Growth in mobile commerce highlights a need for increased cybersecurity measures.
Mobile transactions continue to grow exponentially as customers interact with a number of trusted brands on a daily basis, whether for grocery shopping, banking or social networking.
Brand relationships are built on the move, across multiple devices and at different times of the day, making digital footprints more diverse than ever. However, mobile fraud is following the same upward trajectory as criminals exploit the vulnerabilities of mobile applications, which tend to have weaker security features than full service web browsers and applications.
The ThreatMetrix Solution for Protecting Native Mobile Applications
ThreatMetrix Mobile is a lightweight software development kit (SDK) for Google Android and Apple iOS mobile devices. This SDK can be integrated within mobile applications, detecting any breaches to the application itself and verifying the trustworthiness of the mobile device. Devices showing high-risk anomalies can be flagged for review while legitimate users are recognized in real time and can conduct transactions without additional authentication procedures.
Calls to ThreatMetrix Mobile are inserted at strategic points within mobile applications—usually during login, payment transactions and account registrations. The mobile device is then profiled to provide the following levels of protection:
Application Integrity Evaluation
Application Integrity ensures that the host application containing the ThreatMetrix Mobile SDK has not been tampered with or modified, either by malware or by a malicious user. Application integrity is validated every time the application is launched to provide ongoing security. ThreatMetrix Mobile also checks other applications installed on the device, reporting their reputation and the presence of malicious code.
Advanced Persistent Device Identification
Identifies individual mobile devices for both iOS and Android platforms, even if they have been reset or if the application has been reinstalled.
Known, trusted applications are seamlessly identified in real time, along with any application containing malware or a poor associated reputation. All connecting Android devices are analyzed to gain deep insight into the reputation of each installed application. These same benefits also apply to the host iOS app that the Mobile
SDK is embedded in.
Jailbroken (iOS) and Rooted (Android) Devices
Dynamic jailbreak and root detection technologies determine when device security controls have been compromised.
Anomaly and Device Spoofing Detection
Detects device emulation, tampering, root/jailbreak cloaking, and other anomalies that may indicate fraud. Automatically detects device and data spoofing by analyzing the network traffic packet signatures originating from the device.
Dynamic Configuration and Updates
Configuration and threat methods are updated via ThreatMetrix servers, mitigating the need for customers to re-release their applications.
ThreatMetrix Mobile can be invoked via a single line of code.
Full Integration with the ThreatMetrix Platform
ThreatMetrix Mobile is a fully-integrated component of the ThreatMetrix Cybercrime Protection Platform. As such, it benefits from all of the advantages of the largest and most comprehensive threat intelligence network available.
The ThreatMetrix Cybercrime Protection Platform uniquely leverages a wealth of exclusive data from the ThreatMetrix Digital Identity Network and ThreatMetrix Mobile, to effectively distinguish between good customers and fraudsters.
The ThreatMetrix Digital Identity Network underpins the ThreatMetrix Solution and leverages global shared intelligence from millions of daily consumer interactions including logins, payments and new account originations. This stitches together a customer’s true digital identity by analyzing connections between devices, locations and myriad pieces of anonymized personal information.
User Identity and Behavior Analytics
Digital Identities within the ThreatMetrix Digital Identity Network provide a pattern of trusted behavior by incorporating anonymized non-regulated personal information such as user name, password and email address with device identifiers, connection and location characteristics. High risk anomalies can be easily identified and flagged for review or automatic rejection.
Device Profiling to Identify Threats
ThreatMetrix profiles all devices accessing your website (desktops, laptops, smartphones, or tablets), to identify the presence of malware or other anomalies that might indicate a high-risk transaction.
Configure Business Rules
ThreatMetrix offers a powerful yet easily customizable Policy Engine that allows you to incorporate your own business processes and tolerance for risk.
Validate Business Policy
ThreatMetrix allows customers to constantly evaluate and verify risk scores, associated risks, and corresponding business policies.
Enable Detailed Analysis
ThreatMetrix provides visualizations and analytical reports that allow your security and fraud analysts to see and understand enterprise application activity, and take the necessary steps to improve security and reduce fraud.