March 27, 2019
Winning the ‘Identity War’: The Next-Gen Platform for Predictive Fraud & ID Management
Posted November 15, 2018
I’m all for devoting an entire month to raising awareness about cybersecurity – don’t get me wrong – but I’m living for the day when digital identity forever turns “awareness” into “winning.”
The fact is, threat actors weaponizing stolen identity data to achieve their malicious goals has become an existential threat to every organization. Thanks to a never-ending stream of identity records stolen in recent years, fraudsters now routinely hijack or sign up for accounts from which to commit financial crimes or to exploit human weaknesses and fear.
The problem: Many organizations have flawed ways of recognizing when stolen identity elements are being used deceptively. Thanks to fragmented identity verification systems locked within disconnected silos, they aren’t able to get a resolute view of the customer at the point of each interaction—whether it’s opening a new account, logging in to do business, or making a payment.
That’s exactly why ThreatMetrix and LexisNexis Risk Solutions have joined forces to bring you the next generation fraud and identity platform—one that’s capable of giving organizations the visibility they need to confirm whether the person on the other end of a transaction is really who they claim to be.
In It to Win It
To be clear, I’m not talking about one single piece of technology. I’m talking multiple layers of defense that give organizations a resolute view of each user so that they can disrupt cyberattacks and gain an upper hand in the identity war.
Layer 1: Digital and Identity Intelligence
The ThreatMetrix platform gives organizations the ability to correlate all of an individual’s digital personas together into a unique and anonymized identity, providing meaningful and actionable insights on the risk of a given transaction.
Through visualizations and analysis of the linkages between identities and associated credentials, devices, accounts and behaviors, organizations are able to instantly determine whether the identity of the person on the other end of a transaction makes sense.
Our proxy-piercing tools peer behind VPNs to understand the true location and true IP address of the user to ensure it’s consistent with the user’s known locations and likely travel patterns, for instance.
Using SSL fingerprinting, we can also identify where the user’s device has been compromised by malicious software infiltration. And behavioral biometrics spot any number of signals, such as whether the user is actually a human or a bot, as evidenced by someone who might dwell for a while when answering a question during an account opening, vs. someone who instantly provides an answer. This is critical given the increased industrialization of bots.
We also look at how information about this device or this identity compares with intelligence from its interactions with other organizations. Details captured at the time of a transaction are assessed in relation to tokenized data from thousands of organizations within the ThreatMetrix Digital Identity Network—across use cases, industries and global geographies in order to spot fraud.
Layer 2: Decision Analytics
Every transaction comes down to that moment of truth, and you’ve got to make trust decisions at lightning speed to ensure a fast, compelling experience.
The second layer of defense involves the application of advanced link analysis technologies, behavioral analytics and machine learning to evaluate complex datasets at a scale and speed that makes it possible for you to make the best possible trust decision for a user’s identity and for the transaction at hand.
Among other things, the platform supports 3DS 2.0, which enables frictionless transactions by connecting the dots between the user, the merchant and the payments issuer—complete with an enterprise view of that digital card holder. By bringing this kind of science to risk, we’ve been able to help one national bank cut fraud on its mobile app by 99%.
Layer 3: Verification and Authentication
This next-gen platform enables organizations to make consistent and accurate trust decisions by reducing uncertainty in digital interactions.
One of the ways we do that is through Strong Device ID. This is a cryptographically-backed identifier that’s stored in either chip-based or browser-based devices, so it’s unspoofable, unbreakable, and can be used as a regulatorily accepted authenticator, say for transactions that fall under PSD2.
What’s more, the ThreatMetrix platform authenticates all of this decision data with any additional intelligence or authentication mechanisms an organization may require. This can include offline identity documents on a specific user, or challenge questions and other step-ups at the point of new account origination, login, or payment.
Layer 4: Investigation & Review
Here, comprehensive case management tools give review teams everything they need to efficiently make accurate decisions when transactions fall into dispute, or when law enforcement action may be required. Robust compliance tools help keep operations running effectively within diverse regulatory environments.
After all, machines aren’t going to be able to make every decision, and humans often still need to be in the loop to have a final say. The ability to harness shared intelligence from the Digital Identity Network helps humans make smarter decisions, faster.
Our solution also makes it easier to do health checks, diagnosis, and benchmarking to help businesses continually refine their operations for the realities of not just the identity war we find ourselves fighting, but also the competitive war for customer loyalty and maximum lifetime value.
Standing Strong, Together
As important as these layers are to protecting against threat actors, they’re only as good as the shared, anonymized real-time intelligence they draw from trusted organizations joining forces to fight back.
Will this combination prove victorious? The short answer is yes. By using digital identity-based approaches to user verification and assessment, we’re already turning “awareness” into “winning” by taking back a stretch of digital world with each new day.
To learn more about a digital identity-based approach to user verification and risk-based decisioning read the solution brief, “Verifying Trust Along the Entire Customer Journey”