Hello! I'm from CAF, a Brazilian company founded in 2019 that aims to prevent identity fraud with a variety of products, such as digital onboarding, background checking and facial authentication.
Context and threat
In successful attacks to steal legitimate accounts in LATAM, we observed several relevant signals that could be used for detection, however, one of the most relevant signals is the geolocation of the user/device.
One of the most striking examples of recent years in Brazil is the physical theft of the device on streets of large cities like São Paulo or Rio de Janeiro.
You can usually detect these events because:
A cell phone that has been stolen will likely be used in a different location than it was used in previous legitimate transactions;
Sometimes, transactions also take place in areas considered risky by the company (anti-fraud company or company that owns the business);
The same behavior can also be observed in cases of digital ATO, where criminals somehow manage to bypass the security controls implemented by the companies.
Proposal
Our proposal is similar to the On-device Score Calculation proposal #16, where the logic (Worklet) is pre-existing in a browser and the parameters are inserted remotely through a configuration API (called at the moment page/component load, for example).
Combined with this API, there will also be another API capable of querying whether the location behavior pattern of that device (respecting the parameters configured initially), matches the desired one.
For example:
- User visits a page of the money transfer feature (for example, using Brazil's instant transfer mechanism, known as PIX) - at this point a Worklet is configured with parameters from the anti-fraud company's backend - one of these parameters is the data of a polygon considered as a risk area by that company;
- At the time of the transaction, the browser, using logic/real and historical data from that user, concludes whether that device was present (geolocation) in that region initially configured or not in the last 24 hours (for example);
- The result of this On-device calculation must also be sent along with the request to the backend that will use it as a relevant signal for the decision to authorize or not this transfer transaction.
The decision is entirely made On-device and can be configured in advance by the company interested in that signal.
Seeking to protect the integrity of this device signal, it is also important to create some mechanism to prevent unwanted and malicious tampering with the device (anti-tampering).
Relevant signals
- Current location of user/device
- Location history
- Areas considered as high risk by that company
- Time of day
- Day of the week or month
Privacy implications and safeguards
To avoid device position triangulation: add the need to provide a list of areas with minimum size.
This post was made together with @ricardosw
Hello! I'm from CAF, a Brazilian company founded in 2019 that aims to prevent identity fraud with a variety of products, such as digital onboarding, background checking and facial authentication.
Context and threat
In successful attacks to steal legitimate accounts in LATAM, we observed several relevant signals that could be used for detection, however, one of the most relevant signals is the geolocation of the user/device.
One of the most striking examples of recent years in Brazil is the physical theft of the device on streets of large cities like São Paulo or Rio de Janeiro.
You can usually detect these events because:
A cell phone that has been stolen will likely be used in a different location than it was used in previous legitimate transactions;
Sometimes, transactions also take place in areas considered risky by the company (anti-fraud company or company that owns the business);
The same behavior can also be observed in cases of digital ATO, where criminals somehow manage to bypass the security controls implemented by the companies.
Proposal
Our proposal is similar to the On-device Score Calculation proposal #16, where the logic (Worklet) is pre-existing in a browser and the parameters are inserted remotely through a configuration API (called at the moment page/component load, for example).
Combined with this API, there will also be another API capable of querying whether the location behavior pattern of that device (respecting the parameters configured initially), matches the desired one.
For example:
The decision is entirely made On-device and can be configured in advance by the company interested in that signal.
Seeking to protect the integrity of this device signal, it is also important to create some mechanism to prevent unwanted and malicious tampering with the device (anti-tampering).
Relevant signals
Privacy implications and safeguards
To avoid device position triangulation: add the need to provide a list of areas with minimum size.
This post was made together with @ricardosw