Alisdair Faulkner, Chief Products Officer, ThreatMetrix, explains how his organisation secures the digital identity of business and government enterprises through digital identity intelligence and trust decisioning.
1. You have branded ThreatMetrix as a ‘Digital Identity Company’. What is the rationale behind this and is the branding adhered by targeted market?
ThreatMetrix, a LexisNexis Risk Solutions company, provides an end-to-end platform for digital identity intelligence and trust decisioning. Everyday ThreatMetrix Digital Identity Network analyses millions of transactions in near real time across billions of devices for thousands of global digital businesses, growing more powerful with every new piece of information.
The end-users are benefited from crowdsourced and cross-industry digital identity intelligence as this enhances fraud and authentication decisioning while reducing friction for end users.
We have wide experience in authentication and fraud prevention in which our solutions use dynamic behavioral history from across Digital Identity Network, creating true digital identities that is very hard to be replicated. It goes beyond device identification and looks at the holistic online footprint that a user creates as they transact online, helping businesses to identify trusted users from potential threats.
2. As attacks are becoming intensified, advanced and complex in nature, how are companies addressing this growing threat landscape?
Today’s threat landscape is one of uncertainty and impending danger. The increasing frequency and sophistication of attacks on businesses, from SME’s to large enterprises, implies that they can no longer rely on the status quo to deal with ever-changing threats. Businesses need to refine their security strategies and invest in technologies that will protect their consumers.
Analyzing transactions based on the constantly changing parameters such as people, devices, accounts, locations and addresses across the businesses with which they interact is the most effective way to instantly differentiate between legitimate users and cybercriminals.
Increasingly, businesses will need to do this in real time, without affecting customer experience. By looking beyond static data – and drilling down to the dynamic intricacies of how people transact online – companies can securely grow their digital businesses.
3. Hackers have stepped up attacks in exponentially with the unprecedented growth in mobile transactions. How does ThreatMetrix address this threat to mitigate online threats in mobile phones?
As mobile adoption accelerates, so will its profile as a lucrative attack vector for cybercriminals. According to recently published ThreatMetrix report, 2017, mobile transactions surpass desktop for the first time across all industries, with 52% of transactions coming from a mobile device in Q4 compared with 45% at the beginning of 2017.
To address the fraudulent financial transactions, ThreatMetrix has developed a solution for the mobile channel – ThreatMetrix Mobile SDK. It’s a lightweight Software Development Kit (SDK) for Google Android and Apple iOS mobile devices. This SDK can be integrated within mobile applications, to deliver strong device identification, as well as detect any breaches to the host application while evaluating the overall security posture of the device. Events showing high-risk signals or anomalies can be flagged for review while legitimate users on trusted devices are recognized in near real time.
4. As social engineering attacks are on the rise, how do you see this surge and what preventive actions do you recommend for organizations to mitigate the threats?
As mentioned earlier, the nature of cyber-fraud is quickly evolving. For instance, it’s becoming increasingly tough to distinguish a legitimate from fraudulent email as the typos, vague language and poor visuals seen in phishing emails have disappeared. The traditional phishing attacks have been replaced by highly targeted spear phishing attacks that include specific company details, along with lead-in lines such as “Are you still at your desk?” or “Did you get my message?” These kinds of psychological tricks instantly put marks in automatic response mode.
Cybercriminals are increasingly adopting artificial intelligence to automate social engineering. AI bots can now conduct highly convincing robocalls to make it easier and faster to pry information from a larger number of unwitting consumers and corporate employees.
Hence, businesses should consider digital identity intelligence solutions that will help authenticate users not based on login credentials, but by analyzing the ever-changing associations between users and their devices, locations, accounts, behaviors and other parameters. In other words, these systems define user ‘Identity’ not by their personal information, but by what they do, and when, where and how they do it. Thus, there’s no way for fraudsters to fake it.
In addition, by layering advanced behavioral analytics, businesses are better able to identify changes to trusted user behavior, such as sudden use of remote access software that has not been seen previously on an account, which could indicate a high-risk account takeover scenario.
5. How do you see the rapid application of artificial intelligence in security solutions?
Without a doubt, the age of Artificial Intelligence (AI) and machine learning is heralded as the next big thing in computing. Cyber criminals are aware of this trend and have armed with a massive personal identity data stolen through corporate data breaches, they will soon begin deploying the ‘malicious machine learning’ algorithms that make it easier than ever for imposters to take over customer accounts or create fraudulent new ones.
To mitigate this threat, organizations are increasingly using machine learning as part of multi-layered, digital identity-based systems designed to provide the kind of cybersecurity necessary to thwart the increasingly sophisticated attacks on the horizon.
Machine learning from ThreatMetrix combines real-time Digital Identity Intelligence from the Network with an organization’s data to generate a model adapting to changing customer behaviors over time. This is done while balancing model performance and complexity.
This clear-box approach provides insight into why the machine thinks the information is good or bad. Businesses can better understand their customers and use this information to influence other business decisions, while also increasing the efficiency of their fraud and risk teams.