Systems and methods for detection of session tampering and fraud prevention
First Claim
1. A method for detecting an online transaction tampering, the method comprising:
- establishing a Session ID for activity between a computer and a user device over a network, wherein the Session ID is associated with at least two device fingerprints collected while an article is in a virtual shopping cart;
instructing the computer to collect the at least two device fingerprints, while the article is in the virtual shopping cart, from the user device for the corresponding Session ID, wherein the at least two device fingerprints are collected from at least two different pre-selected pages displaying different content that are configured for an online transaction tampering comparison; and
comparing the at least two device fingerprints, and if the at least two device fingerprints collected from the at least two different pre-selected pages are not identical, detecting the online transaction tampering and providing an alert.
2 Assignments
0 Petitions
Accused Products
Abstract
The invention provides methods and apparatus for detecting when an online session is compromised. A plurality of device fingerprints may be collected from a user computer that is associated with a designated Session ID. A server may include pages that are delivered to a user for viewing in a browser at which time device fingerprints and Session ID information are collected. By collecting device fingerprints and session information at several locations among the pages delivered by the server throughout an online session, and not only one time or at log-in, a comparison between the fingerprints in association with a Session ID can identify the likelihood of session tampering and man-in-the middle attacks.
169 Citations
20 Claims
-
1. A method for detecting an online transaction tampering, the method comprising:
-
establishing a Session ID for activity between a computer and a user device over a network, wherein the Session ID is associated with at least two device fingerprints collected while an article is in a virtual shopping cart; instructing the computer to collect the at least two device fingerprints, while the article is in the virtual shopping cart, from the user device for the corresponding Session ID, wherein the at least two device fingerprints are collected from at least two different pre-selected pages displaying different content that are configured for an online transaction tampering comparison; and comparing the at least two device fingerprints, and if the at least two device fingerprints collected from the at least two different pre-selected pages are not identical, detecting the online transaction tampering and providing an alert. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A non-transitory computer system loaded with machine readable instructions for carrying out a method of detecting an online transaction tampering, the method comprising:
-
establishing a Session ID for activity between a computer and a user device over a network, wherein the Session ID is associated with at least two device fingerprints collected while an article is in a virtual shopping cart; instructing the computer to collect the at least two device fingerprints, while the article is in the virtual shopping cart, from the user device for the corresponding Session ID, wherein the at least two device fingerprints are collected from at least two different pre-selected pages displaying different content that are configured for an online transaction tampering comparison; and comparing the at least two device fingerprints, and if the at least two device fingerprints collected from the at least two different pre-selected pages are not identical, detecting the online transaction tampering and providing an alert.
-
-
13. A network security system for an online merchant that detects when an online transaction is compromised comprising:
-
a server within an online merchant network for conducting an online transaction with a customer device, wherein the Session ID is associated with device fingerprints collected while an article is in a virtual shopping cart; a fingerprint collector within the online merchant network for collecting the device fingerprints at predetermined intervals during the online transaction from the customer device, wherein the device fingerprints are collected while the article is in the virtual shopping cart, from at least two different pre-selected pages displaying different content that are configured for an online transaction tampering comparison; a session collector within the online merchant network for collecting Session ID information at the predetermined intervals from the customer device; and a memory for storing information collected from the fingerprint collector including the pages where the device fingerprints are obtained in order to enable a comparison between the device fingerprints collected from the at least two different pre-selected pages and the Session ID information that suggests that the online transaction is compromised if the device fingerprints are not identical. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
-
Specification