SIM swapping is an increasingly popular account takeover fraud scenario that has in recent years caused havoc on financial institutions and consumers alike.
With the growth and sophistication of mobile banking, a new security vulnerability has become the smartphone. Fraudsters have shifting their focus from desktop-based fraud to mobile attacks.
Fraudsters view the mobile is the new “weakest link” and have created creative and sophisticated mobile fraud attacks that have swindled millions and caused considerable damage to financial institutions.
Legacy Authentication Solutions Struggle to Stop SIM SWAP
Legacy authentication technologies validate device authenticity, not actual end-users. One-time biometric verification was not designed to identify and stop malicious activity that compromise smartphones during and post login. Only by integrating the user’s unique bio markers, along with his/her device fingerprint data and transaction analysis can organizations curb SIM SWAP.
Paygilant’s Contextual Multi-dimensional Authentication is “the last line of defense” against SIM SWAP attacks. Paygilant’s continuous authentication of users based on unique and nearly impossible to mimic personal behavior patterns allows organizations to confront the threat of SIM SWAP.
How Does Paygilant Stop SIM SWAP During The Users Journey
Paygilant’s six intelligence sets work as layers to stop SIM SWAP throughout the different stages of the user’s journey.
Various attributes observed on the device can contribute to the detection of fraudulent behavior and to the derivation of a device ID. Device model, screen, memory, UUID, OS, IP, geolocation, app permissions, and more are observed. Geolocation is probably the best example for a device attribute used for detecting fraud - if a transaction is attempted from Moscow a short while after the preceding transaction was carried out in New York, then that is a strong indicator of fraud. Restricted app permissions is another indicator that the user might be hiding something. Another example is app permissions that are restricted by the user – that, in combination with other things, night suggest that the user might be hiding something.
Paygilant employs propriety transaction behavioral maps. The Behavioral Maps represent the purchasing patterns/behavior of a specific customer and her nearest neighbors and are created using Paygilant's proprietary machine learning algorithms. The behavioral maps typically comprise a large amount of information but must be compact 9 enough since they are securely transmitted to the mobile device. To achieve this Paygilant utilizes its depth of field (DOF) approach from digital photography to compress the information so that complex calculations that do not require work intensive CPU and memory. A Behavioral Map shows a clear, high resolution picture of the different risk zones and is a key factor in determining the risk of a specific transaction and has the following key characteristics: - User specific: each map is unique, calculated and maintained on a per user basis, therefore representing a transaction risk level for each customer’s transaction. - Lightweight: Resolution variations enable maintaining only the necessary data, reducing the map's weight to a bare minimum. - Dynamic: As the purchase behavior changes, the map will be modified.
Various attributes observed on the device can contribute to the detection of fraudulent behavior and to the derivation of a device ID. Device model, screen, memory, UUID, OS, IP, geolocation, app permissions, and more are observed. Geolocation is probably the best example for a device attribute used for detecting fraud - if a transaction is attempted from Moscow a short while after the preceding transaction was carried out in New York, then that is a strong indicator of fraud. Restricted app permissions is another indicator that the user might be hiding something. Another example is app permissions that are restricted by the user – that, in combination with other things, night suggest that the user might be hiding something.
Paygilant observes bio markers to passively identify the user behind the transaction. Common bio markers Paygilant observes include touch time, time between touches, size of touch inputs, finger velocity, scrolling pace and drag length, typing biometrics, and more. Paygilant’s robust bio markers are just one of the several intelligence sets that make up the broader solution and is designed to augment the fraud/no-fraud decision that precedes any step-up authentication request.
Paygilant looks at how the user interacts with the mobile application to determine if the interactions are consistent with a legitimate user. For example, if a user navigates directly to a high-ticket item and immediately proceeds to check-out, then that suggests something fraudulent might be happening. If a user inputs his name and address on the payment form in a manner that is not consistent with how normal users would do it (i.e. slower than expected because typing-in unfamiliar strings), then that provides another clue that something fraudulent might be happening.
Intelligent, privacy preserving analysis of user data on the mobile device provides valuable insights into fraudulent activities. User data analysis is especially helpful in hard-to-analyze scenarios like new account origination, where there is no established history for the user/account. Some examples for how device data can be used include comparing user accounts on the device with the payment cardholder identity, or the identity disclosed on a new account registration form – a mismatch provides a strong indicator for fraud. No media on the device, empty contacts list, and sparse call logs are also examples of fraud indicators that can be collected from user data on the device.