Anti-Fraud Suite Holistic Approach to Online Banking Security About - - PowerPoint PPT Presentation

Anti-Fraud Suite

Holistic Approach to Online Banking Security

2

About ThreatMark

Fo Foun unded ded in 2015 15

by former Ethical Hackers

20+ million n

clients protected

High gh-tec ech h Securit urity Compan any

strong focus on behavioral biometrics and AI/ML

No Notab able e Achi hievem ements

Most deployed online banking fraud prevention in Czech and Slovak republic Selected over IBM, RSA, F5 and other competing solutions by large international banking groups Protecting more mobile end-point devices than any other leading A/V company in CEE

50 50+ Exper erts s

focused on one product

Ma Made de in Czec ech h Repu public

Active on 4 continents

3

Online Banking Fraud Mobile Banking Fraud User Identity Verification Cyber Threats Protection Endpoint Protection Risk-Based Strong Customer Authentication PSD2 Compliance Dynamic Application Self-Protection And More…

Customers Benefit from Our Innovation

4

Trusted by the World‘s Leading Banks

Award-Winning Technology

Anti-Fraud Suite

Bringing Trust to the Digital World

6

Digital Identity Verification

ROBOTIC ACCESS TOR BROWSER REMOTE ACCESS OPERATION SYSTEM MALWARE BEHAVIOUR BIOMETRICS NETWORK WEB BROWSER DEVICE FINGERPRINT DATE & TIME WEB-INJECT TRANSACTIONS GLOBAL INTELLIGENCE AI/ML GEOLOCATION

7

Complete Suite For Online Banking Protection

AFS Payments

• Machine-Learning based Risk Scoring of payment transactions
• Global intelligence, human feedback, Business-driven Rule Engine
• Managed service model

#PSD2 TRA, #TRM, #TRA, #Payment Fraud Prevention

AFS Threats

• Banking Specific Cyberthreat protection for online channels
• Security Operation Center 24/7,
• Phishing Takedown Service, Fraud & Malware Analyst Service

#Banking Malware, #Phishing, #BOTs, #Scraping (PSD2 RTS), #Application protection, #Device profiling, #0-Day Malware, #Threat Intelligence

AFS Identity

• Solution for gathering and analysing user‘s behavioral biometrics data

#Adaptive Authentication, #Risk-Based Authentication, #PSD2 SCA, Improving UX

8

ThreatMark‘s Trusted Identity

AFS Threats AFS Identity AFS Payments

Phishing

Webpage Cloning Detection Phishing Site Usage Detection Phished Users Detection

Malware

Webinjects Active RAT Detection Malicious Applications Detections Overlay Detection SMS Hijacking Detection

BOTs

Webscraping (Screenscraping) API Scraping Application Debugging Application Cloning Emulator Detection Device Security Profiling

Behavior

Date/Time behavior Device Usage and Interaction Navigation Behavior Behavioral Biometrics Application Interaction Behavior Transaction / Login behavior Payment Anomalies / Behavior Payment Rules and Alerts Mule/Fraudster Accounts Shared Fraud Schemes Advanced Device Identification IP reputation Network Fraudulent Accounts/Identities Shared Identities/Devices

Identity

Shared Intelligence and Orchestration

Suspicious Sequence Fraudsters IP Reputation Case Management Known Fraudulent Actions Web/Mobile/OpenAPI Payments Omnichannel Geo fencing Cross-channel fraud detection PSD2 Authorization Schemes

ThreatMark Trusted Identity

Payments Actions Channels Behavior Identity Phishing Malware BOTs App./Device hacking

9

DATA ANALYTICS

L A Y E R 5

Big Data AI/ML Continuous User profiling Human Feedback re-learning Business Rules

TRANSACTION

L A Y E R 4

Money mule blacklist Abnormal spending behaviour Transaction Integrity

NAVIGATION

L A Y E R 3

Clickstream profiling Scripted access and automation detection Session hijacking Behaviour and app interaction biometrics

Layered Security Approach and Orchestration

LOGON

L A Y E R 2

GeoIP check Login time check Login biometrics Velocity checks Action context

ACCESS

L A Y E R 1

Connection check (TOR, anon-proxy) Browser and OS security check Malware, phishing Device fingerprint

10

PSD2

PSD2 - Compliance

SCA

Screen een Scrap aping ng

• Prohibited
• Detectable

Trans nsac action

• n Risk Anal

alysi sis

• Abnormal spending behavioural patterns
• Location of payer
• Location of payee’s account
• Known fraud scenarios
• Unusual information about the device or

software

• Signs of malware infection

Strong

• ng Custom
• mer

er Auth then enti ticati tion

• n
• Possession
• Knowledge
• Inherence – Behavioural biometry

Trans nsac action

• n Mo

Monitor

• ring

ng

• Real-time scoring
• Authentication element stolen
• Detection of Financial Malware
• Known fraudulent scenarios
• Amount of each payment

11

AFS ONLINE WEB PROBE

Implement JavaScript probe in form of simple “one liner” into protected Web Page.

Easy Deployment in 7 Days

AFS ENDPOINT MOBILE PROBE

Implement TM SDK library into your Native Mobile Application if needed

SETUP CONNECTION

Allow connection to AFS ANALYTICS infrastructure.

AFS ANALYTICS

Setup AFS ANALYTICS infrastructure. Optional: AFS can be deployed in your infrastructure.

INTEGRATE

Optional: Use API for full integration with any internal and/or 3rd party system.

[ ] [ ]

12

Architecture

Web server AFS Analytic Servers Internet Banking Bank’s DMZ

JS Probe & SDK data

• App. Server

Existing FDS

Core Banking/Authentication

SOC

TM SDK

Mobile Banking

JS Probe

Firewall ThreatMark’s Cloud User Fraud Analyst AFS Panel

13

Competitive Landscape

ThreatMark AFS Market Leaders in Fraud Analytics (SAS, NICE, Feed edzai) Typical Inhouse developed FDS (vari rious na names) Leaders in Threat Detection Solutions (IBM Trusteer, , RSA, F5 F5)

Areas Covered

Transaction analysis, Threats, Session anomalies, User Identification

Transaction analysis only Transaction analysis only Threats, Session anomalies only

Shared intelligence Rich Analytical Interface Gartner Layers covered

All 5 layers 3rd to 5th 1st limited 3rd - static rules 1st and 2nd

Machine Learning based

Limited to threats

Security Operations Center

Threat Intelligence and Fraud Analysts Threat Intelligence only

Setup and Operational Costs

Very Low Very High Low Medium

14

Benefits for the End-users

Improved security increases TRUST Less fraud and lower fraud losses Better User Experience

 removes friction from authentication and authorization  removes friction from transaction voice authorization

15

Business Benefits

Improved security and visibility brings TRUST Less fraud and lower fraud losses 90% lower costs for Authentication and Authorization Fewer manual reviews means lower costs 5x faster time to delivery and

• perational costs

16

Summary

• Holistic online banking fraud prevention that combines:
• banking threats detection,
• seamless user identity verification and
• ML based transaction risk analysis under one

analytics

• Behavioral Biometry based detection of identity and user

intentions

• Shared fraud intelligence never seen in banking FDS

before

• Machine learning with Human feedback
• Under 7-days long deployment with no API integration

necessary

• Fully managed on-premise and cloud deployments
• 24/7 Security Operations Center with remote fraud analyst

and security experts constantly analyzing threats and assisting customers

• Pre-integrated with Authentication providers, Omnichannel

banking providers, White-labeled

Technol

• log
• gy

Deliver ery y & Oper Operation

• ns

www.threatmark.com

Protect your business.Now!

Michal Tresner

CEO

michal.tresner@threatmark.com