March 15, 2019
This immigration agency needed a clearer view of international applicants’ true identity to protect the country’s borders.
With ThreatMetrix, the agency can accurately determine the level of risk for each online application. This has allowed more accurate identification of applicants before an application is processed. The agency can therefore:
- Process online applications more efficiently; reducing fraudulent applications before moving onto the second stage of physical interviews.
- Identify/flag anomalous behavior or activities without alerting the applicant.
- Gather more concise historical persona and behavioral intelligence at the very start of the online application process.
Applications for this government agency are often completed online, in overseas locations where true identification cannot be validated without physical and arduous verification methods which cost the government a large sum of money. Even with physical and onsite interviews, the agency often does not have a full picture of the user’s history or true identity. This poses potential issues if an inaccurate decision or approval is made, allowing fraudsters or terrorists to successfully apply.
Political uncertainty, cross-border travel and the growth of the digital economy has exposed government agencies to evolving threats from terrorism, espionage and online fraud activities.
One of the key challenges this government agency faced was the wide diversity of its applicants. People were applying from diverse global locations and each applicant needed rigorous assessment via physical interviews. However, the agency did not have any visibility of the applicant’s digital identity data. High-risk applicants were potentially going to slip through the process and the tolerance for this to happen was very low.
Fraud was on the rise across other government agencies. This agency was seen as the gateway to the nation’s borders and it was therefore imperative that it could identify anomalous personas or behavior right from the outset of an online application. The agency needed a way of combining the static identity assessment data it sourced internally from other agencies, with dynamic, real-time global digital identity data about the connecting user’s device, location and behavioral profile.
Leveraging Digital Identity Assessments to Enhance Fraud Detection
The government agency’s business model was able to move from a more physical and manual approval process to a more robust automated model that could provide fast concise and frictionless identification of anomalous activity by entities originating locally and internationally. The key requirement delivered by ThreatMetrix was delivering a frictionless and fast application approval process underpinned by real-time global identity data.
The ThreatMetrix solution passively authenticates application in real time using intelligence from the ThreatMetrix Digital Identity Network, eliminating unnecessary friction and maintaining a streamlined online experience.
The Power of Shared Intelligence
The ThreatMetrix solution is underpinned by the Digital Identity Network, which harnesses global shared intelligence from millions of daily consumer interactions including logins, payments and new account applications. Using this information, ThreatMetrix creates a unique digital identity for each user by analyzing the myriad connections between devices, locations and anonymized personal information. The government agency could understand the complete context of every loan application so that suspicious behavior was detected in real time.
Digital Identities are created by combining the following key intelligence:
- Device profiling – Device identification, device health and application integrity, as well as detection of location cloaking or spoofing, (proxies, VPNs and the TOR browser).
- Threat intelligence – Harnessing point-in-time detection of malware, Remote Access Trojans (RATs), automated bot attacks, session hijacking and phished accounts, then combining with global threat information such as known fraudsters and botnet participation.
- Identity data – Incorporating anonymized, non-regulated personal information such as user name, email address and more.
- Behavior analytics – Defining a pattern of trusted user behavior by combining identity and transactional metadata with device identifiers, connection and location characteristics. Every event can be analyzed in the context of this behavior pattern and historic context globally.
This government agency’s pioneering approach to understanding true user identity in the application process has been supported by the following key ThreatMetrix capabilities:
- ThreatMetrix Smart ID helps recognize a returning device even when cookies are deleted/disabled. Derived from the analysis of many browser, plug-in, and TCP/IP connection attributes, Smart ID generates a confidence score that helps the government agency identify when fraudsters are using the same device to apply for multiple fraudulent applications or use mules to complete applications.
- ThreatMetrix Trust Tags enable the government agency to differentiate between fraudsters and legitimate users. Trust can be associated dynamically with any combination of online attributes such as devices, email addresses, card numbers or any other attributes involved in accepting, rejecting or reviewing an online application.
- ThreatMetrix deep connection analysis technologies give the government agency a clearer view of anomalous or suspicious events. Fraudsters often attempt to hide behind location and identity cloaking services such as hidden proxies, VPNs and the TOR browser. ThreatMetrix accurately detects the use of these technologies and, in the case of proxies and VPNs, allows the government agency to see the true IP address, geo-location and other attributes of each event, backed by global identity data over time.