Home Coffee shop The intelligence of the device comes down to a cup of coffee

The intelligence of the device comes down to a cup of coffee


For many of us, the day starts with a cup of coffee, but what actually ends up in our cup each morning varies. Maybe you prefer your latte with almond milk and vanilla syrup. Or maybe you prefer an iced coffee instead of a steaming cup of coffee. Individual preferences matter when it comes to your morning pick-me-up – it’s what makes every cup of coffee unique. And that uniqueness also follows you when you enjoy coffee outside your home, which is why many of us end up with the “usual” in our local store.

The same goes for device intelligence – or how we assess users based on elements of their online experience and ultimately work to prevent fraud. In fact, the concept of a take-out coffee order can help us identify flaws in popular security tactics and opportunities to leverage more sophisticated solutions that improve the user experience.

Safety ingredients (and their limits)

Many organizations are tied to incomplete security tools that, while able to monitor certain user attributes, fail to do so completely or very well over time. This leaves room for bad actors to take advantage of information gaps, and also results in an awkward user experience for good users forced to constantly verify their identities and share more personal information with brands.

It’s no surprise that many companies are turning to device IDs, device fingerprints, and device user agents as their primary means of validating users. But let’s break down these three common identifiers a bit more and explore the underlying hurdles of each:

  1. Device ID: This first string of data is unique for absolutely every device and is generated on the basis of cookies stored on your browser. Device IDs are great identifiers, but for privacy reasons these IDs expire every month, making them unreliable in the long run. Think of device IDs as your cup of coffee. When you go to your favorite place, assume that you always bring a one-of-a-kind mug made by a family member. For a while, this mug makes you incredibly identifiable. But maybe your new cat likes to knock your cup over and break it, and you end up buying a replacement. Having multiple coffee mugs isn’t uncommon (some of us collect them), just as many users rely on multiple devices to go about their online business. However, this makes your coffee cup of choice from week to week an incomplete identifier.
  2. Device Fingerprints: The second string of data incorporates your device settings and attributes, including device type, browser used, browser version, and language settings. This set of information remains stable over time, but is never 100% globally unique. In reality, there is a 40% chance of finding another device with the same fingerprint as yours. Overlapping device fingerprints will only become more common as developers continue to standardize technologies and produce devices with fewer easily recognizable flaws. Think of device fingerprinting as your Java command. Throughout the day there are probably other customers ordering vanilla lattes with almond milk as well. Although your fingerprint may seem unique at the time, an overview reveals relatively high similarities with other users (or coffee connoisseurs) – your order may not be as special as you think.
  3. Device User Agents: The third string of data offers basic details about your device. Again, while these underlying attributes are helpful, this little cachet of your phone/computer/tablet is easy for fraudsters to understand and replicate. Think of Device User Agents as the name written on your cup of coffee. Of course, your name is a useful identifier, but someone else in the store may share your name. Also, over time, it would be easy for others to learn and checkout your name.

Identifiers, fingerprints and user agents offer unique and useful information about our devices, and in many scenarios these details can prevent fraudulent interactions. That said, organizations still expect $4.1 billion in app fraud losses by 2023, so it’s clear that current tactics alone aren’t enough to keep all bad actors from slipping through the cracks. Don’t worry, we’ll discuss the solutions shortly – but first, an important question.

Want whipped cream on it?

For a long time, companies have prioritized learning as much as possible about customers. This effort has revolutionized the level of personalization now expected when we shop and continues to improve the user experience across all digital channels. But we can still learn a lot more about end users when we pay close attention not only to their devices and purposes, but also to their behaviors while online, especially when it comes to improve security practices.

Let’s go back to our coffee illustration. While we were focusing on the details of your drink order, we actually missed a series of extremely useful behavioral queues. Imagine that you usually stop by your local store on Friday mornings because you like to end the work week on a high note. It’s not uncommon for you to walk your dog to the store since it’s in your neighborhood (yes, you have a cat and a dog). And you always answer yes when asked if you want whipped cream on your drink (it’s Friday after all).

Altogether, that’s a lot of identifying details that go far beyond your coffee order and instead focus on your unique behaviors. As mentioned earlier, other customers can also order vanilla lattes or share your name. However, the time of day you tend to drop by, how often you shop, and the type of mug you typically bring present a distinct picture with significantly less overlap. This clear sense of “you” allows your barista to react appropriately when you arrive and may even trigger certain events, such as an employee grabbing your preferred cup size or a special treat for your pup. Equipped with more behavioral knowledge about you, the barista can also make adjustments when scenarios feel bad too.

While it’s unlikely that someone will try to impersonate you at your local coffee shop, if it does happen, you’d want employees to spot this deception and intervene.

These details also exist in our digital world. As mentioned above, the device intelligence strategies we turn to most often can no longer solve our security challenges alone. Fortunately, it is possible to combine details already known through your device ID, fingerprint and user agent with what we can now learn about users through their passive biometric habits, such as the way they type. , run and hold devices.

Behavioral technologies help you avoid getting burned

Just like a bad cup of coffee, insufficient security measures and difficult user experiences leave a sour taste in customers’ mouths. It is important to avoid mistakes right from the jump.

Behavioral characteristics do this by creating a device-based profile that is much harder for bad actors to replicate, making these details an excellent source for both identifying fraud and validating good users. Behavioral technologies work well in today’s world because rather than looking for generically “suspicious” actions to identify bad actors, your organization can turn to legacy user information and report instances that feel bad. based on the behaviors of your known good actors.

How behavioral biometrics can stop social engineering and malware scams in their tracks

This includes going beyond the detection of spoofing occurrences and double device failures, as well as the ability to reliably link multiple devices to the same authorized user. Layering behavioral technologies into your overall device intelligence strategy is a direct response to the advanced social engineering tactics that malicious actors now rely on, and avoids overreliance on data points such as device IDs, fingerprints and user agents.

The best security solutions actually provide a risk score triggered by device intelligence insights as well as behavioral insights, allowing your business to automate responses based on your organization’s particular risk tolerance. Customizing fraud response strategies based on your industry and customers goes a long way to protecting the user experience. For example, traders may choose to react only to very high risk behaviors since their clients are more susceptible to false dips, while banks fall on the opposite and will likely respond to relatively medium risk behaviors to prevent would not be only one case of financial fraud. . Over time, you can modify policies and introduce new triggers/rules to improve security practices.

So the next time you visit your local coffee shop, pay attention to what sets you apart from the crowd. You might be surprised by all the things you notice – and how those details change the way you think about device intelligence.

The post office The intelligence of the device comes down to a cup of coffee appeared first on NuData Security.

*** This is a syndicated blog from the Security Bloggers Network of NuData Security authored by NuData. Read the original post at: https://nudatasecurity.com/resources/blog/device-intelligence-behavioral-tech-improves-security-efforts/