The Value of Device Intelligence in Fighting Fraud

The level of online transactions has increased in 2020. COVID-19 has accelerated a change that was expected to take several years. Restrictions, guidelines, and health and safety concerns due to COVID-19 have forced consumers to change their everyday behaviour, resulting in a surge in digital and contactless payments. Every one of these online transactions comes from a device, but not everyone is aware of how device intelligence can help protect customers in this new digital world.

Device intelligence helps in three key ways: assessing and mitigating risk in real-time, enhancing authentication, and optimising the customer experience across digital channels. In this blog, we will be detailing how device intelligence can help companies evaluate device risk and provide protection from malicious attacks, including malware, crimeware and jailbroken devices.

Malware is malicious software that an unsuspecting user downloads and installs. There are thousands of types of malware available globally, with new variants appearing daily. A recent notable example would be the Trojan nicknamed “BlackRock” that emerged in May 2020. BlackRock is a classic Trojan that once installed, harvests information from the device. Earlier this year, cybercriminals used the Trojan in a fake Android version of the incredibly popular “Clubhouse” application (at the time only available on iOS). Credentials for hundreds of online services, including several well-known financial institutions, e-commerce apps, cryptocurrency exchanges, and social media platforms have been compromised in this way. Every day, around 350,000 new malicious programs and potentially unwanted applications are identified. Through gathering intelligence about the devices being used, a wide range of malicious software can be identified, and malware-based attacks can be mitigated.

Crimeware, or “Criminal Tools”, are apps that are either directly, or indirectly, used for nefarious purposes. For example, VPNs are used widely to spoof a device’s location to interact with businesses that identify, and filter content/accessibility of their service based on the IP address of the connecting user. This practice is common with the likes of Netflix and other streaming services that provide different content by geography. SMS forwarder applications are another example; they can be convenient if you need to use a different SIM for a while whilst travelling but can also be used maliciously by parties attempting to gain access to a user’s authentication one-time passcodes for banking services. Device intelligence can detect crimeware that directly or indirectly may be used by cybercriminals. By screening a device the moment it connects to a business’s digital channels, you can protect your business, but also protect your customer by interacting with them differently based on the type of crimeware detected. For example, a bank might limit the functionality of an app or deny access altogether if an SMS forwarder is installed but let them continue if a location spoofer is detected.

Root/jailbreaking devices is another way for malicious attacks to occur. Device intelligence can discern if a device’s operating system has been compromised through rooting (Android) or jailbreaking (iOS) a device. Jailbreaking is when the device handler gains full access to the root of the iOS operating system and accesses all the features, bypassing the restrictions imposed by Apple. Rooting is removing the same restrictions/limitations on a device using the Android operating system.

It is unlikely to see legitimate digital channel users with a rooted or jailbroken device, and this is often a strong indicator that the user of the device may be attempting fraud, or otherwise attempting to circumvent security measures. Typically, a fraudster’s first step in tampering with an application is to use an Android or iOS emulator. By using device intelligence, you can detect these emulators. It is rare for a legitimate user to interact with a business using an emulator; as such, detecting an emulator is a very powerful way of finding cybercriminals and stopping them from performing scalable emulator-based attacks. Forcing the cybercriminal to interact with a physical device can make it much more difficult for them to compromise the integrity of your digital channel.

Device information and operating system attributes can also be collected and analysed to produce a device fingerprint that is resilient to tampering, application uninstall/reinstall, and OS upgrade. When this device fingerprints and is used within a wider identity solution, such as Accertify’s Digital Identity product, it provides enhanced capability to detect and prevent numerous additional vectors of fraud, including credential stuffing, new account opening fraud, and account takeovers.

Protecting your customers

Detecting device tampering, malware, and crimeware activity allows you to help protect your customers. Detecting these attacks can also help prevent data breaches that can lead to regulatory fines and loss of brand reputation. There can be reputational value in preventing malware-based attacks and helping to keep your customer’s data safe – including protecting your customers’ login credentials, account, and banking information, and even loyalty points. Detecting crimeware, malware, and root/jailbroken devices helps your customers interact with your digital channels in the proper ways.

About Accertify

Accertify is currently a consortium member of the SOTER project. Accertify’s main role within SOTER is to provide mobile device intelligence information as a part of the SOTER Digital Onboarding Platform, contributing to the platform’s overall verification and fraud prevention strategy.


Author: Charlotte Naismith, Accertify

For more information about SOTER visit the project website and follow us on Twitter and LinkedIn.