Most people would like to believe they have a good reputation, maybe as a parent, business partner or professional. But what about the reputation of the devices they use on a day to day basis?
Imagine the millions of online transactions that occur each day as users buy all manner of goods across the internet. Most of these transactions will pass off without problem as the majority of customers are honest and simply want to make a purchase. Unfortunately, as we know, there are a minority of people out there trying to get away with stealing goods online using fraudulent credit cards. 'Card holder not present' crime, as it is called, is escalating as shop based transactions become more secure due to chip and pin cards.
Many online retailers will trust the credentials entered by the potential shopper after undertaking some basic security checks such as ensuring the credit card is registered at the delivery address. The problem is that criminals can get around such basic checks, as is evident by the massive increase in card frauds.
An interesting way of dealing with this issue has been created by a company called iovation who, incidentally, have recently attracted growth capital of $15m in support of their business plans.
iovation are interested in device reputation, which is literally the reputation of your computer or other hand held device as it is used on the internet.
Instead of checking user credentials, the iovation product checks the attributes of a device to create a fingerprint which uniquely identifies that device on the internet. The details of the attributes that are aggregated to create this fingerprint remain confidential but would typically be things such as hardware serial numbers through to more obscure configuration and third party software settings. In a similar way in which a pathologist can identify a body based on dental records a device can be identified with increasing levels of confidence as more attributes are confirmed.
Of course advanced hackers would obscure many of these attributes with spoofing techniques but many others are hidden away from all but the most sophisticated black hat.
Once a device has been uniquely identified its usage history can be checked to see if it has been used to undertake any real or potentially fraudulent transactions across the internet. If so, the vendor can then block the device on the basis that the attempted transaction is possibly a fraud.
Device reputation management is a relatively new market in the world of IT security. A number of retailers have attempted versions of this but are unlikely to have gone as deep as the specialists at iovation. Is this a perfect solution to online fraud? Of course not, but placed into a retailer's armoury as an adjunct to other good security practices it will offer a better sense of security than many have seen for a long time.
iovation has a way to go to build the new device reputation market but coupled with the company's switched-on CEO, a desire to build a solid business from the start and $15m in growth capital, this could be one to watch.