November 14, 2017
Real-time passive authentication to protect customer accounts and transactions
Banking and brokerage companies use ThreatMetrix® to enable customers to transact safely, and as easily and quickly as possible.
Banking customers want secure, fast transactions, but traditional multi-factor authentication can deliver an alienating experience. Cybercriminals are also adept at defeating these step-up challenges.
The ThreatMetrix Digital Identity Network® provides integrated device, location, behavioral and threat analytics to deliver frictionless, dynamic authentication for every new account registration, login and payment.
Increasingly sophisticated breaches and attacks continue to rise and will probably do so indefinitely. Fraudsters use false and stolen personal information to target financial institutions by opening new accounts, applying for credit or transferring funds. Fraudulent accounts are then used to run up debt, engage in money mule scams and defraud legitimate customers.
ThreatMetrix aggregates digital transactions from across the globe and then stitches together digital identities by recognizing the constantly changing relationships between individuals, their behaviors, locations and devices. This takes place instantly and transparently to the customers, but it’s highly accurate in pinpointing fraudsters and produces up to a 95-percent recognition rate for return visitors.
Using ThreatMetrix we can clearly see the spider web of linked, fraudulent accounts. We’ve almost got a 100-percent hit rate on known negative devices.
— Jim Winters, Director of Financial Crime, Fraud and Underwriting, TSB
As EMV chip cards and tokenization are making it harder for criminals to access customer data outside of banks and brokerages, cybercriminals are changing tactics. Fraudsters are now expected to intensify sophisticated digital attacks against financial institutions, exploiting everything from zero-day vulnerabilities to man-in-the-middle proxies and scripted bot attacks to assume control of customer accounts.
Cybercriminals gain unauthorized account access using credentials obtained through phishing attacks, compromised devices, malicious personas, shared passwords, keyword loggers and other tricks. They know that it’s often easier to trick unsuspecting people than it is to exploit some technology loophole.
ThreatMetrix aggregates global digital transactions and stitches together digital identities by recognizing the constantly changing relationships between individuals, their behaviors, locations and devices. This enables all of our customers to recognize more than 1.4 billion legitimate and fraudulent identities from more than 4.5 billion devices across the globe. This produces up to a 95-percent recognition rate. That’s the power of global shared intelligence.
We’ve had members come in to the branch to thank us personally because they weren’t aware they had online security issues. … ThreatMetrix helps identify threats and keeps our members’ money safe.
— Enis Huseyin, IT Manager, BankstownCity Credit Union
Static authentication methods, such as user ID and password, are simply no longer effective — too many data breaches! Tacking on out-of-band or two-factor authentication for everyone creates a cumbersome, alienating digital experience. The trick is to use step-up authentication when it’s necessary to stop fraud, not when it impedes the experience for legitimate customers.
ThreatMetrix solves this challenge with a combination of big data analytics, smart rules and machine learning that can authenticate online guests and detect nascent threats, such as Trojans and malware, instantly and transparently. Our solutions let you know when step-up authentication (including smartphone-based biometric authenticators) is necessary based on a complete assessment of the actual risk posed. This intelligent, coordinated approach provides superior fraud protection while dramatically reducing customer friction.
What attracted us to [ThreatMetrix] was the fact that it provides a new way of countering cybercrime at the weakest point – the account holder’s computer, as often people do not even have the basics, such as a firewall or antivirus software, installed.
— Ray Battle, Chief Executive Officer, BCU
Users conducting online transactions with their own verified devices can often be the victims of transaction fraud. Some common attacks against end-user devices include Man-in-the-Middle (MitM), Man-in-the-Browser (MitB), phishing, session hijacking, key-logging and other malware-driven attacks. Fraudsters use these attacks to bypass simple device intelligence solutions by launching attacks from the user’s recognized device and authenticated session.
ThreatMetrix delivers strong device identification and detects any breaches to a host application while evaluating the overall security posture of the device. Events showing high-risk signals or anomalies can be flagged for review while legitimate users on trusted devices are recognized in real time.
We chose ThreatMetrix as our online transaction security solution as it was in the best interests of our members. ... ThreatMetrix has a great understanding of the security space, as well as the financial services industry – they understand how we as a Credit Union work within the community.
— Gavin Cook, Corporate Services Manager, Orange Credit Union
In an increasingly connected world, real-time detection of potential threats continues to challenge financial institutions and other digital businesses. The challenge is that consumers can behave in very diverse and unpredictable ways. Sophisticated fraudsters also use techniques to mimic legitimate user behavior, making them hard to detect.
ThreatMetrix takes a unique approach to machine learning, which provides financial institutions an extremely powerful way of detecting and analyzing changes in user behavior. This is combined with advanced behavioral analytics algorithms that offer customizable toolsets for defining advanced rules that accurately identify fraudulent behavior.
We wanted to be sure that our clients’ online sessions were protected to a high degree, which is why we turned to ThreatMetrix. Many of our clients have been very thankful for our technical expertise in helping them prevent malware and other cyberattacks.
— Alister Bennett, Head of Product Management and Development, Rabobank Australia and New Zealand
Financial institutions are under constant pressure to comply with myriad government regulations and industry standards – especially for security. Ensuring fraud protection platforms are effective and compliant can create conflicting goals within the institution and consume valuable resources.
ThreatMetrix solutions are explicitly designed and continuously enhanced to help financial institutions comply with evolving global regulations, including FFIEC mobile protection requirements (U.S.) and PSD2 mandates (Europe).
ThreatMetrix added intelligent customer authentication in front of the existing multi-factor authentication solution to accurately identify returning customers. After the success of the initial deployment, the bank also leveraged ThreatMetrix to address Office of Foreign Asset Control requirements.
— Multinational Bank,