favorite tactics, behavior-based authentication solutions will stop them in their tracks, catching fraud in real-time and protecting customers and businesses from the damages of digital identity theft.Want to bring together advanced security and frictionless user experiences? Learn more about behavioral biometrics, a behavior-based authentication solution.