The newly launched product detects and stops account takeover from mobile devices by identifying criminal access attempts. It also identifies devices that are vulnerable to compromise by malware and those that have been infected. Mobile malware is commonly used to bypass strong authentication methods such as SMS One-Time Passwords (SMS OTP).
The web-based service includes the following client-side components:• Trusteer Mobile SDK - a security library that is embedded in a native mobile banking app and generates a device ID and device risk factors that are fed into the risk engine;• Trusteer Mobile App - a browser that is built on top of the SDK and provides device ID and device risk factors for mobile web access to online banking. By securing both the native app and requiring web access via a secure browser, financial institutions can ensure all mobile access and transactions are evaluated for fraud risk;• Trusteer Mobile Out-of-Band Authentication - a login and transaction verification solution that is used to ensure access to sensitive operations are initiated by the genuine account holder;• Mobile Risk API - allows mobile device risk data collected by banking applications to be integrated into the Mobile Risk Engine without deploying a Trusteer client-side component.
Trusteer Mobile Risk Engine and its client-side components feature a series of mobile fraud risk detection capabilities including:• Device fingerprinting for mobile devices - calculates a persistent device ID that uniquely identifies each mobile device. It also collects multiple device attributes such as geo location and user behaviour data to enable detection of risky or suspicious access;• Account takeover prevention from mobile devices - correlates risk factors such as fraudster devices with evidence of account credentials compromise. This capability prevents cybercriminals from using stolen user credentials acquired via phishing and malware attacks to access the mobile banking channel;• Compromised mobile device detection - analyzes device vulnerabilities to mobile threats (such as jailbroken/rooted state) and detects devices compromised with mobile malware. This enables financial institutions to restrict access or transaction capabilities for high risk devices;• Global fraudster database - maintains a global repository of known fraudster devices (PC, Mac and mobile) that have been used to attempt fraud across hundreds of Trusteer protected financial institutions.
Trusteer Mobile Risk Engine can also be integrated with 3rd party authentication systems (to drive step-up authentication for high risk access) and other risk engines.
According to a recent report by Javelin Research1, mobile banking is now used by 33 percent of mobile consumers, up from 24 percent in 2011. Of the top 25 US financial institutions, about half are offering mobile person-to-person transfers and mobile remote deposit capabilities, a figure that has more than doubled since 2011. This steady increase in adoption is putting the mobile channel in the crosshairs of account takeover attacks that are launched using credentials stolen from customers via phishing and malware attacks. The FFIEC guidance for electronic banking requires layered security, continuous risk assessment and complex device fingerprinting to reduce the risk of fraud, and clearly includes the mobile channel.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now