One thing that all criminals know is how important it is to cover your tracks. We’re talking all the way from your lowest-level criminals – say, a kid blaming the dog for the broken window – all the way up to your everyday digital huckster, defrauding companies for thousands at a time.
Where framing the dog might be as easy as rearranging some glass or planting a chew toy at the scene of the crime, covering your digital tracks takes significantly more sophistication.
Why? This is because of your digital footprint.
What is a digital footprint?
When we refer to a user’s digital footprint, we are talking about an aggregation of all the data of all the interactions that a user has had on the internet. It is a personal imprint they leave behind in the digital sand where they have tread, and invaluable information when a company needs to be confident about an online identity.
It is a concept that the world of cybersecurity constantly has in mind as the entire industry looks for a way to bridge the gap between security and a good customer experience.
What kinds of digital footprints exist?
Data inside a digital footprint can be thought of in two different categories based on who is holding them: private and public.
A user’s private footprint is all the things that are aggregated about an individual and stored on proprietary databases by companies. This might be cookie preferences or information from domain registration. Have you signed up for a newsletter recently? That identifying data will be stored in a company’s black box, inaccessible from outside.
The other kind of footprint is the public-facing one. This is an aggregation of data that is often more passive in nature, like your IP address and its location, upvotes on your comments by others on Reddit, or how many times you visited a certain website in a month. All these data points are OSINT (Open Source INTelligence), and thus visible to the naked eye, so to speak. However, you have to know where to look or employ software that knows for you.
All these data points are collected constantly as we use the web. Together, they lead to a unique dossier of a user that is also very hard to fake, and the data will be suspiciously recent if it is faked. This is why the information in digital footprints is so valuable in the world of fraud prevention.
What can be gathered from an email and phone number?
With major tech developments like the update to Apple’s intelligent tracking prevention tool changing the game for tracking identifiers, publicly-accessible information, such as the associations of a user’s email and phone number, are becoming increasingly valuable.
But that isn’t necessarily a dire situation for those who need data for marketing or fraud prevention. Using just these two identifiers in a digital footprint, email, and phone, we can analyze:
- The validity of an email account – can it be delivered to?
- The approximate age of an email account – older accounts are more likely to be legit;
- Associated social media and online platform accounts and the associated information – photos, connections, bios, locations;
- Associated messaging apps and their use frequency.
How can these data points then be applied to fraud prevention for e-commerce websites? In just the year 2020, this was the $56-billion-dollar question.
How can digital footprint analysis stop online fraudsters?
So how can these digital footprints help to uncover the tracks of online criminals? A great deal of fraud perpetrated online takes advantage of stolen personal or credit card information, which is information that can sadly be purchased in bulk on both the clear and dark webs. To use this stolen data – to bypass the most standard cybersecurity measures – in almost every case, the fraudster must create a new email address to match the victim’s information.
This is where a digital footprint analysis can stop a bad actor in the middle of their ploy.
The email address that the fraudster has set up can be scrutinized by checking the approximate age of an email account by looking at historical data breaches. Email addresses with a realistic use history will very likely show at least one data breach.
As well, in a society where the average person has 8.8 social media accounts, the email address can also be checked by a social media lookup tool for associated accounts – an email with no social media references is instantly suspect. Fraud prevention software can then be automated to deny service or decline payment for the user with a suspiciously low (or new) online presence.
Importantly, these lookups only scrape data that the user has opted to share publicly, so it is outside the conversation surrounding identifying trackers and how privacy-minded users feel about them. This is a good thing, as fraudsters will find it much easier to impersonate real human traffic without that stream of data from trackers, so digital footprint analysis is paramount for the bottom line of any e-commerce institution.
Uncovering the Footprints
One of the largest blips on the tech radar this year was the Meta company’s historic stock slump. This was a direct consequence of Apple’s update to its intelligent tracking prevention tool, which thereafter allowed iPhone users to prohibit Facebook’s (and every app’s) ability to target the market through cookie-gathering. With 97 percent of Facebook’s reported profits coming from advertising revenue, this was a huge deal beyond just Facebook’s stock price – international e-commerce is more aware than ever that cookie-collected data analytics were a huge part of their market, but no longer.
Now, a growing population of device users wants more control over their data, and companies want to retain those users.
Digital footprint analysis, which relies on open-source intelligence (OSINT) rather than cookies, seems the best recourse for companies who don’t want to be part of the statistical losses to fraud the marketplace sees every year. Until cybercriminals develop the ability to falsify a more three-dimensional digital footprint – and they very well may – mitigating your losses to malicious fraudsters begins with two simple data points: an email address and a phone number. With even one of these pieces of information, combined with the right fraud prevention software, the age of do-not-track does not have to be one marked by record losses to fraudulent users.
Gergő Varga has been fighting online fraud since 2009 at various companies – even co-founding his own anti-fraud startup. He’s the author of the Fraud Prevention Guide for Dummies – SEON Special edition. He currently works as the Evangelist at SEON, using his industry knowledge to keep marketing sharp, communicating between the different departments to understand what’s happening on the frontlines of fraud detection. He lives in Budapest, Hungary, and is an avid reader of philosophy and history.
TechNode Global INSIDER publishes contributions relevant to entrepreneurship and innovation. You may submit your own original or published contributions subject to editorial discretion.
Now on its third year, the ORIGIN Innovation Awards draws inspiration from the United Nations Sustainable Development Goals (SDGs) and seeks to recognize and celebrate exemplary entrepreneurs, businesses, investors, and innovation ecosystem drivers that embody the spirit of outstanding innovation and are actively promulgating sustainability in their business practices. Nominations are now ongoing.
Cybersecurity startup watchTowr totals $10.25M in Pre-Series A investment