For any merchant, fighting cybercrime while ensuring a good customer experience is the ultimate balancing act. At first glance, a good consumer with a brand new phone and a very limited online footprint might look legitimate. But they might appear indistinguishable from a bad actor who is using emulation software and location spoofing to mask as a real customer. These fraudsters are only trying to infiltrate the merchant’s defenses. Telling them apart is like walking a tightrope. 

Identifying devices accurately and efficiently can help. It’s one layer of the multi-faceted account security strategy that businesses need to be taking a look at today.

Stopping Chargeback Abuse, Preventing ATOs 

I just got back from the annual MRC event in Las Vegas. It was great! The biggest merchants attended and the conversations, especially around contextualized device intelligence, were compelling. I sat down with many folks dealing with account takeovers (ATOs), account sharing, chargebacks and refund abuse to hear directly from them. And overwhelmingly, when I synthesize the conversations, they all are saying the same thing…to stop bad actors, to create awesome digital experiences for good customers and to grow revenue, they need a new kind of device intelligence. 

We actually surveyed 216 merchants to learn more. We asked respondents about the key challenges they face when telling legitimate devices from potentially fraudulent ones, and sought to understand what gaps they have in their approach.

Survey respondents said that stopping chargebacks and preventing ATO attacks are the main challenges they’re trying to solve with device identification. Putting a stop to these attacks is rightfully a concern for them: when valued consumers suffer losses of money or personal data due to a compromised account, merchants are often blamed. And you know that lost trust is excruciatingly hard to repair. The best way to keep consumers happy and safe online is to prevent as many of these attacks as possible. 

Data-Driven Defenses 

But against today’s crafty fraudsters, there are many challenges. 42% of survey respondents said that detecting devices used by fraud rings or in repeated attacks is a key challenge. Fraud rings often use tactics like account sharing, where a device logs in from different locations in a short period. Companies can combat these attacks by using a device identification solution that identifies and flags patterns like these, with closer scrutiny for some devices.

Almost 33% of respondents reported they are using an in-house solution, and 18% said that they are currently not using anything for device intelligence. Stepping up protection could save security teams time: heavy reliance on manual review was one of the leading gaps that respondents reported with their current in-house approaches. 

And the top pain point for the surveyed e-commerce merchants? A lack of comprehensive device tracking and historical behavior insights, which 37.5% of respondents reported was an issue. In the never-ending fight against bad actors, fraud prevention teams can only succeed with access to rich data, while incomplete tracking information leaves the question of which devices to trust up in the air. 

You can take the survey, too! (Please NOTE: the raffle has ended)

Next-Generation Device Intelligence

When we built Arkose Device ID, which by the way we introduced at MRC, we set out to solve this issue. We listened to feedback from our customers, and designed a next-gen tool to answer the call for a proactive and always-on solution to simultaneously identify legitimate returning consumers and stop bad actors. With a combination of stateless and stateful approaches, our solution tracks and correlates user behaviors without disrupting the customer experience. When used with Arkose Bot Manager, it’s the first line of defense, giving our clients the tools to confidently recognize returning devices and catch fraud early.

The robustness of the data makes the difference. Ready to strengthen your device ID strategy with unique identifiers + device intel + risk signals ? Contact us today to see how we’re doing things differently over here at Arkose Labs to protect your business and customers. 

P.S. If you take the survey, we’ll share the results benchmarked against your peers. 

*** This is a Security Bloggers Network syndicated blog from Arkose Labs authored by Terry Hunt. Read the original post at: https://www.arkoselabs.com/blog/mrc-attendees-speak-out-about-device-intelligence/