The field of EFP has become increasingly important in today's society. Hundreds of millions of online transactions take place every day. Cyber criminals, such as impostors, purchase goods at virtual stores using stolen credit card information and still merchandise that amounts to humongous dollar value. eCommerce is the purchasing of products and/or services over the Internet through an electronic computing device, such as a desktop computer, a laptop, a tablet, a mobile phone, etc. But it requires conveying content to viewers through a device's screen display and allowing interaction with the content through the device, which is not a completely secure method for a financial transaction. eCommerce lacks effective means to combat impostors.
EFP plays a significant role in providing buyers intuitive means to assist in combating fraud. Automatic learning multi-modal EFP (LMFP) helps challenge impostors by putting smart obstacles in their way. The LMFP system responds to those smart obstacles from legitimate buyers and impostors, and tells merchants which electronic transactions are risky. By doing so, the LMFP system promotes trust in eCommerce which may lead to commerce growth. Buyers' confidence in merchants will grow knowing merchants are doing everything commercially possible to protect their purchases. Merchants will attract more buyers and grow their revenue because they will become trusted entities in the process. Credit card clearing and processing companies will prefer trusted merchants that use the LMFP system to minimize their fraud exposure.
State-of-the-art online fraud prevention utilizes various methods to identify impostors (either persons or machines) and botnets by detecting suspicious behavior, end devices, and/or channels through which transactions are made. One such innovative approach to detect fraudulent use of credit card information by impostors is by deep inspection of the transaction originating device and comparing it to a signature of the device. The learning multi-modal fraud prevention (LMFP) system goes beyond the state-of-the-art solutions by challenging buyers with sophisticated challenge sequences of objects, characters, numbers, words, phrases, sentences and any combination thereof, that require the buyer to respond by one or more of buyer's authentication data. Over time, the LMFP system learns to detect impostors by finding mismatches between legitimate and non-legitimate behavior. The state-of-art is based on an assumption that legitimate purchases are made through legitimate machines. The LMFP system also stores a signature for each user that is updated on a recurring basis (e.g. every time the user contacts or interacts with the LMFP system; every time an external application contacts or interacts with the LMFP system; on a predefined time schedule; when time laps since the last interaction between the user and the LMFP system is longer than anticipated; and/or, whenever an event occurs—such as when a charger is connected, a Bluetooth device is detected and/or connected, a wireless network such as wi-fi or cellular or wireline network is detected and/or connected, every time a phone call ends, a web browser session is started, and/or an application is launched, etc.), thus further hindering identity theft of the user.
One problem with the state-of-the-art solutions is their inability to assess correctly if a person is impersonating another person. By contrast, a LMFP system presents unparalleled opportunity to assess buyer authenticity correctly.
Identity verification has advanced in recent years, but little progress was made in developing countermeasures to protect it from the threat of spoofing, phishing, man-in-the-middle and replay attacks, otherwise referred to as imposture attacks. Automated, unattended identity verification systems (e.g. eCommerce fraud prevention systems) are particularly vulnerable to spoofing, falsification or impersonation of a biometric trait attacks. Examples of spoofing include impersonation, replay attacks, voice conversion and speech synthesis. The LMFP system counters the vulnerabilities of identity verification systems through a moving target defense mechanism. The LMFP system challenges users with a one-time-challenge sequence that does not repeat itself ever again for any specific user and analyses a user's response against this one-time-challenge. A so-called replay attack, where a genuine user recording is replayed to a verification sensor, such as a microphone, is blocked by the LMFP system after the validity of the original recording has expired. Therefore, it is impossible to overcome the LMFP system moving target defense after the expiration time through the replaying of a user identification signal. Even if a counterfeit sensor tricks a user into disclosing their data signature (i.e. phishing), that data signature is irrelevant for future use by impostors.
The LMFP moving target defense system ensures that identity is valid for a short configurable period of time. A few seconds (parameter) after a challenge sequence had been generated and presented to the user, it becomes obsolete. A person's data signature is constantly changing every time that the person interacts with the LMFP system, and/or an external application interacts with the LMFP system and/or with that person, such as at the beginning and/or end of every phone call that the person makes or receives and/or the person's location changes. A person gets scores that strengthen the trust factor of its identity every time there is strong correlation between data signature and the collected data, such as arriving at a known work office or home location, calling a home or office of family and friends members, etc. A person's identity trust factor deteriorates when there is not enough fresh supportive data of that person's identity for a certain time period (e.g. didn't arrive to the office as usual, didn't respond to a challenge sequence during the past hour, etc.). External applications may conduct risk assessment and decide if the LMFP trust factor is sufficient to fulfill an action and if not, they may trigger a challenge sequence to revamp the trust factor of that person to allow fulfillment, (e,g, approve an eCommerce transaction). Different levels of the LMFP trust factor may be associated with different identity persona (e.g. social networking persona, financial transactions monitoring persona, funds transfer persona, etc.). Applications may provide the LMFP system with policy and rules defining required trust levels for each persona. The LMFP system is different from the state-of-the-art identity verification methods by being dynamic and active and quasi-continuous. Instead of passively trying to assess identity authenticity during a transaction, the LMFP system is continuously trying to assess identity authenticity. This approach may yield less friction with users during transactions (e.g. a person with a high enough trust factor may use one-click checkout without typing in any identifying or credit card information). This approach may yield lower shopping cart abandonment rates and thus, foster business growth and better commerce. The proactive and dynamic and continuous identity authentication of the LMFP system prevents impersonation and combats identity related cybercrimes and promotes a more secure and clean Internet than the prior art.