Difference between revisions of "Fraud Detection"
From MgmtWiki
(→Context) |
(→Solutions) |
||
| (5 intermediate revisions by the same user not shown) | |||
| Line 3: | Line 3: | ||
==Context== | ==Context== | ||
| − | *Today any company that handles money on the internet has some level of [[Fraud Detection]], most of the smaller companies relying on [[Trusted Third Parties]]. | + | *Today any company that handles money on the internet has some level of [[Fraud Detection]], most of the smaller companies relying on [[Trusted Third Party|Trusted Third Parties]]. |
*The original use of [[Fraud Detection]] was in financial payments. https://corpgov.law.harvard.edu/2016/02/07/fincen-know-your-customer-requirements/ | *The original use of [[Fraud Detection]] was in financial payments. https://corpgov.law.harvard.edu/2016/02/07/fincen-know-your-customer-requirements/ | ||
| + | |||
==Problems== | ==Problems== | ||
* When publicly accessible data is used in fraud detection, it is only a matter of time before the fraudsters collect that data and use it to impersonate [[Subject]]s. See the wiki page on [[Digital Fingerprint]]s. | * When publicly accessible data is used in fraud detection, it is only a matter of time before the fraudsters collect that data and use it to impersonate [[Subject]]s. See the wiki page on [[Digital Fingerprint]]s. | ||
==Solutions== | ==Solutions== | ||
| − | * Collect [[ | + | * Collect [[Attribute]] information about [[Subject]]s that is not known to attackers. |
| + | * Use a [[Credential]] that is protected from disclosure on a user's device to provide evidence of the [[Presence]] of the user at their device. | ||
==References== | ==References== | ||
| − | Synonyms include: [[Attested]] [[Corroborated]]. | + | * See the wiki page on [[Digital Fingerprint]]s for some [[Fraud Detection]] techniques and the attackers' work-around to those techniques. |
| + | *Synonyms include: [[Attested]] [[Corroborated]]. | ||
[[Category:Glossary]] | [[Category:Glossary]] | ||
[[Category:Assurance]] | [[Category:Assurance]] | ||
Latest revision as of 22:09, 3 January 2020
Full Title or Meme
An existing process in ecommerce where the Relying Party collects the claims about the user and the context of the request (which will likely include user behavior and value of the transaction) into a Trust Vector for processing by a Fraud Detection Service. The result will be used to make the Authorization decision, or it might initiate a continued collection of user claims for a retry.
Context
- Today any company that handles money on the internet has some level of Fraud Detection, most of the smaller companies relying on Trusted Third Parties.
- The original use of Fraud Detection was in financial payments. https://corpgov.law.harvard.edu/2016/02/07/fincen-know-your-customer-requirements/
Problems
- When publicly accessible data is used in fraud detection, it is only a matter of time before the fraudsters collect that data and use it to impersonate Subjects. See the wiki page on Digital Fingerprints.
Solutions
- Collect Attribute information about Subjects that is not known to attackers.
- Use a Credential that is protected from disclosure on a user's device to provide evidence of the Presence of the user at their device.
References
- See the wiki page on Digital Fingerprints for some Fraud Detection techniques and the attackers' work-around to those techniques.
- Synonyms include: Attested Corroborated.
