ThreatMetrix® is the market-leading cloud solution for authenticating digital personas and transactions on the Internet.
ThreatMetrix analyzes more than 15 billion transactions annually, from 30,000 websites across 4,000 companies globally through the Digital Identity Network. ThreatMetrix secures businesses and end users against account takeover, payment fraud and fraudulent account registrations resulting from malware and data breaches. Key benefits include an improved customer experience, reduced friction, revenue gain, and lower fraud and operational costs.
2. Asia Risk & Resilience Conference 2016
Are Cybercriminals winning the fight?
ThreatMetrix saw an 50%
increase in fraud attacks since
Q2 2015
In Q2 2016 More than 112
million attacks were detected
and stopped in real time;
More than 450 million bot attacks
were identified and stopped
during this last quarter, a 50%
increase over previous quarter.
3. Asia Risk & Resilience Conference 2016
What we know: Nearly 4 Billion User
Records Stolen Since 2013
Email addresses stolen
40M customer records from Ashley Madison
made available to public
Health Care Data Breached
80M patient records stolen in Anthem breach
Credit bureau data stolen
hundreds of millions of records in various countries
stolen
e.g 27M in Korea in 2014
Google and Yahoo Breach
272.3 million stolen accounts details from are
being traded in Russia
4. Asia Risk & Resilience Conference 2016
Data Breaches Continue To Grow
User Names / Passwords
RIP: There is now longer
any security value in the
age of the data breach
With 278 million+
consumer records
compromised in 2015
alone, the concept of
data privacy (and
reliability) is now an
illusion
5. Asia Risk & Resilience Conference 2016
Customer Life Time Value Destruction
6. Asia Risk & Resilience Conference 2016
Getting Worse Not Better
7. Asia Risk & Resilience Conference 2016
We Need to Rethink Identity
8. Asia Risk & Resilience Conference 2016
What Can We Do?
First Steps
9. Asia Risk & Resilience Conference 2016
Businesses are increasingly experiencing the
downstream effects of data breaches
We Now Live in a Post Data Breach World
10. Asia Risk & Resilience Conference 2016
Increased Friction
11. Asia Risk & Resilience Conference 2016
Band-Aid Solutions
12. Asia Risk & Resilience Conference 2016
Are your
customers/employees
/partners
Trusted User
or Cyber Threats?
13. Asia Risk & Resilience Conference 2016
Understand: Cyber Threat Attack vectors and the new
target
13
Trust is Critical
Digital Debris
Rise of Machines
Mobile First
World
Global Organized
Cybercrime
Digital Identities are the
new target and they are
compromised at alarming
rates:
To manage your risk you
need to understand:
• How your [employees,
contractors, customers,
partners] interact with
your Omni-channels
• Who they really are
• How they are behaving in
real time
14. Asia Risk & Resilience Conference 2016
Understand The Cyber Threat:
Predictions and Strategic Imperatives
• Botnet attacks: will
continue to rise and evolve
to bypass rate control
security
• Identity / credential theft:
will continue to be a key
issue for all industries
• Mobile transactions: will
increase particularly in the
mobile banking sector
• Global transaction
context
• Single Orchestration
Platform
• Best in Class Analytics
15. Asia Risk & Resilience Conference 2016
8am 10pm
Personal
Persona
Business
Persona
Enroll in
Insurance
from Laptop
Check
Email from
Mobile
Phone
Book a
Flight from
Tablet
Check
Email from
Tablet
Pay
Bills from
Laptop
Buy a
Shirt from
Laptop
Surf
Facebook
from Mobile
Phone
Account
Origination Fraud
Phishing CNP
CNP Social EngineeringPhishing Account Takeover
Understand your Vulnerability: We all have
Multiple Personas, Credentials, Devices, Locations, but One
Global Digital Identity - Your Digital DNA
https://vimeo.com/156917755
16. Asia Risk & Resilience Conference 2016
Apply Best Practice Cyber Threat
Management: Where to start?
1
• Global Shared Intelligence:
who, how, why, behavior?
• Identity: real time data,
discerning technology,
understand vulnerabilities,
training.
• Social Engineering/Phishing:
bad guy know the org charts
and rely on careless on-line
behavior
• Give to Get model
• Identity/virtual persona
amalgam
• Internal Best Practices
17. Asia Risk & Resilience Conference 2016
ThreatMetrix Unites the Facets of Digital Identities
Devices
Identity
Analytics
Associations
Behavior
Card Issuance
Digital Payments
Video Streaming
Insurance
Mobile Payments
Social
Networks
Global | Shared | Intelligence
18. Asia Risk & Resilience Conference 2016
ThreatMetrix
has mapped
the Digital
Identity Graph.
Understanding
multi-variate
relationships
between a person
and associated
devices, credentials
and threat
behaviors…
Mapping Global Digital Identity Activity
19. Asia Risk & Resilience Conference 2016
…and more complex
relationships between
multiple personas now and
over time = > vulnerability
20. Asia Risk & Resilience Conference 2016
Threat: Most Legacy Customer Authentication Methods are
Insufficient and failing in the Mobile-First, Global Digital Age
ThreatMetrix Confidential2
Trusted forms of ID are mostly useless
in a post-data breach world
✓ Credit Scores
✓ AVS Checks
✓ State Issued IDs
✓ Step-up and OOB
Authentication
✓ Cross-Border Credit Cards
✓ Government Cyber Identity
Programs
Global business is
cross-border, 24/7
21. Asia Risk & Resilience Conference 2016
Threat: Our Behavior And Soft Targets Leave Us Vulnerable
Fraud Enablers The Players Soft Targets
• Unjustified Trust
• Lack of Global
Intelligence
• Social Network Impact
• Common Passwords
• Too Quick to Click
• Unwitting Insider
• Colluding Insider
• External Antagonists
• The Enterprise
• Customers
• Low Prep Enterprises
22. Asia Risk & Resilience Conference 2016
Real World Threat Scenarios: Our Behavior & Social
Engineering
Emails or phone calls your employees will probably open/take with little to no pause…
• Email: Hi Ted, here is your 2016
compensation plan
• Email: Hi Ted, its Greg. I’m doing a deal in
Australia and need you to wire 100K
today
• Phone call: Hi Ted, it’s Joe at Dell
checking on our outstanding
AR…................can you give me a
payment status? Thanks that was
very helpful...
• Calls back 15 minutes later: Hi Ted,
Joe again, I forgot to give you our
new ACH paymemt instructions.......
can you update these in your ERP?
• On payment...the ACH goes out to
the wrong vendor...
• A week or two later: Hi Ted, its AR
team at Dell, you are normally a
quick payer, is there any reason you
have not paid the outstanding
invoice due last month?
• Email: Hi Ted, its Mark from the
board…would you have a look at
this presentation from one of my
protfolio companies?
23. Asia Risk & Resilience Conference 2016
Impact: Today’s Cross-Border, Digital Business Reality
Complicates Fraud, Threat, and Authentication Decisions
Source: ThreatMetrix Q4, 2015 Cybercrime Report
24. Asia Risk & Resilience Conference 2016
Impact: Attacks are Growing in Size, Frequency and
Complexity
Daily Rejected Transactions
Identity Abuse
Index
An Identity Abuse Index level of High (shown in red) represents an attack rate of two standard deviations
from the medium term trend. Aggregated over all global transactions, it clearly shows that the exploitation
of data breaches and stolen identities is automated, global and coordinated
25. Asia Risk & Resilience Conference 2016
Integrated
Database
Integration Hub
Impact: Identity Spoofing Continues to Rise Globally
26. Asia Risk & Resilience Conference 2016
Impact: Bot attacks are more constant and increasing
27. Asia Risk & Resilience Conference 2016
ThreatMetrix Global Intelligence Network
28. Asia Risk & Resilience Conference 2016
Recognition is key
Persona (device, identity, behaviour) recognition is key to ensuring that businesses are able
to effectively differentiate between trusted users and potential threats
29. Asia Risk & Resilience Conference 2016
Integration: Integrating Digital Intelligence For True Digital
Identity Assessment is the Key to Prevention
30. Asia Risk & Resilience Conference 2016
The Reality: Global Markets Require
Frictionless, Secure Digital Experiences
Fraud Prevention Authentication Threat Detection
“I want to pinpoint
fraudsters using a
stolen or synthetic
identity the
moment they
apply.”
“I want to
Accurately
distinguish returning
users from
fraudsters.”
“Help me stop
costly Botnet
attacks from
happening as
customers are
accessing my
systems.”
31. Asia Risk & Resilience Conference 2016
Digital Identity Network
>2 billion transactions analyzed per
month 15 billion in 2015
Coverage in
240 countries
Up to 98%
recognition rate
Over 4,000 brands
Protecting 30,000
websites & apps
3 of the top 4
credit card networks
400 million deployed
mobile SDKs
+25M per month
Leverage Global Shared Intelligence
> 500,000 daily transactions analysed
for France
32. Asia Risk & Resilience Conference 2016
Global Real-Time
Decisioning
Global Digital
Identity
Global Shared
Intelligence
70% reduction in false-positive rates; 90% reduction in fraud
• Build a global shared intelligence network to beat a
global fraud network
• Keep Security invisible from your Customers (and
Cybercriminals)
• Provide the Best-in-Class Online & Mobile Experience
• Combine:
33. Asia Risk & Resilience Conference 2016
Digital
Intelligence
Integration &
Orchestration
Real-Time
Analytics
Decision
Management
Machine
Learning
Behavior
Analytics
Business
Rules
Case
Management
Reporting
Search & Link
Analysis
Implement
34. Asia Risk & Resilience Conference 2016
Improve security together with the
customer experience?
95% of transactions are from genuine
users
35. Asia Risk & Resilience Conference 2016
Summary
1. Data Breaches and Bots driving cybercrime surge
2. User Names / Passwords are no longer any security value in the age
of the data breach
3. Mobile transactions are surging ahead of other online methods
4. We see an emergence of mobile bot attacks targeting mobile apps
5. Legacy Customer Authentication Methods are Insufficient and failing
in the Mobile-First, Global Digital Age
6. Cybercriminals are targeting our Behavior & Social Engineering
7. We need to build a global shared intelligence network to beat a global
fraud network
8. Keep Security invisible while anonymising, securing and encrypting
data
9. Provide the Best-in-Class Online & Mobile Experience
10. Integrating Digital Intelligence For True Digital Identity Assessment is
the Key to Prevention
36. Asia Risk & Resilience Conference 2016
Stop Fraud, not Customers
37. Asia Risk & Resilience Conference 2016
Questions
Ted Egan (tegan@threatmetrix.com)
Vice President Asia Pacific
ThreatMetrix Inc.
The Digital Identity Company