August 14, 2018
Mobile transactions continue to grow exponentially as customers use connected devices to shop, bank or access social networks. Brand relationships are built on the move, across multiple devices and at different times of the day, making digital footprints more diverse than ever. However, mobile fraud is following the same upward trajectory as criminals exploit the vulnerabilities of mobile applications, which present a unique set of risks.
The ThreatMetrix Solution for Protecting Native Mobile Applications
ThreatMetrix Mobile is a lightweight software development kit (SDK) for Google Android and Apple iOS mobile devices. This SDK can be integrated within mobile applications, to deliver strong device identification, as well as detect any breaches to the host application while evaluating the overall security posture of the device. Events showing high-risk signals or anomalies can be flagged for review while legitimate users on trusted devices are recognized in real time.
Integrating the SDK into native mobile apps is simple, and delivers the following key functions:
- Strong Device Identification
A critical component of Strong Customer Authentication (SCA) is reliably and consistently verifying the transacting device, including first registering the device and binding it with a user credential, then validating the returning device on subsequent interactions. Once this assurance is established, it becomes simple to positively identify trusted devices and eliminate friction. ThreatMetrix delivers SCA using its industry-leading technology that leverages Public Key Infrastructure (PKI) to establish a cryptographically backed strong device identifier. The secure keys used as a basis for the device identifier are stored in the secure element of supported mobile devices, with a highly secure software fallback option on other devices, ensuring the keys are kept secret and tamper resistant, preventing an attacker from impersonating a trusted device.
- Jailbreak and Root Detection
Jailbroken and Rooted devices present greater risk than unmodified devices. Legitimate users jailbreak/root their devices to perform customizations that are otherwise unavailable, such as installing third party fonts, animations or pirated applications, and are often unaware of the associated risks. Fraudsters use jailbroken/rooted devices to circumvent security controls to spoof key device characteristics and then perform illegitimate actions, such as leveraging stolen credentials. ThreatMetrix Jailbreak and Root detection uses proprietary methods to expose modified devices, and employs advanced, low-level detection routines to identify devices on which fraudsters have attempted to mask the telltale signs of a rooted device. This enables customers to define their risk threshold for jailbroken/rooted devices, and enforce these in real time when their app is used.
- Application Integrity Assurance
Fraudsters routinely de-compile legitimate applications, inject them with malware using a tool-kit or customized code, and then re-publish them to app stores to exfiltrate money, goods, credentials or identities. ThreatMetrix Application Integrity Assurance validates that the customer application hosting the ThreatMetrix SDK has not been tampered with or modified. Application integrity is validated every time the ThreatMetrix SDK is invoked to provide ongoing assurance.
- Malware Detection and Application Reputation
With organizations continually improving security controls on web channels, fraudsters are focusing on mobile channels. This has introduced a slew of mobile threats that organizations are often not equipped to combat. ThreatMetrix Malware Detection and Application Reputation evaluates all installed applications on android devices and verifies them against an industry leading signature database of over 15 million mobile apps. Known, trusted applications are validated while applications containing malware or suspicious reputations are flagged in real time.
- Emulator and Simulator Detection
Automating large scale fraudulent purchases from a mobile device is more difficult than from a computer. Fraudsters are inventing new tools and methodologies that leverage emulators and simulators running on a computer to launch large-scale attacks against retailers and financial institutions. While these events appear to be coming from a mobile phone via the customer’s application, ThreatMetrix detects their true source and flags it for further review.
- Deep Location Evaluation
Location is a critical element in fraud detection. However, legacy systems often do not capture sufficient location attributes and/or lack sophisticated location evaluation technologies to derive a meaningful risk signal. IP Addresses do not provide the same level of risk signals on mobile devices compared to computers since mobile devices are often assigned new IP addresses as they move around carrier networks, and tend to be connected to more WiFi networks. Understanding a device’s current location along with its historical locations and movements using a behavioral based approach is the most effective way to incorporate location data. ThreatMetrix Deep Location Evaluation utilizes many location-based attributes, including True IP, Proxy IP, DNS IP, native operating system location services APIs, cell tower positioning data and WiFi network location data.
- Dynamic Configuration and Updates
Configuration and threat methods are updated via ThreatMetrix servers regularly, mitigating the need for customers to re-release their applications.
- Easy Integration
ThreatMetrix Mobile can be invoked via a single line of code, it is simply a matter of invoking it at strategic points in the application workflow, such as at logins, payments, etc.
Digital Identity Intelligence
ThreatMetrix Mobile is powered by Digital Identity Intelligence from the ThreatMetrix Digital Identity Network.
- The ThreatMetrix Digital Identity Network
Harnesses real-time shared intelligence from billions of transactions worldwide to stitch together the digital identities of individual users by analyzing the myriad connections between devices, locations, behaviors, detected threats and critical, but anonymized, personal information.
- User Identity and Behavior Analytics
Digital Identities within the ThreatMetrix Digital Identity Network provide a pattern of trusted behavior by incorporating anonymized non-regulated personal information such as user name, password and email address with device identifiers, connection, and location characteristics. High risk anomalies can be easily identified and flagged for review or automatic rejection.
- Device Profiling to Identify
Threats ThreatMetrix profiles all devices accessing the customer website/application to identify the presence of malware or other anomalies that might indicate a high-risk transaction.
- Integration with Policy Engine
Signals gathered by the ThreatMetrix Mobile are fed directly into the policy engine, enabling customers to fine-tune their tolerance for non-compliant or suspicious identities/devices.
- Validate Business Policy
ThreatMetrix allows customers to constantly evaluate and verify risk scores, associated risks, and corresponding business policies.
- Enable Detailed Analysis
ThreatMetrix provides visualizations and analytical reports that allow security and fraud analysts to see and understand enterprise application activity, and take the necessary steps to improve security and reduce fraud.
- The ThreatMetrix Advantage ThreatMetrix offers the broadest combination of defenses against fraud from mobile applications in a solution that does not burden your IT resources or customers.
- Rapid, lightweight deployment
The SaaS-based ThreatMetrix solution secures your applications without the need to add or deploy additional servers or infrastructure.
- Up-to-date, global insight
Shared intelligence from the ThreatMetrix Digital Identity Network provides real-time access to device, identity, location and threat intelligence from billions of transactions across the globe.
- Real time Responsiveness
ThreatMetrix leverages near-instant, real-time insight from data gathered around the globe, to deliver the latest fraud-related intelligence.
- Regulatory Compliance
ThreatMetrix enables companies to evaluate real-time risk factors in the context of past user behavior to make decisions on transactions by leveraging transaction amount, known fraud scenarios, compromised/stolen authentication elements, signs of malware infection, etc. These capabilities position companies to navigate the changing regulatory landscape and comply with mandates like the revised Payment Service Directive (PSD2).
- Protect applications across channels
The ThreatMetrix platform can be deployed on mobile, web and endpoint to deliver consistent user experience and security across all customer touch points.
- Rapid, lightweight deployment