March 27, 2019
This online payments company makes global payments a local experience. Backed by over 18 years of expertise in this space, it has collaboration with well-known brands, with an offering of money transfer services to individuals such as migrants, expatriates, and small businesses around the world.
Founded with a core value of providing the best customer experience by offering the best exchange rate and the fastest money transfer.
The Early Partnership
- In 2015, the company experienced criminal activity from organized fraud rings. Its team identified a series of fraudulent account registrations on its platform, so collaborated with ThreatMetrix to investigate further.
- Data analysis with ThreatMetrix revealed that credentials stolen from the dark web were used to set up fraudulent bank accounts and the same information was used to register for online foreign exchange accounts.
- By leveraging a rich pool of information from the ThreatMetrix Digital Identity Network, the company uncovered a massive tax fraud where fraudulent bank accounts were used to claim fictitious tax refunds in multiple jurisdictions.
“We are a unique platform making global payments a local experience and ThreatMetrix works as a great partner helping us do so.”
The Evolution of Cybercrime on The Platform
2016 witnessed an evolution of the anatomy of fraud attacks, encompassing a range of different attack vectors used by organized crime rings to monetize user data harvested through data breaches. An example of this is automated bot attacks being used in ever-more complex ways to try and infiltrate end-user accounts, open new ones or make fraudulent payments.
The company soon became a target of such bot attacks. The customer identity verification process (that required someone from the compliance team or customer service team to talk to the customer to confirm his identity) could not match the pace and sophistication of these attacks. This approach also led to an increase in operational costs.
The Bringing Down of a Large Identity Testing Attack
- The Attack: Over a period of 7 hours, the company detected several attacks from bots, attempting to register new accounts with the intent to validate banking credentials with leading financial institutions using their services. These attacks were a mix of “junk” logins and account registrations with seemingly genuine details for account creations. Once the accounts were created, the fraudsters would attempt to login to the various account in rapid succession. During this period, the fraudsters attempted to use multiple methods to bypass security controls and create new accounts using stolen credentials. These methods ranged from cookie wiping and session reply to hidden proxies and rotating IP addresses.
- Solution: By using intelligence from the ThreatMetrix Digital Identity Network, it could restrict these activities from bots, stopping further activity on the platform.
- Results: Over 1,200 attacks were stopped, saving millions in potential fraud losses and operational costs.
“We were looking to automate the customer verification process to give our customers a more seamless user experience. The anonymized data available in ThreatMetrix network helps us get certainty around the customer identity and we are much more comfortable then on-boarding a customer.”
Harnessing the Power of Global Shared Intelligence to Detect High-Risk Events in Real Time
The best way to tackle complex, organized cybercrime is using the power of a global shared network.
The ThreatMetrix Digital Identity Network collects and processes global shared intelligence from millions of daily consumer interactions including logins, payments, and new account applications. Using this information, ThreatMetrix creates a unique digital identity for each user by analyzing the myriad connections between devices, locations, and anonymized personal information. Behavior that deviates from this trusted digital identity can be accurately identified in real time, alerting companies to potential fraud. Suspicious behavior can be detected and flagged for review, step-up authentication, or rejection before a transaction is processed, minimizing friction for trusted users.
Key Features of the ThreatMetrix/Online Payments Company Partnership
- ThreatMetrix Smart ID identifies returning users that wipe cookies, use private browsing, and change other parameters to bypass device fingerprinting. This improves returning user detection and reduces false positives. Derived from the analysis of many browsers, plug-in, and TCP/IP connection attributes, Smart ID generates a confidence score that helped detect multiple fraudulent account registrations or login attempts.
- Deep connection analysis technologies give a clearer view of suspicious events. Fraudsters often attempt to hide behind location and identity cloaking services such as hidden proxies, VPNs and the TOR browser. With Proxy piercing technology, ThreatMetrix examines TCP/IP packet header information to expose both the Proxy IP address and True IP address. These techniques helped gain detailed network-level signals for more accurate decision making.
“We are looking forward to a significant business growth in next few years and ThreatMetrix is really going to help us achieve those strategic growth targets.”