iovation joins Aite Group to explore the emerging opportunities for businesses to: * Leverage the mobile device to not only better secure mobile channel transactions but also add mobile security and enhance the user experience in all other channels. * Harness valuable bank data and convert it into actionable intelligence. * Plan for continued investment in remote channel security.

1. 1
The Mobile Device:
The New Center of
the Fraud Prevention
Universe
F E B R U A R Y | 2 0 1 7

2. 2
EDDIE GLENN
P R O D U C T M A R K E T I N G M A N A G E R , I O V A T I O N
JULIE CONROY
R E S E A R C H D I R E C T O R / A I T E G R O U P

3. AGENDA
3
n Findings from Aite research
n Mobile device as a solution
n Use cases
n Concluding remarks

4. 4
Source:
Informationisbeautiful.net

5. 5
$392 $420
$644
$760
$844
$903
$966
$1,091
2013 2014 2015 e2016 e2017 e2018 e2019 e2020
U.S. Account Takeover Losses, 2013 to e2020 (US$ Millions)
ATO IS ON THE RISE IN MANY MARKETS
Source: Aite Group, 2016
Source: Financial Fraud
Action UK, 2016

6. 6
COMPROMISED DATA IS QUICKLY SOLD

7. 7
CREDENTIALS GARNER A PREMIUM IN THE UNDERWEB
$3.78$6.43 $3.02 $0.22
Source: Trend Micro, 2016

8. 8
BUSINESSES MUST BE AS NIMBLE AS THE CRIMINALS

9. 9
UNDERSTANDING THE CUSTOMER’S
DIGITAL IDENTITY IS CRUCIAL

10. 10
MOBILE TO THE RESCUE
6%
23%
30%
42%
51%
Healthcare
Public sector
Travel
Financial services
Retail
Mobile as a Percentage of All Transactions by Industry
Source: iovation, 2017
CONSUMERS WITH A
SMARTPHONE:
n 72% of U.S. Consumers
n 68% of U.K. Consumers
n 67% of Canadian Consumers

11. 11
MOBILE: THE CENTER OF THE
FRAUD PREVENTION UNIVERSE

12. 12
MOBILE AS AN
EXTENSION OF
IDENTITY
• Verify that device has
not been compromised
• Is device reporting
truthful answers?
• Have a comprehensive
fraud prevention and
authentication strategy

13. 13
IS YOUR
MOBILE APP
REALLY SAFE?
Security risks for Android
are especially concerning
• 2M new strains of
Android malware
• Android has 78% market
share
Severe issues with Android's current
fingerprint scanning framework
Bypass built in security measures; is
your app still safeguarded?
Downloading apps from non-official
stores put user credentials of your app
at risk
Sideloading
Android rooting
Fingerprint hijacking

14. 14
Is the
mobile
device
telling you
the truth?Hardware ID such as IMEIs may not be
unique, available, or even accurate. Device
recognition requires a fabric of attributes.
Native geolocation can be bypassed and
overridden easily. Other devices signals can
indicate its validity.
Geo-location
Is the device ID really static and
persistent?
Is your app really running on
a mobile emulator or VM?
Emulators, VMs?

15. 15
MOBILE FRAUD BEHAVIOR
Thwarted
Recent Attacks
Mobile Emulator
Global Carriers
w/ Highest
Cases Of Fraud
• ATO using
Jailbroken iPad
• Evasion using ultra
cheap Android
phones
• 0.001% of mobile
traffic
• 50% confirmed
fraudulent
• tiGo (Ghana),
• MTN (Nigeria,
Ghana),
• Kcell (Kazakhstan),
• MegaFon (Russia)

16. 16
EVASION
IDENTIFICATION
JAILBROKENGEOLOCATION
SECURITY RISK
ASSOCIATIONS
UNKNOWN DEVICE AUTHENTICATED
The Building Blocks
for a device
intelligence solution

17. 17
n Use a fabric of
geolocation attributes to
determine true location
n Detect jailbroken/corrupt
devices and don’t trust
geolocation info from
them
GEOLOCATION

18. 18
n Use a fabric of device identifiers, not
just one
n Comprehensive device identification
– all types of devices
n Keep device identification separate
from personal identification
n Readily identify relationships
between devices
MOBILE DEVICE IDENTIFICATION & ASSOCIATIONS

19. 19
n Look for behavioral indicators:
n Past evidence of fraud
n Associated with other devices/accounts that are known fraudulent
n Frequent account creation
n Frequent account access
n Evading detection (TOR, Proxy)
n Look for device risk indicators:
n Geo-location attributes mismatch
n Jailbroken/rooted
n Device attributes mismatch
n Unsafe ISP, IP, country
Security risks, evasion, jailbroken

20. 3 STEPS
For building an online fraud prevention &
authentication strategy

21. 21
#1
Keep it frictionless for your users

22. 22
#2
Have a
comprehensive &
consistent online
protection strategy
§ Fraudsters look for all points of
vulnerabilities
§ Plug one hole and fraudsters will
look for another (e.g. what
happened to CNP fraud when EMV
was introduced?)
§ Desktop web/apps
AND mobile web/
apps
§ Fraud prevention
AND authentication

23. 23
DEVICE-BASED AUTHENTICATION
SERVICE
CUSTOMIZABLE
MULTIFACTOR
AUTHENTICATION
GROUP
AUTHORIZATION
#3:
Scale the level of
authentication as
transaction
risk increases

24. 24
IOVATION SOLUTIONS
IOVATION INTELLIGENCE CENTER
GLOBAL DEVICE INTELLIGENCE PLATFORM
Device
Recognition
Device
Associations
Contributed
Evidence
Deep
Analytics
Machine
Learning
ProductsPlatform
Dynamic
Authentication Suite
Multi-factor security with exceptional user experience
ClearKey LaunchKey MFA
Fraud
Prevention Suite
Stop online fraud and abuse in real-time
Fraud
Prevention
SureScore

25. 25
Use cases

26. 26
BUILD YOUR SECURITY WITH THE ASSUMPTION
that the bad guys will breach the perimeter.

27. 27
G O T O W W W . I O V A T I O N . C O M / R E S O U R C E S
RESOURCES
Fraud Prevention Data Sheet
iovation Fraud Prevention stops online
and mobile fraud in real time.
AITE REPORT: THE MOBILE DEVICE
The full report on customer experiences
and the role that mobile plays.

28. 28
Thank you.
Julie Conroy| Research Director
O: +1.617.398.5045
jconroy@aitegroup.com
Aite Group is a global research and advisory firm
delivering comprehensive, actionable advice on
business, technology, and regulatory issues and their
impact on the financial services industry. With
expertise in banking, payments, insurance, wealth
management, and the capital markets, we guide
financial institutions, technology providers, and
consulting firms worldwide. We partner with our
clients, revealing their blind spots and delivering
insights to make their businesses smarter and
stronger.
Visit us on the Web and connect with us on Twitter
and LinkedIn.

29. Q&A