In this edition:

• Cross-device fingerprinting is the future
  
• FaaS of the Month: B4U (Buy-for-You)

Cross-device fingerprinting is the future

By André Ferraz, CEO and Co-Founder at Incognia

Cross-device fingerprinting is the next big thing in fraud prevention.

Cross-device fingerprinting combines a device ID with location behavior data in order to more accurately recognize devices and identify the same user across multiple devices.

This approach is built on the premise that our digital behavior is unique in two key ways:

We always access digital services through a device and from a specific place. 

So what does this mean for fraud prevention?

Device fingerprinting has long been a core fraud prevention tactic, but today fraudsters have more ways than ever to make a known device look like a brand new one.

And without the ability to re-recognize a device, it’s hard to defend against ban evasion, fake account creation, and scams. That’s why we need a new fraud filter.

If it’s precise enough, location data can distinguish one unique device from another, filling in the gap left by device signals.

An identity that’s based on device + location is a universal form of digital identity.

It persists across devices and digital services. It helps you make sure that trusted users go down the fast track while potential bad actors are stopped before they can commit fraud. 

By leveraging a cross-device fingerprint, fraud prevention systems can flag devices associated with a fraudster–even those devices that aren’t being used (yet) for fraud.

This is why my team at Incognia has decided to dig deep into understanding how device and location signals can work together to get ahead of bad actors.

Cross-device fingerprinting is at the cutting-edge of modern fraud prevention.

As this technology evolves, I believe it will redefine the landscape of digital security and fraud prevention.

FaaS of the Month: B4U (Buy-for-You)

Fraud-as-a-Service: When cybercriminals sell their tools, services, and skills to help clients carry out fraud. Each month we highlight a FaaS tool that you should be aware of. 

B4U site offering 50% discounts on orders from a top US food delivery platform

Fast facts about B4U (Buy-for-You):

• Fraudsters offer this service to buyers through forums, Reddit, Telegram groups, and Discord servers
• The fraudster orders food through a delivery app on the buyer’s behalf, providing steep discounts (usually at least 50% off) in exchange for a fee
• They get the discount via multi-accounting, promo abuse, refund abuse, using stolen cards, or some combination thereof
• Some B4U fraudsters also sell guides that outline their process for getting “free food forever” 

Deep dive on B4U:

Promo abuse, multi-accounting, refund abuse, and payment fraud are all big problems for food delivery apps today. Fraudsters use these methods to enjoy free meals without ever having to leave their home—but they also use them to create a profitable hustle.

How do they do it? They offer steep discounts on delivery app orders in exchange for a fee, and then make the purchases themselves while abusing policies or using fraud methods to minimize their costs.

B4U or “Buy-for-You” vendors advertise their services in a variety of different places—hacker forums, subreddits, Telegram groups, Discord servers, TikTok videos, and so on. Some make a point to label their services as “fully legal,” or “whitehat,” but few openly advertise how they get major discounts on multiple food orders per day. But even these details can be had for a price. For $50-$100, some fraudsters will sell you their step-by-step guides for getting “free food forever” or discounted rideshare rides.

B4U listings on Hack Forums, a well-known hacker site

For those who advertise their services as “legal” or “whitehat”, they’re likely using some combination of policy abuse methods like multi-accounting, promo abuse, and refund abuse, as well as using location spoofing to fake being at their customer’s location. These bad actors could create dozens of accounts on different devices to take advantage of new user discounts, and they may also falsely ask for refunds or vouchers for orders their customers actually received. Because they often have access to many accounts, it’s also easy for these actors to evade bans if any of their accounts gets booted from the platform.

As for the B4U perpetrators that are leveraging more directly fraudulent methods, they’re most likely using stolen credit card information or doing account takeovers so they can order with legitimate users’ accounts in order to get food delivered for free to their customers.

To learn more about how fraudsters are doing promotion abuse on delivery platforms, check out Incognia’s new Essential Guide to Promotion Abuse on Delivery Platforms.

Other links you should check out:

Cross-device fingerprint

Detecting suspicious environments is a paradigm shift | Incognia

Location Fingerprinting: A new era in fraud prevention | Incognia

B4U Fraud

Report: Scammers will offer you cheap food delivery on Telegram, then pay for it with stolen credit cards | Fast Company

Odd scam offers free food or deep discounts where someone else pays the bill | Detroit Free Press

What did you think of this newsletter?

Incognia, a digital identity company, detects fake account creation and account takeover attempts for gig economy, marketplace, and financial technology applications. Benefits of using Incognia’s location-based digital identity include reduced false positives and a low friction user experience.