November 14, 2017
This large online marketplace enables consumers and businesses to buy and sell goods and services worldwide. It has a large number of live listings and also provides sellers with the platform, solutions, and support they need to grow and develop their businesses. Success of this magnitude is predicated on the ability to provide a frictionless online experience for both buyers and sellers across multiple channels, while ensuring fraud prevention.
With ThreatMetrix, the company could:
- Achieve multi-platform account takeover protection for the native mobile app, mobile web channel and web channel.
- Curb high-risk behavior in real time, before fraudulent accounts are registered or legitimate accounts are compromised.
- Better identify risky buyers using ThreatMetrix global shared intelligence.
- Leverage device and network signals to detect and prevent activities from bots.
[This] is a very unique marketplace: identifying fraud within such a vast volume of listings while avoiding false positives is critical. The results we’re achieving with ThreatMetrix are extremely impressive.
— Head of Fraud
Because of its global scale and relatively simple sign-up procedures, this large online marketplace is a prime target for fraudsters. Experiencing the downstream effects of persistent data breaches, fraudsters capitalized on the company’s impressive market penetration to test stolen credential data.
The fraud then developed into account takeovers; 85 percent of which centered around fraudulent listing behavior that was extremely difficult to detect among such vast listing volumes. The platform was also seeing the emergence of high-risk and fraudulent buyers who didn’t intend to pay for their purchases, instead attempting to capitalize on the company’s policy of bidding/committing to buy before making payments.
The company’s previous fraud solution used cookie-based device identification to detect fraudulent behavior. However, cybercriminals quickly circumvented this by using multiple/new devices or wiping their browser history, rendering the solution virtually ineffective.
Thus, the company needed a robust, layered approach that could effectively distinguish between good and bad buyers in real time, without adding unnecessary friction for legitimate users.
Our previous solution did not have the complexity or scalability that we needed to tackle our growing fraud challenges. ThreatMetrix is giving us accurate risk-based intelligence so that we can accept more transactions and improve [our] customer experience.
— Head of Fraud
The Power of Global Shared Intelligence to Detect High-Risk Events in Real Time
The best way to tackle complex, global cybercrime is using the power of a global shared network. The ThreatMetrix Digital Identity Network collects and processes global shared intelligence from millions of daily consumer interactions including logins, payments and new account applications. Using this information, ThreatMetrix creates a unique digital identity for each user by analyzing the myriad connections between devices, locations and anonymized personal information. Behavior that deviates from this trusted digital identity can be accurately identified in real time, alerting the company to potential fraud. Suspicious behavior can be detected and flagged for review, step-up authentication or rejection before a transaction is processed, creating a frictionless experience for trusted users.
ThreatMetrix Key Features
- ThreatMetrix Smart ID helps to recognize returning devices even when cookies are deleted or disabled. Derived from the analysis of many browsers, plug-in, and TCP/IP connection attributes, Smart ID generates a confidence score that detects multiple fraudulent account creations or sign in attempts from a single device.
- Deep connection analysis technologies give a clearer view of suspicious events. Fraudsters often attempt to hide behind location and identity cloaking services such as hidden proxies, VPNs and the TOR browser. With Proxy piercing technology, ThreatMetrix examines TCP/IP packet header information to expose both the Proxy IP address and True IP address. These techniques helped the online marketplace gain detailed network level signals for more accurate decision making.
- ThreatMetrix continues to be a key enabler for context-based decisioning by empowering its users with detailed device, network and historic behavior-based signals. Specific policy configurations have helped the company accurately identify fraudulent users and take action.
- The company plans to extend the ThreatMetrix solution to cover the “forgotten password” flow, to protect against fraudsters using key stolen identity credentials to infiltrate user accounts.
- It also wants to implement the ThreatMetrix solution downstream.
The ThreatMetrix solution is the only signal that we are using to drive our policy to identify high-risk buyers. It is working at such a high level of accuracy that it is making a very compelling business case.
— Head of Fraud