January 10, 2019
Dynamic Digital Identity Intelligence from ThreatMetrix detects high-risk events in real-time, without impacting user experience
This financial institution offers a wide range of services including personal and business banking, insurance, corporate finance, and private banking. The bank’s ethos focuses on effectively meeting customer needs and delivering all-round excellent service; safeguarding customers against fraud and offering them a frictionless online experience are key business imperatives.
With ThreatMetrix, this financial institution can:
- Identify events with devices using Anti-detect tools trying to hide digital fingerprint, by changing browser versions, plug-ins installed in browser, operating system type, time zone etc.
- Recognize the presence of Malware by analyzing behavior patterns or alterations to webpages to reject fraudulent events and flag-off suspicious events
- Detect Remote Access Trojans (RATs) attempting to steal personal information or piggy-back a legitimate user login session.
This financial institution, like many others, was being increasingly targeted by pitch-perfect social engineering attacks that often led to users unwittingly installing remote access software or Malware. At times these attacks were passing strong two-factor authentication barriers because they were piggy-backing fully authenticated logging sessions, for example.
When customers accessed the website to log in to their bank account, make a payment, change a password etc., these Malwares attempted to monitor buttons clicks, fields having personal data including, customer name, account number, passwords and other confidential data.
This financial institution needed a robust fraud solution that could analyze current event data and compare to historic behavior, to accurately distinguish anomalous behavior in real time. Such events demonstrating anomalous behavior then could be flagged for review or directly rejected based on the risk associated.
This financial institution needed a robust fraud solution that could analyze current event data and compare to historic behavior, to accurately distinguish anomalous behavior in real time.
Harnessing the Power of Global Shared Intelligence to Detect High-risk Events in Real Time
The best way to tackle complex, organized cybercrime is using the power of a global shared network. The ThreatMetrix Digital Identity Network collects and processes global shared intelligence from millions of daily consumer interactions including logins, payments, and new account applications. Using this information, ThreatMetrix creates a unique digital identity for each user by analyzing the myriad connections between devices, locations, and anonymized personal information. Behavior that deviates from this trusted digital identity can be accurately identified in real time, alerting this financial institution to potential fraud. Suspicious behavior can be detected and flagged for review, step-up authentication, or rejection before a transaction is processed, minimizing friction for trusted users.
ThreatMetrix deployed an advanced behavioral model to:
- Identify trusted behaviors and associations for each user (devices, IP addresses, locations, session behavior and payment behavior)
- Identify anomalous changes in behavior to prevent payment fraud, including identifying the presence of remote access software and Malware behavioral signatures
- Identify the presence of persistent fraud networks by cross-correlating to intelligence on known mule accounts or fraudulent behavior seen elsewhere in the ThreatMetrix Network
- Identify behavioral anomalies related to insider fraud
Key Features of the ThreatMetrix Solution
- ThreatMetrix Malware protection helps businesses mitigate the risk of even the most sophisticated malware, thereby reducing fraud. This includes protection from Man-in-thebrowser (MITB), Remote Access Trojan (RAT), High velocity/frequency bot attacks to low-and slow attacks mimicking legitimate customer behavior, ransomware, key logging attempts etc.
- Malware Detection and Application Reputation in the ThreatMetrix Mobile SDK, evaluates all installed applications on android devices and verifies them against an industry-leading signature database of over 15 million mobile apps. Known, trusted applications are validated while applications containing malware or suspicious reputations are flagged in real time.
- Honeypot Technology sets traps to detect unauthorized webpage modifications in the browser. The Honeypot trap appears to malware as if a user is navigating to the type of high value websites malware generally targets. As the malware attempts to attack this – by injecting additional web content such as additional form elements, or popup dialogues asking for personal information – our Honeypot detects those changes in real-time.
- ThreatMetrix can augment its capabilities by folding in additional external threat intelligence feeds via Integration Hub. The Integration Hub allows institutions to onboard relevant third party data sources and custom services to provide additional authentication and identity verification services for high-risk transactions.