E-HAWK Blog

Fight registration fraud and high risk transactions.

Happy to announce that version 2.25 is released. This major release adds: risk reasons to the vet response and portal results, ability to ‘hold’ activity incidents, community fingerprint scoring, and more. Read below to learn about the new features and how to use them to optimize performance.

Version 2.25 – New Features

Risk Details Returned Within the JSON Response
Subscription customers can now get risk hit information as part of the JSON response. The new details area lists all major issues such as anonymous proxy, bots, spam blacklists, disposable emails, parked domains, geo issues, activity hits, fingerprint risks, and community reasons like fraud and phishing… empowering your organization to quickly identify specific risks and take immediate action.

As an example, if the IP score is -180, you can now see that it is linked to a bot, proxy, and on a spam blacklist:

"details": {
 "ip": {
 "score_details": [
 "Proxy",
 "Bot",
 "Spam Blacklist"
]

Risk Details and Advanced Search in Portal
The Vet tab in the portal now supports searching for any input value such as IP, email, domain, phone, fingerprint, etc.

After a search, clicking on any row will show an information block listing all the areas, values, scores, and risk reasons. In the example below, the email is disposable, the phone fake, the IP is very high risk, and the geo-location data-points do not match up (IP from Asia and location from NY).

vet_details

Clicking on a key value in this block, such as IP, will re-run the search for all vets using that IP, giving you instant insight to others who are accessing your system from the same IP. If you drop the last digits from the IP you can search for all vets with a specific IP block too.

This powerful search can be used to quickly find users with similar IPs, fingerprints, domains, email domains, and other input data.

If you would like to call the portal results page from your web app, just setup a link to: https://portal.e-hawk.net/vet/search?search_keyword=XXXX

Read the new Portal Help Guide.

Adding to Community and Feedback

Within the portal, it is now easy to provide user data to the community database. Just click on the Vet tab, enter search data such as an IP, email, domain, or fingerprint. Then click on a row of the result set to view details.

To the right of the vet information, select a reason under Add to Community and the data will immediately impact your following vets.

add_feedback

Fingerprint Community Scoring
Fingerprints that are part of the community database will now be scored for vets with matching device fingerprints under the Community scoring area. This is in addition to the standard fingerprint scoring. If you have a known fingerprint of a phisher, add it to the community using Feed-API calls and tag all future vets.

IP Geo Details Within JSON Response
As part of the new details area of the JSON, we now return city, country, and time zone of the IP, making it easy for you to modify workflow based on location and country risks.

"city": "Delhi",
"country": "India",
"timezone": "Asia",

Activity Incidents – New ‘Hold’ Status

The Activity Report lists all incidents tagged by our activity monitor during the last ten days. To the right of each incident are buttons: Correct to verify the incident as a bad actor, False to mark as incorrect (remove from scoring), and Hold to not score until marked correct or false. This report should be checked often because many times the first items in the incident are marked as low risk (no bad pattern yet), and the later ones are marked as high risk. If the incident is Correct, then make sure to take action on all items in the incident. Read the new Portal Help Guide.

Updated Materials and Guides
API Support Guide
FEED-API Support Guide
Portal Help Guide

November 13th, 2014

Posted In: General News, Releases and Updates

Leave a Comment

We have added over 1 million proxy servers to our internal database as well as incorporated some 3rd party proxy detection listings for both anonymous and transparent proxy detection. In addition, private IPs as well as IPs with no geo information will be marked as having some risk.

Our live feeds keep our information fresh and this should improve our proxy detection and fraud analysis.

November 8th, 2014

Posted In: General News, Vetting-API

Tags:

Leave a Comment

We like fingerprinting technology. The data can help, when used as an additional parameter, to identify risk.

It’s by no means perfect…. The Gartner Group has many studies highlighting the issues with false tagging, being able to properly tag mobile devices, and the problem with devices changing hands often. We have seen devices go from good to bad, bad to good, in a fairly short period of time. But overall, we also have seen some strong benefits of incorporating device fingerprinting into our testing model.

This example of a single fingerprint includes over 200 high risk sign-up requests across multiple accounts, using 196 domains, and coming from 190 IPs over three weeks. All the IPs in the United States were unknown proxies or drones. By combining our fingerprinting and activity testing engine, we were able to link them together and then back to an IP in UK, and finally back to an IP in India.

unnamed

October 16th, 2014

Posted In: Vetting-API

Tags:

Leave a Comment

Today we released v2.24 of the vetting service. We have now processed over 12 million vets, and with our new customers on board we expect to exceed 80 million in the next twelve months. Our community database has grown to over a million records with history on both bad actors as well as good actors.

Improved Proxy Detection

We have added over 1 million proxy servers to our internal database as well as incorporated some 3rd party proxy detection listings for both anonymous and transparent proxy detection. In addition, private IPs as well as IPs with no geo information will be marked as having some risk.

Fingerprint Scoring
Using our Talon JavaScript in your signup forms automatically assigns each device (desktop or mobile) a fingerprint. Every vet score for that fingerprint is logged, creating a device ID score. If the device is associated with risk, you will see a fingerprint score in the JSON. Our fingerprinting has been very successful at stopping bad actors using proxy, bots, and fake sign-ups from multiple IPs, emails, and domains. See example below.

Fingerprint search in portal *
On the Vet page in the portal, you can now search for a fingerprint and see all the vets associated with that device.

Additional Information in Portal Reporting *
We have expanded the risk issue descriptions for the area tabs in the portal. For example, under domain, you can now see the count of domains less than 5 days old, parked domains by hosting company, etc.

New “details” section in the JSON response *
We have added an optional details section to the response JSON. Currently this new section returns the city, country and timezone of the IP as well as the device fingerprint. Later we will add additional scoring details such as “Domain Does Not Exist”, “Proxy”, “Spam History”, etc. so you can better understand the risks and issues of each scoring area within the JSON response for each vet in real-time.

Updated Activity Portal Page *
Redesigned the activity reporting page that lists incidents tagged with multiple sign-ups. Added buttons for correct and false feedback as well as pagination for account with large number of incidents.

* must subscribe to annual full service plan

October 16th, 2014

Posted In: Releases and Updates

Leave a Comment

Domain and email domain are playing a larger role in our vetting service risk testing.

The number of distinct domains from sign-ups is growing every month, starting at 75% in January and growing to 88% in August. We expect this to keep inching higher with all the new TLDs and how easy it is to automate new domains, apply a template for professional look, and creating emails for sign-ups on these new domains.

Testing on domain is challenging in a real-time vetting service, but we are seeing domain play an increasingly important role in identify risk. Our engine looks at data and factors such as Whois information, registrars, reputation, status (such as parked, for sale), age, hosting IPs, content of the actual web site, etc. The majority of domain issues are tagged by our DNS blacklists, but domain status and age issues are also contributing to higher risks.

domain-risks

 

In addition, new sub-domains are growing rapidly from “create your own blog” and “create your own website” leveraging built-in templates. For example, below is a weebly.com site using a pre-built template. On the home page everything looks good and professional. But drilling down on subpages, shows missing images, and a privacy policy that has “Lorem Ipsum” filler text.

Screen Shot 2014-09-01 at 1.54.10 PM

 

Bottom line: when on-boarding new clients, research the domain, the web site, the owner, the hosting company, the content and any data points you can find. A thorough review can show risks that might impact your business.

September 1st, 2014

Posted In: Vetting-API

Tags:

Leave a Comment

We have always believed that leveraging community information on known spam offenders, bots, phishers, and cyber criminals gives our customers the best chance for rapid identification and stopping bad actors from being able to inflict damage on multiple organizations.  We built our service with enhanced data sharing with the goal of providing significant improvement of detection for all involved. And in a strong and successful community, it is important to give some and hopefully get more in return.

The data so far is very exciting and illustrates the power of shared intel on bad actors.

Screen Shot 2014-05-15 at 8.55.26 AM

 

The results so far:

  • 38% of hits come from data that was submitted by the same company, i.e. company A submits information on a bad IP and later that IP tried to sign-up again with company A.
  • 61% of hits come from other companies, i.e. Company A submits information on a bad IP and later that IP tried to sign-up again with company B, C, or D. This means that for every 1 data item a company adds to the pooled data, they get 2x in return from the others in the community.
  • 85% of hits are incremental, meaning that 85% of the registrations tagged as very high risk are from community data only. The IP is clean, not listed on any blacklists, the email has no other bad history, etc.

Overall these results are very promising and show the power of community. By sharing intel anonymously and securely, we are making it harder for bad actors to inflict damage on multiple organizations.

May 15th, 2014

Posted In: Community, Feed-API, General News

Tags:

Leave a Comment

Online identity fraud impacts revenue and customer growth, and can seriously damage reputation, brand image, and halt expansion into new markets. Download the free White Paper and see what you can do to help combat fraudulent transactions, registrations, and account hijacking.

April 16th, 2014

Posted In: General News

Leave a Comment

All Subscription customers now have access to the Web Fraud Dashboard and Portal for E-HAWK Services.

The reporting portal provides stats on vet scores, risk types, and trends. With interactive charts and data analysis, it is easy to identify and track high risk areas and bad actor data. In addition, the portal provides feedback loops and the ability to add incidents to the community database.

The Dashboard

The dashboard provides stats on risk types, data processed, average scores, and how data items are trending.

dashboard

Risk reporting shows the percent of Very High Risk vets and the vets by risk type by day for the last 30 days.

risk_reporting

Trend reporting displays the high risk hits by area over time, making it easy to see spikes of threats and risk hits.

trends_score_avg

 

The vet data area provides quick links for adding feedback and user data to the community database.

feedback

 

March 28th, 2014

Posted In: Releases and Updates, Vetting-API

Tags: , ,

Leave a Comment

Happy Superbowl!

Today we released version 2.13 of the E-HAWK Vetting Platform.

Along with new tests and enhanced analytics, we have added an additional parameter: timeout=no. Adding this to your vets will run additional tests, but can slow API response times.

Some domain testing and analysis is time consuming and can take up to four seconds to process. For example, checking the parked status on a domain in real-time requires looking at the actual hosted page. Same with link verification, seeing if the site has a real TOS or privacy statement, etc. And Whois response time can be quite slow too. So, we have added the new parameter and value of timeout=no. Just add this to your vets and our service will start running additional testing for every vet. It might slow the response time to five seconds, but you will get the extra testing.

February 2nd, 2014

Posted In: Vetting-API

Tags: ,

Leave a Comment

We just added advanced device fingerprinting as part of our Online Vetting Platform and API. This gives clients enhanced levels of protection against fraudulent activities, registrations, and account hijacking.

The fingerprint is linked to risk level analysis of user data including IP, email address, phone, location information, domain, activity and frequency monitoring, geo-location analysis, and community data throughout our network of clients.

We are seeing a lot of bad actors jump between services using similar data patterns. The device fingerprinting automatically marks these users as very high risk and keeps them out of systems permanently.

The unique device fingerprint is connected to the Risk Score value. If the fingerprint has a positive average, the risk level is reduced. If the fingerprint has a negative average, the risk level is elevated and customers can quickly take the necessary action.

Adding the fingerprinting technology to any web form is a simple JavaScript include. The fingerprint does not run any plugins on the client device, and is totally transparent to the end user experience. No personal identifiable information is associated with a device or fingerprint.

To download and use the fingerprinting in your vets, visit our API support page.

January 28th, 2014

Posted In: Vetting-API

Tags: , ,

Leave a Comment

Next Page »


© Copyright 2013 by E-HAWK. All Rights Reserved.