November 21, 2017
Every Business is a Digital Business
Globally connected mobile devices are rapidly becoming the predominant way to acquire products and services and manage financial transactions worldwide. With over 90 percent of the world’s population now owning a mobile phone, mobile transactions currently account for around a third of total digital transactions, and are expected to account for over 50 percent of all transactions by 2020.
With the average person spending up to 11 hours a day on connected devices, digital interactions are infiltrating every aspect of daily lives. These interactions have transformed payment and commerce from a location centric, in-person model to a global, not-present, digital model. The unprecedented availability of customer and user data presents a huge opportunity to tailor online and mobile experience to an individual, and is prompting exciting innovations in new and existing industries.
At the same time, security and fraud risks continue to grow at a rapid pace. This rapid digitization of business and consumer transactions has also facilitated an exponential rise in cybercrime. As organizations scramble to keep up with consumer demand for omnipresent, frictionless online experiences fraudsters have capitalized on the gaps and loopholes in fraud defenses.
With the recent data breaches, sensitive personal information is widely available and static identity assessment methods (such as context-based authentication) are no longer effective in verifying a person’s true identity. This is compounded by the fact that traditional authentication methods, including credit scoring and address verification, rarely function at all in a cross-border e-commerce world. These inadequacies have fueled ever more sophisticated cyber and fraud attacks through the deployment of botnets and malware that manage to bypass traditional security defenses by mimicking trusted user behavior.
Understanding the digital DNA of users and their unique online footprint can knit together trusted digital identities that fraudsters can’t fake. With digital identity, fraudulent behavior becomes far easier to detect, as the digital footprint of a fraudster is often markedly different from a trusted user. This enables fraud, security, risk, compliance and customer engagement departments to have a unified view and risk model of a user across all digital channels and lifecycle and engagement. Leveraging the power of digital Identities to establish trusted behavior unique to each user is the best way to rout out fraudsters and hackers while stopping good customers and users from getting caught in the net.
Digital Businesses Need Digital Identities
Digital identities are made up of a combination of device, identity, behavior and threat information. Any one of these four attributes in isolation cannot verify true identity. True digital identities come to life as information is dynamically combined and analyzed in the context of each and every transaction enabling businesses to know with great certainty who their users truly are.
The ThreatMetrix Digital Identity Network harnesses real-time shared intelligence from billions of transactions collected against tens of thousands of websites and hundreds of millions of mobile devices worldwide to stitch together a user’s true digital identity by analyzing the myriad of connections between devices, locations, behaviors, detected threats and critical but anonymized personal information.
This anonymized digital identity graph, coupled with powerful real-time decision analytics and an adaptable integration platform for mobile, web and third-party services allows the vast majority of transactions and authentication attempts to be verified in real time against trusted patterns of behavior without adding friction to users and burden to business processes. High-risk anomalies are accurately identified for challenge or review, while crowdsourced feedback and machine learning provide a solution that gets more effective over time.
The ThreatMetrix Digital Identity Network
ThreatMetrix is committed to helping businesses unite all aspects of online user behavior into one unique anonymized digital identity, adopting a layered approach to effectively identify up to 95 percent of trusted, returning users.
The ThreatMetrix Digital Identity Network is the foundation of our solution and stops billions of dollars of potential fraud loss in real time. The Network is the largest in the world and leverages global shared intelligence from millions of daily consumer interactions including logins, payments and new account originations. Using this information, ThreatMetrix stitches together a user’s true digital identity by analyzing the myriad connections between devices, locations and anonymized personal information. Digital identities can be continuously evaluated in the context of each and every interaction, correlating seemingly disconnected security incidents in real time.
The ThreatMetrix Digital Identity Network unites four key elements:
ThreatMetrix is unique in its ability to dynamically combine the four key pillars that define digital identity across all device platforms. This means that businesses are not left on their own to figure out how to procure and integrate multiple point solutions. These four pillars are:
- Persistent and statistical web and mobile device identification, profiling operating system, browser, internet connection and more
- Proxy and VPN detection
- True location identification services
- Mobile device health and application integrity, including host application integrity check, anomaly and device spoofing detection, jailbreak and root detection
Threat intelligence: Harnessing point-in-time detection of malware, RATs, automated bot attacks, session hijacking and phished accounts and combining with global threat information including known fraudsters and botnet participation.
Identity data: Incorporating anonymized, non-regulated personal information such as user name, email address, telephone, address or other identity and event meta data provided at time of event.
Behavior analytics: Defining a pattern of trusted user behavior by combining identity and transactional metadata with device identifiers, connection and location characteristics. Every transaction can be analyzed in the context of this behavior pattern and historic context globally.
Integration and Orchestration
There are some fundamental challenges to operationalizing digital identity assessments. These include:
- Integrating with the wide variety of third-party and proprietary identity verification and authentication tools in real time
- Automating decision workflows into legacy applications and systems
ThreatMetrix solves these challenges with an Enterprise Integration Hub that unites the ThreatMetrix solution with back-end services and prepackaged/customized third-party services such as identity verification and Telco services, streamlining fraud and security orchestration.
ThreatMetrix combines business rules, behavioral analysis and machine learning into an integrated framework to make real-time decisions, providing business agility and dynamic adaption to changing fraud and user trends. Businesses are able to incorporate their own tolerance for risk and operational metrics e.g. target review or challenge rate, based on what the user is attempting to do in a way that is consistent across all digital devices and channels.
ThreatMetrix enables continuous optimization of authentication and fraud decisions with visualization, data correlation and exception handling. This includes:
- Search and link analysis examines beyond device and identity elements being presented and looks for connections and associated entities.
- Reporting, which has the capability to perform retrospective-based and proactive forensic data analysis
- The ThreatMetrix Case Management solution, which identifies transactions that require additional review, providing a smarter, more integrated way to handle increasingly complex caseloads.
The power of the ThreatMetrix Digital Identity Network means that no matter how detailed a fraudster’s faked identity may be, it can never compete with the dynamic, intricate and connected nature of true digital identity. This provides organizations with the confidence and security they need to identify fraudsters from trusted users time and time again, protecting brand reputation, lifetime value and long-term revenue.