iovation joins Aite Group to explore the emerging opportunities for businesses to:
* Leverage the mobile device to not only better secure mobile channel transactions but also add mobile security and enhance the user experience in all other channels.
* Harness valuable bank data and convert it into actionable intelligence.
* Plan for continued investment in remote channel security.
10. 10
MOBILE TO THE RESCUE
6%
23%
30%
42%
51%
Healthcare
Public sector
Travel
Financial services
Retail
Mobile as a Percentage of All Transactions by Industry
Source: iovation, 2017
CONSUMERS WITH A
SMARTPHONE:
n 72% of U.S. Consumers
n 68% of U.K. Consumers
n 67% of Canadian Consumers
12. 12
MOBILE AS AN
EXTENSION OF
IDENTITY
• Verify that device has
not been compromised
• Is device reporting
truthful answers?
• Have a comprehensive
fraud prevention and
authentication strategy
13. 13
IS YOUR
MOBILE APP
REALLY SAFE?
Security risks for Android
are especially concerning
• 2M new strains of
Android malware
• Android has 78% market
share
Severe issues with Android's current
fingerprint scanning framework
Bypass built in security measures; is
your app still safeguarded?
Downloading apps from non-official
stores put user credentials of your app
at risk
Sideloading
Android rooting
Fingerprint hijacking
14. 14
Is the
mobile
device
telling you
the truth?Hardware ID such as IMEIs may not be
unique, available, or even accurate. Device
recognition requires a fabric of attributes.
Native geolocation can be bypassed and
overridden easily. Other devices signals can
indicate its validity.
Geo-location
Is the device ID really static and
persistent?
Is your app really running on
a mobile emulator or VM?
Emulators, VMs?
15. 15
MOBILE FRAUD BEHAVIOR
Thwarted
Recent Attacks
Mobile Emulator
Global Carriers
w/ Highest
Cases Of Fraud
• ATO using
Jailbroken iPad
• Evasion using ultra
cheap Android
phones
• 0.001% of mobile
traffic
• 50% confirmed
fraudulent
• tiGo (Ghana),
• MTN (Nigeria,
Ghana),
• Kcell (Kazakhstan),
• MegaFon (Russia)
17. 17
n Use a fabric of
geolocation attributes to
determine true location
n Detect jailbroken/corrupt
devices and don’t trust
geolocation info from
them
GEOLOCATION
18. 18
n Use a fabric of device identifiers, not
just one
n Comprehensive device identification
– all types of devices
n Keep device identification separate
from personal identification
n Readily identify relationships
between devices
MOBILE DEVICE IDENTIFICATION & ASSOCIATIONS
19. 19
n Look for behavioral indicators:
n Past evidence of fraud
n Associated with other devices/accounts that are known fraudulent
n Frequent account creation
n Frequent account access
n Evading detection (TOR, Proxy)
n Look for device risk indicators:
n Geo-location attributes mismatch
n Jailbroken/rooted
n Device attributes mismatch
n Unsafe ISP, IP, country
Security risks, evasion, jailbroken
22. 22
#2
Have a
comprehensive &
consistent online
protection strategy
§ Fraudsters look for all points of
vulnerabilities
§ Plug one hole and fraudsters will
look for another (e.g. what
happened to CNP fraud when EMV
was introduced?)
§ Desktop web/apps
AND mobile web/
apps
§ Fraud prevention
AND authentication
27. 27
G O T O W W W . I O V A T I O N . C O M / R E S O U R C E S
RESOURCES
Fraud Prevention Data Sheet
iovation Fraud Prevention stops online
and mobile fraud in real time.
AITE REPORT: THE MOBILE DEVICE
The full report on customer experiences
and the role that mobile plays.
28. 28
Thank you.
Julie Conroy| Research Director
O: +1.617.398.5045
jconroy@aitegroup.com
Aite Group is a global research and advisory firm
delivering comprehensive, actionable advice on
business, technology, and regulatory issues and their
impact on the financial services industry. With
expertise in banking, payments, insurance, wealth
management, and the capital markets, we guide
financial institutions, technology providers, and
consulting firms worldwide. We partner with our
clients, revealing their blind spots and delivering
insights to make their businesses smarter and
stronger.
Visit us on the Web and connect with us on Twitter
and LinkedIn.