October 16, 2018
ThreatMetrix global digital identity intelligence detects suspicious behavior in real time to quickly address evolving and sophisticated cyberattacks
Offering a full range of products and services, this financial services company is one of the world’s largest, operating in a number of locations across the globe. With a strong online offering, the company serves millions of active online and mobile customers.
With ThreatMetrix, the financial services company can:
- Leverage global shared intelligence from the Digital Identity Network to accurately differentiate between fraudsters and legitimate customers in real time.
- Prevent fraudulent account takeover by identifying unusual or high-risk behavior at login.
- Modify policies and rules in a timely manner, using the simplicity and agility of the ThreatMetrix Policy Engine, in order to combat new and evolving threats.
Cybercriminals are constantly on the prowl, employing creative and sophisticated ways to steal money, obtain information, or cause disruption. Financial institutions are often targeted by cybercriminals seeking to gain unauthorized access to customer accounts and their associated funds. Yet effectively addressing fraud remains challenging as companies struggle to maintain a successful balance between risk management and customer friction.
Upon deploying ThreatMetrix, this financial services company realized an immediate and significant decrease in password reset cases, resulting in a more streamlined customer service process that required less resources. However, as the policy was tightened to address the more complex fraud, the company’s customer service department was impacted by an increase in calls resulting from a surge in false positives.
Modifications were then made to the policy by creating a more precise rule, addressing the issue with customer service call volume and keeping fraud at bay. However, after a long period of inactivity, the company once again observed fraudulent activity surrounding password resets and discovered approximately 20 compromises a day that were costing an estimated $2,000 in losses per case. Fraudsters had evolved their tactics to exploit the revised rule, thereby gaining unauthorized access to users’ accounts and attempting to make electronic money transfers.
Working with ThreatMetrix, the financial services company revised their policy by adding a new rule to accurately detect and block the recent fraud without impacting legitimate customers. Immediate results were once again realized and the company observed fraudulent activity drop significantly.
The Power of Global Shared Intelligence to Detect High-Risk Events in Real Time
The best way to tackle complex, global cybercrime is using the power of a global shared network. The ThreatMetrix Digital Identity Network collects and processes global shared intelligence from millions of daily consumer interactions including logins, payments, and new account applications. Using this information, ThreatMetrix creates a unique digital identity for each user by analyzing the myriad connections between devices, locations, and anonymized personal information. Behavior that deviates from this trusted digital identity can be accurately identified in real time, alerting the financial services company to potential fraud. Suspicious behavior can be detected and flagged for review, step-up authentication or rejection before a transaction is processed, creating a frictionless experience for trusted users.
Key Features of the ThreatMetrix Solution
- ThreatMetrix Smart ID identifies returning users that wipe cookies, use private browsing, and change other parameters to bypass device fingerprinting. This improves returning user detection and reduces false positives. Derived from the analysis of many browsers, plug-in, and TCP/IP connection attributes, Smart ID generates a confidence score that detects multiple fraudulent account registrations or log in attempts.
- Deep connection analysis technologies give the financial services company a clearer view of suspicious events. Fraudsters often attempt to hide behind location and identity cloaking services such as hidden proxies, VPNs and the TOR browser. With Proxy piercing technology, ThreatMetrix examines TCP / IP packet header information to expose both the Proxy IP address and True IP address. These techniques help the financial services company gain detailed network level signals for more accurate decision making.
- Trust Tags enable the financial services company to differentiate between fraudsters and legitimate users. Trust can be associated dynamically with any combination of online attributes such as devices, email addresses, card numbers or any other attributes involved in accepting, rejecting or reviewing a transaction.
- ThreatMetrix ID bridges online and offline data elements for each transacting user and goes beyond device-based analysis, grouping various other entities based on complex associations formed between events, consistently identifying a person irrespective of changes in devices, locations or behavior.