Balancing Customer Requirements and IT Service Standardisation
Balancing Security and Customer Experience
Transcript of Balancing Security and Customer Experience
WEBINAR
BALANCING SECURITY & CUSTOMER EXPERIENCE
7/19/16
MAX ANHOURY , VP, Global Partnerships
AGENDA
2
n Introductionn Fraud & Security Trendsn Frictionless Security Across the
Consumer Journeyn Summary
3
IOVATION INC.
SOLUTIONS: Authentication and Fraud Prevention
CUSTOMERS: 450+, 6 Continents, 18 Time Zones
FOUNDED: 2004
CUSTOMER RETENTION: 96%
HEADQUARTERS: Portland, Oregon
EMPLOYEES: 125
INVESTORS: Intel Capital, Sapphire Ventures
COMMUNITY: 3,500 Fraud Professionals
TOTAL TRANSACTIONS: 20B
BRANDS PROTECTED: 1,500+
4
Every device tells a story.What stories do you care about?
Am I authorized for this account?
Where am I located? Do I have a fraud history?
What other devices does this consumer have?
How many accounts have I accessed?
Am I hiding from detection?
5
If a device can connect to the internet, we can recognize it.
6
Which device is this?
Is it associated with bad devices?
Are there real time risk indicators?
Is it associated with abuse?
DEEP DEVICE INTELLIGENCE:BEYOND DEVICE RECOGNITION
7
EVIDENCE
GEOLOCATIONAGE-BASED
ANOMALY
RISK PROFILE
VELOCITY
DEEP DEVICE INTELLIGENCE
STOPPING A FRAUD RING IN SO. CA.
9
Ø 150 transactions
Ø 50 Transactions
Ø 20 transactions
Ø 10 transactions
✪✪
¤
¤
A T 3 0 , 0 0 0 F T , T H E F R A U D R I N G L O O K S L I K E T H I S
10
T H E T R E N D O F T R A N S A C T IO N A C T IV IT Y O V E R T IM E
0
10
20
30
40
50
60
15 16 17 18 19 20 21 22 23 24 25
Tran
sact
ion
Cou
nt
Week
Credit Bureaus
Financial Institutions
Retail
Other
actual activity noted with dashed lines
11
Results of activity over 4 months
• Searched for devices matching this profile:• Devices with activity with 3 or more subscribers
• 2 of 3 subscribers within financial services industry • Devices with fraud histories from at least 2 subscribers
2K+ACTIVE DEVICES
100K+TRANSACTIONS
50KACCOUNTS
Performing Involving$
Step 1: Search existing fraud activity
12
Step 2: Review account and transaction velocity
Count of Devices
Average Accounts Accessed
Average Total Transactions
AverageSubscriber
Count
% with Credit Bureau Activity
All Devices Profiled 2,126 23 47 9 43%
20+ Accounts Accessed 880 40 79 12 55% Highest was 259 accts accessed by single device
100+ Total Transactions 211 64 165 15 66% 2 devices had over 1,300 transactions attempted
+10 Transactions/ Day 61 29 89 7 37% Highest trans/day was 659(21 trans. in 44 minutes)
13
Step 3: Associate devices & activity using data from our global network of our subscribers
The group expands from 50k to 300k accounts
~16K+ACTIVE DEVICES
~670K+TRANSACTIONS
~300KACCOUNTS
Performing Involving$
14
• This device is associated with 13 additional devices through common account access. • Then we reviewed the prior history to understand the connected activity.
Step 4: Investigate details on an individual device
15
• The 28 new account apps from Riverside were across 8 subscribers, demonstrating the effort taken to monetize stolen credentials.
• Additional activity not accounted for above:
3 Credit Report access attempts from another Riverside address on 4/27
2 Credit Card Apps and 3 Login attempts from Whittier, CA (near Whittier College) on 5/17
4 Credit Card Apps and 18 Credit Report access attempts from a T-Mobile cell connection
Subscriber Industry Transaction Type Riverside, CA Mira Loma, CAUniv of California –Riverside
Totals
Financial ServicesNew Acct ApplicationOnline Account Login
2828
51
13429
Credit Reporting Agency Access Attempt 227 9 14 250
Retail Purchase 2 14 16
Telecommunications Online Account Login 1 1
Travel Purchase 2 2
Device Activity
Step 5: compile fraud activity by location
16
Ø 150 transactions
Ø 50 Transactions
Ø 20 transactions
Ø 10 transactions
✪✪
¤
¤
A T 3 0 , 0 0 0 F T , T H E F R A U D R I N G L O O K S L I K E T H I S
17
T H E T R E N D O F T R A N S A C T IO N A C T IV IT Y O V E R T IM E
0
10
20
30
40
50
60
15 16 17 18 19 20 21 22 23 24 25
Tran
sact
ion
Cou
nt
Week
Credit Bureaus
Financial Institutions
Retail
Other
actual activity noted with dashed lines
FRAUD & SECURITY TRENDS
19
are using a password that is
47% 77%
5+ YEARS OLD 1+ YEARS OLD
are using a password that is
20
73%of accounts
use duplicate passwords.
* * *******
21
Record high for data breaches
TARGET
EBAY
ADOBESONY 70M 10M
145M
152M
1.32 BILLION RECORDS EXPOSED
IDENTITY THEFT RESOURCE CENTER
HOME DEPOT
56M MySpaceTumblrFling
642M
22
DATABREACHES
$5B in 2014
$8B in 2018
Data breaches will drive a 60% increase in Account Takeover
and New Account Fraud.
60%
SOURCE: JAVELIN, 2015
INCREASE
23
F R A U D F R O M I D E N T I T Y T H E F T
24
G R O WT H I N SYN T H E T I C F R A U D A T T E M P T S
For a blend of consumer loan issuers, synthetic identity fraudswere 4X more frequent than true identity fraud (1st Party & 3rd Party)
Contributing FactorsAppeal of
victim-less fraud SSN Randomization Increasing availability of valid PII
0%
2%
4%
6%
8%
10%
12%
14%
2010 2011 2012 2013 2014 2015
Synthetic Fraud Rate "True Identity" Fraud Rate
SSN Randomization takes effect
© 2016 ID Analytics
25
The evolvingonline experience
26
Every online transaction is a potential source of risk.
ACCOUNT CREATION LOGIN
BROWSESTORE PURCHASE
USEREWARDPOINTS
CHANGEACCOUNTDETAILS
27
ACCOUNT CREATION LOGIN
BROWSESTORE PURCHASE
USEREWARDPOINTS
CHANGEACCOUNTDETAILS
Every online transaction represents your brand.
28
ACCOUNT CREATION LOGIN
BROWSESTORE PURCHASE
USEREWARDPOINTS
CHANGEACCOUNTDETAILS
Mobile devices are proliferating and becoming an extension of your customers.
29
LOGINCHANGE
ACCOUNT DETAILSADD ITEMS
TO SHOPPING CART
REDEEMREWARDS POINTS
Your customers expect a frictionless user experience across multiple channels: web, mobile web, mobile app
ACCOUNTCREATION
PURCHASEVIEWORDER
BROWSECATALOG
Your business depends on happy customers balanced with minimizing fraud risks and security
TYPICAL CONSUMER JOURNEY FOR ONLINE RETAIL
30
LOGINCHANGE
ACCOUNT DETAILSCHECK
BALANCE
VISIT BRANCH ORCONTACT CALL CENTER
LOAN ORIGINATIONOR
ACCOUNT CREATION
CHECK BALANCE, DEPOSIT, PAYMENT
WITHDRAWAL,TRANSFER
TYPICAL CONSUMER JOURNEY FOR FINANCIAL SERVICES
31
LOGINCHANGE
ACCOUNT DETAILSADD ITEMS
TO SHOPPING CART
REDEEMREWARDS POINTS
ACCOUNTCREATION
PURCHASEVIEWORDER
BROWSECATALOG
Your business depends on happy customers balanced with minimizing fraud risks and security
Device Intelligence can help achieve this balance
Your customers expect a frictionless user experience across multiple channels: web, mobile web, mobile app
32
AUTHORIZEDFOR ACCOUNT
HISTORICALREPUTATION
ANOMALOUS BEHAVIOR
SECURITY RISK INDICATORS
LINKS ANDASSOCIATIONS
Use the device as the invisible second factor.
Device intelligence can be used for frictionless authentication.
33
The benefit of using device intelligence across the consumer online journey
34
Concerns:
Fraud prevention: 1st or 3rd party account creation fraud
Device Intelligence Indicators
• High velocity rate • Previous associated fraud evidence• Geo-location• Device evasion• History of device
Application Origination
35
Application Origination
“Since we deployed iovation, we have experienced dramatically lower fraud losses resulting from the online credit card application channel.”
-- Cristina Koder,Fraud Operations Supervisor
Significant reduction in fraudulent credit applications
iovation helped:n Link fraudulent devices and accounts togethern Determine real location vs stated location
Case Study: Financial Services
Challenges:n Fraudsters applying for credit with stolen identityn Risky transactions coming from multiple
geographies
36
AUTHORIZEDFOR ACCOUNT
HISTORICALREPUTATION
ANOMALOUS BEHAVIOR
SECURITY RISK INDICATORS
LINKS ANDASSOCIATIONS
Device-based AuthenticationUse the device as the invisible second factor.
37
PASSWORD-BASED AUTHENTICATION
STEP UP
1-Factor Experience & 2-Factor SecurityUsers expect a low-friction authentication experience for most logins.
Interacting with a 2nd factor of authentication is not low-friction.
1-FACTOR 2-FACTOR
Desired User Experience Required Security
38
Concerns:
n Stolen payment credentialsn International fraud ringsn Chargebacks
Device Intelligence Indicators
n High velocity rate n Links to other accounts and devicesn Previous associated fraud evidencen Geo-locationn Device evasionn History of device
Guest Checkout
39
“iovation’s device reputation technology adds an incredibly important layer of protection to our fraud efforts”
-- Fraud Manager
reduction in order fraud
n iovation helped:n Find and link previously unrelated accounts & devicesn Reduce manual reviewsn Identify & stop high-risk transactions
Case Study: Electronics Retailer
n Challenges:n Fraudsters constantly evolve new techniques to escape
detectionn Stolen payment credentialsn Hard to shut down international fraud rings
Guest Checkout
25%
40
Our story starts with a stolen identity…
41
Within just a few days…
charged over $5,000 in online purchases
42
The devicehad a history…
43
Fraud evidence was placed
44
The fraudster was arrested.
45
15 identity theft victims
20 major retailers targeted with CNP fraud
60 credit apps
$70K restitution
$100K in projected losses1
PersonFraud Ring
46
LOGINCHANGE
ACCOUNT DETAILSCHECK
BALANCE
WITHDRAWAL, FUND TRANSFER
iovation helps you balance security with user experienceacross the consumer journey
LOAN ORIGINATIONOR
ACCOUNT CREATION
CHECK BALANCE, DEPOSIT
MAKE PAYMENTS
CUSTOMER AUTHENTICATION
FRAUD PREVENTION
Q&A
48
A N N U A L F R A U D F O R C E SU M M I T
R E G I ST E R @ www.fraudforcesummit.comU S E P R O M O C O D E ‘ w e b i n a r 1 0 0 ’ T O S A V E $ 1 0 0
K E Y N O T E S PE A K E R :
THERESA PAYTONFORMER WHITE HOUSE CIO
49
THANK YOU!