Financial service firms are prized targets for sophisticated criminals due to the large amount of assets under management and the challenges associated with online customer authentication. Fraudsters have become adept at stealing customer credentials, hijacking online sessions and using malware to divert funds from unsuspecting account holders. Faced with such targeted attacks, financial institutions are confronted with the conflicting requirements of offering customers increased convenience without opening the door to criminal activity.
To minimize the likelihood of fraudulent transactions, the Federal Financial Institutions Examination Council (FFIEC) mandates a layered security approach. Specifically FFIEC guidelines state that financial institutions must adopt a layered approach to fraud prevention that does not degrade the online experience for the customer.
The 2011 FFIEC supplement identifies two key techniques that financial institutions should implement for effective fraud controls : complex device identification, and the ability to detect emerging threats in form of malware and provide a secure browsing environment. Historically, this requires financial institutions to source solutions from multiple companies, then spend precious IT resources to spec, develop and debug a comprehensive solution. Only ThreatMetrix can provide a combined solution that fully addresses both of these requirements.
ThreatMetrix™ Cybercrime Defender Platform
FFIEC banking guidelines recommend that financial institutions use complex device identification, a layered security approach and effective malware protection to safeguard assets. The ThreatMetrix Cybercrime Defender Platform addresses all these requirements to protect the integrity of online financial transactions.
- Address FFIEC layered security banking guidelines
- Recognize returning customers using complex device intelligence
- Identify high risk transactions through device and transaction anomalies
- Protect legitimate customers and transactions from targeted malware
- Detect compromised devices that represent risk to your assets
Fraudsters target financial institutions, and specifically online transactions by:
- Using stolen credentials to access a real customer’s account
- Creating new (fraudulent) accounts to apply for credit or loans
- Attempting to transfer funds out of real customer accounts
ThreatMetrix helps financial institutions defeat account origination and account takeover fraud by flagging transactions that originate from high risk devices. A flexible rules engine uses customizable risk scoring that is optimized for the financial institutions industry and can be further tailored to address specific business conditions. The Cybercrime Control Center aggregates information from every ThreatMetrix customer and provides risk information in real time. Using the ThreatMetrix platform financial institutions can eliminate online financial fraud by distinguishing between real, returning customers and cybercriminals hiding behind proxies or disguising their location.
Sophisticated Malware Protection
Legitimate online financial institutions customers using their own verified devices to conduct online transactions might still be the victims of online fraud when malware is on their devices. Some of the mechanisms used include man-in-the-middle, man-in-the-browser, phishing, session hijacking, key-loggers and other malware driven attacks.
The ThreatMetrix platform combines complex device identification with sophisticated malware detection solutions to provide the layered protection mandated by FFIEC.
TrustDefender™ Cloud detects man-in-the-browser (MitB) attacks and Trojans targeting your customers’ computers, smartphones, tablets and laptops and provides instant insight into which customers have compromised devices. Most importantly, it operates behind the scenes and requires no customer interaction
TrustDefender™ Client protects your customers and employees from malware on their own devices as well as malware impersonating your site. Delivered as a downloadable application, it creates a secure browsing environment to facilitate online transactions.
Download the Whitepaper
Learn how unified device identification and malware protection help meet FFIEC authentication guidance.
