A panel at the RSA Conference discussed current and emerging forms of the practice, which involves identifying each device used to access an account with a unique tag or signature.
With each device assigned its own 'fingerprint,' administrators can then be instantly alerted to potential fraud.
For some companies, the practice is already paying big dividends.
Wachovia Bank online customer protection specialist Chris Mathes said the practice is already paying dividends for his company.
"Device fingerprinting gives us a very powerful tool for us to look at devices as they are coming in," Mathes explained.
"If I have already identified a device as being owned by a bad guy, I can decide whether or not I even want to let them in the front door."
The practice also has its detractors. Electronic Frontier Foundation civil liberties director Jennifer Granick warned that the information banks gather from the digital fingerprints could be used for more than just security.
"The question is what kind of privacy protection is there, and the answer is very little," said Granick.
"One thing we really do not want is for this information to be shared with affiliates who do advertising or marketing, because then you have the same problem we have with cookies, but much worse."
While the situation appears to put security and privacy at odds, there may be a system that can allow for a compromise.
41st Parameter founder and chief executive Ori Eisen suggested that banks look to adopt so-called 'tagless' fingerprinting which uses components such as javascript and system profiling rather than simpler cookie or IP tracking 'tag' components.
Eisen said that not only could the tagless system be far more accurate and reliable than tag systems, but the collected data would also be less likely to raise privacy concerns.
"What we are going to ask is 300 questions that you could ask about the vendor's APIs, but none of it is personally identifiable information. I would never know who is on the other end."
RSA 2009: Benefits and dangers of device fingerprinting
By
Shaun Nichols
on Apr 24, 2009 12:06PM
Got a news tip for our journalists? Share it with us anonymously here.
Partner Content
Ingram Micro Ushers in the Age of Ultra
Build cybersecurity capability with award winning Fortinet training from Ingram Micro
Channel can help lead customers to boosting workplace wellbeing with professional headsets
How NinjaOne Is Supporting The Channel As It Builds An Innovative Global Partner Program
Tech For Good program gives purpose and strong business outcomes
Sponsored Whitepapers
Easing the burden of Microsoft CSP management
-1.jpg&w=100&c=1&s=0)
Stop Fraud Before It Starts: A Must-Read Guide for Safer Customer Communications
The Cybersecurity Playbook for Partners in Asia Pacific and Japan
Pulseway Essential Eight Framework
7 Best Practices For Implementing Human Risk Management
.png&w=100&c=1&s=0)
