IACA

Jay Johns –Global Partner Manager

May 2017

ONLINE/MOBILEIDENTITY MANAGEMENT AND RISK ASSESSMENT

2

ABOUT US

SOLUTIONS:Fraud Prevention and Authentication

CUSTOMERS: 600+, 6 Continents, 18 Time Zones

FOUNDED:2004

HEADQUARTERS: Portland, Oregon

EMPLOYEES:150

COMMUNITY: 3,500 Fraud Professionals

TRANSACTIONS MONITORED: 35B and climbing

BRANDS WE PROTECT: 1,500+

TRANSACTIONS PER DAY: 20+ million

SYSTEM DOWNTIME 3+ YEARS: 0 min

AboutUs

3

ABOUT US

98% customer retention and industry-leading customer satisfaction

67.5Net

PromoterScore

0

+50 -50

9 U.S. patents for device recognition, detection,

and authentication

4

iovation…

…. unites your fraud, security, and business teams with a common platform

for customer authentication and fraud prevention while ensuring an

outstanding customer experience.

5

6

WHERE DOES ONLINE/MOBILE FRAUD BEGIN?CREDIT CARD THEFT

7

WHERE DOES ONLINE/MOBILE FRAUD BEGIN?IDENTITY THEFT

8

WHERE DOES ONLINE/MOBILE FRAUD BEGIN?MALWARE

9

WHERE DOES ONLINE/MOBILE FRAUD BEGIN?SKIMMING

10

WHERE DOES ONLINE/MOBILE FRAUD BEGIN?PHISHING

11

HOW HACKERS SELL DATADARK WEB

12

HOW HACKERS SELL DATADARK WEB

13

DATABREACHES

$5Bin 2014$8Bin 2018

Data breaches will drive a 60% increase in Account Takeover

andNew Account Fraud.

60%

SOURCE: JAVELIN, 2015

INCREASE

14

GROWTH OF ONLINE FRAUDACCOUNT TAKEOVERS

15

GROWTH OF ONLINE FRAUDAPPLICATION FRAUD

16

PROJECTED IMPACTS IN THE U.S.CNP FRAUD

A potentially disastrous increase in Card Not Present fraud

CNP fraud is projectedto see a 80% increase over the next 4+ years

Source AiteGroup“EMV: Issuance Trajectory and Impact on Account Takeover and CNP,” May 2015

17

The Power of Device Intelligence.Every device tells a story.

Is device authorizedfor this account?

Where is device located?

Does device have a fraud history?

What other devices are related to this device?

How many accounts has device accessed?

Is device hiding from detection?

18

MD5 Hash of the full font list Random sample of 15 fonts Flash SharedObjectsnot writable Flash socket 843 based ip(real IP) Boolean indicator: flash took longer than expected to execute Accepted Char Sets in HTTP headerAccepted languages in HTTP header Browser user agent comment string Browser name / OS / Ver/ languageCookie writes excluded Boolean indicator, javascriptenabled Count of fonts in the full list Flash 3-part version (16.0.0) Flash 4-part version (16.0.0.305) List of browser plugins JavaScript screen resolutionSimbartoolbar GUID from HTTP hdrTimezoneoffset in minutes ... and more

WiFi(or Bluetooth) MAC AddressNetwork configurationiOS Device ModelBattery level / AC modeDevice orientationFile system sizePhysical memoryCPU Type / Count /SpeedNumber attached accessories Has proximity sensor?Screen brightness and resolutionSystem uptimeiOS Device Name (MD5 Hash) OS Name and/or versionDevice advertising UUIDKernel versioniCloud Ubiquity Token Application Vendor UUID /name/versLocale language / currency code… and more

Model and Device ModelBuild.DEVICE& Build.HARDWAREBuild.HOST& Build.IDManufacturerBuild.PRODUCT& Build.TIMENetwork Operator ID & Name SimOperator ID & CountrySystem Uptime in SecondsIs the device plugged inCPU TypePhysical memoryUnique build fingerprint of appAndroid SDK LevelAndroid Build Number (DISPLAY)Android Device System VersionDetected attempt at hiding root detect Kernel Version (was AKV) Android Locale Country Code Desktop Wallpaper Hash … and more

DEVICE RECOGNTIONHUNDREDS OF DEVICE ATTRIBUTES COLLECTED

Web Device PrintiOS SDKAndroid SDK

Unique adaptive analyticsare used to determine the combinations of attributes needed to achieve the most accurate device recognition.

19

GRANULAR DEVICE AND TRANSACTION DETAILS

RETURNED IN OUR REAL-TIME RESPONSE AND SEARCHABLE IN THE INTELLIGENCE CENTER

20

Your view

DeviceAssociations

Between your usersAcross other subscribersAcross industriesTo other devices and accounts

21

DETAILED FRAUD REPORTSUNDERSTAND WHY THE TRANSACTION WAS DENIED

FINANCIAL•Credit Card Fraud•ACH/Debit Fraud•Friendly Chargeback•Insufficient Funds•Fraud -Other•Potential Fraud•Shipping Fraud•Counterfeit Money Order•Click Fraud•Affiliate Fraud•First Party Fraud•Loan Default

MISCONDUCT•Chat Abuse•Spam•Abusive to Support•Promotion Abuse•Policy /License Violations

•Customer Harassment•Inappropriate Content•Profile Misrepresentation•Scammer/Solicitation•Code Hacking•Arbitrage Betting•Gold Farming

CHEATING•Collusion•Chip Dumping•All-in Abuse•Trading Restriction

ID THEFT•True Identify Theft•Synthetic Identity Theft•ID Mining/Phishing•Account Takeover•Failed Multi-Factor

Authentication

POLICY FRAUD•Application Fraud –1st Party•Application Fraud –3rdParty•Claims Fraud –1st Party•Claims Fraud –3rdParty

B2B FINANCIAL•Business Identify Theft•Fictitious Business•Business Takeover•Dealer Fraud•Payment Evasion•Business Misrepresentation

OTHER•High Risk•Under or Over Age•Requested Exclusion

22

Within 100ms, iovation...

CHECKS FOREVASION

LOOKS FORASSOCIATIONS

CHECKS FORANOMOLIES

LOOKS FORPAST FRAUD

and returns a transaction result based on factors that you’ve defined

Device has history of fraud, other serious risk factors, or

violates your policies

DENY

Nothing negative was associated with the device

ALLOW

Risk or new device seen, may want to manually review or challenge

REVIEW ORCHALLENGE

RECOGNIZESDEVICE

23

Device Reputation/Device AnalyticsProcess Analytics ToolsBureau DataPhone Number Data BureausCVV2Address VerificationCustom Developed Knowledge Based AuthenticationPush ACHMachine LearningMaintain internal block lists and cross-channel alerts

PROCESSES TO CONSIDER

24

Build a defense in depth waterfall strategyMaintain Fraud Manager PositionDevelop a toolset that addresses each area of risk individuallyConsider constituent user experience Utilize transparent technologies that doesn’t expose fraud prevention practicesCollaborate with peersEngage Law EnforcementMonitor performance of toolsAdjust rules to adapt to emerging threatsProvide strong defenses on high value accountsShare Online/Mobile threat data with processing personnelLimit export of Personally Identifiable Information

BUILDING A STRONG DEFENSE

IACAMAY 2017

THANK YOU