If your online site, service or app authenticates large groups of external consumers, you face a daunting challenge: First, provide enough security at the right time in the user’s journey to stop account takeovers and exploits; Second, provide a rewarding, friction-free user experience. We'll discuss how device intelligence provides risk insight that drives the “right” adaptive multifactor authentication at the right time with examples of customers in retail, finance and gaming achieving this balance today.

1. CRITICAL INSIGHT
HOW “DEVICE RISK” DRIVES DYNAMIC MFA
GARTNER IAM SUMMIT, 2017
MICHAEL THELANDER / SR DIRECTOR PRODUCT MARKETING

2. 2
MICHAEL THELANDER
S E N I O R D I R E C T O R P R O D U C T M A R K E T I N G ,
I O V A T I O N
 CISSP-trained through SANS with experience in
configuration security and authentication
 25 years in product management and product marketing, with
the last 10 focused on cyber security
 Articles have appeared in IT Professional Magazine, ITSP
Magazine, CyberDefense Magazine, and SoftwareCEO.com
 Currently drives go to market initiatives at iovation

3. 3
 A form of ocean-
going rainbow trout
 Moves between
fresh water and
sea water
 Adapts chemically
and physiologically
several times
 Faces different
risks at different
times

4. A STORY
4
THE PROMISED LAND OF MFA
ADAPTING TO DEVICE RISK
ADAPTING TO ACCESS RISK
TAKEAWAYS (AND A FREE BOOK)

5. THE MFA PROMISED LAND
MULTIFACTOR AUTHENTICATION FOR CONSUMERS

6. 6

7. 7
MOBILE MULTIFACTOR AUTHENTICATION
S T R O N G A N D F L E X I B L E A U T H E N T I C A T I O N
Something you
KNOW

8. 8
MOBILE MULTIFACTOR AUTHENTICATION
S T R O N G A N D F L E X I B L E A U T H E N T I C A T I O N
Something you
KNOW
Something
you ARE
Identity
verified

9. 9
MOBILE MULTIFACTOR AUTHENTICATION
S T R O N G A N D F L E X I B L E A U T H E N T I C A T I O N
Something you
KNOW
Something you
ARE
Something
you HAVE

10. 10
MOBILE MULTIFACTOR AUTHENTICATION
S T R O N G A N D F L E X I B L E A U T H E N T I C A T I O N
Identity
verified
+ +

11. 11
MOBILE MULTIFACTOR AUTHENTICATION
D R I V E N B Y T W O K I N D S O F R I S K
DEVICE
RISK
ACCES
SRISK?

12. DEVICE RISK
MAKING MFA CONTEXTUAL

13. 13
THE DNA OF A DEVICE
( A N O T E O N “ M F A O M N I C H A N N E L ”

14. 14
THE DNA OF A DEVICE
HUNDREDS OF DEVICE ATTRIBUTES COMBINE TO CREATE A DIGITAL FINGERPRINT

15. 15
 WiFi (or Bluetooth) MAC Address
 Network configuration
 iOS Device Model
 Battery level / AC mode
 Device orientation
 File system size
 Physical memory
 Number attached accessories
 Has proximity sensor?
 Screen brightness and resolution
 System uptime
 iOS Device Name (MD5 Hash)
 OS Name and/or version
 Device advertising UUID
 Kernel version
 iCloud Ubiquity Token
 Application Vendor UUID /name/vers
 Is Simulator?
THE DNA OF A DEVICE
HUNDREDS OF DEVICE ATTRIBUTES COMBINE TO CREATE A DIGITAL FINGERPRINT
 Locale language / currency code
 WiFi MAC Address
 Bluetooth MAC Address
 Network configuration
 Is plugged in?
 Device orientation
 File system size
 Physical memory
 CPU Type
 CPU count
 CPU Speed
 Screen brightness
 Screen resolution
 System uptime
 iOS Device Name (MD5 Hash)
 Device advertising UUID
 Current latitude
 Current longitude
 Current altitude
 Application Vendor UUID
 Bundle ID
 Application Version
 Application name
 Process name
 Executable name
 Application orientation
 Locale language code
 Locale currency code
 Are location services enabled?
 Time zone
 Currently registered radio
technology
 Carrier name
 Carrier ISO country code
 Carrier mobile country code
 Carrier mobile network code
 Does carrier allow VOIP?The attributes that let us recognize a device also allow us to see and respond to risk

16. 16
RISK INSIGHT FROM THE USER’S DEVICE
EvidenceDevice & Age Risk Profile
Geo-
location
Anomaly Watch ListsVelocity
ISP Watch List
Transactions per
Account
Timezone / Geo
Mismatch
Subscriber
Evidence Exists
Transaction
Amount Range
Geolocation
Mismatch
Device new to
Subscriber
IP Address Range
List
Global Trans
Device Velocity
Device Not
Provided
Evidence Exists
Billing/Shipping
Mismatch
Proxy In Use
New Device,
Existing Acct
Email Domain List
Countries Per Acct
or Device
Suspect Device
Data
IP Address RiskCountry List
Age of the
Association
Browser Language
Trans per
IP/Device/Acct
TOR Exit Node IP
Device Risk
(Local or Global)
Mobile Carrier
Country List
Registered
Acct/Dev Pair
ISP Organization
List
$S Value per
Device or Acct
VM in Use
Language and
Country Risk
IP Address
Distance
Device Type List
Devices per
Account
Mobile Emulator
Detected
Jailbreak/Root
Detected
IP Address
Mismatch
Accts (Created)
per Device
ISP Mismatch
POSITIVE RULES TRIGGERED
NEGATIVE RULES TRIGGERED

17. 17
RISK INSIGHT FROM THE USER’S DEVICE
EvidenceDevice & Age Risk Profile
Geo-
location
Anomaly Watch ListsVelocity
ISP Watch List
Transactions per
Account
Timezone / Geo
Mismatch
Subscriber
Evidence Exists
Transaction
Amount Range
Geolocation
Mismatch
Device new to
Subscriber
IP Address Range
List
Global Trans
Device Velocity
Device Not
Provided
Evidence Exists
Billing/Shipping
Mismatch
Proxy In Use
New Device,
Existing Acct
Email Domain List
Countries Per Acct
or Device
Suspect Device
Data
IP Address RiskCountry List
Age of the
Association
Browser Language
Trans per
IP/Device/Acct
TOR Exit Node IP
Device Risk
(Local or Global)
Mobile Carrier
Country List
Registered
Acct/Dev Pair
ISP Organization
List
$S Value per
Device or Acct
VM in Use
Language and
Country Risk
IP Address
Distance
Device Type List
Devices per
Account
Mobile Emulator
Detected
Jailbreak/Root
Detected
IP Address
Mismatch
Accts (Created)
per Device
ISP Mismatch
+1000
POSITIVE RULES TRIGGERED
NEGATIVE RULES TRIGGERED

18. 18
RISK INSIGHT FROM THE USER’S DEVICE
EvidenceDevice & Age Risk Profile
Geo-
location
Anomaly Watch ListsVelocity
ISP Watch List
Transactions per
Account
Timezone / Geo
Mismatch
Subscriber
Evidence Exists
Transaction
Amount Range
Geolocation
Mismatch
Device new to
Subscriber
IP Address Range
List
Global Trans
Device Velocity
Device Not
Provided
Evidence Exists
Billing/Shipping
Mismatch
Proxy In Use
New Device,
Existing Acct
Email Domain List
Countries Per Acct
or Device
Suspect Device
Data
IP Address RiskCountry List
Age of the
Association
Browser Language
Trans per
IP/Device/Acct
TOR Exit Node IP
Device Risk
(Local or Global)
Mobile Carrier
Country List
Registered
Acct/Dev Pair
ISP Organization
List
$S Value per
Device or Acct
VM in Use
Language and
Country Risk
IP Address
Distance
Device Type List
Devices per
Account
Mobile Emulator
Detected
Jailbreak/Root
Detected
IP Address
Mismatch
Accts (Created)
per Device
ISP Mismatch
POSITIVE RULES TRIGGERED
NEGATIVE RULES TRIGGERED
+200
Watch ListsVelocity
ISP Watch List
Transactions per
Account
IP Address Range
List
Global Trans
Device Velocity
Email Domain List
Countries Per Acct
or Device
Browser Language
Trans per
IP/Device/Acct
ISP Organization
List
$S Value per
Device or Acct
Device Type List
Devices per
Account

19. 19
RISK INSIGHT FROM THE USER’S DEVICE
EvidenceDevice & Age Risk Profile
Geo-
location
Anomaly Watch ListsVelocity
ISP Watch List
Transactions per
Account
Timezone / Geo
Mismatch
Subscriber
Evidence Exists
Transaction
Amount Range
Geolocation
Mismatch
Device new to
Subscriber
IP Address Range
List
Global Trans
Device Velocity
Device Not
Provided
Evidence Exists
Billing/Shipping
Mismatch
Proxy In Use
New Device,
Existing Acct
Email Domain List
Countries Per Acct
or Device
Suspect Device
Data
IP Address RiskCountry List
Age of the
Association
Browser Language
Trans per
IP/Device/Acct
TOR Exit Node IP
Device Risk
(Local or Global)
Mobile Carrier
Country List
Registered
Acct/Dev Pair
ISP Organization
List
$S Value per
Device or Acct
VM in Use
Language and
Country Risk
IP Address
Distance
Device Type List
Devices per
Account
Mobile Emulator
Detected
Jailbreak/Root
Detected
IP Address
Mismatch
Accts (Created)
per Device
ISP Mismatch
POSITIVE RULES TRIGGERED
NEGATIVE RULES TRIGGERED
0
Watch ListsVelocity
ISP Watch List
Transactions per
Account
IP Address Range
List
Global Trans
Device Velocity
Email Domain List
Countries Per Acct
or Device
Browser Language
Trans per
IP/Device/Acct
ISP Organization
List
$S Value per
Device or Acct
Device Type List
Devices per
Account
Watch Lists
ISP Watch List
IP Address Range
List
Email Domain List
Browser Language
ISP Organization
List
Device Type List
PIN +

20. 20
RISK INSIGHT FROM THE USER’S DEVICE
EvidenceDevice & Age Risk Profile
Geo-
location
Anomaly Watch ListsVelocity
ISP Watch List
Transactions per
Account
Timezone / Geo
Mismatch
Subscriber
Evidence Exists
Transaction
Amount Range
Geolocation
Mismatch
Device new to
Subscriber
IP Address Range
List
Global Trans
Device Velocity
Device Not
Provided
Evidence Exists
Billing/Shipping
Mismatch
Proxy In Use
New Device,
Existing Acct
Email Domain List
Countries Per Acct
or Device
Suspect Device
Data
IP Address RiskCountry List
Age of the
Association
Browser Language
Trans per
IP/Device/Acct
TOR Exit Node IP
Device Risk
(Local or Global)
Mobile Carrier
Country List
Registered
Acct/Dev Pair
ISP Organization
List
$S Value per
Device or Acct
VM in Use
Language and
Country Risk
IP Address
Distance
Device Type List
Devices per
Account
Mobile Emulator
Detected
Jailbreak/Root
Detected
IP Address
Mismatch
Accts (Created)
per Device
ISP Mismatch
POSITIVE RULES TRIGGERED
NEGATIVE RULES TRIGGERED
-1000
Watch ListsVelocity
ISP Watch List
Transactions per
Account
IP Address Range
List
Global Trans
Device Velocity
Email Domain List
Countries Per Acct
or Device
Browser Language
Trans per
IP/Device/Acct
ISP Organization
List
$S Value per
Device or Acct
Device Type List
Devices per
Account
Watch Lists
ISP Watch List
IP Address Range
List
Email Domain List
Browser Language
ISP Organization
List
Device Type List
Watch Lists
Device Type List
Call
Customer
Service

21. ACCESS RISK
MAKING MFA CONTINUOUS

22. 22
The Customer Journey
NAVIGATION AND INTERACTION POINTS
RISK
1 2 4 5
Where the “risk bar”
bar is typically set
Where the
majority of
interactions
occur
3 6

23. 23
+1000
+200
0
-1000

24. 24
0
-1000
Unless
Only
FOR LOW-RISK ACTIONS

25. 25
+1000
+200
And one method
FOR HIGHER-RISK
ACTIONS
or

26. 26
+1000
And multiple
methods
With
FOR HIGHEST-RISK ACTIONS

27. TAKEAWAYS
DEISGNING AND BUILDING IT (AND A FREE
BOOK)

28. 28

29. 29
HOW

30. 30

31. 31
iovation.com/dummie
s
Go to
to register for your free copy

32. WEBINAR
DECEMBER 12
www.iovation.com
@TheOtherMichael
SENIOR DIRECTOR OF PRODUCT MARKETING
MICHAEL
THELANDER
michael.thelander@iovation.com
503.943.6700