Lunch and Learn: Recognising the Good Guys
Download as PPTX, PDF0 likes91 views
The document discusses the use of fraud prevention technologies, specifically device recognition, to enhance customer authentication experiences while minimizing friction. It outlines the various device attributes that can create unique digital fingerprints for improved security and adaptability in authentication processes. Additionally, real-world examples illustrate how implementing device-based authentication has resulted in significantly improved user experiences across online gaming, retail, and banking sectors.
Lunch and Learn: Recognising the Good Guys
- 1. MICHAEL THELANDER, SR DIR OF PRODUCT MARKETING U SIN G “ FR AU D PR EVEN TION ” TEC H N OLOGIES TO D ELIVER BETTER AU TH EN TIC ATION DECEMBER 2017 RECOGNISING THE GOOD GUYS
- 2. 2
- 3. 3 Is this a fraudster? Have we been hit by this person before? Has anyone else been fooled? What are the signals that alarm us? Is this a great customer? How can I give them a better experience? Can I stop ATO? Can authentication have less friction?
- 4. AGENDA 4 WHAT IS DEVICE RECOGNITION? WHAT ARE THE RESULTS? CAN WE DETECT EVASION ACTIVITY? DO WE GET BETTER SECURITY?
- 5. WHAT IS DEVICE RECOGNITION? AND WHAT CAN YOU DO WITH IT?
- 6. 6 THE DNA OF A DEVICE HUNDREDS OF DEVICE ATTRIBUTES COMBINE TO CREATE A DIGITAL FINGERPRINT
- 7. 7 WiFi (or Bluetooth) MAC Address Network configuration iOS Device Model Battery level / AC mode Device orientation File system size Physical memory Number attached accessories Has proximity sensor? Screen brightness and resolution System uptime iOS Device Name (MD5 Hash) OS Name and/or version Device advertising UUID Kernel version iCloud Ubiquity Token Application Vendor UUID /name/vers Is Simulator? THE DNA OF A DEVICE HUNDREDS OF DEVICE ATTRIBUTES COMBINE TO CREATE A DIGITAL FINGERPRINT Locale language / currency code WiFi MAC Address Bluetooth MAC Address Network configuration Is plugged in? Device orientation File system size Physical memory CPU Type CPU count CPU Speed Screen brightness Screen resolution System uptime iOS Device Name (MD5 Hash) Device advertising UUID Current latitude Current longitude Current altitude Application Vendor UUID Bundle ID Application Version Application name Process name Executable name Application orientation Locale language code Locale currency code Are location services enabled? Time zone Currently registered radio technology Carrier name Carrier ISO country code Carrier mobile country code Carrier mobile network code Does carrier allow VOIP?These attributes combine to provide a unique, indisputable digital fingerprint
- 8. 8 CLEARKEY D E V I C E - B A S E D A U T H E N T I C A T I O N F O R B E T T E R C U S T O M E R E X P E R I E N C E Machine learning compares user devices Transparent authentication eliminates friction Turns the user’s device into a possession factor Adaptive, contextual response drives subsequent authentication strategies and actions MINIMUM THRESHOLD MAXIMUM THRESHOLD Original Device Print Returning Device Print DEVICE ID IP / GEO DEVICE CONTEXTINTEGRITY REPUTATION
- 9. Match Grant Access No Match or Risk Signals • Rooted • Jailbroken • Anomalies • Watchlist • Configuration • Emulator Account-to- Device Pairing & Risk Evaluation Persistent Session Token Login User Access Customer Access Login Device Registration SUCCESS Step-Up *** HOW CLEARKEY WORKS D E V I C E - B A S E D A U T H E N T I C A T I O N F O R B E T T E R C U S T O M E R E X P E R I E N C E ***
- 11. 11 CLEARKEY R E G I S T E R O R “ P A I R ” T H E D E V I C E D U R I N G T H E C U S T O M E R ’ S J O U R N E Y
- 12. 12 CLEARKEY CUSTOMER EXAMPLES M E A S U R I N G R E S U L T S Positive Match, minimal change No device associated with the account New registrations as a % A device is registered, but it’s not this one
- 13. 13 OPTIMUM EXPERIENCE FOR ONLINE GAMING M O B I L E A P P “ O P T - I N ” U S I N G D E D I C A T E D E M A I L & E X P L A I N E R True out-of-band solution: Good experience for majority, but did require some tuning Variations in workflow and offerings required tuning, but now delivering highest recognition rate of all customers at over 95%
- 14. 14 OPTIMUM EXPERIENCE FOR ONLINE RETAIL W E B B R O W S E R “ O P T - I N ” W I T H D E D I C AT E D P R O M P T P A G E Many users receive immediate benefit from improved experience Dedicated prompt page explained the value of registering a device, made a “don’t remember me” option available
- 15. 15 OPTIMUM EXPERIENCE FOR ONLINE BANKING M O B I L E A P P W I T H A U T O - R E G I S T R A T I O N O N D O W N L O A D Many users benefit from improved experience within 6 months Almost 85% of users see expedited journey with no step-up authentication until a higher-risk action is taken
- 16. 16 ON TOP OF THAT, STOP ATO A C U S T O M E R Q U O T E “With ClearKey in place we’ve virtually eliminated successful account takeovers … even though attempts are at an all-time high because of the stolen credential market.”
- 17. CAN WE DETECT EVASION ACTIVITY? WHAT IF THEY DON’T WANT TO BE RECOGNISED?
- 18. 18 RISK INSIGHT FROM THE USER’S DEVICE EvidenceDevice & Age Risk Profile Geo- location Anomaly Watch ListsVelocity ISP Watch List Transactions per Account Timezone / Geo Mismatch Subscriber Evidence Exists Transaction Amount Range Geolocation Mismatch Device new to Subscriber IP Address Range List Global Trans Device Velocity Device Not Provided Evidence Exists Billing/Shipping Mismatch Proxy In Use New Device, Existing Acct Email Domain List Countries Per Acct or Device Suspect Device Data IP Address RiskCountry List Age of the Association Browser Language Trans per IP/Device/Acct TOR Exit Node IP Device Risk (Local or Global) Mobile Carrier Country List Registered Acct/Dev Pair ISP Organization List $S Value per Device or Acct VM in Use Language and Country Risk IP Address Distance Device Type List Devices per Account Mobile Emulator Detected Jailbreak/Root Detected IP Address Mismatch Accts (Created) per Device ISP Mismatch POSITIVE RULES TRIGGERED EVASION RULES TRIGGERED
- 19. 19 RISK INSIGHT FROM THE USER’S DEVICE EvidenceDevice & Age Risk Profile Geo- location Anomaly Watch ListsVelocity ISP Watch List Transactions per Account Timezone / Geo Mismatch Subscriber Evidence Exists Transaction Amount Range Geolocation Mismatch Device new to Subscriber IP Address Range List Global Trans Device Velocity Device Not Provided Evidence Exists Billing/Shipping Mismatch Proxy In Use New Device, Existing Acct Email Domain List Countries Per Acct or Device Suspect Device Data IP Address RiskCountry List Age of the Association Browser Language Trans per IP/Device/Acct TOR Exit Node IP Device Risk (Local or Global) Mobile Carrier Country List Registered Acct/Dev Pair ISP Organization List $S Value per Device or Acct VM in Use Language and Country Risk IP Address Distance Device Type List Devices per Account Mobile Emulator Detected Jailbreak/Root Detected IP Address Mismatch Accts (Created) per Device ISP Mismatch +1000POSITIVE RULES TRIGGERED EVASION RULES TRIGGERED
- 20. 20 RISK INSIGHT FROM THE USER’S DEVICE EvidenceDevice & Age Risk Profile Geo- location Anomaly Watch ListsVelocity ISP Watch List Transactions per Account Timezone / Geo Mismatch Subscriber Evidence Exists Transaction Amount Range Geolocation Mismatch Device new to Subscriber IP Address Range List Global Trans Device Velocity Device Not Provided Evidence Exists Billing/Shipping Mismatch Proxy In Use New Device, Existing Acct Email Domain List Countries Per Acct or Device Suspect Device Data IP Address RiskCountry List Age of the Association Browser Language Trans per IP/Device/Acct TOR Exit Node IP Device Risk (Local or Global) Mobile Carrier Country List Registered Acct/Dev Pair ISP Organization List $S Value per Device or Acct VM in Use Language and Country Risk IP Address Distance Device Type List Devices per Account Mobile Emulator Detected Jailbreak/Root Detected IP Address Mismatch Accts (Created) per Device ISP Mismatch POSITIVE RULES TRIGGERED EVASION RULES TRIGGERED Watch ListsVelocity ISP Watch List Transactions per Account IP Address Range List Global Trans Device Velocity Email Domain List Countries Per Acct or Device Browser Language Trans per IP/Device/Acct ISP Organization List $S Value per Device or Acct Device Type List Devices per Account +500
- 21. 21 RISK INSIGHT FROM THE USER’S DEVICE EvidenceDevice & Age Risk Profile Geo- location Anomaly Watch ListsVelocity ISP Watch List Transactions per Account Timezone / Geo Mismatch Subscriber Evidence Exists Transaction Amount Range Geolocation Mismatch Device new to Subscriber IP Address Range List Global Trans Device Velocity Device Not Provided Evidence Exists Billing/Shipping Mismatch Proxy In Use New Device, Existing Acct Email Domain List Countries Per Acct or Device Suspect Device Data IP Address RiskCountry List Age of the Association Browser Language Trans per IP/Device/Acct TOR Exit Node IP Device Risk (Local or Global) Mobile Carrier Country List Registered Acct/Dev Pair ISP Organization List $S Value per Device or Acct VM in Use Language and Country Risk IP Address Distance Device Type List Devices per Account Mobile Emulator Detected Jailbreak/Root Detected IP Address Mismatch Accts (Created) per Device ISP Mismatch POSITIVE RULES TRIGGERED EVASION RULES TRIGGERED Watch ListsVelocity ISP Watch List Transactions per Account IP Address Range List Global Trans Device Velocity Email Domain List Countries Per Acct or Device Browser Language Trans per IP/Device/Acct ISP Organization List $S Value per Device or Acct Device Type List Devices per Account Watch Lists ISP Watch List IP Address Range List Email Domain List Browser Language ISP Organization List Device Type List Watch Lists Device Type List -500
- 22. 22 RISK INSIGHT FROM THE USER’S DEVICE EvidenceDevice & Age Risk Profile Geo- location Anomaly Watch ListsVelocity ISP Watch List Transactions per Account Timezone / Geo Mismatch Subscriber Evidence Exists Transaction Amount Range Geolocation Mismatch Device new to Subscriber IP Address Range List Global Trans Device Velocity Device Not Provided Evidence Exists Billing/Shipping Mismatch Proxy In Use New Device, Existing Acct Email Domain List Countries Per Acct or Device Suspect Device Data IP Address RiskCountry List Age of the Association Browser Language Trans per IP/Device/Acct TOR Exit Node IP Device Risk (Local or Global) Mobile Carrier Country List Registered Acct/Dev Pair ISP Organization List $S Value per Device or Acct VM in Use Language and Country Risk IP Address Distance Device Type List Devices per Account Mobile Emulator Detected Jailbreak/Root Detected IP Address Mismatch Accts (Created) per Device ISP Mismatch POSITIVE RULES TRIGGERED EVASION RULES TRIGGERED Watch ListsVelocity ISP Watch List Transactions per Account IP Address Range List Global Trans Device Velocity Email Domain List Countries Per Acct or Device Browser Language Trans per IP/Device/Acct ISP Organization List $S Value per Device or Acct Device Type List Devices per Account Watch Lists ISP Watch List IP Address Range List Email Domain List Browser Language ISP Organization List Device Type List -1000
- 23. DO WE GET BETTER SECURITY? WHAT ABOUT PSD2’s SCA REQUIREMENTS?
- 24. 24 DEFINING MULTIFACTOR AUTHENTICATION S T R O N G A N D F L E X I B L E A U T H E N T I C A T I O N Something you KNOW
- 25. 25 DEFINING MULTIFACTOR AUTHENTICATION S T R O N G A N D F L E X I B L E A U T H E N T I C A T I O N Something you KNOW Something you ARE Identity verified
- 26. 26 DEFINING MULTIFACTOR AUTHENTICATION S T R O N G A N D F L E X I B L E A U T H E N T I C A T I O N Something you KNOW Something you ARE Something you HAVE
- 29. QUESTIONS ? www.iovation.com @TheOtherMichael SENIOR DIRECTOR OF PRODUCT MARKETING MICHAEL THELANDER michael.thelander@iovation.com 001.1.503.943.6700