[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[WEB SECURITY] Ways To Identify Returning Web Visitors

From: "James Hatcher" <jhatcher4512@xxxxxxxxx>
Subject: [WEB SECURITY] Ways To Identify Returning Web Visitors
Date: Thu, 10 Jul 2008 20:34:11 -0500

------=_Part_11513_29366918.1215740051539
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

My company has a problem with certain people repeatedly coming back to our
website and performing fraudulent transactions.



In an effort to stop these people from performing transactions, we attempt
to identify returning visitors in a couple of ways:



   1. Our site sets a long-term persistent cookie in the user's browser that
   contains a unique identifier.  If our fraud investigators see that
   someone with a particular cookie is performing fraudulent transactions,
   their cookie is added to a "black list", and if they come back to the site
   later with that cookie they are not allowed to perform transactions.  Of
   course, the fraudsters were mostly able to quickly figure out that they can
   get around this by deleting their cookies every time they come back to our
   site.
   2. We then started setting another unique identifier in a Flash cookie
   and added a black list of fraudulent Flash cookie values.  This works
   better than the regular cookie because not so many people know how to delete
   Flash cookies, but it one could still get around this by deleting or
   disabling Flash cookies.


We would love to be able to identify a user's computer by MAC address, but
MAC address is only used for point-to-point communication on a network so we
don't have the ability to see the user's MAC address.

Using a blacklist of client IP addresses is not feasible because some of the
fraudsters are using ISPs where many people come from the same client IP,
including legitimate users.



Beyond the ideas mentioned above, are there any other ways to identify
repeat visitors to a website that keep coming back using the same
computer/browser?  I realize that any answer you guys give me will probably
be another cat and mouse game like the solutions above, but I'd be really
interested in anything we can do improve our ability to detect these
returning visitors, even if they are just small improvements.


-Jim

------=_Part_11513_29366918.1215740051539
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

<meta http-equiv="Content-Type" content="text/html; charset=utf-8"><meta name="ProgId" content="Word.Document"><meta name="Generator" content="Microsoft Word 11"><meta name="Originator" content="Microsoft Word 11"><link rel="File-List" href="file:///C:%5CUsers%5CBrian%5CAppData%5CLocal%5CTemp%5Cmsohtml1%5C01%5Cclip_filelist.xml"><style>
&lt;!--
 /* Style Definitions */
 p.MsoNormal, li.MsoNormal, div.MsoNormal
	{mso-style-parent:&quot;&quot;;
	margin:0in;
	margin-bottom:.0001pt;
	mso-pagination:widow-orphan;
	font-size:12.0pt;
	font-family:&quot;Times New Roman&quot;;
	mso-fareast-font-family:&quot;Times New Roman&quot;;}
span.EmailStyle15
	{mso-style-type:personal;
	mso-style-noshow:yes;
	mso-ansi-font-size:10.0pt;
	mso-bidi-font-size:10.0pt;
	font-family:Arial;
	mso-ascii-font-family:Arial;
	mso-hansi-font-family:Arial;
	mso-bidi-font-family:Arial;
	color:windowtext;}
@page Section1
	{size:8.5in 11.0in;
	margin:1.0in 1.25in 1.0in 1.25in;
	mso-header-margin:.5in;
	mso-footer-margin:.5in;
	mso-paper-source:0;}
div.Section1
	{page:Section1;}
 /* List Definitions */
 @list l0
	{mso-list-id:133564921;
	mso-list-type:hybrid;
	mso-list-template-ids:-116359534 67698703 67698713 67698715 67698703 67698713 67698715 67698703 67698713 67698715;}
@list l0:level1
	{mso-level-tab-stop:.5in;
	mso-level-number-position:left;
	text-indent:-.25in;}
ol
	{margin-bottom:0in;}
ul
	{margin-bottom:0in;}
--&gt;
</style>

<p class="MsoNormal"><span style="font-size: 10pt; font-family: Arial;">My company
has a problem with certain people repeatedly coming back to our website and
performing fraudulent transactions.</span></p>

<p class="MsoNormal"><span style="font-size: 10pt; font-family: Arial;">&nbsp;</span></p>

<p class="MsoNormal"><span style="font-size: 10pt; font-family: Arial;">In an
effort to stop these people from performing transactions, we attempt to
identify returning visitors in a couple of ways:</span></p>

<p class="MsoNormal"><span style="font-size: 10pt; font-family: Arial;">&nbsp;</span></p>

<ol style="margin-top: 0in;" start="1" type="1"><li class="MsoNormal" style=""><span style="font-size: 10pt; font-family: Arial;">Our site sets a long-term
     persistent cookie in the user's browser that contains a unique identifier.
     <span style="">&nbsp;</span>If our fraud investigators see that
     someone with a particular cookie is performing fraudulent transactions,
     their cookie is added to a "black list", and if they come back to the site
     later with that cookie they are not allowed to perform transactions. <span style="">&nbsp;</span>Of course, the fraudsters were mostly
     able to quickly figure out that they can get around this by deleting their
     cookies every time they come back to our site.</span></li><li class="MsoNormal" style=""><span style="font-size: 10pt; font-family: Arial;">We then started setting another
     unique identifier in a Flash cookie and added a black list of fraudulent
     Flash cookie values. <span style="">&nbsp;</span>This works
     better than the regular cookie because not so many people know how to
     delete Flash cookies, but it one could still get around this by deleting
     or disabling Flash cookies.</span></li></ol><span style="font-size: 10pt; font-family: Arial;"><br>We would love to be able to
     identify a user's computer by MAC address, but MAC address is only used
     for point-to-point communication on a network so we don't have the ability
     to see the user's MAC address.</span><span style="font-size: 10pt; font-family: Arial;"><br><br>Using a blacklist of client IP
     addresses is not feasible because some of the fraudsters are using ISPs
     where many people come from the same client IP, including legitimate
     users.</span>

<p class="MsoNormal"><span style="font-size: 10pt; font-family: Arial;">&nbsp;</span></p>

<p class="MsoNormal"><span style="font-size: 10pt; font-family: Arial;">Beyond the
ideas mentioned above, are there any other ways to identify repeat visitors to
a website that keep coming back using the same computer/browser?<span style="">&nbsp; </span>I realize that any answer you guys give me
will probably be another cat and mouse game like the solutions above, but I'd
be really interested in anything we can do improve our ability to detect these
returning visitors, even if they are just small improvements.</span></p><p class="MsoNormal"><br></p><p class="MsoNormal">-Jim<br><span style="font-size: 10pt; font-family: Arial;"></span></p>


------=_Part_11513_29366918.1215740051539--

Follow-Ups:
- Re: [WEB SECURITY] Ways To Identify Returning Web Visitors
  - From: Nathanael Hoyle
- Re: [WEB SECURITY] Ways To Identify Returning Web Visitors
  - From: Andy Steingruebl

Prev by Date: Re: [WEB SECURITY] Major DNS Vulnerabilities
Next by Date: Re: [WEB SECURITY] Ways To Identify Returning Web Visitors
Previous by thread: [WEB SECURITY] Major DNS Vulnerabilities
Next by thread: Re: [WEB SECURITY] Ways To Identify Returning Web Visitors
Index(es):
- Date
- Thread

Brought to you by http://www.webappsec.org
Search this site