Web fraud detection
Encyclopedia
Web Fraud Detection defines technological solutions, meant to detect criminal activities carried out against websites and web applications over the World Wide Web. Traditionally, fraud detection solutions were essentially rule-based expert systems. By definition, the latter would require expert fraud analysts to define a knowledge-base consisting of rules that describe criminal behavior by process, order, timing, counters and more. These systems would usually reside within financial institutions, complementing existing application servers and focusing mainly on financial transactions. In recent years, as electronic commerce has grown exponentially, cyber crime has adapted old techniques to new technologies. Mainly, using the Web as a means to commit fraudulent financial transactions. Leveraging the Web's distributed character, cyber criminals found anonymous haven within tens of thousands of compromised personal computers around the globe. After infecting end-user computers with distributed bot-nets, criminals use these victims to mask their origin and identity. The main criminal activities consist of Identity theft
, account takeover and Card not present transaction
(CNP) fraud. Modern threats utilize Man in the Browser
trojans (MITB Bankers) such as Zeus (trojan horse)
. This type of crimeware
piggybacks legitimate user sessions to bypass authentication mechanisms. Once the unsuspecting user has authenticated and logged into his/her bank account, the MITB trojan splits from the main path of activity and transfers money to external accounts. The true user may simultaneously be checking his/her balance, unaware of the crime being committed. Such attacks required the advancement of state-of-the-art technologies. Since all authentication mechanisms have failed protecting against MITB attacks, new approaches had to be thought up. On June 28, 2011, the FFIEC (Federal Financial Institutions Examination Council) issued a supplement to its 2005 guidance. It now requires all U.S financial institutions to deploy web user behavior anomaly detection systems. User behavior anomaly detection is based on heuristic analysis algorithms, examining normal user behavior during "peace" times. Drawing upon normal behavior models, these systems are able to detect 0-day attacks against websites by producing anomaly risk scores. Fraud experts can now use a hybrid mixture of expert rules, combined with heuristic deduction provided by artificial intelligence
engines. This type of technology now complements traditional legacy fraud detection systems inspecting event logs and Web application firewalls. Due to the exponential growth in cyber crime and cyber warfare, new market sectors have begun adopting these technologies. Apart from the financial sectors, government, e-commerce, telecommunication, social networks and gaming websites now deploy web fraud detection solutions.
Identity theft
Identity theft is a form of stealing another person's identity in which someone pretends to be someone else by assuming that person's identity, typically in order to access resources or obtain credit and other benefits in that person's name...
, account takeover and Card not present transaction
Card not present transaction
A card not present transaction is a credit card purchase made over the telephone or over the Internet where the physical card has not been swiped into a reader. It is a major route for credit card fraud. If a fraudulent transaction is reported, the bank that hosted the merchant account that...
(CNP) fraud. Modern threats utilize Man in the Browser
Man in the Browser
Man-in-the-Browser , a form of Internet threat related to Man-in-the-Middle , is a trojan that infects a web browser and has the ability to modify pages, modify transaction content or insert additional transactions, all in a completely covert fashion invisible to both the user and host application...
trojans (MITB Bankers) such as Zeus (trojan horse)
Zeus (trojan horse)
Zeus is a Trojan horse that steals banking information by keystroke logging and Form Grabbing. Zeus is spread mainly through drive-by downloads and phishing schemes. First identified in July 2007 when it was used to steal information from the United States Department of Transportation, it became...
. This type of crimeware
Crimeware
Crimeware is a class of malware designed specifically to automate cybercrime. The term was coined by Peter Cassidy, Secretary General of the Anti-Phishing Working Group to distinguish it from other kinds of malevolent programs...
piggybacks legitimate user sessions to bypass authentication mechanisms. Once the unsuspecting user has authenticated and logged into his/her bank account, the MITB trojan splits from the main path of activity and transfers money to external accounts. The true user may simultaneously be checking his/her balance, unaware of the crime being committed. Such attacks required the advancement of state-of-the-art technologies. Since all authentication mechanisms have failed protecting against MITB attacks, new approaches had to be thought up. On June 28, 2011, the FFIEC (Federal Financial Institutions Examination Council) issued a supplement to its 2005 guidance. It now requires all U.S financial institutions to deploy web user behavior anomaly detection systems. User behavior anomaly detection is based on heuristic analysis algorithms, examining normal user behavior during "peace" times. Drawing upon normal behavior models, these systems are able to detect 0-day attacks against websites by producing anomaly risk scores. Fraud experts can now use a hybrid mixture of expert rules, combined with heuristic deduction provided by artificial intelligence
Artificial intelligence
Artificial intelligence is the intelligence of machines and the branch of computer science that aims to create it. AI textbooks define the field as "the study and design of intelligent agents" where an intelligent agent is a system that perceives its environment and takes actions that maximize its...
engines. This type of technology now complements traditional legacy fraud detection systems inspecting event logs and Web application firewalls. Due to the exponential growth in cyber crime and cyber warfare, new market sectors have begun adopting these technologies. Apart from the financial sectors, government, e-commerce, telecommunication, social networks and gaming websites now deploy web fraud detection solutions.