WEBINAR

BALANCING SECURITY & CUSTOMER EXPERIENCE

7/19/16

MAX ANHOURY , VP, Global Partnerships

AGENDA

2

n Introductionn Fraud & Security Trendsn Frictionless Security Across the

Consumer Journeyn Summary

3

IOVATION INC.

SOLUTIONS: Authentication and Fraud Prevention

CUSTOMERS: 450+, 6 Continents, 18 Time Zones

FOUNDED: 2004

CUSTOMER RETENTION: 96%

HEADQUARTERS: Portland, Oregon

EMPLOYEES: 125

INVESTORS: Intel Capital, Sapphire Ventures

COMMUNITY: 3,500 Fraud Professionals

TOTAL TRANSACTIONS: 20B

BRANDS PROTECTED: 1,500+

4

Every device tells a story.What stories do you care about?

Am I authorized for this account?

Where am I located? Do I have a fraud history?

What other devices does this consumer have?

How many accounts have I accessed?

Am I hiding from detection?

5

If a device can connect to the internet, we can recognize it.

6

Which device is this?

Is it associated with bad devices?

Are there real time risk indicators?

Is it associated with abuse?

DEEP DEVICE INTELLIGENCE:BEYOND DEVICE RECOGNITION

7

EVIDENCE

GEOLOCATIONAGE-BASED

ANOMALY

RISK PROFILE

VELOCITY

DEEP DEVICE INTELLIGENCE

STOPPING A FRAUD RING IN SO. CA.

9

Ø 150 transactions

Ø 50 Transactions

Ø 20 transactions

Ø 10 transactions

✪✪

¤

¤

A T 3 0 , 0 0 0 F T , T H E F R A U D R I N G L O O K S L I K E T H I S

10

T H E T R E N D O F T R A N S A C T IO N A C T IV IT Y O V E R T IM E

0

10

20

30

40

50

60

15 16 17 18 19 20 21 22 23 24 25

Tran

sact

ion

Cou

nt

Week

Credit Bureaus

Financial Institutions

Retail

Other

actual activity noted with dashed lines

11

Results of activity over 4 months

• Searched for devices matching this profile:• Devices with activity with 3 or more subscribers

• 2 of 3 subscribers within financial services industry • Devices with fraud histories from at least 2 subscribers

2K+ACTIVE DEVICES

100K+TRANSACTIONS

50KACCOUNTS

Performing Involving$

Step 1: Search existing fraud activity

12

Step 2: Review account and transaction velocity

Count of Devices

Average Accounts Accessed

Average Total Transactions

AverageSubscriber

Count

% with Credit Bureau Activity

All Devices Profiled 2,126 23 47 9 43%

20+ Accounts Accessed 880 40 79 12 55% Highest was 259 accts accessed by single device

100+ Total Transactions 211 64 165 15 66% 2 devices had over 1,300 transactions attempted

+10 Transactions/ Day 61 29 89 7 37% Highest trans/day was 659(21 trans. in 44 minutes)

13

Step 3: Associate devices & activity using data from our global network of our subscribers

The group expands from 50k to 300k accounts

~16K+ACTIVE DEVICES

~670K+TRANSACTIONS

~300KACCOUNTS

Performing Involving$

14

• This device is associated with 13 additional devices through common account access. • Then we reviewed the prior history to understand the connected activity.

Step 4: Investigate details on an individual device

15

• The 28 new account apps from Riverside were across 8 subscribers, demonstrating the effort taken to monetize stolen credentials.

• Additional activity not accounted for above:

3 Credit Report access attempts from another Riverside address on 4/27

2 Credit Card Apps and 3 Login attempts from Whittier, CA (near Whittier College) on 5/17

4 Credit Card Apps and 18 Credit Report access attempts from a T-Mobile cell connection

Subscriber Industry Transaction Type Riverside, CA Mira Loma, CAUniv of California –Riverside

Totals

Financial ServicesNew Acct ApplicationOnline Account Login

2828

51

13429

Credit Reporting Agency Access Attempt 227 9 14 250

Retail Purchase 2 14 16

Telecommunications Online Account Login 1 1

Travel Purchase 2 2

Device Activity

Step 5: compile fraud activity by location

16

Ø 150 transactions

Ø 50 Transactions

Ø 20 transactions

Ø 10 transactions

✪✪

¤

¤

A T 3 0 , 0 0 0 F T , T H E F R A U D R I N G L O O K S L I K E T H I S

17

T H E T R E N D O F T R A N S A C T IO N A C T IV IT Y O V E R T IM E

0

10

20

30

40

50

60

15 16 17 18 19 20 21 22 23 24 25

Tran

sact

ion

Cou

nt

Week

Credit Bureaus

Financial Institutions

Retail

Other

actual activity noted with dashed lines

FRAUD & SECURITY TRENDS

19

are using a password that is

47% 77%

5+ YEARS OLD 1+ YEARS OLD

are using a password that is

20

73%of accounts

use duplicate passwords.

* * *******

21

Record high for data breaches

TARGET

EBAY

ADOBESONY 70M 10M

145M

152M

1.32 BILLION RECORDS EXPOSED

IDENTITY THEFT RESOURCE CENTER

HOME DEPOT

56M MySpaceTumblrFling

LinkedIn

642M

22

DATABREACHES

$5B in 2014

$8B in 2018

Data breaches will drive a 60% increase in Account Takeover

and New Account Fraud.

60%

SOURCE: JAVELIN, 2015

INCREASE

23

F R A U D F R O M I D E N T I T Y T H E F T

24

G R O WT H I N SYN T H E T I C F R A U D A T T E M P T S

For a blend of consumer loan issuers, synthetic identity fraudswere 4X more frequent than true identity fraud (1st Party & 3rd Party)

Contributing FactorsAppeal of

victim-less fraud SSN Randomization Increasing availability of valid PII

0%

2%

4%

6%

8%

10%

12%

14%

2010 2011 2012 2013 2014 2015

Synthetic Fraud Rate "True Identity" Fraud Rate

SSN Randomization takes effect

© 2016 ID Analytics

25

The evolvingonline experience

26

Every online transaction is a potential source of risk.

ACCOUNT CREATION LOGIN

BROWSESTORE PURCHASE

USEREWARDPOINTS

CHANGEACCOUNTDETAILS

27

ACCOUNT CREATION LOGIN

BROWSESTORE PURCHASE

USEREWARDPOINTS

CHANGEACCOUNTDETAILS

Every online transaction represents your brand.

28

ACCOUNT CREATION LOGIN

BROWSESTORE PURCHASE

USEREWARDPOINTS

CHANGEACCOUNTDETAILS

Mobile devices are proliferating and becoming an extension of your customers.

29

LOGINCHANGE

ACCOUNT DETAILSADD ITEMS

TO SHOPPING CART

REDEEMREWARDS POINTS

Your customers expect a frictionless user experience across multiple channels: web, mobile web, mobile app

ACCOUNTCREATION

PURCHASEVIEWORDER

BROWSECATALOG

Your business depends on happy customers balanced with minimizing fraud risks and security

TYPICAL CONSUMER JOURNEY FOR ONLINE RETAIL

30

LOGINCHANGE

ACCOUNT DETAILSCHECK

BALANCE

VISIT BRANCH ORCONTACT CALL CENTER

LOAN ORIGINATIONOR

ACCOUNT CREATION

CHECK BALANCE, DEPOSIT, PAYMENT

WITHDRAWAL,TRANSFER

TYPICAL CONSUMER JOURNEY FOR FINANCIAL SERVICES

31

LOGINCHANGE

ACCOUNT DETAILSADD ITEMS

TO SHOPPING CART

REDEEMREWARDS POINTS

ACCOUNTCREATION

PURCHASEVIEWORDER

BROWSECATALOG

Your business depends on happy customers balanced with minimizing fraud risks and security

Device Intelligence can help achieve this balance

Your customers expect a frictionless user experience across multiple channels: web, mobile web, mobile app

32

AUTHORIZEDFOR ACCOUNT

HISTORICALREPUTATION

ANOMALOUS BEHAVIOR

SECURITY RISK INDICATORS

LINKS ANDASSOCIATIONS

Use the device as the invisible second factor.

Device intelligence can be used for frictionless authentication.

33

The benefit of using device intelligence across the consumer online journey

34

Concerns:

Fraud prevention: 1st or 3rd party account creation fraud

Device Intelligence Indicators

• High velocity rate • Previous associated fraud evidence• Geo-location• Device evasion• History of device

Application Origination

35

Application Origination

“Since we deployed iovation, we have experienced dramatically lower fraud losses resulting from the online credit card application channel.”

-- Cristina Koder,Fraud Operations Supervisor

Significant reduction in fraudulent credit applications

iovation helped:n Link fraudulent devices and accounts togethern Determine real location vs stated location

Case Study: Financial Services

Challenges:n Fraudsters applying for credit with stolen identityn Risky transactions coming from multiple

geographies

36

AUTHORIZEDFOR ACCOUNT

HISTORICALREPUTATION

ANOMALOUS BEHAVIOR

SECURITY RISK INDICATORS

LINKS ANDASSOCIATIONS

Device-based AuthenticationUse the device as the invisible second factor.

37

PASSWORD-BASED AUTHENTICATION

STEP UP

1-Factor Experience & 2-Factor SecurityUsers expect a low-friction authentication experience for most logins.

Interacting with a 2nd factor of authentication is not low-friction.

1-FACTOR 2-FACTOR

Desired User Experience Required Security

38

Concerns:

n Stolen payment credentialsn International fraud ringsn Chargebacks

Device Intelligence Indicators

n High velocity rate n Links to other accounts and devicesn Previous associated fraud evidencen Geo-locationn Device evasionn History of device

Guest Checkout

39

“iovation’s device reputation technology adds an incredibly important layer of protection to our fraud efforts”

-- Fraud Manager

reduction in order fraud

n iovation helped:n Find and link previously unrelated accounts & devicesn Reduce manual reviewsn Identify & stop high-risk transactions

Case Study: Electronics Retailer

n Challenges:n Fraudsters constantly evolve new techniques to escape

detectionn Stolen payment credentialsn Hard to shut down international fraud rings

Guest Checkout

25%

40

Our story starts with a stolen identity…

41

Within just a few days…

charged over $5,000 in online purchases

42

The devicehad a history…

43

Fraud evidence was placed

44

The fraudster was arrested.

45

15 identity theft victims

20 major retailers targeted with CNP fraud

60 credit apps

$70K restitution

$100K in projected losses1

PersonFraud Ring

46

LOGINCHANGE

ACCOUNT DETAILSCHECK

BALANCE

WITHDRAWAL, FUND TRANSFER

iovation helps you balance security with user experienceacross the consumer journey

LOAN ORIGINATIONOR

ACCOUNT CREATION

CHECK BALANCE, DEPOSIT

MAKE PAYMENTS

CUSTOMER AUTHENTICATION

FRAUD PREVENTION

Q&A

48

A N N U A L F R A U D F O R C E SU M M I T

R E G I ST E R @ www.fraudforcesummit.comU S E P R O M O C O D E ‘ w e b i n a r 1 0 0 ’ T O S A V E $ 1 0 0

K E Y N O T E S PE A K E R :

THERESA PAYTONFORMER WHITE HOUSE CIO

49

THANK YOU!