Smart Device Identification for Cloud-Based Fraud
Prevention
Alisdair Faulkner
Chief Products Officer
White Paper: Smart Device Identification for Cloud-Based Fraud Prevention
Contents Basic Device Identification is no longer enough ........ 3 Times have changed but your Device ID hasn’t .......................................................................... 3 Cookies are Obsolete .................................................................................................................. 5 Device Fingerprints Smudge and Fraudsters Wear Gloves ........................................................ 6 Compromised Devices are Commodities .................................................................................... 7 Smart Device Identification Requirements .................................................................................. 8 Smart versus Basic Device Identification Comparison ................................................................ 9 ThreatMetrix Smart Device Identification ................. 11 Identify Fraudsters and Authenticate Customers ...................................................................... 11 Cookieless Device Fingerprinting .............................................................................................. 12 IP, Browser and Packet Fingerprint Interrogation ..................................................................... 13 Real-time complex attribute matching and confidence scoring ................................................. 15 Man-In-The-Middle/Hidden Proxy and True Origin detection .................................................... 17 Compromised Device and Script detection ............................................................................... 18 Integrated Contextual Risk Scoring and Decisioning ................................................................ 19 Recommendations ................................................... 22 Page 2 White Paper: Smart Device Identification for Cloud-Based Fraud Prevention
Basic Device Identification is no longer enough
Times have changed but your Device ID hasn’t
Device Identification, using a visitor’s computer to provide additional fraud prevention and
authentication intelligence, remains the most effective first perimeter of defense to protect online
transactions including payments, logins and registrations. Benefits include:
•
Zero customer imposition, providing passive two factor authentication for online
transactions without requiring software or hardware tokens or challenge questions.
•
Not relying on the collection of personal identifying information (PII)
•
Stops first-time fraud attempts based on device anomalies and global behavior.
Unfortunately since first generation device identification technologies were introduced the world
has changed dramatically with an increase in the sophistication and globalization of cybercrime
and a corresponding increase in exposure to enterprise fraud, risk and security teams.
In this whitepaper you will learn about reasons to upgrade basic device identification and
fingerprinting methods including:
•
The reliance of existing technologies on cookie or cookie equivalents. Browser and
flash cookies are easy to delete and compromise. Private browsing modes make it
easier for fraudsters to hide. Modern smartphones are harder to reliably tag.
•
Important security data is being ignored when collecting the device fingerprint. Simple
browser fingerprinting technologies only gather information about the browser which is
easy to spoof or subvert and it ignores important information encoded in the connection
and packet.
•
Relying on simple hashing techniques to perform fingerprint matching misses fraud and
causes false positives. Traditional SQL databases cannot perform the complex and
extensive attribute matching needed in real time.
•
Lack of sophisticated proxy and Man-In-The-Middle detection. Simple IP proxy lists are
no longer effective.
•
No knowledge of when a good customer’s device has been compromised. The
widespread problem of infected computers due to botnets and Trojans means that
simply recognizing an authenticated device is insufficient if that computer is now
controlled or spied upon by hackers.
Page 3 White Paper: Smart Device Identification for Cloud-Based Fraud Prevention
In addition, you will learn new features and benefits associated with the next generation of
ThreatMetrix smart device identification technologies including:
•
Cookieless device fingerprinting for better return visitor recognition
•
Multiple scoring techniques to truly validate the identity of a device
•
Going beyond simple browser fingerprinting technology to prevent more fraud
•
Real-time complex device fingerprint matching and confidence scoring for less false
positives
•
Automatic detection of hidden proxies, compromised devices and MITM attacks to stop
cybercrime at time of transaction.
•
Global device recognition and behavior tracking for proactive protection
•
Context aware risk based assessment across customer and transaction authentication
processes for greater enterprise control.
Page 4 White Paper: Smart Device Identification for Cloud-Based Fraud Prevention
Cookies are Obsolete
2010 officially rang in the death knell for cookies as a way to reliably identify a device to prevent
fraud underscored by Gartner analyst Aviva Litan in her report published in February of 2010
titled “ Privacy Collides With Fraud Detection and Crumbles Flash Cookies”. While it might seem
obvious that a fraudster would delete browser cookies to avoid being identified the issue is
slightly more nuanced.
First generation device identification technologies rely on the general public’s and unsophisticated
fraudster’s ignorance of Flash Cookies (Local Storage Objects) that are not deleted when regular
browser cookies are cleared, and are invisible unless you know where to find them.
Unfortunately for Basic Device identification vendors, online advertisers also use these same
LSOs to resuscitate a cleared cookie which in turn, has incited a furor with privacy advocates.
The result has attracted the attention of the FTC and the US Congress to impose privacy
regulations to protect consumer’s rights. In response the browser and browser plugin companies
have instituted private browsing and opt out features into their products to better accommodate
consumer opt-out protection. Additionally, version 10.1 of Adobe’s Flash product now enables
browser companies and consumers to delete LSOs in line with regular cookies. In addition, all
the major browser companies have now implemented some form of private browsing mode that
allows customers and intrepid fraudsters to temporarily suppress cookies and Flash objects and
hence evade re-identification.
2010 also saw an explosive uptake in the number and variety of tablets and touch-based
smartphones that make accessing the Internet and performing an online transaction from a
mobile device a practical reality. Some of these devices such as the iPhone and iPad do not
Page 5 White Paper: Smart Device Identification for Cloud-Based Fraud Prevention
support Flash and also block third-party browse cookies by default further reducing the
effectiveness of cookies and first generation device identification solutions for device recognition
and reputation.
Device Fingerprints Smudge and Fraudsters Wear Gloves
Every interaction a customer makes with a website leaves a digital fingerprint about the device,
the type of browser and the connection used. First generation device fingerprinting technologies
typically use JavaScript or Flash to collect browser and clock information and use a hashing
algorithm to generate some form of identifier. The problem is that this device fingerprint routinely
changes as customers swap browsers, change physical locations and corresponding IP
addresses with laptops, tablets and smartphones. As an illustration, a sample of transactions
from ThreatMetrix Fraud Network shows that after 2 months 20% of visitors had changed their
browser, and 25% had multiple IP Addresses.
Further, fraudsters will deliberately try to manipulate or block browser settings in order to disguise
their device fingerprint. The following graphs from the same sample shows that nearly 10% of
transactions had one or more of JavaScript, Flash or cookies suppressed. Some of these
transactions are fraudulent while at the same time many are transactions executed by privacy
conscious customers and are valid. If these devices are not properly identified the end result to
an ecommerce merchant, financial institution or other business will be either an increase of false
positives resulting in loss revenues or increases in fraud resulting in increased costs.
Page 6 White Paper: Smart Device Identification for Cloud-Based Fraud Prevention
Compromised Devices are Commodities
Thanks to sophisticated malware like Zeus, millions of good customer’s computers go bad on a
daily basis. The problem is that existing fraud prevention and security solutions are blind to
evidence that a particular device is infected at the point of a transaction leaving the enterprise
exposed to Man-In-The-Browser (MITB), key-logging and Man-In-The-Middle (MITM) attacks. By
orders of magnitude, however, the most common use of compromised computers is to turn an
innocent’s computer into an IP proxy to avoid geolocation filters and known anonymous proxy IP
lists.
Using a real world example, one ThreatMetrix customer doing an average of 4,500 customer
verification transactions a day had nearly 5% of transaction originating from behind a
compromised computer being used as a hidden proxy.
Page 7 White Paper: Smart Device Identification for Cloud-Based Fraud Prevention
An examination of a subset of those hidden proxy transactions found that a large cluster
originated from compromised servers hosted in the US with The Planet, a popular hosting
provider, with the true origin of the transactions coming from several offshore countries.
Smart Device Identification Requirements
Criteria
Requirement
Cookieless Device
Passively collected device attributes to identity devices without
Fingerprinting
requiring software or hardware tokens provides a first layer of
defense across all website interactions. Unfortunately malware
and fraudsters routinely delete, steal and tamper with browser
and flash cookies and attributes. Cross correlating device
fingerprint attributes and behavior with session and browser
cookies provides an additional layer of authentication.
Real-time complex attribute
Cybercriminals routinely manipulate device parameters to evade
matching and confidence
detection. Worse, simple attribute matching based on hashing
scoring
browser and IP attributes can create unnecessary false positives
and customer complaints. Smart Device Identification provides
complex attribute matching in real time at the time of transaction
for persistent identification of a visitor even when IP or browser
attributes change. Confidence scores based on global
Page 8 White Paper: Smart Device Identification for Cloud-Based Fraud Prevention
collections of device profiles reduce false positives.
Packet & Browser
Attributes collected from the browser and IP address are trivial
Fingerprint Interrogation
to spoof. Smart Device Identification adds passive packet
fingerprinting for greater resolution and spoof protection.
Man-In-The-Middle and
Based on browser and packet fingerprint interrogation, Smart
True Origin detection
Device Identification automatically detects and classifies MITM
attacks and bypasses hidden proxies to reveal the true IP
Address, geolocation and origin of the transaction.
Compromised Device and
Organizations not only need to identify a customer’s device, they
Script detection
also need to know whether that device is now compromised and
infected. Subscribing to IP reputation feeds is not enough if the
botnet intelligence cannot be acted on while the customer is on
the page.
Global Recognition
Provides ability to re-identify customer devices across sites.
Integrated contextual risk
A risk decision based on device intelligence needs to be made
scoring and decisioning
in context with per organization and global transaction patterns.
Smart versus Basic Device Identification Comparison
Criteria
Frictionless customer
Smart
Simple
ü
ü
ü
ü
ü
û Heavily reliant on cookie or
experience
No software or browser
plugins required
Cookieless Device
cookie equivalents
Fingerprinting
Packet, Browser and IP
ü
Real-time Complex Fingerprint
ü
û Simple Hash or
Cryptographic algorithm only
Matching
û Browser Fingerprint, IP
Address intelligence only
interrogation
Page 9 White Paper: Smart Device Identification for Cloud-Based Fraud Prevention
Cross platform – PC, Server,
ü
û Limited to PC/Laptops
ü
û
ü
û Blind to botnet and spyware
Tablet, Smartphone
Man-In-The-Middle and True
Simple IP Proxy detection
and Geolocation only
Origin detection
Compromised Device and
infection
Script detection
Global Recognition
ü
û
Integrated contextual risk
ü
û Not real-time, unable to
integrate into existing
processes
scoring and decisioning
Local only
Page 10 White Paper: Smart Device Identification for Cloud-Based Fraud Prevention
ThreatMetrix Smart Device Identification
Identify Fraudsters and Authenticate Customers
SmartID – Cookieless Device ID
ExactID – ‘Evercookie’ Device ID
Instant Cookieless Recognition based on
Positive Identification and Authentication
Packet and Browser Fingerprint and prior visits
across PC, Tablet and Smartphone
Risk-based confidence scoring based on
Fact-based authentication using on parallel
predictive algorithms and decision trees
matching across multiple device identifiers
Pre-customer customization of velocity rules
Global behavior and correlation
and spoof detection
Dual factor authentication for detection of cookie wiping and device manipulation
ThreatMetrix Smart Device Identification technology provides dual identifiers to detect fraudsters
and authenticate returning customers without false positives. SmartID provides cookieless
device identification using attribute matching and confidence scoring, while ExactID provides
parallel matching across multiple cookie equivalents to give the broadest possible coverage
across PC, Tablets and Smartphones. Used together ThreatMetrix SmartID and ExactID provide
cross validation to detect cookie-wiping, private browser modes, hidden proxies, botnets and
cookie and device manipulation. Both ThreatMetrix SmartID and ExactID are generated in realtime to be used separately or in combination within the ThreatMetrix Cloud-based Fraud
Prevention Platform to accept, reject, challenge or review a transaction while the customer is still
on the page. This second generation device identification capability is based on a more complete
examination of device data matched across global device profiles using a proprietary distributed
computing platform to enable:
ü
Cookieless Device Identification
ü
Packet, Browser and IP Fingerprinting
ü
Real-time Complex Fingerprint Matching
ü
Cross platform capability including PC, Server, Tablet and Smartphone detection
ü
Man in the middle and True Origin detection
ü
Compromised Device and script detection
ü
Global recognition
ü
Contextual scoring based on customer, enterprise and global transaction patterns.
Page 11 White Paper: Smart Device Identification for Cloud-Based Fraud Prevention
Cookieless Device Fingerprinting
Device Identification based on a fingerprint instead of a cookie is similar to radar signal detection,
spam detection and scenarios where you need to differentiate between a valid signal and
background noise. There are costs associated with both missing what you are looking for e.g.
missiles, spam and fraudulent devices, and also costs associated with incorrectly classifying
innocents e.g. passenger airlines, CEO’s emails and loyal customers.
ThreatMetrix SmartID uses a machine learning approach that takes into account per-customer
and global device profile patterns and how they change so that reliable device identifiers can be
generated with confidence. Unlike other fingerprint methods that are effectively static,
ThreatMetrix SmartID provides adaptive cookieless identification that is tolerant to incremental
and non-linear changes.
The following table provides an example of how ThreatMetrix SmartID maintains persistence and
an associated confidence score for a fraudster trying to evade detection:
Visit
Fraudster’s Device Configuration
SmartID
1
New Visit using Firefox
35ad…1f94
New Device
2
Start Firefox Private Browsing – all cookies are
suppressed
35ad…1f94
confidence = 99
3
Close Private Browsing, re-visit in Firefox
35ad…1f94
confidence = 100
4
Wipe all cookies, change IP Address, restart Firefox,
revisit
35ad…1f94
confidence = 96
5
Visit in Chrome browser
35ad…1f94
confidence = 98
6
Wipe all cookies, restart Firefox, Change Browser String,
revisit
35ad…1f94
confidence = 97
ThreatMetrix is able to outperform in-house and other device fingerprint methods based on the
fact that it collects valuable packet and security data not able to be measured by first generation
device fingerprinting architectures and the fact that it is able to process more data in real-time
using advanced parallelized matching strategies on global device and transaction indexes built on
a distributed hardware and software architecture.
Page 12 White Paper: Smart Device Identification for Cloud-Based Fraud Prevention
IP, Browser and Packet Fingerprint Interrogation
The table below shows the evolution of Device Intelligence from IP Address to Browser to Packet
Intelligence. First generation device identification technologies are limited to browser and IP
intelligence only.
Device Intelligence
IP
Browser
Packet
Intelligence Intelligence Intelligence
IP Geolocation
ü
ü
ü
Known Proxy IP Detection
ü
ü
ü
Known Botnet/Trojan IP Detection
ü
ü
ü
Browser and plugin cookie identification
ü
ü
Browser and plugin fingerprint recognition
ü
ü
Time zone and time difference detection
ü
ü
Packet fingerprint recognition
ü
Hidden Proxy / MITM Detection
ü
True Origin Detection
ü
True OS and Spoofed Browser detection
ü
VPN Detection
ü
Satellite, Dial-up, Mobile wireless Detection
ü
Attributes collected from the browser and IP address are trivial to spoof. For example, common
browser plugins allow both web designers and fraudsters to change the apparent browser and
version that the web server sees with a click of a button. ThreatMetrix Smart Device Identification
overcomes these limitations by adding passive packet fingerprinting for greater accuracy and
Page 13 White Paper: Smart Device Identification for Cloud-Based Fraud Prevention
spoof protection. Because the information is collected as part of the standard networking and
browser security model there is no possibility of leakage of personal information, no interruption
to the customer’s experience, and no additional software or browser plugins to download or
accept.
ThreatMetrix transparently performs a technique similar to how every firewall currently protects
your information. ThreatMetrix SmartID transparently analyzes packet headers and their change
in state over time to determine whether the source is malicious or safe. By examining
anonymous packet header data when the client requests a web page, ThreatMetrix can detect
hidden risk. For example, the table below illustrates a real world fraudulent attack blocked by
ThreatMetrix against automated botnet scripts that were randomizing and mimicking various
browsers but were in fact originating from a Linux server.
Page 14 White Paper: Smart Device Identification for Cloud-Based Fraud Prevention
Real-time complex attribute matching and confidence scoring
The quality of any device matching technique is directly proportional to the quality and quantity of
data collected and the effectiveness of the matching process. In addition to the fact that
ThreatMetrix collects more data than first generation device identification alternatives through
packet, browser and IP analysis, ThreatMetrix is unique in the way it performs complex device
fingerprint matching in real-time.
A naïve approach to generating a device identifier based on a fingerprint is to simply use some
form of strict or fuzzy hashing technique that builds an identifier purely based on the attributes
collected at the point of transaction. The problem with strict hashing techniques is that one small
change in device e.g. a change in flash version from 10.1.0 to 10.1.1 will generate a new
identifier. Fuzzy hashing techniques can build additional tolerance but still fundamentally suffer
from the problem that both customers and fraudsters act in non-linear ways that can’t be
compensated for unless context, history and multiple matching scores are used.
ThreatMetrix cookieless SmartID technology is fundamentally different from other Basic Device
fingerprint techniques in that the SmartID is attribute independent and takes global history, perorganization and transaction context into account when applying multiple matching filters to
generate a persistent immutable device score in real time. Parallelized matching strategies with
confidence scoring based on Machine Learning techniques enable return visitor detection even
when non-linear changes, e.g. changing IP address and browser, are made. The ThreatMetrix
Device ID Engine provides maximum accuracy by performing SmartID selection based on context
at time of transaction, e.g. taking into account metrics such as time between visits and sites
visited across the network to dramatically filter out false positives. The result is dramatic
improvements in fraudulent and good customer device authentication with corresponding
reductions in fraud loss, manual review, risk exposure and customer complaints.
Page 15 White Paper: Smart Device Identification for Cloud-Based Fraud Prevention
In order to provide real-time device fingerprint matching and risk scoring, ThreatMetrix employs a
distributed cloud-based architecture. The design provides for real-time data processing and
delivery, Internet scalability, anonymous shared intelligence across components, redundancy and
speed. Excluding data warehousing and the Fraud Control Portal, The key components are:
•
Profiling Server: Performs both passive (IP/TCP/HTTP profiling) and active
(JavaScript, ActionScript, Silverlight, HTML5, CSS) inspection of devices when a
user loads a web page that includes ThreatMetrix profiling tags. Suitable for all
device types including PC, tablet and smartphone. In addition integrates with mobile
and PC applications via a standard API.
•
Attribute Cache Server: Collects and assembles a complete view of a device’s
browser, operating system and network characteristics, and performs first level inmemory anomaly analysis.
•
Device ID Engine: Manages logic and processes related to device identities
including attribute retrieval, creating unique device identities and matching
•
Transaction Intelligence Engine: Processes shared device, transaction, behavioral
and reputation history
•
Real-time Risk Engine: high-velocity rules and pattern recognition engine detects
device risk in real-time based on per-customer and global device transaction histories
•
API Server: Customer interface to ThreatMetrix Network for in-house or third-party
risk-based authentication and authorization applications
Page 16 White Paper: Smart Device Identification for Cloud-Based Fraud Prevention
Man-In-The-Middle/Hidden Proxy and True Origin detection
Based on browser and packet fingerprint interrogation, ThreatMetrix Smart Device Identification
automatically detects and classifies MITM attacks and bypasses hidden proxies to reveal the true
IP Address, geolocation and origin of the transaction.
Rather than rely on Proxy IP Address lists that are continually outdated and blind to more
sophisticated hidden proxies, ThreatMetrix instantly examines, scores and classifies device
interactions to determine whether the originating device is being masked or tunneled by an
anonymous or hidden proxy or MITM attack, or is simply a valid customer behind an enterprise or
ISP proxy gateway. Examples of the types of analysis performed in real time by ThreatMetrix to
detect the existence of intermediate devices and the true origin location include:
•
Detection of VPN usage and use of out-of-country satellite, dialup or mobile broadband
connections based on unique Packet Fingerprint data.
•
Employing proxy bypass methods to cause the device being profiled to directly connect
back to the profiling server in order to expose the true IP Address and IP Geo
•
Detection of mismatches between the operating system information reported by the
browser compared with operating system information reported by the TCP/IP operating
system fingerprint
•
Examining HTTP protocol fields such as client IP and inconsistencies in HTTP/browser
field order
•
Detection of removed or modified content in the webpage
•
Detection of a mismatch in other browser elements including time-zone, language and
geo-location
•
Filtering out legitimate corporate and ISP proxies
•
DNS geo-location mismatches
Page 17 White Paper: Smart Device Identification for Cloud-Based Fraud Prevention
Compromised Device and Script detection
Organizations not only need to identify a customer’s device, they also need to know whether that
device is now compromised and infected. Subscribing to IP reputation feeds is not enough if the
botnet intelligence cannot be acted on while the customer is on the page. ThreatMetrix Smart
Device Identification provides evidence-based compromised device and bot intelligence in realtime so that an organization can make the appropriate decision to block, challenge or review the
attempted transaction. For example a customer logging in to an online banking portal may
appear to be positively authenticated using a Device ID in combination with Username and
Password, however ThreatMetrix Smart ID detects that the user’s IP Address has recently
appeared on a botnet infection list and an analysis of the packet fingerprint reveals a hidden ManIn-the-middle attack. Because the intelligence is provided in real-time the bank can either block
the transaction or notify their customer to download a new virus definition before allowing the
transaction.
To detect when a device is either infected or under the control of a bot or script, ThreatMetrix
uses a combination of real-time analytics and mass forensic processing. Real-time analytics
looks for device fingerprint anomalies indicating infection as well as global historic pattern data
while ThreatMetrix mass forensic processing aggregates, correlates and scores botnet reputation
data across these multiple submission sources and sensors e.g. firewall logs, honey pots, dark
net sensors, spam feeds, submissions, command and control host interception and forums.
Page 18 White Paper: Smart Device Identification for Cloud-Based Fraud Prevention
Integrated Contextual Risk Scoring and Decisioning
ThreatMetrix smart device identification solution provides an integrated cloud-based fraud
platform for combining global and per enterprise device identity with behavior and transaction
context to reduce manual review and the total cost of fraud.
Included in the platform is an analyst workbench to screen and review high risk and related
transactions and an enterprise policy engine to automate fraud decisioning.
Page 19 White Paper: Smart Device Identification for Cloud-Based Fraud Prevention
The table below outlines the key components of the ThreatMetrix cloud-based fraud platform.
Component
Description
Bullet Proof Security and
ThreatMetrix provides smart device identification technology to
Privacy Protection
detect and alert based on suspicious device anomalies. For even
more powerful fraud detection transaction identifiers such as an
email address, payment account hash, phone number, etc. can be
passed to allow for more correlation. When provided, ThreatMetrix
protects these identifiers with encryption and one-way hashing so
that the data is never exposed or shared. In addition, power rolebased permissions and full auditing meet or exceed enterprise
security compliance requirements.
Enterprise Policy Engine
ThreatMetrix provides real-time contextual scoring based on device,
customer and transaction attributes and historic analysis through a
customer configurable rules engine. Default rules and algorithms
will detect many anomalies such as hidden proxies, high risk
geographies, anomalous language and time settings, potential
cookie wiping and blacklisted attributes. More advanced rules allow
for correlation of other transaction data such as detecting multiple
identities, payment accounts or shipping addresses used by the
same device, or an unusually high volume of transactions from a
device across the ThreatMetrix network. ThreatMetrix rules can be
directly updated by analysts and activated immediately to respond
to changing threats.
Transaction Monitoring
In addition to a real-time API that immediately returns device
and Link Analysis
identifiers, anomaly indicators and risk scores in milliseconds,
ThreatMetrix provides an online portal to review past transactions
and perform forensic analysis. It includes a dashboard that shows
recent high-risk transactions and trends as well as advanced
search capabilities to assist fraud analysts to find related
transactions and discover links between suspicious activity
Queue Management
Manual review of transactions is time consuming and expensive. To
address this, ThreatMetrix allows for custom tuning of rules to
reduce false positives with automated assignment of transactions to
analyst queues by configurable rules. This enables analysts to
Page 20 White Paper: Smart Device Identification for Cloud-Based Fraud Prevention
focus on the highest risk transactions, for example based on score,
transaction amount, or criteria such as geographical origin. When a
transaction is reviewed, it can be marked as rejected/accepted to
improve the ability of ThreatMetrix to score transactions through
predictive scoring.
Customizable Alerting
ThreatMetrix supports automated alert rules to notify an analyst by
email when a transaction meets specified criteria. These alerts can
be triggered on risk, transaction or device attributes or associated
with specific fraud behavior. Alert content can be customized and
linked directly back to the transaction for review.
Predictive Global
Intelligence
ThreatMetrix customers benefit from anonymous and aggregated
device and transaction behavior seen across the global
ThreatMetrix network using both automated scoring as well as
customizable fraud filters. The ThreatMetrix Cloud-Based Fraud
Prevention Platform provides proactive protection that gets smarter
with every customer and transaction without requiring extensive
manual input.
Page 21 White Paper: Smart Device Identification for Cloud-Based Fraud Prevention
Recommendations
1. Review legacy solutions and competitive vendor offerings to understand where they fit
with respect to smart versus Basic Device identification capabilities
2. Educate your organization on the key requirements and benefits of smarter device
identification
3. Plan rollout of an upgrade to current customer device identification technology for 2011
4. Initiate customer and transaction authentication and monitoring based on improved
device, behavior and contextual risk scoring.
About ThreatMetrix, Inc.
ThreatMetrix profiles daily tens of millions of customer devices and screens hundreds of
thousands fraudulent transactions many of the world’s largest online brands. ThreatMetrix cloudbased fraud prevention and risk management platform protects online account creation, login
authentication and payment authorization processes based on automated anonymous
intelligence across its global fraud prevention network. ThreatMetrix serves a rapidly growing
customer base in the U.S. and around the world across a variety of industries including online
retail, financial services, social networks, and alternative payments.
Page 22