The name TOR is derived from an acronym for the original software project name “The Onion Router”. The network is actively used to conduct a wide range of illegal and fraudulent activities online.
Anonymous sessions mean that the browser of a user will not save cookie files and all cookie based analytical solutions will count those as new users every time they visit your website.
Do Not Track option
When this option is on, it instructs the browser not to keep track of the user. In certain conditions and environments Do not track option may be a clear sign of fraudulent activities.
User agent change
User agent describes a situation when a user changes his/her user agent in a browser (with the help of extensions, for example (Linux posing as iOS, etc). User agent change is one of the types of emulation.
The user cannot see advertising content on your page. AdBlock is not a sign of a typical fraudster in itself and has an extremely low fraudscore, but combined with certain other triggers it indicates certain bots and is useful for detecting specific fraud types. It also comes in handy when analyzing behavioral patterns of your real users.
Out-of-date operating systems
Old Operating System is one of the most common features of bot farms and automated systems. Such systems are extremely hard to update and they are pretty effective against less advanced antifraud solutions. Our Fingerprinting technology allows us to determine the OS used by your visitor and you to not waste time on bots instead of real users.
Using virtual machines or emulators users disguise their activities. Fraudsters may use virtual machines to create appropriate environments, for example one emulates iOS on Linux platform and installs a legitimate Safari browser or, in case of some bot farms, they emulate an appropriate environment on the server side. The server then sends information to your website stating it is a machine with a number of parameters like platform, browser, etc.
People use PROXY services to hide their real IP address. PROXY Types are: Anonymizing VPN services, Tor Exit Nodes, Hosting Providers, Data Centers or Content Delivery Networks, and Web Proxies. Although Proxy services are sometimes used by real legitimate users to protect their privacy, they are a valid and widespread fraudster tool. Our solution is able to detect all kinds of proxy services as well as scan and extract a whole array of user ip addresses.
Out-of-date browser versions
Old Browser trigger fires for versions that the manufacturer of the said browser does not recommend to use (around 2 years old). The thing here is that bot farms and automated systems do not change their browser versions for years for the procedure is technically difficult and costly.
Country restriction list
Every business has a target audience. It is highly unlikely for someone from Peru to visit Canadian local retailers and vice versa. Our sophisticated fingerprinting solution determines the real location of a user irrespective of techniques used to hide it.
The user is a bot. Nearly 50% of all web traffic is coming from various Bots with around 20% coming from Good or Legitimate Bots and around 30% from Bad or Malicious Bots.
Time zone inconsistency
Analyzing different parameters of users’ equipment allows us to establish whether a certain user tries to hide his/her real location and their actuall time zone is a sure sign of such actions.
Users try to hide the culture/language they belong to/speak. Discrepancies in information about user’s location, culture, language, etc. is a sure sign of a fraudster.