a good thing!
Unfortunately, once Ping Identity addressed this issue, fraudsters amped-up their attack methods. They used sophisticated manual tactics, including three further methods such as:
Using real devices instead of emulators
Shadow apps that used messaging services to automate fraudulent ride requests
Manipulation of device attributes
This presented Gett with more intricate fraud flows originating from those real devices as opposed to emulators. When this happened, Gett needed a solution that could adapt to all of these evolving tactics and flag suspicious activities before transactions were completed. The solution needed to be implemented quickly and be up and running as soon as possible.
To combat sophisticated fraudsters, you need to stay a step ahead. Gett used the device intelligence capability of PingOne Fraud to identify these emulators. They achieved this looking for gaps in data it was receiving due to the fact that the devices the fraudsters were using didn’t have the standard attributes that are commonly found on mobile device. PingOne Fraud also made correlations between users, devices, and sessions. Gett received real time alerts that allowed them to block these fraudulent activities before the transaction was completed.
However, once attackers stepped up their game, Gett added PingOne Fraud’s behavioral anomalies capability—behavioral biometrics—to the previously deployed device intelligence capability to detect more advanced fraudulent activities. This solution looked at fraud indicators to identify any suspicious behavioral or usage patterns within the user journey throughout the Gett app. More specifically, the solution analyzed the correlation between behavioral biometrics and shared device identifiers.
Like before, now Gett started to receive alerts that indicated device manipulation. Upon closer inspection, it was discovered that fraudsters had begun using specialized apps to change indicators on Android devices—such as device ID, and device type—to make it look like different users on different devices were performing transactions.
But, they were unable to manipulate the device footprints. With help from Ping, Gett easily detected attacks by uncovering devices being used in large numbers of access attempts. Gett then used data about device changes provided by PingOne Fraud to improve the precision of their custom algorithms so they could more readily uncover these instances.
Gett is the leading Ground Transportation Management (GTM) platform and B2B marketplace, where spend is estimated to exceed $100 billion globally. Serving more than 1/4 of the Fortune 500, their platform organises corporate fleet, ride-hailing, tax and limo providers in one place.
Learn more at https://gett.com/intl/
More Stories You'll Love
Learn why Open Banking chose Ping’s identity and access management (IAM) technology to underpin the UK’s Open Banking Directory.
Gates leveraged Ping’s applications and partnerships to implement a global authentication authority at global scale.
Scotts centralized identity services and increased their security posture by implementing federated single sign-on.
HP reduced complexity, optimized spend and is enabling new business as the company evolves.