November 21, 2017
Glossary of Digital Identity
Persistent and statistical web and mobile device identification.
Tag ID is a persistent global identifier that relies on a variety of markers (ex., browser cookies, Adobe Flash cookies, HTML 5 local storage) to give 100-percent accuracy in identifying a device.
Statistical ID identifies returning users that wipe cookies, use private browsing and change other parameters to bypass device fingerprinting. This improves returning user detection and reduces false positives.
Mobile SDK is a lightweight software development kit (SDK) for Google Android and Apple iOS mobile devices that provides complete fraud protection for the mobile channel.
The ability to distinguish new and returning devices by looking at operating system information, system configuration information, hardware and software details and other proprietary identifiers.
Ensures the host application containing with an embedded Mobile SDK has not been tampered with or modified by malware or a malicious user. Known, trusted applications are seamlessly identified in real time, along with any application containing malware or a poor associated reputation.
A software development kit (SDK) for Apple OS X and Microsoft Windows endpoint/desktop applications providing holistic fraud protection.
A lightweight client validates and protects sessions with your business and assists in finding and eliminating any security issues.
Location Fraud Detection
Fraudsters often attempt to hide behind location and identity cloaking services, such as hidden proxies, VPNs and the TOR browser. Accurately detecting the use of these technologies and, in the case of proxies and VPNs, allowing businesses to see the true IP address, geolocation and other attributes of each transaction are critical for preventing fraud.
True IP allows businesses to see the actual IP address of the connecting user, providing a number indicating how close the True IP is to the Proxy IP in terms of IP address.
Profiling tags can detect a unique domain name. A recursive call through various intermediate DNS Servers will reveal the IP address of the ISP’s DNS Server. This exposes any anomalies between the client’s IP address and its relationship with the DNS Server, including both geolocation and the associated ISP Organization.
Examines TCP/IP packet header information to expose the Proxy IP address and True IP address.
Detects the use of VPNs, allowing businesses to see the true location of the connecting user.
Location Services capture Wi-Fi, cellular and GPS details, which are compared to IP address information to detect anomalous connections and the use of proxies and VPNs. This includes analysis of geographical attributes, such as IP address, VPNs and the TOR network.
Detects cybercriminals using proxies, IP spoofing, GPS tampering etc. to mask their true location.
Digital Identity bridges the gap between physical identities and online user identities. Digital identities are unique and impossible to fake, leveraging the almost infinite connections that a user creates as they transact online. This ensures that legitimate users are recognized and experience minimal friction, while fraudsters using stolen or spoofed identities are accurately detected before the transaction is processed.
Associations between accounts and email addresses with anonymized, non-regulated personal information, such as user name and telephone number, and also key intelligence relating to devices, locations and online behavior build a unique digital identity for each individual.
Captures connected entities, such as email addresses, transactions, accounts, devices, IP addresses, geolocation, proxies, and physical addresses relating to an individual.
Evaluate user and device interactions in the current session to historical user and device interactions and to known bad behaviors.
Threat Detection is point-in-time detection of complex fraud attack vectors across desktop and mobile. This is combined with global threat information, such as known fraudsters and botnet participation, to give organizations a holistic view of emerging threats.
Context-based information used to perform behavioral analysis of users during periods of normal operation and compares such data to that gathered during a botnet attack. This differentiates between a human and a bot in real time. It can also detect low-and-slow attacks that are designed to bypass traditional rate control measures, such as WAFs, by mimicking legitimate user behavior patterns.
This capability detects changes in behavior that are indicative of fraudulent session hijacking.
Detection of individuals testing stolen credentials as well as automated botnet attacks performing mass credential testing sessions. This involves comparing each transaction to digital identity information to detect anomalies relating to devices, email addresses, behavior and more.
Detection of jailbreak and root serves as a potential indicator that the device may have been modified to commit fraud.
Ability to detect any application containing malware or a poor associated reputation. Conversely, known and trusted applications are seamlessly identified in real time. These benefits also apply to the host iOS app. Honeypot technology sets traps to detect unauthorized webpage modifications in the browser. This tricks the malware into believing the user is about to navigate to a high value website.
Detects Man-in-the-Middle (MitM) and Man-in-the-Browser (MitB) attacks, as well as targeted Trojans.
Monitor and control user accounts to minimize the risk of insider threats.
Information relating to the trustworthiness of applications running on a user’s mobile device to detect the presence of malicious or potentially unwanted apps.
Transactions are compared against the trusted digital identity of the real user to identify anomalies that might indicate fraud. For example, a fraudster may use a spoofed device, a hidden location or an unusual pattern of behavior, such as an unusually high payment.
Detects device tampering and attempts to masquerade as a different device, for example, using virtual machines.
Ensures the host application containing the Mobile SDK has not been tampered with or modified by malware or a malicious user. This identifies unofficial or illicitly modified customer applications.
Fraud Prevention Integration and Orchestration
This solves the challenges of operationalizing digital identity assessments with an Integration Hub that unites digital and threat intelligence with back-end services and prepackaged/customized third-party services, such as identity verification and two-factor authentication, streamlining fraud and security orchestration.
A real-time interface that returns device identifiers, anomaly indicators and risk scores. This includes an API server as well as SDKs for web, mobile and endpoint.
A REST-based open API that extends the capabilities of a core platform to include third-party services.
Two-factor authentication is an identity-based solution that invokes a challenge response only when attributes or behavior deviate away from the trusted digital identity. A one-time passcode is generated and sent to the user’s mobile to authenticate their identity.
The ability to bridge the gap between online identities and physical identities by combining static identity data with dynamic, real-time intelligence from current and historical transactions. This gives a more accurate risk score for every user.The ability to bridge the gap between online identities and physical identities by combining static identity data with dynamic, real-time intelligence from current and historical transactions. This gives a more accurate risk score for every user.
Validates IP geolocation and phone carrier ID based on ownership and irrefutable evidence of communication with the SIM card.
Make comparisons against collective threat intelligence. Additional insight from industry data about known malware and spyware can provide a security risk profile of each user’s device.
Address verification attributes, (e.g. length of residence at a particular address), and history of email address can help filter out bots attacking with machine-generated information.
An extensible, enterprise-accessible database that allows an organization to privately and securely store and retrieve identifying attributes, characteristics, and behaviors associated with their users and customers.
Real-Time Fraud Prevention Analytics
This is the ability to combine business rules, behavioral analysis and machine learning into an integrated framework to make real-time decisions, providing business agility and dynamic adaption to changing fraud and user trends.
An open policy engine allows businesses to incorporate and adjust their own tolerance for risk and operational metrics.
A REST-based open API that extends the capabilities of a core platform to include third-party services.
This enables policies to call other policies via a special “Call Policy” rule.
Enables customers to tune their policies and access pertinent information for future risk assessments.
An online portal that businesses can use to create and modify their policies.
Digital identities can be continuously evaluated in the context of each and every transaction, correlating seemingly disconnected security incidents in real time.
The ability to uncover anomalous behavior in real time through the association of related activity and connected entities, such as email addresses, transactions, accounts, devices, IP addresses, geolocation, proxies, and physical addresses using Persona ID.
Uses behavioral analytics to accurately detect and analyze changes in user behavior. This approach identifies complex fraud patterns with high accuracy based on dynamic user behavior modeling.
Measures of time, such as the time since the first event, time since the last event, and average time between events.
Measures of metadata, such as velocity and frequency, or how quickly and often something occurs over a particular period of time.
Measure of distance/location, such as distance from closest location, average distance between events, and the standard deviation between this event and all other events.
A cognitive system that gives customers an effective, predictive model based on past behavior and transaction data. This clear-box approach to machine learning combines global intelligence with customer truth data to produce a more accurate model.
Individual pieces of information are hashed, so that they can never be tied back to an actual identity/person. This connects or links related personas, which is the key benefit versus associating information with an actual identity/person.
Fraud Prevention Decision Management
This is the ability to enable continuous optimization of authentication and fraud decisions with visualization, data correlation and exception handling.
Reporting for retrospective-based and proactive forensic data analysis.
Case management highlights only those transactions that genuinely require follow up or manual review, reducing operational costs associated with high manual reviews.
A graphical interface for examining and investigating data trends to allow the user to take action on, or move specific events directly from the screen.
Identifies transactions that require additional review, providing a smarter, more integrated way to handle increasingly complex caseloads. This workflow process is highly customizable to suit the varying needs of different use cases and system configurations.
Queue-based technology that assists in the collection of relevant information about an investigation and then supports the escalation procedure. By creating a case, an analyst can monitor and track an event as well as associate other attributes to it.
An area for investigating events and entities to enable detailed examination for further analysis.