March 27, 2019
Technological innovation and changing consumer behavior continue to create a world that is more connected than ever before. However, as the amount of data grows in volume and importance, securing sensitive data from sophisticated cybercriminals has become increasingly challenging. With data breaches persisting amid a constantly evolving digital landscape, vulnerabilities in systems, fraud management, operations, and people are being relentlessly exploited by cybercriminals.
Meanwhile, the healthcare industry is undergoing major changes. As the United States alters the way it evaluates and pays for healthcare, providers are not only under pressure to demonstrate value-based care, but also to adapt to a transforming digital landscape in which consumer engagement is key. Furthermore, rising health insurance prices have resulted in greater financial burden for consumers, increasing out-of-pocket payments and giving way to health savings accounts (HSAs).
Securing Patient Data in An Unsecured World
As healthcare providers seek to utilize digital platforms and portals to streamline operational efficiency, reduce costs, and facilitate patient engagement, cybercriminals are taking notice of the higher value of healthcare data over credit card data. Protecting patient privacy and maintaining security of health information, while providing the seamless experience that users expect, is crucial. The challenge for healthcare providers and digital technology vendors is how to accurately differentiate legitimate users from bad actors without introducing unnecessary friction. Static information alone is no longer effective to verify user identity, since passwords and answers to knowledge-based questions can easily be guessed, hacked, phished, or purchased on the dark web. Although two factor authentication (2FA) provides an extra layer of security, SMS codes can be intercepted by cybercriminals via device spoofing, SIM card cloning or social engineering attacks, and also add an additional layer of friction for the end user.
Healthcare providers and digital technology vendors need a solution that enables them to see beyond who a user claims to be in order to accurately detect and block fraudulent new account applications, account takeover attacks and fraudulent HSA payments or transfers.
Leveraging Global Shared Intelligence for Accurate, Real-time Decisioning
The ThreatMetrix Digital Identity Network harnesses real-time shared intelligence from billions of transactions collected against tens of thousands of websites and hundreds of millions of mobile devices worldwide. Using this intelligence, ThreatMetrix analyzes the myriad connections between devices, locations, behaviors, detected threats and critical but tokenized personal information to stitch together a user’s true digital identity, which fraudsters are unable to fabricate. Behavior that deviates from a trusted digital identity can be accurately identified in real time, alerting healthcare organizations to potential fraud. Suspicious behavior can automatically be flagged for manual review or step-up authentication before a login, payment, or new account application is processed. With ThreatMetrix, healthcare providers and digital technology vendors can secure platforms and portals by:
- Protecting Against Account Takeover Attacks: As the healthcare industry moves toward digital billing practices and patient engagement methods, sensitive information including medical exams, prescriptions, laboratory tests, health insurance and more is being placed online. ThreatMetrix can help healthcare providers, insurers, and digital technology vendors protect user logins without adding unnecessary friction by passively authenticating returning users. Unusual device or user behavior that might suggest fraudulent account takeover, such as attempted logins from unusual locations, hidden proxies or VPNs, and multiple attempts to access accounts using a single device can be detected in real time. ThreatMetrix also detects high velocity password attempts, unusual packet fingerprints, known botnet participation, and other symptoms of a scripted attack.
- Preventing Fraudulent Payments and Transfers: With employers continuing to pass along the high cost of health insurance to employees through high-deductible health plans (HDHP), consumers are finding themselves making more payments to physicians, pharmacies, clinics, laboratories, and hospitals, while looking for ways to save by utilizing HSAs. By leveraging ThreatMetrix, healthcare payment and HSA providers can understand genuine user behavior by identifying complex patterns and detecting anomalies between current and historical behavior to prevent fraudulent payments, transfers, and withdrawals. In addition, as consumer payment behavior becomes more mobile-driven, ThreatMetrix software development kit (SDK) provides healthcare payment and HSA providers with complete fraud protection for the mobile channel, including application integrity evaluation, advanced persistent device identification, malware detection, location services, jailbreak and root detection technologies, anomaly and device spoofing detection, and dynamic configuration and updates.
- Detecting and Blocking Fraudulent New Account Applications: Today’s consumers expect a streamlined experience and immediate service. However, with an endless supply of stolen identity information available for purchase on the dark web, fraudsters are adept at creating full and convincing identities to bypass existing verification methods. Healthcare providers and vendors often have limited information regarding new account applicants. However, by leveraging the ThreatMetrix Digital Identity Network, the largest repository of crowdsourced intelligence in the world, organizations gain deep insight into nearly one and a half billion tokenized user identities, enabling them to detect fraudulent new account requests using stolen identities, automated botnet account creation, and crime rings using pooled identities.
The ThreatMetrix Advantage
In order to protect consumer privacy and maintain security of health information while also improving patient engagement and striving toward personalized care, healthcare providers and digital technology vendors need to adopt a robust solution that effectively detects fraudulent activity without diminishing the user experience. ThreatMetrix supports healthcare providers, insurers, pharmacy benefit managers, HSA providers, payment providers and digital technology vendors with the following key capabilities:
- An Unparalleled Network: The ThreatMetrix Digital Identity Network protects around one and a half billion unique online accounts using intelligence harnessed from 3 billion monthly transactions.
- Rising Recognition Rates: Over 90% of returning users are recognized without friction.
- An Integrated Approach to Authentication: Flexibly incorporate real-time event and session data, third-party signals and global intelligence into a Smart Authentication Platform to deliver a consistent and low-friction experience with reduced challenge rates.
- A Clear-box Approach to Behavioral Analytics and Machine Learning: ThreatMetrix Smart Analytics generates dynamic profiles matched to individual user behavior and use these to build more accurate, yet simpler, risk models. The result is a competitive edge in customer experience with reduced false positives, while maintaining the lowest possible fraud levels.
- Privacy by Design: ThreatMetrix is unique in its ability to solve the challenge of providing dynamic risk assessment of identities while maintaining data privacy through the use of tokenization and encryption.
- Integrated Forensics, Case Management and Business Intelligence for improved productivity.