trustdefender mobile - pymnts.com · detect when the same mobile device is used to make multiple...
TRANSCRIPT
W H I T E PA P E R
TrustDefender Mobile Context-Based Authentication and Fraud Protection for Mobile Devices
W H I T E PA P E R
2
Contents
Executive Summary 3
Is It Truly a Golden Era of Mobile? 4
Villain in the Story 4
Cyber Security Exploits 4
Attack Against the Mobile Device 4
Security Response 5
Attack from the Mobile Device 6
NetworkandLocationSpoofing 6
MobileDeviceSpoofing 6
Business Attacks 7
Industry-SpecificExamples 7
Mobile Banking 7
Mobile Ecommerce 7
Mobile Wallets 7
Cybersecurity Begins by Establishing Trust 8
Trust-Based Mobile Transactions 8
The Need for Comprehensive Solution 9
ThreatMetrix Mobile Solution 10
TrustDefender™ Cybercrime Protection Platform 10
BigDataDrivenProfileAnalytics 10
Device Intelligence 11
Mobile Device Attributes 11
Threat Intelligence 12
Contextual Data-Driven Analytics 13
Persona Intelligence 13
Transaction Intelligence 14
W H I T E PA P E R
3
Contents
Global Context – Global Trust Intelligence Network 15
Customizable Context, Real-time Policy Engine 15
Mobile App and Browser Integration 16
TrustDefender™ Mobile for Native Applications 16
TrustDefender™ Cloud for Mobile Browsers 16
ThreatMetrix Solution Integration and Data Flow 16
Case study 17
Problem Statement 17
Mobile Solution 17
BrowserandAppSpoofingDetection 17
Proxy Piercing to Detect True Location 18
Detect when the same mobile device is used to make multiple purchases with
different identities within a short period of time 19
Detect when the same mobile device is used across multiple accounts 19
Summary 19
W H I T E PA P E R
Page4
Executive SummaryMobile devices – smartphones and tablets – are powerful computers that are increasingly used for
commerce and financial transactions. Consumers will spend $235 billion through mobile transactions,
making mobile devices a very lucrative channel and the next frontier for cybercriminals to exploit.
The threats against mobile are real and sophisticated along two dimensions: exploiting mobile to steal
information and commit payment fraud, and using mobile devices to launch criminal attacks.
Interestingly, the types of attacks have been very sophisticated, ranging from malware to malicious
apps and Wi-Fi exploits. Yet the security response for mobile devices is still in its infancy.
There have been several instances of cybercrime attacks from mobile devices using VPN and browser
proxy capabilities to spoof origination of transactions. Cybercriminals undertake account takeovers
and payment fraud using stolen identities and credit cards, launching these attacks from mobile
devices to bypass legacy fraud detection systems.
Trust is a key component when conducting business online. To establish and maintain trust,
businesses should:
• Protecting transactional integrity by ensuring that payments
and transactions have not been tampered with
• Resolving online identities to match real users
• Determining the authenticity of the device used for the transaction
Additionally, businesses must establish trust across multiple online channels with which their
customers interact – including mobile apps, browser-based access to mobile optimized websites and
browser-based access from laptops/desktops.
ThreatMetrix provides the most comprehensive solution for detecting fraud and malicious online
activities using a trust-based approach to differentiate good customers from cybercriminals. The
ThreatMetrix TrustDefender™ Cybercrime Protection Platform uses profiling techniques to collect
device and malware information from millions of consumers on a daily basis. A big data analytics
platform stores and analyzes millions of transactions and persona information along with the profiled
device data. The underlying data warehouse drives various machine learning algorithms that feed a
real-time policy engine customized to each organization’s risk thresholds.
W H I T E PA P E R
Page5
The paper outlines a case study that describes how the ThreatMetrix solution effectively defends
against typical cybercriminal activities from a mobile device.
Is It Truly a Golden Era of Mobile?Mobile devices have proliferated exponentially across the globe with 6.8 billion mobile subscriptions
to date – equivalent to 96% of world’s population. Smartphones and tablets account for much of this
growth. Combined, these devices are 70% of smart connected devices. Analysts predict smartphone
sales will exceed one billion in 2013. What does this means to you? Your customers are
communicating and transacting with you using mobile devices.
Besides using mobile devices for email, information and entertainment, consumers also use these
devices for mobile banking services and merchandise purchase. Analysts predict worldwide mobile
payment transactions will reach $235.4 billion in 2013, with 245.2 million users worldwide responsible
for these transactions. A large majority of financial institutions and ecommerce sites have specific apps
and mobile websites that encourage payment transactions.
Why are these statistics and numbers relevant when discussing mobile fraud? Because the bad guys
have the same information and see the same opportunities.
Villain in the Story
Cybercriminals operate with a simple philosophy – follow the money. They have been quick to follow
consumers on the mobile platform – targeting mobile for payment fraud and account takeovers. New
malware specifically targeted for mobile operating systems has been released at a staggering pace.
These exploits target vulnerabilities in the operating systems, effectively compromising browser- and
app-based transactions.
Cyber Security ExploitsMobile is a new frontier for cybercriminals and they have managed to exploit it effectively. There are
two dimensions for the attack vector on mobile devices – stealing personal information and launching
cybercrime attacks.
Attack Against the Mobile Device
Malware Downloads
Although malware on mobile is in its infancy, it’s growing at a rapid pace. There were close to 40,000
new strains of malware detected in 2012, up from 6,000 in 2011. This five-fold increase in malware
activity is largely targeted against the Android operating system, followed by Apple iOS.
W H I T E PA P E R
Page6
Malware on mobile spans the typical range from adware, spyware to monitoring tools and Trojans.
About 75% of malware is profit-motivated, designed to steal personal information such as login
identities, credit cards and other personally identifiable information. Social engineering-based phish-
ing emails are the mainstream way to lure unsuspecting users to click on links that navigate them to
infected sites downloading malware on their mobile device. Embedding links in mobile apps, especially
on Android, is another popular means to get users to download malware. A significant threat posed by
malware downloads are attacks against two-factor authentication techniques that use the phone as a
second factor.
Malicious Apps
Who can resist the offer to download a free version of popular apps like Angry Birds, Assassin’s Creed
and Cut the Rope? But in many cases these so-called “free apps” were really malware in disguise.
Fraudsters are able to push malicious apps in app stores, especially on Android-based devices. These
apps can break the security perimeter and get valuable personal information or send costly SMS mes-
sages and monitor user activity across other apps, including banking and ecommerce apps.
Open Wi-Fi hotspots
Free Wi-Fi hotspots at hotels, airports and coffee shops are a prime target for launching a Man-in-the-
Middle attack. With easy-to-use mobile apps and websites optimized for mobiles, businesses want
consumers to transact online, especially during leisure activities when they are most likely to bank and
shop online. Sophisticated cybercriminals can hijack user sessions when conducting these transac-
tions and steal credit card information or transfer funds from their bank accounts.
Mobile Theft
Stealing a mobile device is one of the easiest methods to harvest personal information. More than
50% of mobile devices are not secured by even basic techniques such as a security pin. Criminals can
easily turn off “Find My Phone” apps and remote wipes, giving them sufficient room to steal valuable
information from the device.
Security Response
Security solutions have not kept pace with the rapid adoption of mobile. While mobile operating
systems like Apple iOS and Android have benefitted from the collective learning of the PC era, the
security posture of mobile apps needs considerable hardening.
Bolt-on solutions from Mobile Device Management (MDM) vendors work only for large enterprises
looking to solve the challenges of Bring-Your-Own-Device (BYOD) environments. MDM features like
configuration management and secure browsing through security-hardened browsers are meant to
protect enterprise applications. MDM solutions require specialized apps to be installed on employees’
devices that allow them access to corporate mobile resources. But MDM does not work for the billions
of consumers that conduct ecommerce, banking transactions or participate in social media
conversations.
W H I T E PA P E R
Page7
Attack from the Mobile Device
Do attacks really originate from mobile devices? Let’s answer that by looking at the specs for an
iPhone 5: a dual core processor at 1.3 GHz clock speed and gigabytes of memory and hard drive
space. This is a powerful PC equipped with high bandwidth 4G LTE network connectivity. So yes,
mobile devices can easily launch scripted web attacks. Malware on mobile devices can be very
sophisticated, launching attacks ranging from Denial of Service (DDOS) to the profitable attacks that
steal information and commit payment fraud.
Network and Location Spoofing
For much of the developing world, it’s a mobile-first experience for hackers and consumers alike.
While fraudsters don’t have skinnier fingers than the rest of us, they are attracted by the ability to
connect and disconnect from networks at will.
Modern smartphones can also use VPNs to confuse IP geolocation systems. Mobile-optimized
browsers such as Opera have built-in content proxies, which means that criminals in Nigeria can ap-
pear to be browsing from an Opera server located in the US.
Mobile Device Spoofing
The rapid proliferation of mobile apps and mobile optimized websites for ecommerce, banking and
social media has forced many businesses to create separate back-end logic from their PC browser-
based websites. Cybercriminals are exploiting this new channel by spoofing their point of origination as
mobile devices. In many cases, cybercriminals are able to take advantage of mobile-optimized
business logic rules that less stringent with respect to identity and payment fraud checks.
W H I T E PA P E R
Page8
Business Attacks
Credit Theft and Identity Spoofing
Mobile devices are proving to be a great way for cybercriminals to fly under the radar. In many
cases, businesses have different systems for authenticating users on mobile apps versus websites.
Cybercriminals use mobile devices to create new accounts with fake identities for various criminal ac-
tivities. In the most common case, they associate stolen credit cards with fictitious identities to transact
for gift cards, event tickets, etc. In other cases, fake identities are used on social media sites to scam
other consumers. Alternatively, criminals also create new accounts to test stolen identities. This gives
cybercriminals the validation they are looking for – the personal information is genuine and can now be
used to commit fraud on other ecommerce and banking sites.
Account Takeover
Account takeover starts when cybercriminals get access to a user’s cyber-identity – email addresses,
login information, passwords and other personal information. Armed with stolen identities, they can
then hijack ecommerce and banking accounts to perpetrate criminal activities such as fraudulent pur-
chases and money transfers. Cybercriminals use malware or Man-in-the-Browser attacks to automate
account takeovers from mobile devices. Browsers and apps on mobile devices are equally susceptible
to these attacks.
Payment Fraud
Payment fraud is conducted using stolen credit cards and compromised online banking accounts.
Mobile devices offer a new channel for payment fraud. One of the great advantages of mobile devices
is homogeneity – mobile devices, browsers and apps are same across millions of users. Businesses
find it harder to distinguish origination of payment transactions. Cybercriminals use this to their advan-
tage. Stolen credit cards are routinely used to make purchases through mobile apps to avoid filtering
and detection.
Industry-Specific Examples
Mobile Banking
Banks have noted that the number of logins and transactions increase sharply when customers use
mobile apps. With the proliferation of mobile devices, it is increasingly difficult for banks to recognize
genuine customers from cybercriminals. Enhancing the security of the banking mobile app and
accurately identifying return customers is a key element for securing banking transactions.
Mobile Ecommerce
Consumers are spending more time on their mobile devices shopping with mobile apps. Specific
instances of fraud in this scenario include using stolen credit cards to buy gift cards or gift certificates
that can then be unloaded in the secondary markets. Mobile apps are an easy target for this activity.
W H I T E PA P E R
Page9
Mobile Wallets
Stored values associated with mobile wallets are highly attractive targets to criminals.
Compromising a mobile wallet user’s account provides easy access to funds that can be
used to purchase goods.
Cybersecurity Begins by Establishing TrustCybersecurity and trust are synonymous and go hand in hand. Mobile security is built around
a trusted chain until it reaches the root of trust. To understand the trusted chain in mobile
security, consider the following simple analogy:
• You trust the front door of the house because it is locked.
• You trust that the lock keeps the integrity of the door because you have the key.
• You trust the key because you have possession of the key at all times.
If the key is lost, you no longer trust the front door to keep you safe.
The chain of trust in mobile follows a similar pattern.
1. Integrity of a payment transaction, an account update or a money transfer on
a banking site is based on trust with the user session. It requires trust that the
previously authenticated user still controls the transaction.
2. This brings us to the second kink in the chain. Not only do you need to protect
the user session but also establish the authenticity of the user. This requires
creating trust that the login credentials and user identity are not compromised.
When creating a new account, it requires establishing trust that the user is who
they say they are – and as we all know “on the Internet, nobody knows you’re a
dog.”
3. Going further down the chain of trust, how do you establish authentication
trust? You look at where the authentication originates – the device used to
establish the authentication handshake. Establishing that the mobile device
belongs to the user and has not been compromised is key to maintaining the
trusted chain.
Trust-Based Mobile Transactions
As established above, trust is key for all mobile transactions spanning payments, money
transfers to logins and new account creations. Any solution that protects the chain of trust
should revolve along these dimensions:
W H I T E PA P E R
Page10
Persona:
Establish the digital identity of the user by creating an identity fingerprint.
Transaction:
Establish the authenticity of the transaction by examining various attributes associated with any given
transaction, maintaining a baseline and looking for transactional anomalies. An example anomaly
sequence would look like:
• User logs in from suspicious device and location
• User changes passwords
• User changes information in payees list
• User initiates a payment to a new or modified payee.
Device:
Establish the unique identity of the mobile device and associated anomalies
Threats:
Determine whether an otherwise trusted user’s device, identity or session has been compromised
The Need for a Comprehensive Solution
Almost all businesses, particularly businesses such as ecommerce and banking that are transaction
oriented, have a comprehensive online presence. These businesses want consumers to conduct
transactions from all available channels – desktops/laptops/PCs and mobile.
Similarly, cybercriminals are also indiscriminate. They use multiple channels to infiltrate the online
presence of businesses. Cybercriminals attack the browsers on PCs (desktop/laptops) and target
browsers and apps on mobile devices.
Thus we need a comprehensive solution that spans PCs and mobile devices. Having a mobile-only
solution is a losing proposition. Worse, having different solutions for mobile versus PCs is fraught with
failure. That’s exactly what the cybercriminals are hoping for – solution silos that create wide gaps that
they can take advantage of.
The comprehensive solution should include:
• Browser anywhere – PCs or mobile devices
• Apps on mobile devices
Mobile Device Management (MDM) solutions only protect enterprise applications and users. Mobile-
based transactions for ecommerce and banking by millions of consumers need a comprehensive
trust-based identity solution that does not rely on specialized device management apps.
W H I T E PA P E R
Page11
ThreatMetrix Mobile Solution
TrustDefender™ Cybercrime Protection Platform
TrustDefender™ Cybercrime Protection Platform is a powerful, big data driven analytics platform that
delivers real-time threat and risk analysis for any interaction. It covers the four main analytic categories
described above: device, threat, persona and transaction intelligence.
TrustDefender is the only solution in the industry that offers comprehensive trust-based protection across
all channels, with a strong emphasis on integrated mobile web and mobile app protection. To stay ahead
of cybercriminal adversaries, the ThreatMetrix solution offers a powerful big-data analytics engine that
evaluates contextual data along multiple dimensions in real time:
Big Data Driven Profile Analytics
Performing a trillion data matches a second across 10,000 websites for 2000 trusted brands, ThreatMetrix
Persona ID technology analyzes full device, threat, identity and transaction context matched across global
device behavior profiles in 150ms or less.
W H I T E PA P E R
Page12
ThreatMetrix patented technology collects this data and creates a digital trust signature and profile
of the device and identity that is difficult for cybercriminals to subvert. Additional data is collected to
identify malicious threats and activities from malware.
Device Intelligence
ThreatMetrix Mobile Device Analytics is based on two technologies that help to uniquely fingerprint
each device – both mobile and PCs –thereby detecting cybercriminals and easily authenticating return-
ing customers without false positives:
• Exact ID: Positive identification and context-based authentication based on
cookies and multiple device identifiers across PCs and mobile device
• Smart ID: Cookie-less device identification using dynamic attribute matching based
on from network packet and browser fingerprints instead of static fingerprint matching
SmartID technology uses a machine learning approach that takes into account per-customer and
global device profile patterns to generate reliable device identifiers with confidence. Unlike other
fingerprint methods that are effectively static, ThreatMetrix SmartID provides adaptive, cookie-less
identification that is tolerant to incremental and non-linear changes.
Both SmartID and ExactID are globally unique and are generated in real-time based on data collected
for that transaction matched against billions of device profiles stored in the ThreatMetrix Global Trust
Intelligence Network.
In addition to identifying trusted users and known high risk attackers, ThreatMetrix cross-correlates
hardware, operating system, application, internet protocol and location-centric factors for multi-factor
authentication and spoofing detection.
Mobile Device Attributes
Mobile devices are different than laptop/desktops, so the ThreatMetrix solution uses different
techniques and algorithms to profile mobile-specific data. Attributes collected include:
• IMEI data (Android devices only)
• Carrier information
• Protocol information
• SIM card-related information
• Mobile device attributes
• Mobile device configuration related information
• Other supported mobile device Identifiers
W H I T E PA P E R
Page13
Other mobile-specific data such as GPS coordinates can add authentication context, assuming the
user has granted appropriate permissions.
Threat Intelligence
ThreatMetrix deploys advanced forensics, including operating system, application, browser and
network packet behavior, to detect any malicious threats associated with transactions. ThreatMetrix
transparently analyzes packet headers and their change in state over time to determine whether the
source is malicious or safe. It detects hidden risks by examining anonymous packet header data when
the client requests a web page. Based on this technology, the solution can determine whether the
originating device is being masked or tunneled by anonymous or hidden proxies or subject Man-in-
the-Middle attack. Techniques used to detect these threats include:
• Detection of VPN use
• Detection of out-of-country satellite, dialup or mobile broadband connections
• Proxy piercing to detect true IP address and true geolocation data
• Detection of mismatch between operating system information detected by the
browser and operating system information reported by packet information
• Detection of device anomalies suggest a jail-broken device
or a transaction spoofing mobile device properties
The technology includes patent-pending web page fingerprinting that detects any changes to the
web page by malware through Man-In-the-Middle and Man-In-the-Browser attacks. This is powerful
whitelisting-type technology does not depend on traditional malware signature matching. Any at-
tempt by malware to modify the web page by introducing any new elements or JavaScript is instantly
recognized. Combined with other packet and browser based indicators, ThreatMetrix provides higher
confidence scoring of malware on the PC or mobile device.
Contextual Data-Driven Analytics
ThreatMetrix can securely incorporate data that provides context on the user persona and transaction.
Context data helps complete the picture for analysis and risk scoring, as well as build the PersonaID
that represents the digital fingerprint of a user. Transaction data describes how a given user interacts
and behaves, providing additional context to reconcile historic behavior with the current action.
Persona Intelligence
ThreatMetrix customers can choose to send hundreds of attributes representing the digital fingerprint
of a user to the global network. All information is securely encrypted using the customer’s private keys.
Privacy is never compromised.
W H I T E PA P E R
Page14
In return, ThreatMetrix PersonaID helps identify returning customers and provides a baseline for good
behavior. In situations when cybercriminals are creating fictitious identities or using stolen identities
for account takeover, PersonaID detects and flags behavior anomaly. Examples of attributes that
represent a PersonaID include:
• Account login information including account name and password hash
• Geo address associated with the user including street address, city, state, etc.
• Shipping address frequently used
• Driver license and SSN where applicable
The persona information is matched with devices that the user owns. This creates a profile of the user
associated with typical devices used and typical transactions performed.
Transaction Intelligence
Transaction data provides another layer of context. In addition to persona, device and threat
intelligence, customers can get precise real-time analytics for the specific transaction. The risk posture
and acceptance of risk levels depends on the transaction and overall use case. The risk tolerance as-
sociated with a payment transaction for a big-ticket purchase at an ecommerce site is different than a
new account origination for a user review site. By combining analytics based on persona information
with device information, threat vector, and the overall analytics on transactions, ThreatMetrix can pro-
vide accurate results and policy-based risk scoring regarding the authenticity of the given transaction.
W H I T E PA P E R
Page15
Global Context – Global Trust Intelligence Network
Most consumers interact with multiple online businesses across the globe. They purchase merchan-
dise from auction sites and retailers, book tickets to concerts through ticketing sites, watch the latest
blockbuster movies by buying movie tickets online, purchase and discuss their vacations on travel
sites, and pay their bills and manage account balances by banking online.
Most of these businesses are ThreatMetrix customers. This breadth of coverage gives ThreatMetrix
unprecedented insight and information on the identity and behavior of online consumers. ThreatMetrix
uses this data to create a global cyber identity for a user based on the information profiled across its
entire global customer base. With global intelligence, ThreatMetrix is able to precisely identify genuine
users by correlating PersonaID with associated DeviceID across the ThreatMetrix customer base. At
the same time, when a cybercriminal’s persona and device is blacklisted for one customer, all Threat-
Metrix customers across the globe immediately benefit from this intelligence.
ThreatMetrix uses its big data analytics platform to harness the power of crowd-sourcing information
about good and bad actors across its global customer base.
Customizable Context, Real-time Policy Engine
ThreatMetrix offers a highly customizable policy engine that combined the analytics described above
with business rules meaningful for the customer. Customers can precisely control the risk posture and
thresholds for different types of transactions (new account originations, payments) based on their risk
appetite. ThreatMetrix TrustDefender Cybercrime Platform delivers:
• Policy engine – Real-time policy-based trust scoring and assessment
about the device, person, associations, behavior and threats
• Industry best practices – Out-of-the-box coverage for many risks based
on real-world experience across thousands of organizations
• Behavioral analysis – Complex risk assessment and analysis
based on past user and device behavior
• Full customization – Complete flexibility to set thresholds, custom
data fields, customize policies and fine-tune risk analysis based
on your specific business requirements and use cases
W H I T E PA P E R
Page16
Mobile App and Browser Integration
Mobile devices offer two channels of communication:
• Browsers that can be used to access mobile enhanced or the general websites
• Mobile apps that offer native interaction
Correspondingly, ThreatMetrix deploys two sets of technologies to collect data from mobile devices.
TrustDefender™ Mobile for Native Applications
ThreatMetrix TrustDefender™ Mobile offers native integration with mobile apps to collect a wide ar-
ray of attributes about the mobile device. With an easy to use set of APIs as part of the Mobile SDK,
developers can embed native data collection in any mobile app. Currently TrustDefender™ Mobile is
supported for Apple iOS and Android platforms.
TrustDefender™ Cloud for Mobile Browsers
ThreatMetrix TrustDefender™ Cloud is a seamless SaaS-based solution that profiles users and devices
accessing Internet facing web applications via browsers – both on mobile devices and PCs (desktops/
laptops). TrustDefender™ Cloud uses web scripts and other sophisticated techniques to collect a wide
array of attributes from these end devices.
ThreatMetrix Solution Integration and Data Flow
The picture below describes the integration model and execution path for both mobile apps and
browsers (across mobile devices and PCs).
W H I T E PA P E R
Page17
1. The user’s device is profiled. The profiling behavior is as follows:
a. TrustDefender Cloud: The user navigates to a website using a browser either on a laptop/
desktop or a mobile device. The web browser executes the profiling tags; the browser
collects and transmits device related attributes and the Session ID to the ThreatMetrix
platform.
b. TrustDefender Mobile: When the user invokes the mobile app, the embedded TrustDefender
Mobile SDK generates a session ID and collects mobile device-related information.
2. The Session ID and the device related attributes are transmitted to the TrustDefender
Cybercrime Protection Platform.
3. The user completes their session and the Session ID is transmitted to the customer’s web
application along with session data that the application usually receives (e.g. username,
password hash, transaction value etc…)
4. The customer’s web application performs a session query to the ThreatMetrix platform that
triggers the policy engine to perform a configurable analysis of the session. The ThreatMetrix
platform then returns detailed information regarding the session, enabling the customer’s web
application to take action based on the outcome of the executed rules.
Case studyProblem Statement
An ecommerce company had released a mobile app for improved customer interaction on mobile devices. The
mobile app facilitated online purchases of merchandise and gift cards. Within a few months the organization
saw increased losses due to fraud through the mobile app. Cybercriminals were using stolen credit cards to
purchase merchandise and gift cards that were then sold in the secondary market at reduced prices. The
company was losing substantial money due to fraudulent transactions in addition to brand damage.
Mobile Solution
The company deployed TrustDefender™ Cloud and TrustDefender™ Mobile to collect comprehensive data.
TrustDefender™ Cybercrime Protection Platform was used for several analytics such as:
Browser and App Spoofing Detection
Cybercriminals were spoofing browser attributes to make it appear as though the user was connecting from
Safari on iPad. The modus operandi of the attack was to exploit differences in fraud and authentication policies
applied to mobile vs regular web channel. Based on the data collected and analytics performed, ThreatMetrix
was able to detect that the connection was initiated through a Debian Linux script.
W H I T E PA P E R
Page18
Proxy Piercing to Detect True Location
The company was able to detect fraud activity by profiling geolocation data of the mobile device.
Cybercriminals would leverage VPN and browser proxies to disguise their location. ThreatMetrix
solution identified true locations and blocked those users.
Example1:
Example 2:
W H I T E PA P E R
Page19
© 2013 ThreatMetrix. All rights reserved. ThreatMetrix, TrustDefender ID, TrustDefender Client, TrustDefender Cloud, TrustDefender Mobile, ThreatMetrix SmartID, ThreatMetrix ExactID, the ThreatMetrix Cybercrime Defender Platform, and the ThreatMetrix logo are trademarks or registered trademarks of ThreatMetrix in the United States and other countries. All other brand, service or product names are trademarks or registered trademarks of their respective companies or owners.
V.7.10.2013
For more information, please visit us at:
www.threatmetrix.com
Detect when the same mobile device is used to make multiple purchases with different identities within a short period of time
With analytics that span device and persona information, ThreatMetrix was able to detect
anomalous behavior in which the same mobile device was used in several transactions with
multiple identities.
Detect when the same mobile device is used across multiple accounts
Once again, combining authentication and historic contextual data with device information, Threat-
Metrix was able to highlight anomalous behavior, accessing multiple unrelated accounts from a single
mobile device.
SummaryBusinesses cannot afford not to participate in the mobile revolution. Unfortunately cybercriminals
have already made inroads into leveraging mobile as an additional attack vector. When looking at
the mobile landscape and the opportunities and threats posed, it is important to consider mobile web
transactions, native mobile apps and traditional online web presence holistically. Otherwise, attackers
will exploit the gaps in your defenses.
ThreatMetrix offers the most comprehensive and consolidated security solution for mobile
transactions. For more information on ThreatMetrix solutions for mobile,
visit www.threatmetrix.com.