Threat Guard

Protect your customers—and your business—with modern identity security at every layer

Overview

Next Identity Threat Guard is a fraud detection solution capable of detecting even the most advanced fraudsters, bad actors, and cybercriminals. It scans over 300 data points to accurately identify fake devices, location spoofing, and high risk behavior in a user's online fingerprint. It can identify bots, automated behavior, device spoofing, and other high confidence signals that the user is likely to engage in fraudulent behavior. Threat Guard provides a suite of capabilities that enhances the security across the platform which protects both the consumer and the service from attacks.

Threat Guard is composed of inputs :

  • Device Fingerprinting - identifies a new device being used to authenticate
  • Bot management - identifies and blocks bot activity
  • Fraud detection - prevent fake accounts, chargebacks, & malicious users
  • Geo Velocity - identifying authentication from locations that meet impossible travel criteria

and actions:

  • Step-up Authentication - requiring the user to re-enter password or complete verification
  • Notification - alert the user of the potential attack via email
  • Block - block the request from proceeding altogether

Inputs/Signals

Device Fingerprinting

Device fingerprinting is a process used to identify a device or browser by determining which technology, such as the Operating System (OS) and browser plugins along with other active settings, are present. Unlike website cookies that are stored on a user’s device, device fingerprints are stored server-side.

User metadata is captured and used to determine whether they are unique or a known visitor. The result of a user logging in from a new device is based on the configuration for that application and will be passed along to the appropriate output.

Device Fingerprinting uses a JavaScript pixel to collect device identifiers from local hardware and software settings to create a unique device ID hash and identify high risk behavior patterns. Cross device tracking makes it easy to monitor users that use multiple devices. Device IDs can be used to track repeating users as they return or even to track new accounts. Some examples of device data used for fingerprinting includes:

  • installed fonts
  • graphics card
  • CPU processor
  • RAM total
  • battery status
  • browser settings such as plugins and languages
  • operating system
  • private browsing
  • timezone
  • speaker settings
  • audio fingerprint
  • and IP address reputation.

Bot Manager

Industry leading bot protection identifies non-human users in real-time while preventing bot traffic and unwanted visitors from reaching the application. Bots are identified even when they are using advanced software to mimic human behavior. Mitigating bots significantly reduces chargebacks, fake & duplicate accounts, credential stuffing, and similar abusive behavior.

Simple bot management consists of CAPTCHA or Honeypot to decrease the chances of a bot being able to submit a form. However, this is not enough to truly protect consumers and companies from credential stuffing and other related attacks. Threat Guard’s Bot Manager detects bots and blocks the transaction from proceeding. See user journey flows below.

Geo Velocity (Impossible Travel)

Geo-velocity, or sometimes referred to as Impossible Travel, is associated with people’s ability to move between different locations and how fast that could have been done. The movements can be either domestic (e.g., fly between Seattle and Boston cities of USA) or international. Geo velocity determines a user’s location when they are performing a sensitive action such as authentication or updating personal information. If the user then performs similar actions, but in a new location that is deemed unlikely (going between countries in a short amount of time), then the account will be flagged and pushed into one of the appropriate outputs. See user journey flows below.

Fraud Prevention

Fraud prevention tools score user data such as an IP address or device, email address, phone number, or complete billing details. Threat Guard generates real-time fraud scores and over 25 risk analysis data points to analyze how likely a user or visitor is to engage in fraudulent behavior. It filters abusive users and fraudulent payments in real-time. The fraud prevention tools also learn as time goes on, based on audience interaction to improve future scoring models. New patterns of fraudulent behavior are detected across our network every few seconds, we can quickly identify abusive user behavior.

Outputs/Actions

Step-up Authentication

Requiring the user to re-enter password or complete verification (pin via SMS or email).

Notification

Alert the user of the potential attack via email or SMS.

Block

Block the request from proceeding

User Journeys

📘

Note on the table below

The user only needs to complete the two-step verification process once. If in the scenario they are flagged twice (i.e., new device plus fraud detection), completing it once fulfills the requirement.

Login MethodNew DeviceBot DetectedFraud Detected 85+Fraud Detected 75-84Fraud Detected <=74Impossible Travel Detected
email + password (pw)none, email notification,
step up auth, or both step up auth and email notification
blockblockstep up authallowstep up auth
email + pw + 2FAallowblockblockallowallowallow
mobile + pwstep up authblockblockstep up authallowstep up auth
mobile + pw +2FAallowblockblockallowallowallow
Email OTPemail notificationblockblockallowallowallow
Mobile OTPallowblockblockallowallowallow
Socialallow and step up authblockblockstep up authallowstep up auth
Biometricsemail notification and step up authblockblockstep up authallowstep up auth

FAQ

Are mobile based able to configure notification for new devices?

No, there will be no SMS notification. Only Apps that are Email based can enable this functionality. However, mobile device information will still be captured and stored for the future feature where a user can manage their devices.

Which kind of integration is required?

Only Apps that make use of Register, Activation, and/or Login Hosted Journeys are able to use Threat Guard at this time. In the future, we will have a web, spa, and mobile SDK that includes a client side link so that native apps can incorporate a piece of Threat Guard functionality.

Can Threat Guard features be enabled individually and for specific Apps?

Yes.

Is there any Personal Identifiable Information (PII) data that will be stored?

No. Only non-PII metadata that is obtained publicly will be stored.

Is there a dependency from a 3rd party?

Yes, a 3rd party provider is leveraged to collect user data, and a second provider to send the emails.

Is there any limit to the number of devices the users can have as "safe"

No.

Is Device Fingerprinting a prerequisite for MyAccount?

No. But MyAccount will have a device management capability.

Is the email layout customizable?

Not at this point. Email customizations to apps are not possible at this time beyond color and logo changes.