Threat Guard
Protect your customers—and your business—with a comprehensive risk engine providing modern account security and a frictionless customer experience
Next Identity Secure includes Threat Guard—a modern risk engine capable of detecting even the most advanced fraudsters, bad actors, and cybercriminals. It scans over 300 data points to accurately identify fake devices, location spoofing, and high risk behavior in a user's online fingerprint. It can identify bots, automated behavior, device spoofing, and other high confidence signals that the user is likely to engage in fraudulent behavior.
Threat Guard is composed of signals:
| Signal | Description |
|---|---|
| Device Detector | Identifies the device used to attempt transactions |
| Bot Detector | Identifies automated bot activity |
| Fraud Detector | identifies potential fraudulent behavior including fake accounts, chargebacks, and malicious users |
| Impossible Travel Detector | Identifies authentication from locations that meet impossible travel criteria |
and actions:
| Action | Description |
|---|---|
| Allow | Allow the request to proceed |
| Step-up Authentication | Require the user to re-enter password or complete verification |
| Notify | Alert the user of the potential attack via email or SMS |
| Block | Block the request from proceeding altogether |
Signals
Device Detector
Device detection is a process used to identify a device or browser by determining which technology, such as the operating system (OS) and browser plugins along with other active settings, are present. Unlike website cookies that are stored on a user’s device, device "fingerprints" are stored server-side.
User metadata is captured and used to determine whether they are unique or a known visitor. The result of a user logging in from a new device is based on the configuration for that application and will be passed along to the appropriate output.
Device fingerprinting uses a JavaScript pixel to collect device identifiers from local hardware and software settings to create a unique device ID hash and identify high risk behavior patterns. Cross device tracking makes it easy to monitor users that use multiple devices. Device IDs can be used to track repeating users as they return or even to track new accounts. Some examples of device data used for fingerprinting includes:
- installed fonts
- graphics card
- CPU processor
- RAM total
- battery status
- browser settings such as plugins and languages
- operating system
- private browsing
- timezone
- speaker settings
- audio fingerprint
- IP address reputation
Bot Detector
Are you tired of dealing with fake accounts, fraudulent transactions, and other abusive behavior on your website or application? If the answer is yes, you're certainly not alone. Bots can pose significant problems for businesses, as they can be hard to detect and prevent.
That's where our Threat Guard's Bot Detector comes in - our advanced technology is capable of identifying non-human users in real-time, even if they're using intricate software to mimic human behavior. This feature enables you to substantially decrease instances of chargebacks, fake and replicated accounts, credential stuffing, and other harmful activities that could damage your business.
Although simple bot management techniques such as CAPTCHA or honeypot can be beneficial in reducing the probability of bots submitting forms, they may not always be adequate to prevent more intricate attacks, like credential stuffing. This is where our Threat Guard's Bot Detector stands out, as it employs cutting-edge technology to provide superior levels of protection for your enterprise.
By utilizing Threat Guard's Bot Detector, you can be confident that your website or application is secured from bots and other malicious actors.
Fraud Detector
We understand how vital it is to safeguard your business against fraudulent activity. Our Fraud Detector tool uses advanced algorithms to analyze over 25 data points and generate real-time fraud scores.
With Fraud Detector, you can feel confident that your business is protected from abusive users and fraudulent payments. Our tool filters out potential threats in real-time, giving you peace of mind to concentrate on running your business.
What makes Fraud Detector different from other fraud prevention tools is its ability to learn and adapt based on user interaction. Our tool becomes more precise and efficient in detecting fraudulent activity over time, using machine learning to improve our scoring models.
Our fraud prevention tools analyze user data like IP addresses, devices, email addresses, phone numbers, and billing details to provide a comprehensive analysis of each user's probability of engaging in fraudulent activity. This enables us to provide you with the most reliable and accurate fraud scores.
Impossible Travel Detector
The Impossible Travel Detector is a security feature that helps safeguard sensitive information by detecting and flagging any suspicious activity related to user movement. With this feature, Threat Guard can determine a user's location during sensitive actions such as authentication or updating personal information, and compare it to the location of their most recent action prior to that.
If the distance between the two locations and the time taken to travel between them is deemed impossible by the system, then it triggers an alert that notifies the relevant security personnel. For instance, if a user logs in from New York at 2:00 PM and then updates their information from London at 2:30 PM, the system will flag this as impossible travel since it is unlikely that the user could have traveled between the two locations in such a short time.
A key benefit of the Impossible Travel Detector is that it allows security teams to detect and prevent account hijacking. They can configure Threat Guard and choose to notify, perform a step-up verification or even block a request from a flagged account.
The configuration options for the Impossible Travel Detector includes setting a maximum distance in meters and a maximum duration in seconds. This allows organizations to fine-tune the feature according to their specific needs and requirements.
By detecting and flagging any suspicious user movement, Threat Guard’s Impossible Travel allows organizations to take proactive measures to prevent account hijacking and other malicious activities.
Actions
Allow
After processing the signals, the user can be allowed to proceed if the risk is determined to be low.
Step-up Authentication
After processing the signals, the user may be required to re-enter their password or complete a two-step verification flow (pin via SMS or email) if some risk is determined.
Notification
After processing the signals, the user may be alerted of a potential attack via email or SMS for awareness.
Block
After processing the signals, the request may be blocked from proceeding if the risk is determined to be high.
User Journeys
Note on the table below
The user only needs to complete the two-step verification process once. If in the scenario they are flagged twice (i.e., new device plus fraud detection), completing it once fulfills the requirement.
| Login Method | New Device | Bot Detected | Fraud Detected 85+ | Fraud Detected 75-84 | Fraud Detected <=74 | Impossible Travel Detected |
|---|---|---|---|---|---|---|
| Email + password | none, email notification,step up auth, or both step up auth and email notification | block | block | step up auth | allow | step up auth |
| Email + password + 2FA | allow | block | block | allow | allow | allow |
| Mobile phone number + password | step up auth | block | block | step up auth | allow | step up auth |
| Mobile phone number + password +2FA | allow | block | block | allow | allow | allow |
| Email OTP | email notification | block | block | allow | allow | allow |
| Mobile OTP | allow | block | block | allow | allow | allow |
| Social Authentication | allow and step up auth | block | block | step up auth | allow | step up auth |
| Biometric Authentication | email notification and step up auth | block | block | allow | allow | allow |
Configuration
How to configure Threat Guard
Threat Guard is configured by Next Reason. Contact your Next Reason Solutions Architect to discuss your security requirements
Frequently Asked Questions
Are mobile based able to configure notification for new devices?
No, there will be no SMS notification. Only applications that store email addresses can enable this functionality. However, mobile device information will still be captured and stored.
Which kind of integration is required?
Only applications that make use of Next Identity Unify's Journeys feature, including Register, Activation, and/or Login screens are able to use Threat Guard's risk engine features at this time.
Can Threat Guard features be enabled by client?
Yes, Threat Guard's risk engine features can be configured by client depending on requirements and global policies set by your service administrator.
Is there any Personal Identifiable Information (PII) data that will be stored?
No. Only non-PII metadata that is obtained publicly will be stored.
Is there a dependency from a third party?
Yes, a third party provider is leveraged to collect user data, and a second provider to send the emails.
Is there any limit to the number of devices the users can approve?
No, there is no limit to the number of approved devices.
Updated about 2 months ago