September 22, 2017
September 19, 2017
September 18, 2017
Persona DB is part of the TrustDefender™ Cybercrime Prevention Platform from ThreatMetrix. It’s an extensible, enterprise-accessible database that allows an organization to privately and securely store and retrieve identifying attributes, characteristics, and behaviors associated with its users and customers. Information relevant to customers or employees can be stored in the database. This can include data such as the exact devices customers use, their access habits, normal locations, IDs, accounts, shipping addresses, and data necessary for step-up authentication such as mobile phone numbers or email addresses. The database may also contain IP or email addresses that have been compromised, previous associations with cybercrime or fraud, compliance data such as OFAC-banned countries, and countless other data elements.
Data stored by organizations within the Persona DB, along with information available from ThreatMetrix device profiling and the shared Digital Identity Network, is used to establish a unique Persona ID for each user or customer. This comprehensive data set allows ThreatMetrix to perform detailed user, device, and behavior analytics for every access and transaction in real time, resulting in an unprecedented level of actionable intelligence and visitor risk-scoring capabilities. Armed with this information, application policies can be created to allow/deny access or approve/disapprove transactions with higher levels of accuracy and confidence.
Because Persona DB is built into ThreatMetrix’s SaaS-based solution, organizations can access private data at every login or transaction in real time from a highly scalable, managed solution without significant deployment/integration effort – or the expenses associated with provisioning and maintaining on-premises solutions. Data can be dynamically managed, including the ability to add, remove and return data during live end-user sessions or administrative functions.
The data that organizations elect to store in the Persona DB can originate from their own business-critical systems, or from data available from ThreatMetrix.
Persona DB can be used in a multitude of ways, enabling organizations to easily aggregate and store any data that’s needed for customizable, state-of-the-art fraud prevention and context-based authentication.
Here are some practical applications for Persona DB:
Like all personally identifiable information (PII) submitted to ThreatMetrix, data stored in the Persona DB is encrypted and isolated from other organizations, enabling enterprises to easily and confidently secure their data. Only organizations storing data in the Persona DB are allowed access to that data – not even ThreatMetrix can access Persona DB in the clear
The ThreatMetrix system automatically generates a new private/public encryption key pair for each new organization. Public keys are associated with the user accounts of the respective enterprise. Private keys are securely stored in the ThreatMetrix FIPS 140-2 validated Key Management Server. Strong, 1,024-bit, asymmetric encryption is utilized to secure the system.
Persona DB is an integral part of the highly scalable, TrustDefender Cybercrime Prevention Platform. The entire solution is SaaS based, greatly simplifying its implementation and management, and eliminating the costs and complexity of traditional on-premise solutions.
Persona DB utilizes the standard, predefined fields and custom attributes used by the TrustDefender Cybercrime Prevention Platform. This streamlines development and enables rules and policies to be easily created that act on both custom Persona DB data and on the comprehensive data available from the Digital Identity Network.
Persona DB allows each organization to create multiple, privately encrypted, custom databases. These custom databases can be used for separate functions. For example, product data may be stored in one database, user device or authentication data stored in another, and compliance data kept in a third database.
All data values are stored as strings, and may be up to 28 characters in length. A hashed value of each string is also stored, and can be referenced at any time for full string-oriented operations and matching.
Persona DB uses ThreatMetrix Entities to reference data. Entities can be thought of as entire collections of individual attributes. Since multiple entities can be stored in a single record, queries can be extremely efficient and powerful. Individual entities or any combination of entities can be queried to access all associated data.
Data is stored and referenced using ThreatMetrix Rules, which are added to policies defined in the ThreatMetrix Portal. A number of new rules have been added to fully support Persona DB, enabling data operations such as set, check, remove, and return. When policies execute at transaction time, any triggered Persona DB rule will cause the intended action to be carried out against the specified Persona DB database.
ThreatMetrix builds trust on the Internet by offering market leading advanced fraud prevention and frictionless context based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.
ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix Digital Identity Network, which analyzes billions of transactions and protects hundreds of millions of active user accounts across tens of thousands of websites and mobile applications. The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.