The Signal >>Sign-up for Incognia Monthly Newsletter
A large food delivery platform was suffering from a major new social engineering attack in which bad acting couriers were stealing payments from customers. The client took action by closing the implicated accounts and flagging the involved devices, however new complaints of the same scam continued being reported to customer service. In an attempt to placate customers, the app was refunding customers and therefore incurring significant financial losses.
The team believed that their device identification solution was being bypassed somehow, enabling the bad actors to use the same device to continue defrauding customers by opening new accounts.
The delivery platform was an Incognia client at the time but was running an older version of its SDK. This version did not have the detection features that had been designed to prevent this exact scam from succeeding and included in the recent update.
Despite the proactive work of Incognia’s research and engineering teams, the client was under a code-freeze which meant that they could not rollout the new SDK and they needed a solution immediately. Given this, Incognia’s Customer Success team worked side-by-side with the client to implement a temporary rules-based solution that prevented the attack from continuing.
Since the Incognia team was familiar with the characteristics of the attack, it uncovered that the fraudsters were using the factory reset feature and running tampered versions of the courier application to bypass the outdated device identity feature. These techniques were enabling bad actors to use the same device to open multiple accounts and even use app cloning tools to run multiple installations of the app on one device, enabling the bad actors to access multiple accounts at one time and scale the attack.
Given the client could not rollout Incognia’s updated SDK to stop the attack, the customer success team took action by creating a new rule set that used location data to watchlist the devices known to have been involved in the scam. The team then leveraged the Suspicious Locations feature to look at the location behavior of the associated devices and identify locations with a high density cluster of these risky devices.
The Suspicious Locations feature delivers a new layer of fraud intelligence by analyzing real-time location data to associate devices and accounts by their precise locations. The feature alerts fraud and risk teams when:
One of our specialists will be glad to meet you and go over Incognia's capabilities.
To help us personalize our conversation for your business, please fill out the following form.