Normally, people are using factory reset to renew their devices. It’s always been used for a good purpose, but when it comes to fraudulent activities, factory reset patterns become a new post-fraud tactic to cover illicit acts.
Imagine when a criminal has just committed a crime at the scene. What they do next is attempting to hide any evidence that incriminates them as the perpetrator. The same logic applies to this fraud trick.
In the digital world, erasing evidence is not something new, which means there is already a way for companies to tackle the issue: device intelligence. Learn how this device-based fraud prevention goes beyond the seemingly “fresh device fraud” tactic.
What Factory Reset Patterns Reveal about User Behavior?
Factory reset is sometimes used as the last resort by regular users to solve the issue on their device. It is also used when they want to sell their phone and replace it with a new one. Regardless, factory reset is considered rarely used by casual device users.
However, when it becomes a pattern, it means the user performs factory resets over and over. This is not something a casual user would do, considering the tedious process of reinstalling everything afterwards.
Albeit the unusual behavior, it doesn’t always mean a fraud has been committed. It can also indicate that a user tries to remove kernel-level malware, which persists after a factory reset. This is the reason why context matters in fraud prevention, ensuring companies only prevent actual frauds.
Why Do Fraudsters Use Factory Reset?
Factory reset is used to restore the device to a clean, brand-new state. This means whatever happened to the previous condition of the device will be destroyed, and this is exactly why fraudsters use it repeatedly.
First, the main reason is to hide any evidence that may be a sign of jailbreaking. As we know, jailbroken devices can be flagged as suspicious by fraud prevention. It is also strongly discouraged by fintech companies, as their apps won’t be functional.
Second, another reason is to disguise the phone as if it were a fresh, unused device. When registering an account under this “new” device, it may seem companies will get a new user, which means they may get other deals and discounts. This is a promo abuse.
When Factory Reset Patterns Indicate Abuse?
Though frauds are more sophisticated nowadays, their device reset abuse trick may leave a distinguishable pattern. There are two well-known indications when a factory reset was done because of the abuse:
- Factory reset always happens after suspicious transactions. This pattern indicates that fraudsters are trying to hide illicit transactions, false chargebacks, or abuse promotions and giveaways.
- Factory reset after changing to a new phone number. This pattern indicates that fraudsters performed SIM swapping and ported the victim’s phone numbers as their own.
Why Factor Reset Patterns Matter in Fraud Prevention
As a company, having fraud prevention that acknowledges the danger of this factory reset trick is essential. This is because there will be some new problems they may face:
False Assumptions about New Customers
Companies are expecting new users to flood to their services, preparing for welcoming promotions and deals. However, what if a lot of them weren’t actually new customers but the same people who have been exploiting this abuse numerous times?
Without a proper fraud prevention designed to detect fake new customers, companies may have a false assumption that they have a surge of new customers. It can also lead to false performance insights.
Increased Exposure to Promo and Refund Abuse
Like previously stated, fraudsters are looking for a loophole within the service to gain promotions and refunds that they weren’t supposed to get. There are two scenarios with how they use this fresh device fraud trick:
- Fraudsters factory reset their devices and register new accounts under this disguised new device. Then, once they claim promotions or giveaways, they repeat this process again.
- To claim refunds, fraudsters first claim they have never received products to get refunds. Then, once they factory reset, fraudsters make another purchase under a new account and repeat the same scheme.
Also Read: Flash Sale & Promo Abuse: Causes and Ways to Prevent Losses
Higher Chargeback Ratios
Once fraudsters gain an advantage over this device reset abuse, they won’t stop from repeating it again and again. This leaves companies facing higher chargeback ratios than usual, costing them even more losses than normal.
Also Read: Reducing Chargebacks Fraud with Travel & Ticketing Fraud Prevention
Missed Detection of Repeated Abusers
Again, not having more advanced fraud prevention will likely let these bad actors repeatedly perform this abuse. Especially for traditional security systems, where it sees nothing wrong with the device, as previous tampering acts have been erased.
How Device Intelligence Signals Detect Factory Reset Patterns
In the midst of factory reset abuse, a new device-based solution arises. The device intelligence is a perfect solution to repeat user detection from factory reset tactics. Here’s how such a tool can detect these devious tricks:
Persistent Signals Beyond Device Storage
Fraudsters may reset their device, but one thing is, the device storage is not the only thing that determines its user. There are still other elements, such as the device’s location, IP address, and biometric fingerprints.
Device intelligence sends persistent signals, such as geological spoofing and biometric change detection, to determine whether the device is still used by the same person.
Behavioral Consistency Across Resets
Every person has their own unique behavior, it’s what makes a human a human. With that said, if fraudsters reset their devices to appear like a new person, their behavior is still consistent. This is how the device intelligence could detect them.
Linking Reset Devices to Historical Risk
Device intelligence adopts a risk-based logic, where the more the device has been reset, the more likely it is done to disguise a fraud. It then decides what to do with these devices based on the historical risk, ranging from additional verification to denying access.
Real-Time Risk Scoring after Reset Event
Lastly, device intelligence has something called device trust score. This system calculates a real-time score based on reset patterns. “Low-risk” means a user is likely legit, whereas “high-risk” means a user is likely a fraud disguising their devices.
Detect Factory Reset Abuse with Keypaz
So it’s clear how device intelligence ensures businesses can detect device reset abuse. For companies looking for such a robust tool, Keypaz is here to combat these bad actors. Here are several tools from Keypaz that can be used to fight against them:
- Device intelligence, which collects behavioral data from devices to detect any signs of factory reset abuse.
- Smart signal detection, which detects any signs of fraudulent factory resets beyond their device storage.
- Real-time rule orchestration, which allows dynamic rule creation based on contextual device insights to prevent false positives.
Device-based fraud prevention from Keypaz is all you need to combat fraudsters while saving revenue losses. Try Keypaz’s free trial to detect factory reset patterns and abuses now.