Client device identification fact sheet

Overview
Online organisations must constantly decide if a website customer is genuine or not. Stopping fraud while allowing legitimate transactions and browsing activity to continue is the tightrope they walk. The ability to make the right decisions in real time can mean the difference between e-profitability and closure of the low-cost online channel.

Using client device identification (CDI) is a critical way organisations can prevent Internet fraud and is a vital piece of "know your customer" compliance in the virtual world. By employing technology to increase security before users are allowed access to Web applications, companies can increase confidence in offering higher-risk Internet services.

The pace of business is increasingly frenetic, and organisations not able to adapt to market threats, changes and legislative mandates will be left by the wayside. CDI can help mitigate fraud and enable businesses to examine a wealth of transaction data to proactively prevent losses today and into the future.

About FMT Octopus
FMT Octopus™ is an infrastructure layer plug-in that provides CDI out of the box to enhance Web security. Implementing the front-end solution takes only a couple of hours and requires no APIs or code changes to other applications.

FMT Octopus unobtrusively captures client information via a preprocessing filter. Before allowing access to an e-application, the software non-intrusively examines all customer data contained in every online request.

In addition to having the ability to access and utilise company data sources, FMT Octopus also uses a combination of elements. These include, but are not limited to, IP address, domain name, cookies, browser type and language pack. Other variables, such as screen resolution are able to be used to further develop a unique device profile.

Additional client elements an organisation wants to store also can be included. This database can later be referenced for forensics, analytics and modelling - or as part of a real-time rule strategy or policy in FMT Octopus to enhance the customer experience flowing through the online application.

FMT Octopus has the distinct advantage of being able to introduce bespoke or third-party Java script into the CDI process. This extends the plug-in's ability to optimise device identification - without making any changes to the core application code.

FMT Octopus Advantages
Identifies repeat applications originating from the same client device. FMT Octopus can uniquely "fingerprint" a customer device when it accesses online applications. It is able to see and act on all HTTP session data. Using this fingerprint, organisations can enforce policies that restrict the number of times the application is accessed by a device regardless of whether the customer details entered on the application are different or not.

Provides blacklist/database look-ups. FMT Octopus can view session data and device IDs before a customer submits any personal data. This enables companies to assess risk and make a real-time decision even before the application process begins. The action taken depends on numerous factors from the Internet point of entry, including geo location, domain, IP address, ISP, browser type, language pack, cookies, screen resolution, etc. Because these data elements are not dependent upon customer input, businesses can automatically store and reference this data to make smarter real-time decisions earlier in the transaction process.

Detects scripted website attacks. FMT Octopus effectively prevents threats from suspicious Web page form completion times. It can measure form post times and cross reference that to the estimated time it takes for a customer to complete the information. This data is useful for detecting unwanted traffic attempting scripted, automated and botnet attacks.

Guards against cross-site scripting and SQL injection attacks. FMT Octopus can analyse the data submitted by a user's browser and determine if it contains JavaScript or SQL syntax. This approach is able to detect hacking attempts before they are successful.

Captures information between a browser and Web application. FMT Octopus accesses all data passing between the application and a user's browser. With this wealth of current session data, along with all historical data from past client sessions, businesses can more effectively determine whether or not a transaction should be deemed risky.

Blocks incoming IP addresses posing threats and maps addresses to reverse DNS and/or IP blacklists. FMT can use a DNS block list rule to compare an IP address against block lists (e.g. spamhaus.org). It easily detects "zombie" and other systems that are known to be compromised. Action taken depends upon an organisation's own rules and can run the gamut from redirecting a user to an information/warning page to blocking transactions completely.

Exports data to a database. FMT Octopus provides simple rules to export a wide array of variables to a named CSV file or insert records directly into a table in an existing database.

Keeps a history of users' past behavior. FMT Octopus uses a "history recorder" to detect, store and retrieve historical data from each client device. Multiple variables can be captured in real time using a CSV list of variable names.

Provides a user-friendly interface. The software delivers industry-specific out-of-the-box policies and drag-and-drop rules creation. It does not require extensive IT expertise, with business staff easily able to use it and create changes.

Quick deployment and reduced costly and disruptive changes. FMT Octopus installs in hours in most configurations and requires no APIs or code changes. When rule changes are needed, modifications are made without any down time. And, as easily as changes are made, they can be undone.

Moves organisations toward regulatory compliance. Adhering to ever-changing mandates can be a challenge. In many instances, the software takes so long to implement it is out of date before it even goes live. With FMT Octopus, organisations can more quickly move toward compliance.

Delivers a premise-based solution. As an onsite CDI solution, FMT Octopus offers businesses technological control and long-term cost savings. Organisations can quickly manage changes in the agile and extensible plug-in.

Read more:

• About FMT Octopus
• FAQs
• Product information