Fighting Fraud with Data Science Innovations in Digital Identity
Posted June 3, 2016
We are looking forward to getting our glad rags on for the black-tie SC Magazine Awards Europe 2016 dinner in London next week. This year, the ThreatMetrix Digital Identity Network is up for the Best Fraud Prevention Solution award. Which presents a nice opportunity for us to take a brief behind-the-scenes look at the technology that makes this platform so distinct from other online fraud prevention solutions.
Tackling online fraud with digital identities
As all businesses go online, it’s becoming harder than ever to verify that online users interacting are who they say they are. Operating under a cloak of online anonymity, cybercriminals are using stolen credentials harvested from large-scale data breaches to commit payment fraud, account takeovers, and account log-in fraud.
The ThreatMetrix approach to tackling online fraud centres round our ability to understand the digital DNA of users and their unique online footprint, through the Digital Identity Network. Knitting together trusted digital identities that can’t be faked by fraudsters facilitates the most advanced fraud prevention and an accurate authentication of users.
A global treasure trove
The power of the Digital Identity Network lies in its ability to tap into billions of data points globally, and to draw conclusions in real-time, enabling commercial and government organizations to leverage powerful insight in a completely anonymised fashion – respecting individual privacy.
It’s all about stitching together the digital footprints each user makes as they cross the web: the devices they have used; locations; payment details; websites visited; login credentials; and typical transaction behavior. This helps identify them and block the bad guys. But the average enterprise is not been able to tap into this global treasure trove of data working independently.
This is where the Digital Identity Graph comes in – the data science concept behind the Digital Identity Network. It maps the complex and ever-changing associations among people and their communication devices, account credentials, telephone numbers, physical addresses and the businesses with which they interact.
How it works
1) Global data sharing
When authenticating a user and/or transaction, verification analysis is performed locally on around 200 identifying features across device, behaviour, and identity, as well as threat and malware detection. Simultaneously, there is an API call to a network which stores a hashed version of every online event that it has ever seen, across 200 countries. The event-specific analysis is cross-correlated with previous transactions related to that individual.
Sharing data across countries and industries in as large a network as possible is critical for fraud detection because it helps businesses assess transactions in context and spot anomalous behaviour with unparalleled accuracy; whilst protecting against crime rings and unmask cybercriminals pretending to be legitimate users.
We also found that it is just as useful to get information about positive interactions as it is about high-risk interactions. So we share all the intelligence from all the traffic, not just the risk-based data. That is what we call “establishing trust”.
2) Real-time analysis
All this is done in real-time, and in a way that is totally invisible to the user. All checks are complete within 120 milliseconds. This is powered by modern big data computing platforms, and several data centers around the world with elastic scalability.
The real-time analysis allows digital businesses to make instant decisions on whether to accept or reject transactions; offering the optimal customer experience and reducing operational burdens. For example, leading online lender Kabbage is able to re-write the rulebook on personal financing by offering customers immediate decisions on loan applications- rather than the traditional approach that relies heavily on slower credit checking.
3) Big Data
The value of correlation with what has been seen before on the network lies in the amount of data already seen and analysed. The Network analyses around 75 million events per day, across 40,000 websites and apps. Each event it analyses adds to its power to authenticate users accurately.
The power of the Digital Identity Network lies in the diversity of data that ThreatMetrix sees across all the different industries operating online; and the massive scale at which its major global customers are operating at, such as Netflix and Lloyds Banking Group.
Crucially, the Digital Identity Network is able to operate using completely anonymised data, so that we can establish a “sharing without disclosure” model where no other organisation gets access to the data, just the intelligence gleaned from it.
Data passed to ThreatMetrix from online businesses is anonymised and encrypted with a private key that remains in the hands of the company processing this data. Data is hashed and salted before storing, to prevent reverse engineering. This allows us to contrast the data and authenticate the information without handing PII. For example, salt-hashing an email address would make it unreadable to the human eye, but we would be able to note its hashed value and check it’s the same email we have seen elsewhere on the network.
Looking Beyond Your Perimeter
Organizations are finally starting to think bigger about how to tackle the online fraud epidemic by looking beyond their own perimeters. Thankfully the technology now exists – through our innovative Digital Identity Network.
For a short explainer video on how the data science behind the Digital Identity Network works please click here, and for a more independent write-up of our capabilities see this recent paper from 451 Research.