PayPal techies hit fraudsters where it hurts
Here comes the Fraud Sciences bit, concentrate...
Published: 30 June 2009 11:31 GMT by Nick Heath
Show related articlesLevels of fraud have fallen at online payment provider PayPal thanks to cybercrime detection and prevention technologies.
Fraudulent transactions accounted for 0.28 per cent of the value of all payments using PayPal in 2008, down from 0.3 per cent in 2007, according to Garreth Griffith, head of risk management for PayPal UK.
Helping to flag up potential fraudsters is analytics technology from Fraud Sciences, which PayPal incorporated into its security systems after buying the Israeli company last year.
Every time a user logs into an account or carries out a transaction using PayPal, the system checks their 'digital fingerprint', based on their IP address and a range of other identifiers.
The system looks for traces of that fingerprint in online traffic elsewhere on the internet, which should be present for normal PayPal users, and if it fails to find it, flags up that user for further investigation.
Read this
A-Z of security
- A is for Antivirus
- B is for Botnets
- C is for CMA
- D is for DDoS
- E is for Extradition
- F is for Federated identity
- G is for Google
- H is for Hackers
- I is for IM
- J is for Jaschan(Sven)
- K is for Kids
- L is for Love Bug
- M is for Mircosoft
- N is for Neologisms
- O is for Orange
- P is for Passwords
- Q is for Questions
- R is for Rootkits
- S is for Spyware
- T is for Two-factor authentication
- U is for USB sticks/devices
- V is for Virus variants
- W is for wi-fi
- X is for OS X
- Y is for You
- Z is for Zero-day
"We run checks every time a user logs into PayPal and every time a transaction happens, and we have 1,400-a-second globally," Griffith said.
"We are continually running models and rules behind the scene to make sure that transactions do not look suspicious."
PayPal's anti-fraud toolbox also includes the VeriSign Identity Protection system, launched in the UK in January.
When logging into their PayPal account users of the system are asked for a one-time password, in addition to their usual username and password. This additional password is either generated on a security token or sent via text message to a mobile phone.
"Among the people who sign up for the protection, we have seen an improvement in the numbers of people who are falling victim to scams," Griffith said.
"One of the weak links into the business is the consumer and the chain is only as strong as its weakest link."
Griffith said that most of the phishing attacks on its customers originate out of South America, Eastern Europe, Russia, Asia and West Africa.
PayPal has law enforcement management teams that work with police forces across the world, including the UK's Serious Organised Crime Agency (Soca) and the US' FBI, on detecting and preventing cybercrime.
But Griffith said certain countries are still failing to do enough to tackle online fraudsters.
"Support varies from country to country. Europe and the US are pretty good but once you get into Eastern Europe and Asia it is difficult. It is a problem, there is still a lot of work to be done on international co-operation.
"Soca are doing a lot of work to improve international networks but I wish it was moving a lot faster.
"It is a war and we have to constantly fight. The fact that fraud is down shows that it is a war that we are winning but we have to constantly evolve our security if we want to stay one step ahead," he told silicon.com.
Reader Comments (0)