Co-authored by Shir Levin.
Cutting through the mask of digital risk deception across accounts and customers
IBM fraud analysts have had a busy few months. From April through June 2020 they helped one bank in Spain detect 10,000 fraudulent device reuse sessions on its large retail banking application – some 96% of the bank’s online fraud attacks. Most exceptional was that hundreds of these digital fraud instances involved a single device, across multiple banking accounts. By using a persistent global identifier, the IBM Security Trusteer team “branded” the malicious device, enabling its detection upon future attempts, even when the device was masked. The bank’s retail application has some 500,000 accesses daily and is the target of thousands of fraudulent access attempts every month, on both digital and mobile channels. Collaboration is a major factor in the bank’s fraud detection success.
Every day, the bank provides the Trusteer fraud team with feedback to all alerts received from the Trusteer risk engine. The alerts are sent to the bank in real-time when an access attempt triggers a risk indicator. Using automation, the IBM team processes the feedback, analyzing the device by its global device ID (GDID), a unique identifier. If the device is determined fraudulent, the team adds the GDID and related data to the Trusteer fraud consortium. The persistence of the GDID, even when a bad actor spoofs the device thereby changing its attributes, ensures that the Trusteer risk engine can continue to track the device. As such the Trusteer risk engine has full visibility into the regional fraud landscape, able to detect when fraudsters are using a particular device to attempt digital or mobile fraud by trying to access more than one account, even when in a short time frame.
A more specific case study helps illustrate the scaling value of this approach. In May 2020, a device attempted to access the bank’s retail application. The Trusteer risk engine, detecting that the device had risky connection attributes, alerted the bank in real-time. When the bank confirmed that the attempt was fraudulent, the IBM team added the device’s GDID to the Trusteer global fraud consortium. A month later, the IBM team found that the first access attempt was followed by no fewer than 800 attempted accesses, all of which the alerted Trusteer risk engine immediately prevented from advancing.
While seemingly a victory for just one bank, effective detection of fraudulent device reuse benefits all. The Trusteer fraud consortium, continually enriched with new fraud data, helps prevent fraud for other Trusteer customers as well, as the global device ID is persistent across any institution the malicious device attempts to access. And all that detection takes place seamlessly to the end user.
We are pleased to be helping this customer protect their end users’ bank accounts and customer journey. For more on IBM digital fraud and risk prevention, and strong device intelligence, consider reading the recent KuppingerCole Leadership Compass report on fraud reduction intelligence platforms.