Behavioural analysis and digital ID slash fraud

This year has witnessed an increase in automated fraud with bots attacking the access and payment rights of millions of consumers. Criminal gangs are obtaining information, then hitting multiple banks, retailers and other businesses. But as companies fight back, they may be concentrating on old-fashioned authorisation and missing the importance of dynamic analysis of customer behaviour.

Typically, automated attackers will take user credentials and test them to access or open accounts. Cyber criminals may also try calling a person, pretending to be conducting a security check and getting them to install software that steals their credentials.

Research by ThreatMetrix, the digital identity company, shows that in the last quarter, most automated bot attacks came from the United States, Germany, China, India, Vietnam, Brazil and Russia. South America became a common location for account origination attacks, while Europe is the key originator of account takeovers targeting bank and online store customers.

“With so much personal information on the dark web, people are transacting every day with credentials already in the hands of cyber criminals,” says Alisdair Faulkner, chief products officer at ThreatMetrix. “To know what to authorise, businesses have to analyse real-time behaviour and the genuine identity of people trying to access their systems.”

ThreatMetrix, which stopped 144 million attacks and 300 million bot attacks in the last three months alone, looks at the transactional devices used, the web browsers or mobile apps, identity information and where users claim to be located. They capture and anonymise data, comparing usage patterns.

By using intelligent analysis, a seller can keep processes simple and know whether a transaction attempt was by the account holder

“If we see the same device using a large number of e-mail addresses, a flag is raised,” says Mr Faulkner. “And if we see that device appearing in the UK when we know it is in Vietnam, there is something suspicious going on.” Such factors can be combined with how the user normally transacts, at what times and on what devices or which sort of transactions they favour.

Traditionally, businesses have struggled to block fraud in this way, relying instead on static login passwords that do not spot many of the danger signs and sometimes on laborious authentication steps, requiring additional fobs or tokens for access.

Sellers are at risk of blocking genuine transactions, causing substantial revenue and brand damage. As an example, a user known to have had data stolen and sold on the dark web would normally be asked by a bank or seller to change their password. But each extra step makes a genuine customer more likely to drop out. By using intelligent analysis, a seller can keep processes simple and know whether a transaction attempt was by the account holder.

 

Financial firms such as Lloyds Banking Group and Rabobank, and apps and websites such as Badoo, are already using ThreatMetrix. Other industries include media and communications, which can check the real location of people trying to stream content.

Such systems balance privacy and anonymity, helping consumers make transactions more easily and quickly, while preventing fraudulent activity. “Consumers want to reclaim their digital identity and privacy while at the same time being better protected,” says Mr Faulkner. “Knowing this, there is the opportunity to anonymise and analyse a range of information, enabling billions of frictionless real transactions while protecting against fraud.”

Applying such intelligence allows online businesses to recreate the personal and easy buying experience that bricks-and-mortar firms thrive on. Mr Faulkner explains: “You go into a store expecting a service, not to have to jump through hoops. It’s the same with digital identity, ultimately you can be safe and get the services you want, with one click instead of many.”

To find out how to use digital identity and behaviour analysis to secure your customers and ease transactions please visit threatmetrix.com