Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
CASE STUDY ThreatMetrix Streamlines Mobile App Experience for Large Global Bank, Reducing Friction and Fraud ThreatMetrix Mobile SDK provides end-to-end authentication, threat detection and fraud prevention for bank’s mobile loan applications OVERVIEW AT A GLANCE CUSTOMER Large Global Bank REQUIREMENTS • Accurately authenticate legitimate customers • Reduce bad agent activity on loan applications • Effectively detect fraudulent account takeover • Protect payment platform from fraudulent money transfer SOLUTION Leveraging features from ThreatMetrix Mobile SDK and intelligence from the Digital Identity Network, this bank can correlate logins, loan applications and money movement within their mobile banking app. This accurately distinguishes between fraudsters and legitimate customers in real time. BOTTOM LINE • Dramatically improved detection rate of fraudulent loan applications • Reduced manual review burden for high-risk loan applications • Improved detection of device and location spoofing by 70% • ThreatMetrix facilitated real time transaction processing and compliance with data regulation requirements 160 W Santa Clara St San Jose, CA, 95113 United States Telephone: +1 408 200 5755 Fax: +1 408 200 5799 [email protected] www.threatmetrix.com This fast-growing, global bank has a philosophy that centers around being customer-orientated, while driving change, innovation and development across its suite of banking services. As part of its product innovation, the bank developed a mobile banking app which facilitates P2P money lending, investment and mobile wallet services. Mobile banking transactions continue to grow globally as consumers migrate away from desktop-only banking, to the convenience, immediacy and portability of mobile. Cybercriminals, however are following suit, evolving their attacks to capitalize on the increasing popularity of mobile banking apps. The bank needed robust mobile app security that could accurately detect fraudulent activity in real time, before loan applications were approved or user accounts compromised. With ThreatMetrix, it can: • • • • Effectively authenticate new customers registering for the app, detecting fraudsters registering using stolen or synthetic identities. Recognize returning customers and prevent fraudulent account takeover. Ensure fraudsters are prevented from applying for loans, detecting instances of bad agent fraud. Maintain the integrity of the payment platform, ensuring money is transferred directly to the legitimate customer. Mobile banking transactions continue to grow globally as consumers migrate away from desktop-only banking, to the convenience, immediacy and portability of mobile. BUSINESS PROBLEM This bank is at the forefront of mobile banking solutions, offering end-to-end loan services, from application, through to payment, solely on its mobile app. This became a prime target for fraudsters looking to cash in on fast loans. The bank began to see high instances of device and location spoofing as fraudsters tried to infiltrate existing accounts or masquerade as legitimate customers to take out a loan. 1 CASE STUDY However, one of the key challenges was that the bank was seeing high levels of bad agent activity on loan applications. An agent was applying for a loan on behalf of the customer, inflating the loan amount required and keeping half the money. Legitimate customers were left with loan amounts they couldn’t repay and the bank was losing money. Malware Detection: Known, trusted apps are seamlessly identified in real time, along with any app containing malware or a poor associated reputation. All connecting Android devices are analyzed to gain deep insight into the reputation of each installed app. These same benefits also apply to the host iOS app that the Mobile SDK is embedded in. The bank’s existing solution was not able to effectively detect instances of device and location spoofing, malware or jailbroken / rooted devices. It needed a more effective way to identify users attempting to bypass device fingerprinting, and correlate this to other behavioral anomalies that could indicate a high-risk transaction attempt. Location Services: Latitude and longitude information is gathered from GPS hardware and IP addresses are compared with physical locations to detect the use of proxies and VPNs. Existing application permission levels are leveraged to avoid user inconvenience. The ThreatMetrix Mobile SDK, in tandem with intelligence from the ThreatMetrix Digital Identity Network, accurately detected high-risk behavior (such as device / location spoofing) before a transaction was processed. END-TO-END MOBILE APP SECURITY POWERED BY GLOBAL SHARED INTELLIGENCE The ThreatMetrix Mobile SDK, in tandem with intelligence from the ThreatMetrix Digital Identity Network, accurately detected high-risk behavior (such as device / location spoofing) before a transaction was processed. ThreatMetrix Mobile is a lightweight software development kit (SDK) for Google Android and Apple iOS mobile devices. Devices showing high-risk anomalies can be flagged for review while legitimate users are recognized in real time and can conduct transactions without additional authentication procedures. Calls to ThreatMetrix Mobile were inserted at strategic points within the bank’s mobile app—during initial registration, at login, during a new loan application and at payments. The connecting user’s mobile device is then profiled to provide the following levels of protection: Application Integrity Evaluation: This ensures that the host application has not been tampered with or modified, either by malware or by a malicious user and is validated every time the app is launched to provide ongoing security. Advanced Persistent Device Identification: Identifies individual mobile devices for both iOS and Android platforms, even if they have been reset or if the app has been reinstalled. Jailbroken (iOS) and Rooted (Android) Devices: Dynamic jailbreak and root detection technologies determine when device security controls have been compromised. Anomaly and Device Spoofing Detection: Detects device emulation, tampering, root / jailbreak cloaking, and other anomalies that may indicate fraud. Automatically detects device and data spoofing by analyzing the network traffic packet signatures originating from the device. Dynamic Configuration and Updates: Configuration and threat methods are updated via ThreatMetrix servers, mitigating the need for the bank to re-release its app. ThreatMetrix Mobile is underpinned by real time intelligence from the ThreatMetrix Digital Identity Network. The Network harnesses global shared intelligence from millions of daily consumer interactions including logins, payments and new account applications across all ThreatMetrix global clients. Using this information, ThreatMetrix stitches together a user’s true digital identity by analyzing the myriad connections between devices, locations and anonymized personal information. Transactions are verified in real time against trusted patterns of behavior: high-risk anomalies are accurately identified for review while genuine users experience minimal friction. ThreatMetrix®, The Digital Identity Company, is the market-leading cloud solution for authenticating digital personas and transactions on the Internet. Verifying billions of annual transactions supporting tens of thousands of websites and thousands of customers globally through the ThreatMetrix® Digital Identity Network, ThreatMetrix secures businesses and end users against account takeover, payment fraud and fraudulent account registrations resulting from malware and data breaches. Key benefits include an improved customer experience, reduced friction, revenue gain, and lower fraud and operational costs. The ThreatMetrix solution is deployed across a variety of industries, including financial services, e-commerce, payments and lending, media, government, and insurance. For more information, or a demonstration of how the ThreatMetrix solution can work for your business, contact [email protected]. © 2016 ThreatMetrix. All rights reserved. ThreatMetrix, TrustDefender ID, TrustDefender Client, TrustDefender Cloud, TrustDefender Mobile, ThreatMetrix SmartID, ThreatMetrix ExactID, the TrustDefender Cybercrime Protection Platform, and the ThreatMetrix logo are trademarks or registered trademarks of ThreatMetrix in the United States and other countries. All other brand, service or product names are trademarks or registered trademarks of their respective companies or owners.