“By reducing false positives, we have been able to reinvest the alerts and the headcount back into refining our strategy, stopping fewer people but more fraud.”

TIER 1 UK BANK

OVERVIEW

As a leading provider of financial services, this UK bank has millions of customers, both personal and commercial.

A key strategic priority is to provide simpler, streamlined customer interactions on web and mobile. Yet while customers expect low-friction account access, the bank continually faces having to introduce more interventions due to an evolving regulatory landscape and ever-more sophisticated cyberattacks.

The bank required a solution that provides persistent device recognition and digital identity intelligence to better understand the legitimacy of digital interactions, with the ability to identify the full spectrum of fraudulent behaviour in near real-time, without affecting good customers.

“Detecting and blocking mule accounts is the apex of the fraud triangle; if you catch the mules, you reduce virtually all banking fraud. Our partnership with LexisNexis® Risk Solutions has been a true collaboration to genuinely understand the anatomy of mule behaviour; to mitigate it both now and in the future.”

TIER 1 UK BANK

BUSINESS PROBLEM

The bank, as with all global financial institutions, walks a tightrope between effective fraud control and exceptional customer experience. The balancing act is precarious and has to tackle global networks of criminal behaviour as well as fraudsters targeting individual customer accounts:

• Organised and hyper-connected mule networks continue to infect the banking system, filtering proceeds of crime across country borders, facilitated by faster payments.
• Fraudsters target customers as the weakest link in the security chain with pitch-perfect social engineering attacks that often piggy-back fully authenticated online banking sessions via remote access tools, making them very hard to detect.
• Regulations such as PSD2 seek to promote competition, innovation and heightened security. Yet customers don’t tolerate interventions they consider to be unnecessary.

“Customer behaviour is also becoming more diverse and less predictable than ever before” said the UK bank. “Definitions of ‘normal’ are becoming somewhat redundant. Our fraud systems have to be able to model a rich array of legitimate customer behaviour without catching good customers in the net”.

A flexible approach to understanding customer identities powered by digital identity intelligence

ThreatMetrix Digital Identity Intelligence unites information related to devices, locations, behaviours and threats to help the bank connect the dots between the myriad pieces of information a customer creates as they transact online, looking at relationships between entities at a global level and across channels/touchpoints. Specific ThreatMetrix product capabilities utilised by the bank include:

Smart Rules

• Smart Rules analyse behaviour on an individual customer level, comparing current event data to what is normal for that customer. This approach isolates genuinely high-risk transactions from those that may seem unusual, but form part of a customer’s normal online footprint. Using Smart Rules, the bank can configure dynamic thresholds, calculated based on the context of the transaction, e.g. to compare current events with historical information specific to the customer.

“What Smart Rules have enabled us to do is to tailor rules and strategies for individual behaviour rather than assuming that everyone behaves in the same way, which of course is not the case. We can better differentiate between true fraud, and legitimate “strange” behaviour.”

TIER 1 UK BANK

ThreatMetrix Portal

• The Portal allows the bank to create offline models using ThreatMetrix data which are then introduced into the bank’s policy using the inline variable rule. These fraud models enable the bank to better identify risk, create cases and allow operational teams to review and investigate alerts.

“The ThreatMetrix Portal, in terms of case reviews, recalls and the flexibility of rules, is excellent. This is one of the key strengths for LexisNexis® Risk Solutions relative to its competitors.”

TIER 1 UK BANK

ThreatMetrix Mobile SDK

• ThreatMetrix Mobile is a lightweight software development kit (SDK) for Google Android and Apple iOS mobile devices, supporting complete authentication and fraud protection for the mobile channel.
• Anomaly and device spoofing detection help the bank detect device emulation, tampering, root/jailbreak cloaking, and other anomalies that may indicate fraud.

Strong ID

• ThreatMetrix Strong ID is one of three device fingerprinting capabilities within the ThreatMetrix product. Strong ID creates a cryptographic bind between a customer’s web/mobile browser/app and ThreatMetrix for persistent and secure device recognition, meeting SCA possession-based compliance for PSD2.
• The bank is currently using Strong ID for web, to optimise the strategies for additional authentication solutions, thereby reducing unnecessary interventions and costs associated with step-ups and step-up failure.

Consortium

• Consortium creates an industry-focused layer that compliments an organisation’s local intelligence and the global shared intelligence harnessed through the LexisNexis® Digital Identity Network®. The information can be operationalised by configuring strategies on the data shared at the consortium level within ThreatMetrix policies.
• The bank is currently part of a UK banking Consortium, benefitting from sharing information across different use cases. Benefits include:

• Sharing of historic blacklisted devices
• Proactive identification of mule accounts, and associated fraud strategies
• Near real-time sharing of bad attribute data
• More accurate tracking of high-risk devices: banks can access additional context behind risk decisions such as when an entity was blacklisted and by which other bank(s)