Webinar explores how Risk-Based Authentication works and how it's redefining the way consumers interact with your business.
View the recording at https://www.iovation.com/news/events/adaptive-risk-based-mfa
11. 11
WHAT’S DECENTRALIZATION ABOUT?
R E P L A C I N G T H E C U R R E N T P A R A D I G M
Difficult to deliver
“true” MFA
Compromising one
authentication
process compromises
all processes
One data store exists
for all credentials or
tokens
Credentials and
tokens exist uniquely
for each user
Not accessible
through a centralized
data store
Not susceptible to
massive breach and
exploitation
DARK WEB
12. 12
Where criminals buy credentials and tokens
Yahoo! lost data from 500 million accounts in 2014….
To add to the 1 billion accounts compromised in 2013….
And later admitted that all 3 billion accounts may be affected.
Last May, 560 million records were discovered in a cleartext online database
Not just passwords: medical info, addresses, email, Netflix
info
http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/
13. 13
WHAT’S DECENTRALIZAZTION ABOUT?
S T O P P I N G A T T A C K S L I K E M I T M A N D A T O
Mobile App 1 Site 2Attacker
THE PROBLEM IN A MOBILE APP CONTEXT
14. THE THREE CS OF MFA
ONE OF THE MOST IMPORTANT CONCEPTS IN THE
BOOK
20. 20
Contextual
Continuous
Complementary
THE THREE Cs
O F T R U E M U L T I F A C T O R A U T H E N T I C A T I O N
LOGIN
CHANGE
ACCOUNTDETAILSCHECKBALANCES
TRANSFER MONEY
ACCOUNTCREATION /
LOAN ORIGINATION
MAKE OR SCHEDULE
DEPOSITS
PAY BILLS
IOVATION
FRAUDFORCE
FRAUDFORCE
FRAUDFORCE
ANTI-FRAUD USERNAME / PWD
(or TOKEN Backup)
MOBILE MFA
+ +
23. 23
THE DNA OF A DEVICE
HUNDREDS OF DEVICE ATTRIBUTES COMBINE TO CREATE A DIGITAL FINGERPRINT
24. 24
WiFi (or Bluetooth) MAC Address
Network configuration
iOS Device Model
Battery level / AC mode
Device orientation
File system size
Physical memory
Number attached accessories
Has proximity sensor?
Screen brightness and resolution
System uptime
iOS Device Name (MD5 Hash)
OS Name and/or version
Device advertising UUID
Kernel version
iCloud Ubiquity Token
Application Vendor UUID /name/vers
Is Simulator?
THE DNA OF A DEVICE
HUNDREDS OF DEVICE ATTRIBUTES COMBINE TO CREATE A DIGITAL FINGERPRINT
Locale language / currency code
WiFi MAC Address
Bluetooth MAC Address
Network configuration
Is plugged in?
Device orientation
File system size
Physical memory
CPU Type
CPU count
CPU Speed
Screen brightness
Screen resolution
System uptime
iOS Device Name (MD5 Hash)
Device advertising UUID
Current latitude
Current longitude
Current altitude
Application Vendor UUID
Bundle ID
Application Version
Application name
Process name
Executable name
Application orientation
Locale language code
Locale currency code
Are location services enabled?
Time zone
Currently registered radio
technology
Carrier name
Carrier ISO country code
Carrier mobile country code
Carrier mobile network code
Does carrier allow VOIP?The attributes that let us recognize a device also allow us to see and respond to risk
25. 25
RISK INSIGHT FROM THE USER’S DEVICE
EvidenceDevice & Age Risk Profile
Geo-
location
Anomaly Watch ListsVelocity
ISP Watch List
Transactions per
Account
Timezone / Geo
Mismatch
Subscriber
Evidence Exists
Transaction
Amount Range
Geolocation
Mismatch
Device new to
Subscriber
IP Address Range
List
Global Trans
Device Velocity
Device Not
Provided
Evidence Exists
Billing/Shipping
Mismatch
Proxy In Use
New Device,
Existing Acct
Email Domain List
Countries Per Acct
or Device
Suspect Device
Data
IP Address RiskCountry List
Age of the
Association
Browser Language
Trans per
IP/Device/Acct
TOR Exit Node IP
Device Risk
(Local or Global)
Mobile Carrier
Country List
Registered
Acct/Dev Pair
ISP Organization
List
$S Value per
Device or Acct
VM in Use
Language and
Country Risk
IP Address
Distance
Device Type List
Devices per
Account
Mobile Emulator
Detected
Jailbreak/Root
Detected
IP Address
Mismatch
Accts (Created)
per Device
ISP Mismatch
POSITIVE RULES TRIGGERED
NEGATIVE RULES TRIGGERED
26. 26
RISK INSIGHT FROM THE USER’S DEVICE
EvidenceDevice & Age Risk Profile
Geo-
location
Anomaly Watch ListsVelocity
ISP Watch List
Transactions per
Account
Timezone / Geo
Mismatch
Subscriber
Evidence Exists
Transaction
Amount Range
Geolocation
Mismatch
Device new to
Subscriber
IP Address Range
List
Global Trans
Device Velocity
Device Not
Provided
Evidence Exists
Billing/Shipping
Mismatch
Proxy In Use
New Device,
Existing Acct
Email Domain List
Countries Per Acct
or Device
Suspect Device
Data
IP Address RiskCountry List
Age of the
Association
Browser Language
Trans per
IP/Device/Acct
TOR Exit Node IP
Device Risk
(Local or Global)
Mobile Carrier
Country List
Registered
Acct/Dev Pair
ISP Organization
List
$S Value per
Device or Acct
VM in Use
Language and
Country Risk
IP Address
Distance
Device Type List
Devices per
Account
Mobile Emulator
Detected
Jailbreak/Root
Detected
IP Address
Mismatch
Accts (Created)
per Device
ISP Mismatch
+1000
POSITIVE RULES TRIGGERED
NEGATIVE RULES TRIGGERED
27. 27
RISK INSIGHT FROM THE USER’S DEVICE
EvidenceDevice & Age Risk Profile
Geo-
location
Anomaly Watch ListsVelocity
ISP Watch List
Transactions per
Account
Timezone / Geo
Mismatch
Subscriber
Evidence Exists
Transaction
Amount Range
Geolocation
Mismatch
Device new to
Subscriber
IP Address Range
List
Global Trans
Device Velocity
Device Not
Provided
Evidence Exists
Billing/Shipping
Mismatch
Proxy In Use
New Device,
Existing Acct
Email Domain List
Countries Per Acct
or Device
Suspect Device
Data
IP Address RiskCountry List
Age of the
Association
Browser Language
Trans per
IP/Device/Acct
TOR Exit Node IP
Device Risk
(Local or Global)
Mobile Carrier
Country List
Registered
Acct/Dev Pair
ISP Organization
List
$S Value per
Device or Acct
VM in Use
Language and
Country Risk
IP Address
Distance
Device Type List
Devices per
Account
Mobile Emulator
Detected
Jailbreak/Root
Detected
IP Address
Mismatch
Accts (Created)
per Device
ISP Mismatch
POSITIVE RULES TRIGGERED
NEGATIVE RULES TRIGGERED
+200
Watch ListsVelocity
ISP Watch List
Transactions per
Account
IP Address Range
List
Global Trans
Device Velocity
Email Domain List
Countries Per Acct
or Device
Browser Language
Trans per
IP/Device/Acct
ISP Organization
List
$S Value per
Device or Acct
Device Type List
Devices per
Account
28. 28
RISK INSIGHT FROM THE USER’S DEVICE
EvidenceDevice & Age Risk Profile
Geo-
location
Anomaly Watch ListsVelocity
ISP Watch List
Transactions per
Account
Timezone / Geo
Mismatch
Subscriber
Evidence Exists
Transaction
Amount Range
Geolocation
Mismatch
Device new to
Subscriber
IP Address Range
List
Global Trans
Device Velocity
Device Not
Provided
Evidence Exists
Billing/Shipping
Mismatch
Proxy In Use
New Device,
Existing Acct
Email Domain List
Countries Per Acct
or Device
Suspect Device
Data
IP Address RiskCountry List
Age of the
Association
Browser Language
Trans per
IP/Device/Acct
TOR Exit Node IP
Device Risk
(Local or Global)
Mobile Carrier
Country List
Registered
Acct/Dev Pair
ISP Organization
List
$S Value per
Device or Acct
VM in Use
Language and
Country Risk
IP Address
Distance
Device Type List
Devices per
Account
Mobile Emulator
Detected
Jailbreak/Root
Detected
IP Address
Mismatch
Accts (Created)
per Device
ISP Mismatch
POSITIVE RULES TRIGGERED
NEGATIVE RULES TRIGGERED
0
Watch ListsVelocity
ISP Watch List
Transactions per
Account
IP Address Range
List
Global Trans
Device Velocity
Email Domain List
Countries Per Acct
or Device
Browser Language
Trans per
IP/Device/Acct
ISP Organization
List
$S Value per
Device or Acct
Device Type List
Devices per
Account
Watch Lists
ISP Watch List
IP Address Range
List
Email Domain List
Browser Language
ISP Organization
List
Device Type List
PIN +
29. 29
RISK INSIGHT FROM THE USER’S DEVICE
EvidenceDevice & Age Risk Profile
Geo-
location
Anomaly Watch ListsVelocity
ISP Watch List
Transactions per
Account
Timezone / Geo
Mismatch
Subscriber
Evidence Exists
Transaction
Amount Range
Geolocation
Mismatch
Device new to
Subscriber
IP Address Range
List
Global Trans
Device Velocity
Device Not
Provided
Evidence Exists
Billing/Shipping
Mismatch
Proxy In Use
New Device,
Existing Acct
Email Domain List
Countries Per Acct
or Device
Suspect Device
Data
IP Address RiskCountry List
Age of the
Association
Browser Language
Trans per
IP/Device/Acct
TOR Exit Node IP
Device Risk
(Local or Global)
Mobile Carrier
Country List
Registered
Acct/Dev Pair
ISP Organization
List
$S Value per
Device or Acct
VM in Use
Language and
Country Risk
IP Address
Distance
Device Type List
Devices per
Account
Mobile Emulator
Detected
Jailbreak/Root
Detected
IP Address
Mismatch
Accts (Created)
per Device
ISP Mismatch
POSITIVE RULES TRIGGERED
NEGATIVE RULES TRIGGERED
-1000
Watch ListsVelocity
ISP Watch List
Transactions per
Account
IP Address Range
List
Global Trans
Device Velocity
Email Domain List
Countries Per Acct
or Device
Browser Language
Trans per
IP/Device/Acct
ISP Organization
List
$S Value per
Device or Acct
Device Type List
Devices per
Account
Watch Lists
ISP Watch List
IP Address Range
List
Email Domain List
Browser Language
ISP Organization
List
Device Type List
Watch Lists
Device Type List
Call
Customer
Service
30. 30
HOW DO I CUSTOMIZE ALL THIS IN MY APPS?
H O W D O W E C R E A T E A L L T H O S E F A N C Y M E T H O D S ?
LaunchKey
Developer’s Guides
31. 31
HOW DO I CUSTOMIZE ALL THIS IN MY APPS?
H O W D O W E B U I L D A L L T H O S E F A N C Y A U T H M E T H O D S ?
BRING IN YOUR MOBILE APP DEVELOPERS AND YOUR INFOSEC
EXPERTS
33. 33
MFA For Dummies can help your teams understand the value of decentralizing the auth
process
Dynamic adaptation is key to creating strong but user-friendly workflows
Risk-based mobile multifactor authentication is accessible possible … when teams align
Personalizing the user’s authentication experience is easy and delivers tremendous
benefits
How do I get my book?!