October 16, 2018
October 9, 2018
When the commercial banking division of this global bank used a financial exchange to transfer customer transaction data to money management applications, it needed to ensure that the exchange did not present new opportunities for fraudsters.
Many businesses and consumers track their income and expenses using money management applications to help give them a comprehensive view of their finances by creating budgets, tracking and paying bills, and categorizing transactions all in one place. Customers link money management applications to their bank and credit card accounts by passing their user information through the applications. Transaction data is then transferred from the banks over the Internet via a financial exchange to the applications. Many banks use Open Financial Exchange (OFX), which is an open standard API, to provide data to financial applications such as those used for banking, stock portfolios, budgeting, and money management.
When servers began crashing at this global bank, it became apparent that its financial exchange was vulnerable to fraudsters who were performing high velocity credentials testing. Once stolen credentials are verified, fraudsters often use them to perform additional crimes or sell them on the dark web. This global bank needed a fraud solution that could provide insight into activities occurring on its financial exchange and block fraudulent traffic without causing friction for legitimate customers.
The ThreatMetrix Digital Identity Network collects and processes global shared intelligence from millions of daily consumer interactions including logins, payments and new account applications. Using this information, ThreatMetrix creates a unique digital identity for each user by analyzing the myriad connections between devices, locations and anonymized personal information. Behavior that deviates from this trusted digital identity can be accurately identified in real time, alerting the bank to potential fraud.
As global data breaches continue to feature in the evolving cybercrime story, fraudsters have easy access to vast swathes of stolen identity credentials. They often mass test these credentials using automated bot attacks, validating and augmenting existing data to create more complete stolen identities, making it harder than ever for digital businesses to really know who they are transacting with. ThreatMetrix is able to detect these credential testing attacks, even if fraudsters adjust the velocity to appear more like legitimate customer traffic, by accurately pinpointing behavioral anomalies between the digital identity of a trusted user and a fraudster.