Feeding the Beast-How Fraud Tools Bring Context into Authentication (Gartner Report Part 2)
1 like115 views
The document discusses the evolution of identity capabilities in cybersecurity, focusing on the Trusted Identity Capabilities Model (TICM) which integrates fraud detection and identity proofing. It emphasizes the interdependence of authentication processes and analytics in adapting to fraud prevention, while advocating for a continuous and contextual approach to identity verification. The presentation concludes by highlighting the importance of user experience in driving organizational change towards protecting against digital fraud.
Feeding the Beast-How Fraud Tools Bring Context into Authentication (Gartner Report Part 2)
- 1. GARTNER’S CONVERGED & COMPELLING FUTURE MICHAEL THELANDER, SR DIR PRODUCT MARKETING LEVERAGING THE TRUSTED IDENTITY CAPABILITIES MODEL - PART 2 JUNE 2018
- 2. 2 MICHAEL THELANDER S E N I O R D I R E C T O R P R O D U C T M A R K E T I N G , I O V A T I O N CISSP-trained through SANS with experience in configuration security and authentication 25 years in product management and product marketing, with the last 10 focused on cyber security Articles have appeared in SC Magazine, IT Professional Magazine, CyberDefense Magazine, and SoftwareCEO.com Drives go-to-market initiatives at iovation
- 3. 3 WE’VE TURNED A CORNER
- 4. 4
- 5. 5 FRAUD & RISK 1st and 3rd Party Fraud Identity Theft Application Fraud Online Abuse Policy Violation CYBERSECURITY Identity and Access Mgmt Account Takeover Session Hijacking Man-in-the-Middle Attacks SCA for PSD2 USER EXPERIENCE Grow the Business Reduce Friction Improve NPS Omni-channel Access Increased Visits/Month Cross-device Experience
- 6. 6 HOW CAN WE COMMUNICATE ACROSS TEAMS?
- 7. 7 HOW CAN WE COMMUNICATE ACROSS TEAMS?
- 8. 8 EXPLORING GARTNER’S TICM T H E T R U S T E D I D E N T I T Y C A P A B I L I T I E S M O D E L
- 9. 9 SESSION 2 AGENDA H O W F R A U D P R E V E N T I O N T O O L S F E E D C O N T E X T I N T O T H E T I C M M O D E L 3 2 1
- 10. FRAUD SIGNALS CONTEXT IS THE KEY TO STOPPING FRAUD
- 11. 11 TR U STED ID EN TITY C A PA B ILITIES MOD EL ( TIC M)T H E L E G A C Y V I E W O F I D E N T I T Y A S S U R A N C E , I D P R O O F I N G A N D A U T H E N T I C A T I O N In the “legacy” enterprise view, ID Proofing and recurring authentication are clearly separated ID Proofing is used at account creation, and User Authentication is used at account login Online fraud detection is not a significant factor in this model, and is managed elsewhere
- 12. 12 TR U STED ID EN TITY C A PA B ILITIES MOD EL ( TIC M) T H E T I C M E X P A N D S I N T O F D P U S E C A S E S Significant changes in the TICM view: The inclusion of on Online Fraud Detection tools expands the scope of all activities, even ID proofing Key terms arrive – “contextual” and “triangulation” – to indicate new analytics They also note that
- 13. 13 TR U STED ID EN TITY C A PA B ILITIES MOD EL ( TIC M) T H E T I C M E X P A N D S I N T O F D P U S E C A S E S Significant changes in the TICM view: The inclusion of on Online Fraud Detection tools expands the scope of all activities, even ID proofing Key terms arrive – “contextual” and “triangulation” – to indicate new analytics They also note that • Point-in-time activities become “continuous” • “Context” is a key missing ingredient • Solutions go from silos to “complementary” • A new need develops: Dynamic Authentication which is…. • Continuous • Contextual • Complementary
- 14. 14 TR U STED ID EN TITY C A PA B ILITIES MOD EL ( TIC M) T H E N E W M O D E L Now all areas are interdependent Trust elevation – or step-up authentication – strongly leverages risk and integrity signals ID Proofing can be re- established at any point in the customer journey Analytics “yield greater value than crude KBA” in this process
- 15. 15 TR U STED ID EN TITY C A PA B ILITIES MOD EL ( TIC M) T H E N E W M O D E L Now all areas are interdependent Trust elevation – or step-up authentication – strongly leverages risk and integrity signals ID Proofing can be re- established at any point in the customer journey Analytics “yield greater value than crude KBA” in this process
- 16. 16 TR U STED ID EN TITY C A PA B ILITIES MOD EL ( TIC M) T H E N E W M O D E L Now all areas are interdependent Trust elevation – or step-up authentication – strongly leverages risk and integrity signals ID Proofing can be re- established at any point in the customer journey Analytics “yield greater value than crude KBA” in this process “One of the authors had a client interaction that was particularly telling: A team in a bank was looking at new customer authentication methods, and was particularly interested in the potential value of analytics and an adaptive access approach, without being aware of the overlap of these techniques with OFD, which was the province of a completely different team within the bank.”
- 17. 17 TR U STED ID EN TITY C A PA B ILITIES MOD EL ( TIC M) Device-based fraud prevention tools are good at detecting relationships and behavioral signals Fraud detection products (like iovation FraudForce) enable these functions
- 18. 18 TR U STED ID EN TITY C A PA B ILITIES MOD EL ( TIC M) Authentication and Online Fraud Detection make the most use of common tools and signals Identity proofing provides the critical ingredient of Third-Party Credentials The combination of “ID Proofing + Online Fraud Detection” provides, in this model, the strongest
- 19. USING SIGNALS HOW CONTEXT DRIVES ADAPTIVE AUTHENTICATION
- 20. 20 CLEARKEY D E V I C E - B A S E D A U T H E N T I C A T I O N F O R B E T T E R C U S T O M E R E X P E R I E N C E Match Grant Access Poor Match (or Risk Signals) Jailbroken • Rooted • Anomalies • Watchlist • Configuration • Emulator Account-to- Device Pairing & Risk Evaluation Original Device Print Customer Access Device Registration SUCCESS Step-Up *** ***Returning Device Print
- 21. 21 HOW DEVICE RISK DRIVES AUTHENTICATION EvidenceDevice & Age Risk Profile Geo- location Anomaly Watch ListsVelocity ISP Watch List Transactions per Account Timezone / Geo Mismatch Subscriber Evidence Exists Transaction Amount Range Geolocation Mismatch Device new to Subscriber IP Address Range List Global Trans Device Velocity Device Not Provided Evidence Exists Billing/Shipping Mismatch Proxy In Use New Device, Existing Acct Email Domain List Countries Per Acct or Device Suspect Device Data IP Address RiskCountry List Age of the Association Browser Language Trans per IP/Device/Acct TOR Exit Node IP Device Risk (Local or Global) Mobile Carrier Country List Registered Acct/Dev Pair ISP Organization List $S Value per Device or Acct VM in Use Language and Country Risk IP Address Distance Device Type List Devices per Account Mobile Emulator Detected Jailbreak/Root Detected IP Address Mismatch Accts (Created) per Device ISP Mismatch
- 22. 22 HOW DEVICE RISK DRIVES AUTHENTICATION EvidenceDevice & Age Risk Profile Geo- location Anomaly Watch ListsVelocity ISP Watch List Transactions per Account Timezone / Geo Mismatch Subscriber Evidence Exists Transaction Amount Range Geolocation Mismatch Device new to Subscriber IP Address Range List Global Trans Device Velocity Device Not Provided Evidence Exists Billing/Shipping Mismatch Proxy In Use New Device, Existing Acct Email Domain List Countries Per Acct or Device Suspect Device Data IP Address RiskCountry List Age of the Association Browser Language Trans per IP/Device/Acct TOR Exit Node IP Device Risk (Local or Global) Mobile Carrier Country List Registered Acct/Dev Pair ISP Organization List $S Value per Device or Acct VM in Use Language and Country Risk IP Address Distance Device Type List Devices per Account Mobile Emulator Detected Jailbreak/Root Detected IP Address Mismatch Accts (Created) per Device ISP Mismatch NO RISK DETECTED +1000
- 23. 23 HOW DEVICE RISK DRIVES AUTHENTICATION EvidenceDevice & Age Risk Profile Geo- location Anomaly Watch ListsVelocity ISP Watch List Transactions per Account Timezone / Geo Mismatch Subscriber Evidence Exists Transaction Amount Range Geolocation Mismatch Device new to Subscriber IP Address Range List Global Trans Device Velocity Device Not Provided Evidence Exists Billing/Shipping Mismatch Proxy In Use New Device, Existing Acct Email Domain List Countries Per Acct or Device Suspect Device Data IP Address RiskCountry List Age of the Association Browser Language Trans per IP/Device/Acct TOR Exit Node IP Device Risk (Local or Global) Mobile Carrier Country List Registered Acct/Dev Pair ISP Organization List $S Value per Device or Acct VM in Use Language and Country Risk IP Address Distance Device Type List Devices per Account Mobile Emulator Detected Jailbreak/Root Detected IP Address Mismatch Accts (Created) per Device ISP Mismatch SLIGHT RISK DETECTED +200
- 24. 24 HOW DEVICE RISK DRIVES AUTHENTICATION EvidenceDevice & Age Risk Profile Geo- location Anomaly Watch ListsVelocity ISP Watch List Transactions per Account Timezone / Geo Mismatch Subscriber Evidence Exists Transaction Amount Range Geolocation Mismatch Device new to Subscriber IP Address Range List Global Trans Device Velocity Device Not Provided Evidence Exists Billing/Shipping Mismatch Proxy In Use New Device, Existing Acct Email Domain List Countries Per Acct or Device Suspect Device Data IP Address RiskCountry List Age of the Association Browser Language Trans per IP/Device/Acct TOR Exit Node IP Device Risk (Local or Global) Mobile Carrier Country List Registered Acct/Dev Pair ISP Organization List $S Value per Device or Acct VM in Use Language and Country Risk IP Address Distance Device Type List Devices per Account Mobile Emulator Detected Jailbreak/Root Detected IP Address Mismatch Accts (Created) per Device ISP Mismatch MODERATE RISKS DETECTED -500 PIN
- 25. 25 HOW DEVICE RISK DRIVES AUTHENTICATION EvidenceDevice & Age Risk Profile Geo- location Anomaly Watch ListsVelocity ISP Watch List Transactions per Account Timezone / Geo Mismatch Subscriber Evidence Exists Transaction Amount Range Geolocation Mismatch Device new to Subscriber IP Address Range List Global Trans Device Velocity Device Not Provided Evidence Exists Billing/Shipping Mismatch Proxy In Use New Device, Existing Acct Email Domain List Countries Per Acct or Device Suspect Device Data IP Address RiskCountry List Age of the Association Browser Language Trans per IP/Device/Acct TOR Exit Node IP Device Risk (Local or Global) Mobile Carrier Country List Registered Acct/Dev Pair ISP Organization List $S Value per Device or Acct VM in Use Language and Country Risk IP Address Distance Device Type List Devices per Account Mobile Emulator Detected Jailbreak/Root Detected IP Address Mismatch Accts (Created) per Device ISP Mismatch RISK LEVELS EXCEEDED – DENY OR STEP- UP -1,000 Call Customer Service
- 26. 26 FLEXIBLE CHALLENGE MANAGEMENT I N T E G R A T E S W I T H O T H E R S Y S T E M S T O P R O V I D E E N D - T O - E N D A U T H E N T I C A T I O N AUTHORIZED UNAUTHORIZED AUTHORIZED UNAUTHORIZED Allow Allow or challenge, review high risk transactions Challenge, then register Deny LOW RISK LOW RISK HIGH RISKMODERATE RISK LOG IN
- 27. NEXT STEPS MAPPING THE CONVERGED FUTURE
- 28. 28 TR U STED ID EN TITY C A PA B ILITIES MOD EL ( TIC M) C O M M O N G R O U N D : F A M I L I A R P E O P L E v s . S T R A N G E P E O P L E
- 29. 29 TR U STED ID EN TITY C A PA B ILITIES MOD EL ( TIC M) C O M M O N G R O U N D : F A M I L I A R P E O P L E v s . S T R A N G E P E O P L E
- 30. OUR NEXT WEBINAR HOW USER EXPERIENCE DRIVES CONVERGENCE
- 31. 31 DRIVERS OF ORGANIZATIONAL CHANGE U S E R E X P E R I E N C E A N D T H E C U S T O M E R J O U R N E Y LOGIN CHANGE ACCOUNT DETAILSCHECK BALANCES TRANSFER MONEY ACCOUNT CREATION / LOAN ORIGINATION MAKE OR SCHEDULE DEPOSITS PAY BILLS LIGHTWEIGHT DEVICE-BASED AUTHENTICATION SIGNALS FROM ONLINE FRAUD DETECTION STRONG MULTIFACTOR AUTHENTICATION
- 32. 32 GET A FREE COPY OF THE REPORT iovation.com/resources/reports
- 33. Q&A
- 34. CONTACT US www.iovation.com @TheOtherMichael SENIOR DIRECTOR PRODUCT MARKETING MICHAEL THELANDER michael.thelander@iovation.com 503.943.6700