Identifying Cyber Thieves By Their Computers

In the ongoing E-Commerce battle to identify fraudsters as early as possible, one payment security firm is pushing a methodology for fingerprinting a cyber thief's computer and to then be on the lookout for it.

The laptop label that the company, Cybersource, uses is not actually based on the computer's unique identification, as such data can't be easily learned by the clues they drop when surfing. Instead, it's based on the intersection of several routine characteristics, which combined make it fairly likely it's the same machine, said Cory Siddens, a Cybersource senior product manager.

Some of the individual details would include the browser version, the exact operating system ID and the time differential on the system's clock ("clock drift"), Siddens said. Another detail might be browser language.

If a retailer noticed four different orders with different names and addresses, possibly even originating from different IP addresses, but saw they were all coming from a machine that shared some unusual characteristics, it would be a good reason to flag those purchases for additional inquiry, along with the recent orders placed from that machine, Siddens said.