November 21, 2017
Financial services transactions are high value targets for cybercriminals, fueled by large-scale security breaches that have flooded the market with easily available stolen identity data.
This large global bank was profiling about 300,000 online applications per month (including new accounts, mortgages and loans) but fraudulent applications were rising. The bank needed a more holistic approach to identify the use of stolen or spoofed identities in real time, without impacting legitimate customers at a sensitive point in their transaction.
The bank estimated its fraud losses could peak at around $60 million per year by 2018 if it didn’t stem the tidal wave of fraud attacks.
It deployed ThreatMetrix to augment its existing system with digital intelligence from the ThreatMetrix Digital Identity Network. This allowed the bank to detect fraudulent online applications with pinpoint accuracy in real time, while genuine customers experienced virtually no friction:
- The bank’s fraud intervention rate has fallen to 0.08 percent of total monthly transactions. It is aiming to achieve a rate of 0.05 percent in partnership with ThreatMetrix.
- The ThreatMetrix solution succeeds in saving the bank up to $2.5 million every month.
The bank was experiencing the full spectrum of financial fraud, particularly around new applications using stolen or spoofed identities. Fraudsters have become adept at knitting together convincing identities using easily available personal information from large data breaches, meaning static identity assessment methods were no longer effective.
Fraud prevention was damaging the bank’s reputation: legitimate customers were becoming frustrated with step-up authentication designed to reduce fraudulent applications. Manual review rates were soaring as the bank’s existing multifactor authentication (MFA) solution failed to keep pace with the sheer volume of fraudulent transactions.
The bank needed a solution that could look beyond basic identity information, analyzing the full transaction context, including the health of the connecting device, behavioral characteristics as well as other high-risk anomalies such as location cloaking or device spoofing that might indicate fraud. Crucially it needed to ensure that any additional solution did not impact the application experience of legitimate customers.
Leveraging ThreatMetrix Digital Intelligence to Prevent Account Takeover
The bank augmented its existing systems with key ThreatMetrix capabilities, which dramatically reduced fraud losses, while improving customer satisfaction and securing long-term revenue.
The ThreatMetrix solution is underpinned by the ThreatMetrix Digital Identity Network, which harnesses global shared intelligence from millions of daily consumer interactions including logins, payments and new account applications. Using this information, ThreatMetrix stitches together a user’s true digital identity by analyzing the myriad connections between devices, locations and anonymized personal information. The bank could therefore:
- Verify applications in real time against trusted patterns of behavior.
- Leverage the power of shared information about a connecting device or attribute – for example analyzing how a device has behaved across countless other websites, or understanding the length of time that a device or email address has been on the network, giving a clear indication of trust or risk.
This was achieved by leveraging the following key intelligence from the ThreatMetrix Digital Identity Network to authenticate a user’s true identity:
- Device profiling – Device identification, device health analysis and application integrity, as well as detection of location cloaking or spoofing, (proxies, VPNs and the TOR browser). This was supported by:
- ThreatMetrix SmartID, which identifies returning users that wipe cookies, use private browsing and change other parameters to bypass device fingerprinting. This improves returning user detection and reduces false positives.
- ThreatMetrix ExactID, which a persistent global identifier that relies on a variety of markers (browser cookies, Adobe Flash cookies, HTML 5 local storage), to give 100-percent accuracy in identifying a device.
- Threat intelligence – Harnessing point-in-time detection of malware, Remote Access Trojans (RATs), automated bot attacks, session hijacking and phished accounts, then combining with global threat information such as known fraudsters and botnet participation.
- Identity Data – Incorporating anonymized, non-regulated personal information such as user name, email address, telephone number and more.
- Behavior analytics – Defining a pattern of trusted user behavior by combining identity and transactional metadata with device identifiers, connection and location characteristics. Every transaction can be analyzed in the context of this behavior pattern and historic context globally.
- Real-time analytics – By layering information about the connecting device with real-time analytics about the transaction, the bank was able to accurately identify anomalies indicative of fraud. This was supported by:
- ThreatMetrix PersonaID enables a real-time linkage of a current transaction to related transactions through a matrix of attributes associated with the user, device and connection.