Gett Achieves a 62% Increase in Fraud Detection

The Objective

Gett is the leading corporate ground transportation management company that organizes corporate fleet, ride-hailing, taxi and limo providers for their clients all in one place — your phone! The company operates in Israel, the UK and Russia.

As a software as a service (SaaS) solution, Gett consolidates collections of vendors on a single booking platform while clients access this service using apps for iOS and Android. Being the leading company in this industry — and serving a third of the world’s Fortune 500 companies—it’s no surprise that they’ve faced sophisticated security challenges since their inception in 2010.

The Challenge

Initially, Gett began conversations with Ping Identity because the company was having a problem with emulator-based new account fraud (NAF). Emulators are used by fraudsters to mimic devices in order to commit fraud more easily while scaling their activities efficiently—all without large investments in devices. Essentially, rides were paid for using stolen credit cards acquired from the dark web. So, Gett contacted Ping Identity to gain visibility into the scale and extent of these emulator attacks as well as identify fraudulent sessions so they could stop them.

Unfortunately, once Ping Identity addressed this issue, fraudsters amped-up their attack methods. They used sophisticated manual tactics, including three further methods such as:

• Using real devices instead of emulators
• Shadow apps that used messaging services to automate fraudulent ride requests
• Manipulation of device attributes

This presented Gett with more intricate fraud flows originating from those real devices as opposed to emulators. When this happened, Gett needed a solution that could adapt to all of these evolving tactics and flag suspicious activities before transactions were completed. The solution needed to be implemented quickly and be up and running as soon as possible.

The Solution

To combat sophisticated fraudsters, you need to stay a step ahead. Gett used the device intelligence capability of PingOne Fraud to identify these emulators. They achieved this looking for gaps in data it was receiving due to the fact that the devices the fraudsters were using didn’t have the standard attributes that are commonly found on mobile device. PingOne Fraud also made correlations between users, devices, and sessions. Gett received real time alerts that allowed them to block these fraudulent activities before the transaction was completed.

However, once attackers stepped up their game, Gett added PingOne Fraud’s behavioral anomalies capability—behavioral biometrics—to the previously deployed device intelligence capability to detect more advanced fraudulent activities. This solution looked at fraud indicators to identify any suspicious behavioral or usage patterns within the user journey throughout the Gett app. More specifically, the solution analyzed the correlation between behavioral biometrics and shared device identifiers.

Like before, now Gett started to receive alerts that indicated device manipulation. Upon closer inspection, it was discovered that fraudsters had begun using specialized apps to change indicators on Android devices—such as device ID, and device type—to make it look like different users on different devices were performing transactions.

But, they were unable to manipulate the device footprints. With help from Ping, Gett easily detected attacks by uncovering devices being used in large numbers of access attempts. Gett then used data about device changes provided by PingOne Fraud to improve the precision of their custom algorithms so they could more readily uncover these instances.