[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [WEB SECURITY] Ways To Identify Returning Web Visitors

From: "Andy Steingruebl" <steingra@xxxxxxxxx>
Subject: Re: [WEB SECURITY] Ways To Identify Returning Web Visitors
Date: Thu, 10 Jul 2008 21:28:35 -0700

There are a number of companies that specialize in this sort of thing.
 One that comes to mind, without recommending them, is 41st parameter.

http://www.the41st.com/site/index.html

Another one is:

http://www.iovation.com/

Both do what is typically called "MachineID" and they each I believe
have different techniques of doing it.  Scraping your whole DOM,
looking at plugin versions, etc.

Not an endorsement mind you, but there are companies that specialize
in exactly this sort of problem.

On Thu, Jul 10, 2008 at 6:34 PM, James Hatcher <jhatcher4512@xxxxxxxxx> wrote:
> My company has a problem with certain people repeatedly coming back to our
> website and performing fraudulent transactions.
>
>
>
> In an effort to stop these people from performing transactions, we attempt
> to identify returning visitors in a couple of ways:
>
>
>
> Our site sets a long-term persistent cookie in the user's browser that
> contains a unique identifier.  If our fraud investigators see that someone
> with a particular cookie is performing fraudulent transactions, their cookie
> is added to a "black list", and if they come back to the site later with
> that cookie they are not allowed to perform transactions.  Of course, the
> fraudsters were mostly able to quickly figure out that they can get around
> this by deleting their cookies every time they come back to our site.
> We then started setting another unique identifier in a Flash cookie and
> added a black list of fraudulent Flash cookie values.  This works better
> than the regular cookie because not so many people know how to delete Flash
> cookies, but it one could still get around this by deleting or disabling
> Flash cookies.
>
> We would love to be able to identify a user's computer by MAC address, but
> MAC address is only used for point-to-point communication on a network so we
> don't have the ability to see the user's MAC address.
>
> Using a blacklist of client IP addresses is not feasible because some of the
> fraudsters are using ISPs where many people come from the same client IP,
> including legitimate users.
>
>
>
> Beyond the ideas mentioned above, are there any other ways to identify
> repeat visitors to a website that keep coming back using the same
> computer/browser?  I realize that any answer you guys give me will probably
> be another cat and mouse game like the solutions above, but I'd be really
> interested in anything we can do improve our ability to detect these
> returning visitors, even if they are just small improvements.
>
> -Jim
>



-- 
Andy Steingruebl
steingra@xxxxxxxxx

----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/archive/

Subscribe via RSS: 
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

Join WASC on LinkedIn
http://www.linkedin.com/e/gis/83336/4B20E4374DBA

References:
- [WEB SECURITY] Ways To Identify Returning Web Visitors
  - From: James Hatcher

Prev by Date: Re: [WEB SECURITY] Ways To Identify Returning Web Visitors
Next by Date: [WEB SECURITY] what are the rules for SSNs?
Previous by thread: Re: [WEB SECURITY] Ways To Identify Returning Web Visitors
Next by thread: [WEB SECURITY] what are the rules for SSNs?
Index(es):
- Date
- Thread

Brought to you by http://www.webappsec.org
Search this site