This disclosure relates generally to fraud detection, and in particular a real-time, multi-factor authentication solution that uses industry-leading fraud analytics to provide maximum online fraud detection with minimal customer impact.
Online fraud is one of the biggest challenges of the Internet age. As more and more people conduct commerce online, the need to detect fraud and protect consumers from fraud is paramount. As an example, leading advisory research and consulting experts estimate that on-line transactions in retail banking alone have increased from 2.4 billion in 2001, to 11.4 billion in 2006, and are expected to reach 24.4 billion by 2010.
As one example of online fraud, a fraudster can manipulate (or emulate) the JavaScript code embedded in session pages, and thereby falsify the apparent IP address and local time of the correspondent client computer. In another example of online fraud, a fraudster arranges for beacon message-generating, embedded code to run on a proxy machine that spoofs the IP address of another machine running the main content of the session. In other words, there are two client computers: one responding to beacon servers and another communicating to the client's webserver, thus allowing a change in the transit path to the machine communicating to the webserver mid-session, thereby completing a man-in-the-middle attack.
These and other types of online fraud present a need for a robust fraud detection and prevention system.