If you need to authenticate or authorize external customers into your online site, service or app, you face a daunting set of challenges. First, you need to provide enough security at the right time in the user’s journey to stop account takeovers and exploits. Second, your customers need a rewarding, friction-free user experience. We'll discuss how device intelligence – real-time assessment of your user’s device -- provides the insight that drives the “right” kind at the adaptive multifactor authentication at the right time. We’ll use examples of customers in retail, finance and gaming achieving this balance today.

1. CRITICAL INSIGHT
HOW “DEVICE RISK” DRIVES DYNAMIC MFA

2. CRITICAL INSIGHT
HOW “DEVICE RISK” DRIVES DYNAMIC MFA
MICHAEL THELANDER / SR DIRECTOR PRODUCT MARKETING

3. 3FRAUD TEAM INFOSEC / IAM TEAM UX / PRODUCT TEAM

4. 4
MICHAEL THELANDER
S E N I O R D I R E C T O R P R O D U C T M A R K E T I N G ,
I O V A T I O N
 CISSP-trained through SANS with experience in
configuration security and authentication
 25 years in product management and product marketing, with
the last 10 focused on cyber security
 Articles have appeared in IT Professional Magazine, ITSP
Magazine, CyberDefense Magazine, and SoftwareCEO.com
 Drives go-to-market and education initiatives at iovation

5. 5
 A form of ocean-
going rainbow trout
 Moves between
fresh water and
sea water
 Adapts chemically
and physiologically
several times
 Faces different
risks at different
times

6. A STORY
6
THE PROMISED LAND OF MFA
ADAPTING TO DEVICE RISK
ADAPTING TO ACCESS RISK
TAKEAWAYS (AND A FREE BOOK)

7. THE MFA PROMISED LAND
MULTIFACTOR AUTHENTICATION FOR CONSUMERS

8. 8

9. 9
MOBILE MULTIFACTOR AUTHENTICATION
S T R O N G A N D F L E X I B L E A U T H E N T I C A T I O N
Something you
KNOW

10. 10
MOBILE MULTIFACTOR AUTHENTICATION
S T R O N G A N D F L E X I B L E A U T H E N T I C A T I O N
Something you
KNOW
Something
you ARE
Identity
verified

11. 11
MOBILE MULTIFACTOR AUTHENTICATION
S T R O N G A N D F L E X I B L E A U T H E N T I C A T I O N
Something you
KNOW
Something you
ARE
Something
you HAVE

12. 12
MOBILE MULTIFACTOR AUTHENTICATION
S T R O N G A N D F L E X I B L E A U T H E N T I C A T I O N
Identity
verified
+ +

13. 13
MOBILE MULTIFACTOR AUTHENTICATION
D R I V E N B Y T W O K I N D S O F R I S K
DEVICE
RISK
ACCES
SRISK?

14. DEVICE RISK
MAKING MFA CONTEXTUAL

15. 15
THE DNA OF A DEVICE
HUNDREDS OF DEVICE ATTRIBUTES COMBINE TO CREATE A DIGITAL FINGERPRINT

16. 16
 WiFi (or Bluetooth) MAC Address
 Network configuration
 iOS Device Model
 Battery level / AC mode
 Device orientation
 File system size
 Physical memory
 Number attached accessories
 Has proximity sensor?
 Screen brightness and resolution
 System uptime
 iOS Device Name (MD5 Hash)
 OS Name and/or version
 Device advertising UUID
 Kernel version
 iCloud Ubiquity Token
 Application Vendor UUID /name/vers
 Is Simulator?
THE DNA OF A DEVICE
HUNDREDS OF DEVICE ATTRIBUTES COMBINE TO CREATE A DIGITAL FINGERPRINT
 Locale language / currency code
 WiFi MAC Address
 Bluetooth MAC Address
 Network configuration
 Is plugged in?
 Device orientation
 File system size
 Physical memory
 CPU Type
 CPU count
 CPU Speed
 Screen brightness
 Screen resolution
 System uptime
 iOS Device Name (MD5 Hash)
 Device advertising UUID
 Current latitude
 Current longitude
 Current altitude
 Application Vendor UUID
 Bundle ID
 Application Version
 Application name
 Process name
 Executable name
 Application orientation
 Locale language code
 Locale currency code
 Are location services enabled?
 Time zone
 Currently registered radio
technology
 Carrier name
 Carrier ISO country code
 Carrier mobile country code
 Carrier mobile network code
 Does carrier allow VOIP?The attributes that let us recognize a device also allow us to see and respond to risk

17. 17
THE DNA OF A DEVICE
( A N O T E O N “ M F A O M N I C H A N N E L ”

18. 18
RISK INSIGHT FROM THE USER’S DEVICE
EvidenceDevice & Age Risk Profile
Geo-
location
Anomaly Watch ListsVelocity
ISP Watch List
Transactions per
Account
Timezone / Geo
Mismatch
Subscriber
Evidence Exists
Transaction
Amount Range
Geolocation
Mismatch
Device new to
Subscriber
IP Address Range
List
Global Trans
Device Velocity
Device Not
Provided
Evidence Exists
Billing/Shipping
Mismatch
Proxy In Use
New Device,
Existing Acct
Email Domain List
Countries Per Acct
or Device
Suspect Device
Data
IP Address RiskCountry List
Age of the
Association
Browser Language
Trans per
IP/Device/Acct
TOR Exit Node IP
Device Risk
(Local or Global)
Mobile Carrier
Country List
Registered
Acct/Dev Pair
ISP Organization
List
$S Value per
Device or Acct
VM in Use
Language and
Country Risk
IP Address
Distance
Device Type List
Devices per
Account
Mobile Emulator
Detected
Jailbreak/Root
Detected
IP Address
Mismatch
Accts (Created)
per Device
ISP Mismatch
POSITIVE RULES TRIGGERED
NEGATIVE RULES TRIGGERED

19. 19
RISK INSIGHT FROM THE USER’S DEVICE
EvidenceDevice & Age Risk Profile
Geo-
location
Anomaly Watch ListsVelocity
ISP Watch List
Transactions per
Account
Timezone / Geo
Mismatch
Subscriber
Evidence Exists
Transaction
Amount Range
Geolocation
Mismatch
Device new to
Subscriber
IP Address Range
List
Global Trans
Device Velocity
Device Not
Provided
Evidence Exists
Billing/Shipping
Mismatch
Proxy In Use
New Device,
Existing Acct
Email Domain List
Countries Per Acct
or Device
Suspect Device
Data
IP Address RiskCountry List
Age of the
Association
Browser Language
Trans per
IP/Device/Acct
TOR Exit Node IP
Device Risk
(Local or Global)
Mobile Carrier
Country List
Registered
Acct/Dev Pair
ISP Organization
List
$S Value per
Device or Acct
VM in Use
Language and
Country Risk
IP Address
Distance
Device Type List
Devices per
Account
Mobile Emulator
Detected
Jailbreak/Root
Detected
IP Address
Mismatch
Accts (Created)
per Device
ISP Mismatch
+1000
POSITIVE RULES TRIGGERED
NEGATIVE RULES TRIGGERED

20. 20
RISK INSIGHT FROM THE USER’S DEVICE
EvidenceDevice & Age Risk Profile
Geo-
location
Anomaly Watch ListsVelocity
ISP Watch List
Transactions per
Account
Timezone / Geo
Mismatch
Subscriber
Evidence Exists
Transaction
Amount Range
Geolocation
Mismatch
Device new to
Subscriber
IP Address Range
List
Global Trans
Device Velocity
Device Not
Provided
Evidence Exists
Billing/Shipping
Mismatch
Proxy In Use
New Device,
Existing Acct
Email Domain List
Countries Per Acct
or Device
Suspect Device
Data
IP Address RiskCountry List
Age of the
Association
Browser Language
Trans per
IP/Device/Acct
TOR Exit Node IP
Device Risk
(Local or Global)
Mobile Carrier
Country List
Registered
Acct/Dev Pair
ISP Organization
List
$S Value per
Device or Acct
VM in Use
Language and
Country Risk
IP Address
Distance
Device Type List
Devices per
Account
Mobile Emulator
Detected
Jailbreak/Root
Detected
IP Address
Mismatch
Accts (Created)
per Device
ISP Mismatch
POSITIVE RULES TRIGGERED
NEGATIVE RULES TRIGGERED
+200
Watch ListsVelocity
ISP Watch List
Transactions per
Account
IP Address Range
List
Global Trans
Device Velocity
Email Domain List
Countries Per Acct
or Device
Browser Language
Trans per
IP/Device/Acct
ISP Organization
List
$S Value per
Device or Acct
Device Type List
Devices per
Account

21. 21
RISK INSIGHT FROM THE USER’S DEVICE
EvidenceDevice & Age Risk Profile
Geo-
location
Anomaly Watch ListsVelocity
ISP Watch List
Transactions per
Account
Timezone / Geo
Mismatch
Subscriber
Evidence Exists
Transaction
Amount Range
Geolocation
Mismatch
Device new to
Subscriber
IP Address Range
List
Global Trans
Device Velocity
Device Not
Provided
Evidence Exists
Billing/Shipping
Mismatch
Proxy In Use
New Device,
Existing Acct
Email Domain List
Countries Per Acct
or Device
Suspect Device
Data
IP Address RiskCountry List
Age of the
Association
Browser Language
Trans per
IP/Device/Acct
TOR Exit Node IP
Device Risk
(Local or Global)
Mobile Carrier
Country List
Registered
Acct/Dev Pair
ISP Organization
List
$S Value per
Device or Acct
VM in Use
Language and
Country Risk
IP Address
Distance
Device Type List
Devices per
Account
Mobile Emulator
Detected
Jailbreak/Root
Detected
IP Address
Mismatch
Accts (Created)
per Device
ISP Mismatch
POSITIVE RULES TRIGGERED
NEGATIVE RULES TRIGGERED
0
Watch ListsVelocity
ISP Watch List
Transactions per
Account
IP Address Range
List
Global Trans
Device Velocity
Email Domain List
Countries Per Acct
or Device
Browser Language
Trans per
IP/Device/Acct
ISP Organization
List
$S Value per
Device or Acct
Device Type List
Devices per
Account
Watch Lists
ISP Watch List
IP Address Range
List
Email Domain List
Browser Language
ISP Organization
List
Device Type List
PIN +

22. 22
RISK INSIGHT FROM THE USER’S DEVICE
EvidenceDevice & Age Risk Profile
Geo-
location
Anomaly Watch ListsVelocity
ISP Watch List
Transactions per
Account
Timezone / Geo
Mismatch
Subscriber
Evidence Exists
Transaction
Amount Range
Geolocation
Mismatch
Device new to
Subscriber
IP Address Range
List
Global Trans
Device Velocity
Device Not
Provided
Evidence Exists
Billing/Shipping
Mismatch
Proxy In Use
New Device,
Existing Acct
Email Domain List
Countries Per Acct
or Device
Suspect Device
Data
IP Address RiskCountry List
Age of the
Association
Browser Language
Trans per
IP/Device/Acct
TOR Exit Node IP
Device Risk
(Local or Global)
Mobile Carrier
Country List
Registered
Acct/Dev Pair
ISP Organization
List
$S Value per
Device or Acct
VM in Use
Language and
Country Risk
IP Address
Distance
Device Type List
Devices per
Account
Mobile Emulator
Detected
Jailbreak/Root
Detected
IP Address
Mismatch
Accts (Created)
per Device
ISP Mismatch
POSITIVE RULES TRIGGERED
NEGATIVE RULES TRIGGERED
-1000
Watch ListsVelocity
ISP Watch List
Transactions per
Account
IP Address Range
List
Global Trans
Device Velocity
Email Domain List
Countries Per Acct
or Device
Browser Language
Trans per
IP/Device/Acct
ISP Organization
List
$S Value per
Device or Acct
Device Type List
Devices per
Account
Watch Lists
ISP Watch List
IP Address Range
List
Email Domain List
Browser Language
ISP Organization
List
Device Type List
Watch Lists
Device Type List
Call
Customer
Service

23. 23
What About Machine Learning?
ANY ONLINE TRANSACTION
Billions of global
transactions
Hundreds of
device and
transaction
attributes
Millions of
device and
attribute
permutations
30M
Subscriber-
placed
fraud reports
Machine
Learning
-10,000 +10,000Device Risk
Score
High Risk High Trust

24. ACCESS RISK
MAKING MFA CONTINUOUS

25. 25
The Customer Journey
NAVIGATION AND INTERACTION POINTS
RISK
1 2 4 5
Where the “risk bar”
bar is typically set
Where the
majority of
interactions
occur
3 6

26. 26
+1000
+200
0
-1000

27. 27
0
-1000
Unless
Only
FOR LOW-RISK ACTIONS

28. 28
+1000
+200
And one method
FOR HIGHER-RISK
ACTIONS
or

29. 29
+1000
And multiple
methods
With
FOR HIGHEST-RISK ACTIONS

30. 30
Go to:
www.iovation.com/resources/reports

31. TAKEAWAYS
DEISGNING AND BUILDING IT (AND A FREE
BOOK)

32. 32

33. 33
HOW

34. 34FRAUD TEAM INFOSEC / IAM TEAM UX / PRODUCT TEAM
ENGAGE YOUR CROSS -FUNCTIONAL TEAMS

35. 35
ENGAGE YOUR CROSS -FUNCTIONAL TEAMS
 The Fraud Team has
irreplaceable insight …
but is often seen as
tactical
 The fraud team also has
something most teams
don’t: actual cost metrics
 Create an alliance!
 Learn the language of
fraud stoppers
FRAUD TEAM
 Nobody wants to be the
“Director of No”
 Look to your left and right
and reach out
 If you’re in a consumer
space, become
customer-centric
 Consider controls outside
of the trypical infosec
sphere
INFOSEC / IAM TEAM
 Be a Change Agent –
all the power is in your
hands
 Teach the other teams
your language and your
metrics
 Enlist aid, ask for help
 Be the expert, but get
everyone to care about
the user journey
UX / PRODUCT TEAM

36. 36

37. 37
iovation.com/dummie
s
Go to
to register for your free copy
For more technical insight:
Risk, Reputation and
Reward whitepaper at
iovation.com/resources/whitepape
rs

38. QUESTIONS?
www.iovation.com
@TheOtherMichael
SENIOR DIRECTOR OF PRODUCT MARKETING
MICHAEL
THELANDER
michael.thelander@iovation.com
503.943.6700