By Mark Ward
Technology correspondent, BBC News
The digital fingerprinting techniques plumb the innards of a computer
In the days when all hacking was done via a fixed phone line, the first skill a novice learnt was how to get free calls. Without that their exciting new hobby was likely to prove too expensive.
Now people no longer pay by the second, the need to steal calls has diminished. Today, the first skill hi-tech criminals have to learn is how to conceal their identity.
This is not just about foiling police investigations. Those who can manipulate an identity can make best use of the stolen names, logins, passwords and credit card numbers that have become the stock-in-trade of the average 21st Century cyber thief.
The growing number of bad guys engaged in manipulating ID has forced a response from the anti-fraud firms who are developing ways to spot criminals who can switch identities the way other people switch on a light.
To fight back, online retailers have turned to identification systems that go far beyond the basics of asking for a name, address, card number and secret question, said Akif Khan, head of client and technical services at anti-fraud firm Cybersource.
You cannot act these days without leaving some intelligence or material trace
Many firms, he said, have put scripts on their websites that interrogate any machine that connects.
"These can execute when a customer visits," he said. "They gather info from the user's machine."
The scripts get data about screen resolution, keyboard language and clock time zone as well as more abstruse characteristics such as the set-up of a machine's IP stack and how it connects to the net.
"When you factor in 20-30 different parameters, some are unique," said Mr Khan. "These have all to be hashed together to create a unique fingerprint for that machine."
The resultant fingerprint can help spot an ID fraudster who uses a different name and credit card but does not change the inner settings of their PC.
"It's not a magic bullet," stressed Mr Khan, adding that it can be tripped up if someone makes a major change to their machine.
"The average user does not usually reconfigure their machine too often and it builds a barrier to entry," he said. "If fraudsters know they have to go to those lengths, it almost becomes not worth it."
Andrew Moloney, security evangelist at anti-fraud firm RSA, said alongside device fingerprinting techniques went systems that looked at the behaviour of visitors as well as at their PC.
When hacking was done via dial-up it could prove expensive
"We're absolutely looking at the device and how it is behaving on the route through the website," he said.
Simple factors such as where a visitor enters a site or what they do after they hit the home page can give clues that all is not as it seems.
Users who go straight from the a front page to one buried deep in a site and start a very specific transaction could be a hint that a fraudster is quickly trying to get in and out.
By contrast, said Mr Moloney, most legitimate visitors browse around a site before carrying out the transaction they actually went there for.
"The velocity of how fast did they go from login to transfer page is a great indicator," he said.
Again though, he stressed, it was rare that these systems flagged a transaction or visitor as fraudulent.
"We are moving way from the situation where we have banner indicators to a place where now we are having to get much more sophisticated and build up a picture using a series of techniques," he said.
In-depth analysis is also helping security firm Detica in its fight against fraudsters. Rather than just look at data from one machine, Detica takes in huge amounts of information about customers and looks for connections in the pile.
Unstructured data in e-mail and texts can help investigators
"We take all the data you can get and make as many possible links between all the items in it," said David Porter, head of security and risk at Detica.
"Once you have made those links you reduce them to the interesting ones and then go on to investigate those networks," he said.
This analysis, he said, can uncover links between elements that would otherwise go unnoticed.
For instance, he said, it can pull out people using the same bank account, have similar flat numbers or it could spot the person who spells their name different at every institution they use in a bid to hide the stages of a sophisticated scam.
Rather than monitor transactions on a website, Detica typically works for large financial institutions overseeing their everyday business to spot fraudsters and con artists.
"The great benefit it has is that it can... thrive on large amounts of noisy data," he said. Data, he pointed out, that humans generate in huge quantities as they go about their daily digital life.
An e-mail has a formal structure so it can travel and arrive safely across the net, but the text within it is much more loosely arranged.
"That unstructured data has to be a goldmine of intelligence," he said.
"You cannot act these days without leaving some intelligence or material trace," said Mr Porter.
"It's an arms race," he added. "Its never going to be solved and the only way we will stop online fraud is by stopping people using online devices."