Fraud Detection

From MgmtWiki
Jump to: navigation, search

Full Title or Meme

An existing process in ecommerce where the Relying Party collects the claims about the user and the context of the request (which will likely include user behavior and value of the transaction) into a Trust Vector for processing by a Fraud Detection Service. The result will be used to make the Authorization decision, or it might initiate a continued collection of user claims for a retry.

Context

Problems

  • When publicly accessible data is used in fraud detection, it is only a matter of time before the fraudsters collect that data and use it to impersonate Subjects. See the wiki page on Digital Fingerprints.

Solutions

  • Collect Attribute information about Subjects that is not known to attackers.
  • Use a Credential that is protected from disclosure on a user's device to provide evidence of the presence of the user at their device.

References