Below are my thoughts on this topic that may help you answer this question. Feel free to comment?
How can generic device information uniquely identify a device? It can when you combine all of the individually non-unique data elements into one long continuous stream of information. The sum of these data elements can create a unique “device fingerprint". This fingerprint effectively becomes a “virtual” device within the fraud system. It’s more like a “pointer” to a real device that is located somewhere out in cyberspace, but we truly have no idea where it is located, and frankly, we don’t care! Besides, we can’t tell where the device really is (anonymizing proxy or simple dial-up connections breaks any hope that geo-location is a guarantee) and with a laptop the device may be moving around naturally.
We also don't know “who” is actually using the device, the web-site collects identity info but we don't know if this is really the person logging in. So just like we create a virtual device identifier, we can create a virtual account identifier and use it with the virtual device identifier. So, from a device identification perspective we don’t know who the “real” identity is of the person using the device and we don’t know where it is located.
The power and effectiveness behind this method of fraud management is that it doesn’t matter “who” or “where” the person and device is. And, the responsibility to correlate these “virtual” identities back into their true identities lies in the hands of the merchant anyway. Only the merchant has the necessary information to map these virtual identities back into any personal information that they have collected.
Yugoslav Proverb
A good rest is half the work.
No comments:
Post a Comment