Detecting online fraud – The burning issue with cookies isn’t about privacy at all—it’s about the death of the cookie as a usable way to identify a device.
What have you got to hide when you visit a website? If you block or delete cookies you might be a legitimate customer who doesn’t want to be tracked going from Web site to Web site—and stalked by advertisers who want to target you by your online shopping habits. Or you could be a fraudster with a pile of hijacked credentials and stolen credit cards ready to engage in a virtual online crime spree. The former simply wants to stay off the advertising grid, using widely available tools such as private browsing in FireFox or periodically wiping cookies. The latter will go to much greater lengths to avoid detection by the identity of their device (computer, smartphone, iPad, etc.), using software tools and methods that typical consumers would never employ.
Consider Marketo, a SaaS application that integrates online marketing tools—email, landing pages, campaigns, lead management and more into a single application. The first time a computer first visits a Marketo-tagged web page, Marketo deposits an HTML cookie on the visitor’s computer. From that point forward, Marketo knows when your computer comes and goes and which pages it visits during a session. Down the road, if and when the computer visits the same website and the individual provides personal information (for example name and email address requesting contact) Marketo attaches the computer’s website visit history to the name, thereby providing a more complete picture of the individual’s interests, and helping marketers better “tune” their marketing to the individual. The purpose of Marketo is to help companies be smarter about their marketing by being smarter about their website visitors. If someone blocks or wipes cookies thereby blocking Marketo, there isn’t much risk of sustaining losses. The only loss in this scenario is a Web site’s ability to better market to you.
When it comes to fighting online fraud, the burning issue with cookies isn’t about privacy at all—it’s about the death of the cookie as a usable way to identify your device. It’s no secret in the fraud prevention business that cookies turned stale long ago. The demise of the cookie to fight fraud doesn’t do away with the need to identify a device—only the method. While online advertisers pursue an ever more persistent way to push back the line on consumer’s ability to control their privacy, software developers will continue to invent new and better ways to identify your device that don’t rely on cookies or PII to help organizations fight the “good fight” against fraud. See the difference?