The growth in the volume of online transactions conducted by businesses and individuals over the Internet has been staggering. Sensitive private identity information is typically used for authenticating a user for conducting online transactions. The increased use of identity information for Internet transactions has been accompanied by an increased danger of interception and theft of that information. Identity theft occurs when someone uses the password, username, Social Security number, credit card number, or other identifying personal information of another without consent to commit fraud. According to a September 2003 Federal Trade Commission (FTC) survey, 27.3 million Americans have been victims of identity theft in the last five years, including 9.9 million people in the year 2002 alone. Identity theft losses to businesses and financial institutions in 2002 totaled nearly $48 billion and consumer victims reported $5 billion in out-of-pocket expenses, according to the FTC survey.
To enter into a transaction with an E-commerce server, a user typically needs to provide sensitive and confidential data including authentication data, data describing the transaction, and the like. This data is commonly entered by using a keyboard and/or a mouse connected to a device local to the user that is running a web browser that is linked to the Internet (or other computer network). FIG. 1 is a diagram illustrating an exemplary system 10 used for entering user authentication and transaction data. In this example, the authentication information to be entered by a user comprises a user ID and password. In known systems, the user ID and password are composed of a string of characters entered via a keyboard 12 while executing a web browser on a computing device 14. A typical user entry interface 18 provided by the browser to the user on a display 16 is shown.
After entry, a user's sensitive information is typically transmitted to a remote server preferably in an encrypted form over secure connections. For example, the widely-used TCP/IP communication protocol includes security protocols built on the secure socket layer (SSL) protocol to allow secure data transfer using encrypted data streams. SSL offers encryption, source authentication, and data integrity as a means for protecting information exchanged over insecure, public networks. Accordingly, many E-commerce servers and applications use SSL, or similar security protocols, to exchange data between remote servers and local user systems. If the entered authentication information is approved by the server, the user is permitted to send and receive data from the server's website.
The source of messages received at a web server is often determined from the IP address of the device from which the message is sent and/or from a cookie included with data from the user. A cookie generally refers to a packet of information, often sensitive information, sent by a web server to a browser resident on the user's computer system for saving to a file and for transmitting back to the server whenever the user's browser makes additional requests from the server. The IP address is generally included in a message header, and the cookie is usually one that has been previously sent by the server, often at login. The server compares the user login data with the message IP address and the returned cookie to determine the identity of the user sending the message and whether the user is currently logged into the server. The IP address of the user is also confirmed.
Despite these known precautions, a user's sensitive information remains vulnerable because it is in a raw unsecured form between its entry by the user and its encryption prior to remote transmission. Also, sensitive data sent from the server is vulnerable during the period after its decryption and until its display. This unsecured information can be surreptitiously captured in a number of ways. For example, cookie hijackers copy sensitive information from cookies. Further, keyboard loggers and mouse click loggers are hidden software that intercept and copy mouse clicks and depressed keys after user entry but before processing by a browser or other software. Logger software can readily intercept the user's secure information. Keyboard loggers and mouse click loggers might also take the form of hardware connected between the keyboard and mouse cable and the computer or the hardware inside the keyboard and mouse device.
Even graphical user interfaces that represent on-screen keypads and keyboards with selectable graphics for user entry (instead or in addition to providing fields for text entry) are vulnerable to mouse click loggers, screen capture loggers, and other schemes. FIGS. 1, 2, and 3 illustrates prior art examples of such interfaces. Each alphanumeric character in the graphical interface is represented by a unique graphical image, e.g., the pixels forming the number “1”. Screen capture loggers utilize optical character recognition (OCR) technology to decipher characters selected by mouse clicks and the corresponding alphanumeric graphics in order to ascertain the actual alphanumeric text characters of a user's ID and password. Sophisticated screen capture loggers might also utilize checksum and size characteristics of the graphic images in order to ascertain which the data item corresponding to a graphic image selected by a user's mouse click during data entry. In these ways, the screen capture loggers may acquire the personal information even when the graphical user interface has rearranged the order of alphanumeric characters on the keypad or keyboard.
Sensitive information can also be intercepted by espionage software, including snoopware, spyware, non-viral malware, hackers utilities, surveillance utilities, Trojan horses, etc. Espionage software aids in the unauthorized acquisition of information about a person or organization without their knowledge or consent. It typically installs itself on a user's computer without consent and then monitors or controls the use of the device. Every user keystroke, all chat conversations, all websites visited, every user interaction with a browser, every application executed, every document printed, all text and images, might be captured by the espionage software. Espionage software typically is capable of locally saving or transmitting the captured data to third parties over the Internet, most often without the user's knowledge or consent.
Another fraudulent acquirer of sensitive personal information is an “over-the shoulder” spy who surreptitiously reads a user's display to acquire the information.
Known anti-virus and anti-spyware software products attempt to enable a user to protect against such malicious software. However, use of outdated anti-virus and anti-spyware files provides minimal protection, at best, of computer data against outside threats. Consequently, a drawback of these products is that the information used by the anti-virus and anti-spyware program must be constantly updated to reflect newly discovered schemes in order to keep the protection current. In addition to keeping the virus information current, the system must be periodically scanned for potential infections.
Further, certain geographic locations are known to contain an inordinate number of identity thieves. It is therefore advantageous to know where an attempt to access a server originates from. IP addresses are one readily available source of location information. But IP addresses have drawbacks in that, for many users, the IP address is not constant. Known network protocols and facilities can lead to variable IP addresses. For example, proxy servers are used to provide a gateway between a local area network of an organization and the Internet. The local network is protected by firewall software installed on the proxy server. Proxy servers dynamically assign new IP addresses to a user device each time a new message is sent therefrom. As a result, there is no constant IP address assigned to an individual user device for users connected to the Internet via a proxy server.
Another source of IP address variability is the commonly used dynamic host configuration protocol (DHCP protocol) which assigns IP addresses dynamically and automatically to the devices on a TCP/IP network. A DHCP server assigns an IP address to a device from a list of available addresses when the device connects to the network. The device retains this IP address only for the duration of the current session. Some DHCP server systems can dynamically change the user's IP address during the session. The use of a proxy or DHCP server means that the IP address alone may not be enough to identity a particular user device.
Security systems and methods that protect against the above-identified risks should also meet the usability concerns of an average user. A service provider wants to encourage online use in a secure manner. But a cumbersome and prolonged user interface or a less user friendly interface might discourage or even intimidate and frustrate users, or cause user errors, or the like. Also a security system should institute precautions to prevent execution of a fraudulent transaction once it has been found that the user's information and/or system is at risk of being compromised. A security system should also alert the service provider based on a particular device attempting to access the provider's system irrespective of the user.
Also, a security system and method should enable a service provider to strike a proper balance between security and usability of the system. In other words, a system and method is needed to enable a service provider to provide an easy to use and lower security interface when no security risk is identified, and a higher security interface when one is identified. Additionally, desirable security systems and methods should depend as little as possible upon human action to maintain their state of security. For example, it not advantageous to require users to keep and maintain tokens or digital certificates or the like. A token can be lost, damaged, stolen and the like.
But security systems protecting against the described threats and having the described properties are not generally known in the art. What is needed but currently lacking in the art is a security system and method with the following features and aspects:                is a device-based fraud monitoring system;        provides robust fraud monitoring and detection along with robust fraud analysis and risk assessment so that online service providers have real time information needed to determine how and whether to allow a device to access the provider's system;        provides selectable levels of secure user authentication as a function of usability and/or security concerns;        ascertains the security risk that a user's information and/or system have been compromised and if so, provides a more secure login interface to guard against fraudulent activity;        a repository of information for identifying legitimate and fraudulent users based on more reliable and robust fingerprinting of the user device that can be integrated with other repositories of security tracking information;        is a purely software based solution to identity theft that does not require hardware devices to be issued and maintained;        is convenient for online users.        