November 14, 2017
- Protect government departments from fraudulent account takeover
- Prevent cybercriminals from remotely hijacking government accounts via remote access Trojans (RATs)
- Prevent fraudsters from intercepting government traffic using Man-in-the-Browser (MitB) technology
- Protect against insider threat by analyzing trusted patterns of behavior to detect any anomalies that deviate from the norm
Government-related data breaches can have an extremely negative effect on public perception, reputation and trust. The data involved is often highly sensitive and can have huge consequences if it passes into the wrong hands, having political as well as financial implications. Cybercriminals are motivated by a range of different circumstances, from applying for a fraudulent visa, to intercepting and falsifying environmental data, to perpetrating tax fraud. Whatever the motivation, government departments are under increasing pressure to ensure that they have a robust fraud and security strategy that is able to detect the full spectrum of possible attacks.
Government departments are key targets for cybercriminals attempting to takeover sensitive accounts with stolen or synthetic identities, steal personal credentials or intercept data. In addition, corporate espionage can have devastating consequences, making insider threats a real concern. This heightened threat is set in the context of numerous high profile data breaches which have flooded the dark web with easily available identity data.
Cybercriminals can purchase a complete identity for mere dollars, making it far harder for government departments to really know who they are transacting with.
Static identity assessment data is near useless when pitted against fraudsters using stolen identities, or pitch perfect social engineering attacks that harvest sensitive personal credentials to gain access to user accounts. ThreatMetrix can provide a robust, holistic approach to authenticating user identities that leverages dynamic, real-time intelligence and is able to detect live threats from malware and bots before they infiltrate government accounts.
Leveraging the Power of Digital Identities
The ThreatMetrix solution is powered by the ThreatMetrix Digital Identity Network which harnesses global shared intelligence from millions of daily consumer interactions including logins, payments and new account applications. Using this information, ThreatMetrix creates a unique digital identity for each user by analyzing the myriad connections between devices, locations and anonymized personal information. Behavior that deviates from this trusted digital identity can be accurately identified in real time, alerting government departments to potential fraud. Suspicious behavior can be detected and flagged for manual review or rejection before a transaction is processed.
Government-related data breaches can have an extremely negative effect on public perception, reputation and trust. The data involved is often highly sensitive and can have huge consequences if it passes into the wrong hands, having political as well as financial implications.
Digital Identities are created by combining the following key intelligence:
- Device profiling
Device identification, device health and application integrity, as well as detection of location cloaking or spoofing, (proxies, VPNs and the TOR browser).
- Threat intelligence
Harnessing point-in-time detection of malware, Remote Access Trojans (RATs), automated bot attacks, session hijacking and phished accounts, then combining with global threat information such as known fraudsters and botnet participation.
- Identity data
Incorporating anonymized, non-regulated personal information such as user name, email address and more.
- Behavior analytics
Defining a pattern of trusted user behavior by combining identity and transactional metadata with device identifiers, connection and location characteristics. Every event can be analyzed in the context of this behavior pattern and historic context.
This layered approach to fraud prevention, authentication and threat detection allows government departments to have a far more accurate risk profile of each and every transaction.
The ThreatMetrix Solution for Government
ThreatMetrix can help government agencies confidently detect key situations that put user accounts or government data at risk including:
- Attempted logins using stolen credentials: Detect an existing user logging in with a new device, attempted logins from unusual locations or via hidden proxies/VPNs, and attempted access to multiple accounts using a single device.
- Users who have fallen prey to phishing attacks: Detect unusual devices, location patterns or behavior that appears anomalous or high-risk.
- Malware attacks: Detect evidence of malware on a legitimate user’s device or login session.
- Credential replay attacks or session hijacks: Detect when a device changes between a login and a transaction, or when cookies are copied between devices.
- Automated bot attacks: Detect high velocity password attempts, unusual packet fingerprints, known botnet participation, and other symptoms of a scripted attack.
Long-term fraud protection for key government platforms can be supported by the following ThreatMetrix capabilities:
- ThreatMetrix Smart ID
Helps recognize a returning device even when cookies are deleted/disabled. Derived from the analysis of many browser, plug-in, and TCP/IP connection attributes, Smart ID generates a confidence score that helps identify when fraudsters are using the same device to access/open multiple accounts or use mules to complete applications.
- ThreatMetrix Trust Tags
Helps differentiate between fraudsters and legitimate users. Trust can be associated dynamically with any combination of online attributes such as devices, email addresses, card numbers or any other attributes involved in accepting, rejecting or reviewing a transaction.
- ThreatMetrix deep connection analysis technologies
Provide a clearer view of anomalous or suspicious events. Fraudsters often attempt to hide behind location and identity cloaking services such as hidden proxies, VPNs and the TOR browser. ThreatMetrix accurately detects the use of these technologies and, in the case of proxies and VPNs, reveals the true IP address, geolocation and other attributes of each event.