A review of the anti-fraud system of the financial organization M&T Bank

29.03.25

In this article, using the example of the <a href="https://www.mtb.com/" target="_blank">https://www.mtb.com/</a> website, we will examine what data is collected by a financial organization's anti-fraud system.

Let's use a tool that determines where various parameters and browser fingerprints are collected.

Let's open the bank's registration page
<a href="https://www.mtb.com/log-in" target="_blank">https://www.mtb.com/log-in</a>

![](/media/mdeditor/1_20250328211709225960.png)

The site checks the following data obtained from the user's browser:

![](/media/mdeditor/2_20250328211744862908.png)

Page establishes Webrtc connection, gets result from rendering audio. Collects Canvas prints in a large number of Canvas, including giving a job to render persistent and new (dynamic) Canvas:

![](/media/mdeditor/3_20250328211817202885.jpg)

The site collects the footprint, getting information about the video card and supported resolutions using WebGL technology.

The site's anti-fraud system collects information about the device's battery, connection type and properties, information about installed plugins in the browser, and requests access to the device's camera. The site checks Java support in the browser and tries to get a list of Usb devices.

The site also obtains data about DoNotTrack mode usage, User-agent, device platform, which are standard for antifraud systems.

![](/media/mdeditor/4_20250328211922562639.png)

Screen size and touch support in the browser

![](/media/mdeditor/5_20250328211949362668.png)

The site collects a list of fonts installed on the user's system.

Important is checking the language in the browser, the time zone of the system and matching the results to the ip address of the site visitor.

Let's have a look in Dev Tools at the information collected by the site

![](/media/mdeditor/6_20250328212106748539.png)

In addition to browser information, the site tracks and records user actions (browser resizing, clicks and touch events, text input) with timestamps on pages.

After entering text into a field, the data was written to Local storage

![](/media/mdeditor/7_20250328212134270783.png)

And sent to the server

![](/media/mdeditor/8_20250328212158499080.jpg)

####Conclusions:

We have reviewed most of the parameters tracked by a financial organization's anti-fraud system. The site collects detailed information about the browser and system, user actions on the pages, but despite this, the site does not block mass automated account registration, provided that several important parameter values in the anti-detect browser are substituted with values corresponding to a large number of real users of the site and the correspondence of values between each other.

Posting terkait

Antidetect

Application of WebGL technology in anti-fraud systems to protect against fraud.

WebGL technology in Anti-Fraud systems and user identification techniques

WebGL is a powerful technology for rendering 3D graphics in GPU-enabled browsers that has found application in anti-fraud systems to create unique device fingerprints. It helps to improve the performance and security of web applications.

Bannykh M.V

01.11.24

Antidetect

Analyzing browser language settings to identify suspicious users in antifraud systems.

Browser languages, location and their use in Antifraud systems

Browser language parameters play a key role in the work of anti-fraud systems, helping to detect discrepancies between the user's settings and his real device parameters.

Bannykh M.V.

29.11.24