The present invention, in some embodiments thereof, relates to network fraud detection and, more specifically, but not exclusively, to systems and methods for detecting fraudulent use of a serial code in a network.
Credentials are provided to access an associated value stored on a network. For example, balances remaining on issued gift cards may be checked by users accessing a web site over a network. The user enters the gift card number and is presented with the remaining balance. Malicious entities try to locate gift card numbers that have remaining balances on them in order to obtain and use the balance for their own use. A particular problem arises when bots perform an automated attack over the network, in which a large number of gift card numbers (e.g., on the order of millions) are entered with the goal of identifying which are valid and have remaining balances. Current fraud-fighting paradigms try to utilize standard methods to stop such attacks, by blocking specific IP addresses (or ranges) that have previously been associated with such attacks, and/or limit the number of retries a specific user (e.g., bot) is able to make. However, such methods may be easily overcome by malicious entities, for example, by masking the fraud traces using browser-cookie deletion, and IP address changes.
This kind of fraud not only harms the user who owns the gift card (i.e., balance) that is stolen, but also puts heavy costs on the retailers for their balance-check as each such an inquiry has a cost (e.g., charged by the gift card processor handling the inquiry).