If you need to authenticate or authorize external customers into your online site, service or app, you face a daunting set of challenges. First, you need to provide enough security at the right time in the user’s journey to stop account takeovers and exploits. Second, your customers need a rewarding, friction-free user experience. We'll discuss how device intelligence – real-time assessment of your user’s device -- provides the insight that drives the “right” kind at the adaptive multifactor authentication at the right time. We’ll use examples of customers in retail, finance and gaming achieving this balance today.
4. 4
MICHAEL THELANDER
S E N I O R D I R E C T O R P R O D U C T M A R K E T I N G ,
I O V A T I O N
CISSP-trained through SANS with experience in
configuration security and authentication
25 years in product management and product marketing, with
the last 10 focused on cyber security
Articles have appeared in IT Professional Magazine, ITSP
Magazine, CyberDefense Magazine, and SoftwareCEO.com
Drives go-to-market and education initiatives at iovation
5. 5
A form of ocean-
going rainbow trout
Moves between
fresh water and
sea water
Adapts chemically
and physiologically
several times
Faces different
risks at different
times
6. A STORY
6
THE PROMISED LAND OF MFA
ADAPTING TO DEVICE RISK
ADAPTING TO ACCESS RISK
TAKEAWAYS (AND A FREE BOOK)
10. 10
MOBILE MULTIFACTOR AUTHENTICATION
S T R O N G A N D F L E X I B L E A U T H E N T I C A T I O N
Something you
KNOW
Something
you ARE
Identity
verified
11. 11
MOBILE MULTIFACTOR AUTHENTICATION
S T R O N G A N D F L E X I B L E A U T H E N T I C A T I O N
Something you
KNOW
Something you
ARE
Something
you HAVE
15. 15
THE DNA OF A DEVICE
HUNDREDS OF DEVICE ATTRIBUTES COMBINE TO CREATE A DIGITAL FINGERPRINT
16. 16
WiFi (or Bluetooth) MAC Address
Network configuration
iOS Device Model
Battery level / AC mode
Device orientation
File system size
Physical memory
Number attached accessories
Has proximity sensor?
Screen brightness and resolution
System uptime
iOS Device Name (MD5 Hash)
OS Name and/or version
Device advertising UUID
Kernel version
iCloud Ubiquity Token
Application Vendor UUID /name/vers
Is Simulator?
THE DNA OF A DEVICE
HUNDREDS OF DEVICE ATTRIBUTES COMBINE TO CREATE A DIGITAL FINGERPRINT
Locale language / currency code
WiFi MAC Address
Bluetooth MAC Address
Network configuration
Is plugged in?
Device orientation
File system size
Physical memory
CPU Type
CPU count
CPU Speed
Screen brightness
Screen resolution
System uptime
iOS Device Name (MD5 Hash)
Device advertising UUID
Current latitude
Current longitude
Current altitude
Application Vendor UUID
Bundle ID
Application Version
Application name
Process name
Executable name
Application orientation
Locale language code
Locale currency code
Are location services enabled?
Time zone
Currently registered radio
technology
Carrier name
Carrier ISO country code
Carrier mobile country code
Carrier mobile network code
Does carrier allow VOIP?The attributes that let us recognize a device also allow us to see and respond to risk
17. 17
THE DNA OF A DEVICE
( A N O T E O N “ M F A O M N I C H A N N E L ”
18. 18
RISK INSIGHT FROM THE USER’S DEVICE
EvidenceDevice & Age Risk Profile
Geo-
location
Anomaly Watch ListsVelocity
ISP Watch List
Transactions per
Account
Timezone / Geo
Mismatch
Subscriber
Evidence Exists
Transaction
Amount Range
Geolocation
Mismatch
Device new to
Subscriber
IP Address Range
List
Global Trans
Device Velocity
Device Not
Provided
Evidence Exists
Billing/Shipping
Mismatch
Proxy In Use
New Device,
Existing Acct
Email Domain List
Countries Per Acct
or Device
Suspect Device
Data
IP Address RiskCountry List
Age of the
Association
Browser Language
Trans per
IP/Device/Acct
TOR Exit Node IP
Device Risk
(Local or Global)
Mobile Carrier
Country List
Registered
Acct/Dev Pair
ISP Organization
List
$S Value per
Device or Acct
VM in Use
Language and
Country Risk
IP Address
Distance
Device Type List
Devices per
Account
Mobile Emulator
Detected
Jailbreak/Root
Detected
IP Address
Mismatch
Accts (Created)
per Device
ISP Mismatch
POSITIVE RULES TRIGGERED
NEGATIVE RULES TRIGGERED
19. 19
RISK INSIGHT FROM THE USER’S DEVICE
EvidenceDevice & Age Risk Profile
Geo-
location
Anomaly Watch ListsVelocity
ISP Watch List
Transactions per
Account
Timezone / Geo
Mismatch
Subscriber
Evidence Exists
Transaction
Amount Range
Geolocation
Mismatch
Device new to
Subscriber
IP Address Range
List
Global Trans
Device Velocity
Device Not
Provided
Evidence Exists
Billing/Shipping
Mismatch
Proxy In Use
New Device,
Existing Acct
Email Domain List
Countries Per Acct
or Device
Suspect Device
Data
IP Address RiskCountry List
Age of the
Association
Browser Language
Trans per
IP/Device/Acct
TOR Exit Node IP
Device Risk
(Local or Global)
Mobile Carrier
Country List
Registered
Acct/Dev Pair
ISP Organization
List
$S Value per
Device or Acct
VM in Use
Language and
Country Risk
IP Address
Distance
Device Type List
Devices per
Account
Mobile Emulator
Detected
Jailbreak/Root
Detected
IP Address
Mismatch
Accts (Created)
per Device
ISP Mismatch
+1000
POSITIVE RULES TRIGGERED
NEGATIVE RULES TRIGGERED
20. 20
RISK INSIGHT FROM THE USER’S DEVICE
EvidenceDevice & Age Risk Profile
Geo-
location
Anomaly Watch ListsVelocity
ISP Watch List
Transactions per
Account
Timezone / Geo
Mismatch
Subscriber
Evidence Exists
Transaction
Amount Range
Geolocation
Mismatch
Device new to
Subscriber
IP Address Range
List
Global Trans
Device Velocity
Device Not
Provided
Evidence Exists
Billing/Shipping
Mismatch
Proxy In Use
New Device,
Existing Acct
Email Domain List
Countries Per Acct
or Device
Suspect Device
Data
IP Address RiskCountry List
Age of the
Association
Browser Language
Trans per
IP/Device/Acct
TOR Exit Node IP
Device Risk
(Local or Global)
Mobile Carrier
Country List
Registered
Acct/Dev Pair
ISP Organization
List
$S Value per
Device or Acct
VM in Use
Language and
Country Risk
IP Address
Distance
Device Type List
Devices per
Account
Mobile Emulator
Detected
Jailbreak/Root
Detected
IP Address
Mismatch
Accts (Created)
per Device
ISP Mismatch
POSITIVE RULES TRIGGERED
NEGATIVE RULES TRIGGERED
+200
Watch ListsVelocity
ISP Watch List
Transactions per
Account
IP Address Range
List
Global Trans
Device Velocity
Email Domain List
Countries Per Acct
or Device
Browser Language
Trans per
IP/Device/Acct
ISP Organization
List
$S Value per
Device or Acct
Device Type List
Devices per
Account
21. 21
RISK INSIGHT FROM THE USER’S DEVICE
EvidenceDevice & Age Risk Profile
Geo-
location
Anomaly Watch ListsVelocity
ISP Watch List
Transactions per
Account
Timezone / Geo
Mismatch
Subscriber
Evidence Exists
Transaction
Amount Range
Geolocation
Mismatch
Device new to
Subscriber
IP Address Range
List
Global Trans
Device Velocity
Device Not
Provided
Evidence Exists
Billing/Shipping
Mismatch
Proxy In Use
New Device,
Existing Acct
Email Domain List
Countries Per Acct
or Device
Suspect Device
Data
IP Address RiskCountry List
Age of the
Association
Browser Language
Trans per
IP/Device/Acct
TOR Exit Node IP
Device Risk
(Local or Global)
Mobile Carrier
Country List
Registered
Acct/Dev Pair
ISP Organization
List
$S Value per
Device or Acct
VM in Use
Language and
Country Risk
IP Address
Distance
Device Type List
Devices per
Account
Mobile Emulator
Detected
Jailbreak/Root
Detected
IP Address
Mismatch
Accts (Created)
per Device
ISP Mismatch
POSITIVE RULES TRIGGERED
NEGATIVE RULES TRIGGERED
0
Watch ListsVelocity
ISP Watch List
Transactions per
Account
IP Address Range
List
Global Trans
Device Velocity
Email Domain List
Countries Per Acct
or Device
Browser Language
Trans per
IP/Device/Acct
ISP Organization
List
$S Value per
Device or Acct
Device Type List
Devices per
Account
Watch Lists
ISP Watch List
IP Address Range
List
Email Domain List
Browser Language
ISP Organization
List
Device Type List
PIN +
22. 22
RISK INSIGHT FROM THE USER’S DEVICE
EvidenceDevice & Age Risk Profile
Geo-
location
Anomaly Watch ListsVelocity
ISP Watch List
Transactions per
Account
Timezone / Geo
Mismatch
Subscriber
Evidence Exists
Transaction
Amount Range
Geolocation
Mismatch
Device new to
Subscriber
IP Address Range
List
Global Trans
Device Velocity
Device Not
Provided
Evidence Exists
Billing/Shipping
Mismatch
Proxy In Use
New Device,
Existing Acct
Email Domain List
Countries Per Acct
or Device
Suspect Device
Data
IP Address RiskCountry List
Age of the
Association
Browser Language
Trans per
IP/Device/Acct
TOR Exit Node IP
Device Risk
(Local or Global)
Mobile Carrier
Country List
Registered
Acct/Dev Pair
ISP Organization
List
$S Value per
Device or Acct
VM in Use
Language and
Country Risk
IP Address
Distance
Device Type List
Devices per
Account
Mobile Emulator
Detected
Jailbreak/Root
Detected
IP Address
Mismatch
Accts (Created)
per Device
ISP Mismatch
POSITIVE RULES TRIGGERED
NEGATIVE RULES TRIGGERED
-1000
Watch ListsVelocity
ISP Watch List
Transactions per
Account
IP Address Range
List
Global Trans
Device Velocity
Email Domain List
Countries Per Acct
or Device
Browser Language
Trans per
IP/Device/Acct
ISP Organization
List
$S Value per
Device or Acct
Device Type List
Devices per
Account
Watch Lists
ISP Watch List
IP Address Range
List
Email Domain List
Browser Language
ISP Organization
List
Device Type List
Watch Lists
Device Type List
Call
Customer
Service
23. 23
What About Machine Learning?
ANY ONLINE TRANSACTION
Billions of global
transactions
Hundreds of
device and
transaction
attributes
Millions of
device and
attribute
permutations
30M
Subscriber-
placed
fraud reports
Machine
Learning
-10,000 +10,000Device Risk
Score
High Risk High Trust
25. 25
The Customer Journey
NAVIGATION AND INTERACTION POINTS
RISK
1 2 4 5
Where the “risk bar”
bar is typically set
Where the
majority of
interactions
occur
3 6
34. 34FRAUD TEAM INFOSEC / IAM TEAM UX / PRODUCT TEAM
ENGAGE YOUR CROSS -FUNCTIONAL TEAMS
35. 35
ENGAGE YOUR CROSS -FUNCTIONAL TEAMS
The Fraud Team has
irreplaceable insight …
but is often seen as
tactical
The fraud team also has
something most teams
don’t: actual cost metrics
Create an alliance!
Learn the language of
fraud stoppers
FRAUD TEAM
Nobody wants to be the
“Director of No”
Look to your left and right
and reach out
If you’re in a consumer
space, become
customer-centric
Consider controls outside
of the trypical infosec
sphere
INFOSEC / IAM TEAM
Be a Change Agent –
all the power is in your
hands
Teach the other teams
your language and your
metrics
Enlist aid, ask for help
Be the expert, but get
everyone to care about
the user journey
UX / PRODUCT TEAM