Beating Fraudsters at Their Own Game With Fraud Reduction Intelligence Platforms

Hello, and welcome to this KuppingerCole webinar on beating fraudsters at their own game with fraud reduction intelligence platforms. I'm John Tolbert lead Analyst at co Cole. And today I'm joined by a ABNE. It's a strategy lead for IBM trust here. So a little bit about us before we begin Cooper and Cole has we're an Analyst firm. We do research and we also have events this week.

We had our first virtual conference and you see two here listed to additional ones coming up in the, the next month or so on cybersecurity and enterprise risk management, June 2nd and cloud first strategy roadmap on June 16th. So join us for these. These are free online, only conferences. So regarding the webinar we're in control of the audio, nobody needs to mute or unmute themselves. We're recording this. We should have the recording and the slides that you'll see today posted probably by tomorrow and at the end, we'll have a Q and a session.

And in the go to webinar control panel, you'll see a blank for questions, and you can enter those questions at time while we're speaking. So I'll start off talking about fraud trends, fraud reduction techniques, and I'll take a look at the recent leadership compass. I published on fraud reduction, intelligence platforms and I'll to more on and trust addresses. It's Q session at Over overview of fraud techniques and trends.

This, the amount of fraud is just staggering. When you think about what's going on out there and how it's increased, these are, you know, in 2015, it was estimated to be 3 trillion by next year. And these estimates were compiled about two years by next year. It will probably exceed 6 trillion in drain on the economy globally. So which industries are targets?

Well, you might expect the banks or financial institutions or payment services would naturally be a target of fraudsters. But then of course, there's also retail. The gaming industry, insurance telecommunications, healthcare's increasingly a target travel and hospitality industry were heavily targeted at least prior to the COVID 19 outbreak. Anything that was convertible into money and, you know, frequent flyer miles or rewards points are easily convertible into some other form of money. So they had been targeted pretty heavily.

And then also government to consumer or government to citizen in this case, trying to intercept citizens, tax refunds or things like that. Or as we'll hear more about later, perhaps in many cases, the stimulus tax governments are issuing as well. Most of the major forms of fraud are about gaining access to accounts or privileges. And we'll take a look at the top three here, new account fraud, account takeover, fraud, and insider fraud. So for account takeover, how do the bad guys get a hold of accounts? Fishing is a tried and true method.

We educate users as best we can, but the malicious actors get more and more creative and make emails or SMS techs look more and more legitimate and authentic. So phishing continues to work. Unfortunately, they're drive by downloads, picking up malware, redirecting unsuspecting users to fake websites, installing key loggers to capture credentials and passwords as users enter them into all the different sites that they may visit stealing IDs for cookies or information that can be used to build an account via spyware credential stuffing.

This is kind of a, you know, a, a spray of attacks on against authentication systems using ill gut credentials. Usually like number eight here, compromised credentials from the dark web when there's a big data breach. And there are lots and lots of username, password combinations put out there, then malicious will take that those username password combinations, and then try that against lots and lots of different sites all at once to see if a user has used the same credential in multiple sites, and oftentimes it's successful for the malicious actors and that's why they continue to use it.

And there's also things like brute force, password guessing, password spray, a text to, So how do we fight account takeover fraud? Like I said, you know, these usernames and passwords come from breached password dumps that are put out there on the dark web. They're used for financial fraud oftentimes, or not just getting into bank accounts, but other kinds of accounts like pensions, 401k insurance, medical, real estate, those frequent flyer programs or any loyalty program.

Like I said, anything that can be converted into money or something of value that can then be passed on sold, traded used top mitigations here are multifactor authentication and risk adaptive authentication. And this is best when it's powered by fraud reduction intelligence or cyber threat intelligence. And we'll talk about these things in more detail later.

Also, we always tell people don't reuse passwords in between sites. It would be ideal if we could get to a passwordless world where we don't have to worry about them and complexity of passwords and compatibility with password management systems and password policies on many different sites. Then also it's a really wise idea to not use knowledge base authentication for account recovery.

That's the so-called security questions that you've seen, probably the ones that ask you your mother's maiden name, or what high school did you go to or things like that, which tend to be easily found or guessed. And don't really add any security at all. Since the information is not confidential in any way.

It, it, in fact, as the weakest link for account recovery makes it easier for bad guys to actually take over accounts, they can call for a password reset. And if they've got that KBA information, they can essentially take the account away from the right owner, very easily New account fraud. This is exactly what it sounds like. It's setting up a new account, but using some synthetic information and information that may have been gotten again from different kinds of breached records, it's trying to, this might be more closer to what we would consider identity theft.

So taking information like email addresses, phone numbers of real people names, there are physical addresses, social security numbers, or other verifiers, and the date of birth and using this to concoct a, a totally different persona. The sources for this can be healthcare records, cuz they usually, at least in the us contain social security numbers, government agencies as well, school information is often not well protected.

So it could be a good source of information that malicious actors could use to create a fake account on, on behalf of someone employment records, These are also used for financial fraud, but sometimes it's a little bit of a different twist where they can be created to be a mule account in order to get maybe, you know, get credit cards, lines of credit or be the, the mule account in between let's say ransomware, that's been deployed monies created and, and then transferred through these mul accounts so that the malicious actors can have access to it in a way that keeps them clean.

Why would malicious actors go about this? Well, it does take a lot more effort to create a new account than it does to simply take over account. But once it's created successfully, it's harder to detect and they may be more successful that if they simply steal credit card numbers, for example, some of the top mitigations here, a lot of these things can be perpetrated by bots. So bot intelligence and management identity vetting, making sure that you're issuing a digital account to a real person.

And then if this does happen to use an individual, there are credit freezes and fraud alerts that you can use, but that sort of varies by jurisdiction as well. Then we have insider fraud. This often takes the form of financial transfers or theft of intellectual property, even customer data from CRM systems. And as you can imagine, that's mostly perpetrated by unhappy employees or sometimes employees with money problems or those who are about to leave the company anyway, or contractors.

Some of the best mitigations for this are privileged account management, Pam systems using segregation of duties, really enforcing the principle of least privilege using risk-based authentication and then having an insider threat program. So those are the major types of fraud, but I thought I would add a bit about some of the other kinds of things that we see today, where there are banking and travel site overlays. These look like legitimate mobile apps, but they're not they're malware.

They, they grab the credentials on the way to the bank or the travel site and then allow the bad guy to use those credentials elsewhere. They pass on the authentication context and allow the user to actually get to the bank per se, but it's then recorded for the fraudster to use screen scraping. Unfortunately, this is kind of a, I won't say a legitimate technique, but it's a, a technique that some sites still rely on to grab information outta web forms and then send them elsewhere. Key loggers, again, malware that captures keystrokes crypto jackers it's sort of gray wear.

They borrow victim CPU cycles. They will run down your battery on a mobile phone or a laptop. They used up energy. The idea behind that was to as, as people visit sites that will allow the, the deployer of the crypto Jacker to generate some generally Manero not Bitcoin. At least that was the, the trend recently and use somebody else's computing power to do that real estate escrow misdirection.

You know, this is not an a new trick, but it still happens every now and then where for example, a realtors, credentials get compromised and then they're directed. They use that to direct the, the buyer at the last minute to send funds to the wrong account, which are then unrecoverable, fraudulent insurance claims, capturing insurance brokers, insurance agents, credentials, and using them to approve fraudulent claims and then citizen tax accounts. We're seeing a lot of that in the time of COVID 19 to redirect refund payments or capture stimulus checks and send them to fraudster's accounts.

So I thought I would just kind of quickly mention some of the things that we're seeing just in the last couple of months with regard to coronavirus, it has unleashed unfortunately just an explosion of different kinds of, of fraud and, and really the targets are, are those who would otherwise be helping us biotech researchers trying to get their accounts likely for the purpose of I P theft or sabotage. Then there are fake emails that purport to come from the world health organization or the us centers for disease control.

They will grab the logos from those sites, put it on top of a malicious document, maybe, maybe an office stock with macros and then D you know, send that out. And these are really account takeover attempts against consumers, password spraying, healthcare workers, trying to get access to not just their corporate accounts, but also their personal accounts doing the same for healthcare non-governmental organization. Employees.

In fact, warnings just went out this week from the UK and, and us intelligence communities about massive scale of attacks against healthcare NGOs. I was also surprised to find, and these are links for, for you to look at the other stories below this, but of course, intelligence agencies are always targeting each other, but the source or subject of a lot of the intelligence gathering these days is around COVID 19 research. And that's just jumped off the scale as well. Then there are various stimulus scans scams using email text oring voice phishing to try to steal government aid.

So there's ING reverse and mission. So maybe sending an email, getting someone to call a number after you've sent the email and then having a fraudster on the other end of the line, S is SMS text, same thing, you know, they use URL shorteners. So when you get a text that has a shortened URL, it may make it more difficult for even a user that's normally vigilant to avoid being taken over or redirected to a site where they then inadvertently put in some username, password combo.

A lot of the pretexts for these texts are, you know, it's very, COVID 19 related because they may be saying, you know, you're late on a payment or something like that. It may come from a bank or utility, and it's designed to scare the user into giving up their credentials.

Also there's fishing about job offers that are really not job offers, but an invitation to come and provide credentials by logging into a, you know, a fake site, they're fraudulent charitable campaigns on social media, collect money, sometimes get PII from the victim and then get them to share that there are fake medical supply sites that have popped up just in the last couple of months, for example, taking victim's money, but not shipping masks or text test kits, their work from home charity scams designed to collect people who may be inadvertently becoming mules.

It's a kind of a work from home job offer where they recruit people to, you know, set up Bitcoin accounts, receive money, and then transfer that out to others. So it's, it's kind of a money laundering operation, but it's done under the auspices of a work from home kind of charity. And then there are lots and lots of coronavirus and political disinformation campaigns going on. And disinformation unfortunately seems to spread faster than information these days. So how do we mitigate?

We use identity proofing and vetting credential intelligence, device intelligence, user behavioral analysis, behavioral, and or passive biometrics bot intelligence and management. They'll drill down a little bit into each one of these. So identity proofing is validating a person against their authoritative documents as they come to get an account. Probably the best example of this would be getting a bank account.

You know, in person you have to show up and either show like a driver's license or a passport. This is to comply with money laundering and know your customer regulations. And it's all designed to increase identity assurance. Credential intelligence is finding out information about credentials that have been used in the past. And many large identity providers will collect this information and shared amongst their various customers or tenants in their network.

So if some, if a given user credential fails log in at one site, then that's kind of propagated around the IDP network so that if that credential gets used somewhere else, you know, soon thereafter it will fail. But then that information is very useful across sites as well. So there are many third party feeds that different identity providers or service providers can use to vet incoming authentication requests, finding out whether or not the credential has been attempted to be used elsewhere and failed.

And then using that as a factor at risk adaptive authentication to decide whether or not to let that go forward and putting those two together and doing the risk analytical decision device intelligence. There are lots of different possible device intelligence attributes that can be evaluated such as IP network information, IP reputation, geolocation, and geo velocity.

This is, you know, impossible travel device identifiers. The device type device fingerprint is not exactly, you know, like using native biometrics on a phone, but it is related to looking at all the software, all the features and sort of coming up with a, a unique ID based on the content of an actual device. Then there are various device reputation services that could be pulled from device health assessment. And then again, what what's installed on a device and then various AI or ML enhanced detection techniques can be used as well.

And device intelligence is something that can be also collected parsed and then delivered as a service for other relying party sites to use user behavioral analysis, probably what's most important here in a financial or retail aspect is knowing the history, the transaction types, the transaction amounts frequencies, and understanding that over a long period of time. So you can know whether or not a, a current request actually matches what users have done in the past.

Not to say that you would deny a request just because it's a little bit different, but it may want, you may want to use a policy to enforce an additional step up authentication event, behavioral and passive biometrics. This is using in the case of like a computer, you would download JavaScript generally to do keystroke mouse usage analysis on mobile phones. You'll do swipe analysis, touchscreen gyroscope, gesture recognition, network, or wifi ID wifi, S S I D information, MNO information and other bits.

This is collecting all these bits of data and then comparing them to, you know, building a profile and then comparing each ongoing interaction with the baseline profile. And from that, you can develop a fairly unique identifier. It it's not necessarily obviously based on a real fingerprint or a facial scan, but it is unique enough to be able to evaluate that on a continuous basis. And when there are deviations from the baseline pattern, then by policy may wanna do something like enforce a step up authentication event.

Then we have bot intelligence, bot management bots are programs that are designed to simulate real human user activity on websites. I included this because it's kind of hard to tell which one is the bot and which one is human generated. It's actually the one on the right that's human generated. So how do we go about detecting bots?

Well, like with anti, with viruses or other forms of malware, there are signatures, but they're fairly sophisticated. So we need to use additional machine learning, deep learning analysis of large volumes of data, some solutions embed pixels within a website, drop that JavaScript on the browser to be able to collect the behavioral biometrics because behavioral and passive biometrics is also a, a, a very good route to deterring bots.

And we say bot management rather than just bot detection, because there are lots of legitimate bots out there that are doing things like checking inventory every day. But there are also lots of bad bots that do things like try to buy up the board inventory. So you really need to know the bots inter interacting with your sites or services, be able to challenge the bots that you're not sure about. This could be something like doing a capture or, or looking at the behavioral biometrics, being able to blacklist or whitelist for bots.

And then also if, you know, you have some gray bots or, or good bots, you may need to throttle cash or redirect them depending on the load on your website or service, maybe you want to let traffic through, but you need to get priority to real users. That would be a case where you might wanna throttle it or, or redirect it. So just to kind of quickly go over risk adaptive.

It's an evaluation of all these different risk factors, user device, environmental attributes, doing it at run time and fraud reduction intelligence platforms can play a piece, play a part in each one of these pieces here, because it can inform as far as user behavioral analysis device intelligence and provide context around the environmental attributes.

We see trends toward passwordless authentication, and that's largely leveraging mobile technology, SDKs biometrics to build mobile apps from that we can get to this risk adaptive capability, which can lead us to a continuous authentication paradigm where you're doing the risk adaptive authentication, sort of all the time in the background and not necessarily bothering the user for an authentication event. The goal is to get to passwordless get rid of passwords.

And we see that fraud reduction intelligence platforms again, is an integral part of moving authentication to being smarter, more risk based. And hopefully passwordless for all in the not too distant future. So about the leadership compass, the leadership compass is our comparative report. I just published this.

And about two months ago, I looked at the following criteria, the identity proofing credential intelligence, user behavioral analysis, device intelligence, behavioral, or passive biometrics, and bot management were my six key criteria areas as we've discussed since they're the, the main ways for utilizing fraud reduction intelligence to make for a safer environment. So how we go about writing a leadership compass? We define the market segment. We select the vendors. We put together a really long questionnaire with lots of technical questions and send it off to the vendors.

They send back the questionnaires and we do a briefing. We get more in depth information about the products we get demos. Then we write up the rating, we write up the text, send it off for fact check. And once it's all through fact check, we publish it. We have nine dimensions. We look at in a leadership compass security. This is internal product security functionality.

You know, what does the product actually do? How well integrated is it? How easy is it to deploy? Does it support multiple deployment models? Interoperability, does it work well with other services? This is a place where, you know, support for standards is very, very important usability. It's more than just end user usability, but we look strongly at admin user usability as well, then innovation, does it deliver everything that we expect? And does it go a little bit over that into the leading edge, or is a given product kind of playing catch up to their leaders in innovation market?

How many customers are of the product? How many actual consumers are served by that product? How many in which industries are targeted and then which regions of the globe are using it? You can't really be a market leader unless you're also playing in all the different global markets. And then for these kinds of reports, I like to, to really drill down on the number of effective consumers, more so than just the number of overall customers, that vendors report.

So on the ecosystem side, how many partners do they have, how globally distributed and then on the financial strength, you know, is it profitable? So from here, we look at product leadership, market leadership, innovation leadership, and then the overall in this version of the, in this particular report here, the vendors that I surveyed Arcos labs, Broadcom, bug guru, guru, cool, IBM ID data, Isky, NewStar new data security, RSA transmit security and TransUnion. So I'll just kind of quickly go through the graphics here.

I believe the handout has more information and we can see IBM was a, an overall leader. IBM is a product leader. This means they have, you know, most, all the expected functions as we've defined them. They're also a market leader and they're also an innovation leader. And with that, I will turn it over to ALA to go into more detail on some of the fraud use cases and hopefully have time to take a look at a demo. Thank you very much, John.

And what I would like to do is yes, share a demo, but also talk a little bit more about, I mean, John, you were talking about, you know, the different, you know, operation from, from fraud perspective, how organization are being attacked, what are the different MOS? What I wish to do here is to actually walk you through some examples, some statistics, some data that we see interest here and also share what is our approach of addressing.

And I'll, I'll tie that into what, what John just, just described. And hopefully I'll have the time to show you a, a quick demo.

So, so since in, in IBM trust here we are a global operation and we operate worldwide. We have the privileges to see actually different trends, different, you know, fraud tactics that actually, maybe it is more popular in one area of the world, or maybe it start from, from a certain area, but we see it populated into, into different and, and into different areas. And I'll show you some examples. Yeah. The example that I'll, I'll spend a few minutes and, and talk about is the overlay remote access that actually started in LATAM in Latin America, but it is no longer just LATAM problem.

You know, mobile overlay. This is again a tactic that we saw starting in UK, in Spain, but now we actually start seeing it migrating to more areas worldwide.

When you, when we talk about fraud and when everyone is today, talk about fraud. We must look at what happened with the COVID 19.

And, and when we look at the data, I think that the data is, is very interesting. I, well, maybe interesting is not the right word, very concerning, right? So that different, different events or different time of the year when we see spikes in fraud, mainly around the holiday seasons, right? Different day of, of the month, you know, things maybe different a little bit during day daytime work days versus weekends. What we see around the COVID 19 is enormous increase in, in attack.

And we actually see in IBM, 14000% increase in, in attack related to spam and fishing, which is mainly tools to get people credentials, to commit fraud afterwards. And it goes without size that we see also a huge increase in people using remote tools to, to do their, for work, for example, right. People are working from, from home these days, but the increase in the fishing and, and the scams that we see it's, it's enormous. So let's quickly jump into, you know, some examples around fishing.

So first of all, when we look at the distribution of, of fishing, and I think John, you mentioned that whenever there is money, there is fraud related and where wherever there is fraud related. We also, yeah. We see money being lost. So obviously all those, you know, payment, financial, you know, organization or market vertical would be most targeted, right.

You know, SaaS services, like also a huge target for, you know, for fraud mainly to do the fraud, you know, campaign, but, but not just, and yes, again, we cannot ignore, you know, COVID 19 and it's a lot of excuses or themes or stories around the, the fishing campaigns that we see out there that are related to COVID 19. This example is taking advantage. And I think John, you mentioned the government, and, and in this case we see abuse of compensation citizen.

So it's, it's still credentials and leveraging the fact that many government actually announcing, you know, compensation procedure and you need to go online, submit your credential, submit your personal information and get the, the, you know, the compensation. We also see a lot of, you know, workforce related fishing. So this is an attack on, on mimicking WebEx to get credentials and also office, you know, it's also an excuse to get people credentials and, and generate an attack.

And last but not least the most, I would say popular, but maybe not the most popular, but very common is, is smishing sending a fishing message, text message. And again, the story that we see in most of them these days is, is around C but the main goal is to get credentials. And by the end of the day, to take an account over or to build a synthetic or semisynthetic identity, which combine true information from the identity, but also some information that I just, just made up to, to, to create an account new account fraud.

So is one thing, but there is also, you know, malware and we do see in general, right beside COVID 19, we rise in remote access Trojan, meaning a tool. It can be something legit like team viewer that is being installed on a device, but a bad guy take advantage of, of it. And from some excuse of being an it support, whatever security actually take control in the device, there are some more sophisticated pro that leverage the remote access technology, but they actually hidden from the user and they take control of the device without the user being aware of that.

And what is interesting to see is the, the, the sharp price around April, when it come to remote, remote access, Trojan detection on our infrastructure, I mean on our service. And, and you can see it like sharp price around COVID 19. Another flavor of the remote access tool is remote overlay.

It's, it's a semi remote access tool because it does take control of, of the device. However, it is also covering the browser and blocking the user from doing anything or to see what is happening. So there is kind of, you know, a show going on for the user and behind the SIM, the remote access smile, where actually doing whatever they wanna do, transfer money, add paid, doing some malicious stuff without the user aware of it and, and actually be able to do something about it. What is interesting about this specific, you know, Mo is first of all, it's it's windows space, right?

What is interesting is we first saw it in, in Brazil and the way it is built is that it's very easy can change. And, and there's so many different variant of, of this operation and that what makes it very complex, right? Because if there's, so it's like a virus it's like, it's keep changing. Right.

But very, very fast. And there is a lot of variation.

So, so the detection must be as sophisticated as, as the, the attack. Okay. We did start seeing it in Brazil a while ago, but we, we also detect the, the migration from Brazil or the expansion to be more precise from Brazil to, you know, other countries in south America, Spain, Portugal. And we also start seeing it. So it traditionally starts in the banking, but we also start seeing configuration and attack that actually targeting different industries.

So not just the traditional banking, but also, you know, eCommerce and insurance, et cetera, malware in general, just like the fishing, just like the, the remote access. There is also in sharp increase around March in April, as, as you saw in, in the statistics.

I mean, we see a huge increase in malware, in fishing and in all, all sorts of attack around the COVID 19, everyone is sitting at home, right? Everyone is doing things digitally only. So there is a lot of opportunities for, for fraudsters mobile over overlay malware.

It's, it's a tactic that actually it's similar to the overlay that I just described on, on the, on the browser, on the web, but here it is on the mobile. So the user actually downloads some kind of a malware, for example, this is the recent matter that, that we detected by the way on Google, on Google play, which is a fake COVID COVID 19 finder app, like to identify or locate people that are, that are infected with the, with the virus. And it started as, as, as an SMS dealer. So it can actually steal the SMS if the organization is sending one time password through SMS.

So this malware steal that and forward it to the fraudster. We, we saw it in, in Spain targeting banking application. And the code is always code is being, you know, leaked and, and it start adding more complex capability or advanced capability like the overlay capability. The overlay is pushing an overlay on top of the legit application, mimic the log in the login screen to still credentials, typically the application or the mail is being installed on the device and remove the icon from, from the dashboard, from, from the, where the user can see.

So the user won't remember and won't know that their device is infected. The malware is listened and waiting for the targeted application that, that it target. And once the user start, the let's say, I don't know, banking application, they push the overlay on top of the, on top of the ware on top of the application. So this is the, this is some examples of, you know, some, some examples of threat that we see out there, huge change or huge increase, I would say around COVID COVID 19 all over with all the, the different tactics.

And what I would like to do is, is to actually take a step back and say, okay, there is a lot of attack factors out there. There is a lot of changes in the threat landscape and how do we actually support customers? And what we believe is the right technology and what we see that is actually working out there to protect organization from, from fraud.

So we, we are in, in IBM for part of IBM security and from trustee perspective, from, from the service that we provide, we are protecting today over 500 clients worldwide. But John, you mentioned that it's not the only measurement of the richness of the platform because you, you also need to take a look on how many identities we're able to protect, right? How many rich data reach intelligence we have in order to protect against, you know, against fraud.

So we, in our platform, we actually process and protect over 58 billion events a a month that allow us a huge global reach and intelligence source. We actually have six pet pet bites of data. By the end of the day, we simply see a lot, a lot of device, a lot of identities, a lot of different types of Mo and, and using machine learning that allow us to actually very clearly to see if something is legit or not. If a device that was used to fraud, keep hitting other organization, we're able to detect that.

So when we think about fraud, we actually, I, I wish to actually expand the conversation to more than, than just fraud to talk actually about digital identity trust strategy, because the idea is not just to detect the fraud, which is the essence, which it's, it's the actual, the main motivation. However, you cannot ignore your true customers, right? So the way we think about digital, about fraud, we actually look at the digital identity trust. We look at the positive side of, of the equation, and we think about security that need to enable enables business, right?

So we make the security obviously frictionless. So as, as less interaction with the user, more transparent, more smooth experience, the better it is in terms of business wise, to make sure we try to make sure that the security that we provide is not a barrier to the business. Okay. Obviously protecting digital identities and build end, end user trust for better services. Okay.

So we, again, thinking about the business, thinking about the positive, if I'm not being affected in, in fraud, in my, if I'm not being frauded in, in a specific business, I would trust this business more. I would do more business with this, you know, brand I'm. If I feel protected, I may store my credit card for future purchases, right. And all the experience become more and more smooth, more and more trustworthy. And I would do more and more business with this brand, obviously prevent fraud, right? Detect accurately for the connectivity. And also we live in a very regulated world, right?

Privacy, GDPR, open API. And, and when we build our solution, we actually look at that and comply with all that and help our customers comply with, with the regulation. So again, it is our strategy or approach of taking a step back and look at the bigger picture. So we don't just detect on a very narrow stage in the, in the digital journey. We strongly believe that you need to see the full picture. So you need to see the full customer journey.

And, and we actually allow protections throughout the user journey from the moment the user land on your business, on a digital business, we start sensing whether this is a fraud or actually a legit customer that wanna do business with you. We also provide protection on the onboarding, right? Leveraging the consortium that we have, the, the network that we have, the ecosystem that we have. And also we protect the login, right? So we transparency authenticate the user. So we know whether this is your customers or not just by collecting all the information that, that we collect.

And also as a continuous authentication during the use of the application, if it's a, you know, a bank application. So we also measure and, and detect fraud in the payment stage or edge pay, or the sensitive, you know, activity that the user can do, or if it's a retail business. So when the user actually do the payment as part of, of the holistic view. So it's not just through the whole digital journey, from new user to continuous certification in the use of the service of, of the digital application.

We, we collect hundreds of signals from, from the digital session, right. And there is a lot of data that we have, right. But if you look at the right hand side, it's not really, you cannot tell the story. You cannot tell what we, what we are showing. Right. It's just a bunch of, a lot of pieces of data.

However, if you correlate all the data, right. It, it goes without saying, but, but this is what we do. We build a full context.

So, John, I think you mentioned. Yeah.

So, so you mentioned, right. That a fraud system needs to have the device device printing, spoofing evidence, activity, user behavior. And this is exactly what we do. So we collect hundreds of signals from the digital, from the digital interaction, with the user, by the way, without any need to have an agent, obviously, and we collect everything and we send it into our engine, which include machine learning, advanced analytic, as well as the human intelligence.

So the human, we have teams that actually look at the modules, tune them, and we build the digital identity context, as, as I said, so we are looking at all the aspect of what is happening. So we look at the device device printing, whether the device is spooked. Is it infected with malware? Do we see velocity pattern on this device? Right? Did we see this device, or maybe characteristics of this device in the past conducting fraud? And we know that this is a bad, bad device. Is this a virtual device or real device, right. Is it a virtual environment or not?

We look at the activity, what the user do, how the user actually interact with the business. We look at the environment, the network, the IP, where they're coming from. We look at the behavior of the user behavioral analytics, as well as behavioral biometric. So we detect how the user actually uses the device, both mobile and, and desktop, how they type, how they move the mouse.

And we also look, look at the user and we correlate everything in order to build a very accurate detection to do both by the way, to detect fraud, but also to detect whether this is the, the like transparent authentication. I believe I do have a quick, like two minutes to show you a quick demo, right? So I'm a fraudster and I, I did a fishing campaign and I actually steal credentials for trust me bank. Let me go to my inventory. And for trust me bank, I have this Mr. John C information. So let me use this credentials. Let's see what was the password and the password.

Yeah, the password. Very nice. John. This is a very strong password indeed. And I'm going in and in that very moment, truster actually detect that this is at Forester logging in. Okay.

So the, the common practice is just to show a technical error. And let me show you what trust me bank is able to see on their backend and what truster actually generate for trust me bank. So we don't just collect information, but we also share all the information with the organization in the backend. So they would know everything about what was happening. So in this case, it is an untrusted login and the, the event was a suspicious behavioral anomaly. And here is the context. Here is an example of, of the context that, that we have.

So you can see a lot of this is just a subset of the element that we collect, but in this case, there was a velocity pattern, right? So my device is being used a lot to demo to different organizations. So the device is detected as use too much right across. And when we look at the session, right?

So it's a, it's a risky IP, right? And the GA location, since I'm coming from variety of places, and this is an, an organization out I'm, I'm from Israel, by the way.

And, and none of the customer of the trust me bank were coming from, from Israel. When we look at the identity. So there was a behavioral biometric abnormal pattern. So the way I use the login, the login page is nothing like the real John, I obviously did not type like him. And there was something weird about the time on page, right? So John doesn't need to go back and forth from the spreadsheet to actually type in the and password. Okay.

So it's not just accurately detection detecting, collecting everything, but it's also sharing all the intelligence that we have with the organization in real time. Okay. We are running out of time. So I'll be very, very brief, but our platform is actually consist of all the elements that we believe are the right thing to, to have in order to, to do digital identity, trust, both transparency, authenticate customers, but also detect fraud.

It's the global intelligence, it's the dynamic identity assessment, malware, transaction monitoring, cross channeling detection, carrier intelligence, like information about the mobile way beyond like purchase, purchase information from the carrier and so on. And this is us, right? So it's a digital identity trust solution.

And we, we are relying or able to protect more than 142 million unique users worldwide with a very, very busy platform. It's a SA solution. So we have a visibility of patterns. We see the immigration of, of the fraud from different areas of the world. And we use machine learning, machine learning and, and human intelligence and machine learning because it's ter data of, of, of events. And you can only analyze it with machine learning, but we don't. We actually control it with human teams and, and researchers.

And we believe that digital context, like the real digital context that correlate all the element, allow us to accurately detect fraud and also transparently authenticate customers. So thank you.

So, yeah, we've got a, a few questions here. The first one is really good.

One, can you speak to techniques to identify deep fakes and synthetic identities? You know, that's, I think that's a very interesting question.

I'm, I'm not certain how technol, what technologies would be used to identify deep fakes, but a, it, maybe you can take that or talk about, you know, ways to determine if an, an identity is synthetic or not. So in order to, to detect whether the, the identity is full or synthetic, you need to, I mean, stole an identity, but true identity or combination of pieces of legit or true identity versus made up attributes. You need to, you need to match that against, you know, formal information about identity, like government and license and, and stuff like that.

But in order to understand whether the identity that interacting with a digital business is legit or not. And if it's not either because it's a stolen identity or semi stolen, so maybe some attributes were stolen in some were made up right.

For that, that we can do. Right. We can tell whether this is legit new account or legit identity or not. I hope that answered the question. Yeah. I think it's a great question.

And yeah, that's a, that's a good answer. Especially in the synthetic part.

You know, I did quite a bit of research about a year ago on generating deep fakes, particularly photos, but I don't know of, you know, what the modern trends or methods are for identifying a deep fake as such. So interesting question. If I encounter the answer, I'll definitely write that up at some point and we're almost outta time, but one, one interesting final question too. Let's I missed it. Do you think that the trends around COVID 19 fraud will continue once it has passed?

You know, I'll just quickly say, yeah, most likely. I mean, once malicious actors find something that they can exploit or new methods that they can use, they tend to use those and evolve those. So I don't think that there will be any decrease in, in fraud level or abandoning the use of the techniques that they've learned during these, this time in the future. Any thought on that? Yeah.

I, I, I tend to agree and I think it's true both for the fraud as well as for the business. Right. So many businesses actually change the way they operate and because that won't change, so, or people would be more and more digitally interacting. So I think it goes, it it's the same for the fraudster. Yep. Okay.

Well, thank you. We're at the top of the hour. Thanks everyone for joining the recording and slides will be available by tomorrow. The handout with the leadership compass results will be available also. So thank you everyone for attending and thank you a lip for co-presenting. Bye. Thank you.