Looking to help online credit card issuers, auction sites and other e-commerce companies cut down on their fraud rates, Safewww Inc. Monday announced the release of its FraudNet anti-fraud software.
FraudNet works by creating a hardware profile of each PC used to sign up for a company's online accounts, transmitting that profile to a server at the issuer's site and then blocking PCs that have been involved in fraud, according to Kenneth Bob, chief executive officer of Safewww. When an applicant clicks on the "I Agree" button in the terms and conditions section of an application, Bob said, a program is downloaded from the issuing company's FraudNet server to the client PC, which creates a hardware profile of all the devices installed in that computer based on serial number and sends it back to the company's authentication server.
The hardware profile is then stored on the authentication server so that if fraud is committed from that PC, it will be flagged in the authentication database, Bob said. Once that PC has been flagged, he said, any other attempts to use that PC for transactions, no matter whose identity is used, will be blocked.
Though the profile file does remain on the PC, it's no longer used after the initial profile is generated, Bob said. That means that the profile does not need to be protected from tampering in order for the system to work. If the hardware configuration of the PC is radically changed, however, the system does treat the PC as a new computer, he said.
FraudNet is not perfect, Bob said, adding "there will be ways for a fraudster to get around it," such as using library computers.
"We don't claim we're going to catch (all fraud), simply we're going to be one more tool for a company to use," he said.
Though such hardware profiling could raise privacy concerns, Bob dismisses them, saying "our existing customers haven't had a pushback" from their customers over the issue. Users also don't have to sign up for offerings that use FraudNet, he said.
Honest users shouldn't have anything to worry about, Bob said.
"For law-abiding citizens, we're gathering a lot less information than an online bookstore," he said.
The companies that already use Safewww's software display the information prominently in their terms of service in an attempt to avoid privacy complaints, Bob said.
"They view (the prominent mention of the software) as a deterrent," he added.
FraudNet requires its own dedicated Windows 2000 server, placed in the same area as a company's other payment servers, Bob said. The software is immediately available worldwide and is priced on a per-user basis, with each enrollee costing between US$1 and $10, Bob said.