iovation, a TransUnion company, released a series of updates to its online fraud prevention and authentication products. The additions increase security for businesses and reduce friction for consumers with features like email and phone number verification, botnet detection, streamlined de-registration of a device used for authentication, and more customization and context insight for authentication requests.
The enhanced identification and removal of threats, coupled with increased trust of good consumer devices, advances iovation’s capabilities to use a consumer’s laptop or mobile device as their online passport.
“Just as TSA Pre✓® has made flying dramatically easier and safer, the same could be said for online transactions with iovation’s updated products,” said iovation Chief Product Office Bala Krishnamurthy. “With iovation working in the background, consumers aren’t bothered by fraud checks and device confirmations that enhance authentication, they’re completely transparent. They simply get to enjoy the online experience while businesses ensure they are protected against fraud and other cyberattacks.”
The iovation product updates include:
Email and phone number verification: iovation added capabilities to verify the risk associated with email and phone numbers submitted in FraudForce, the company’s fraud detection and prevention solution containing intelligence based on experience with more than 5.9 billion devices. For email, iovation is looking at indicators such as when an email address was created and if it is using special characters with multiple similar emails to trick application forms. These are both significant signs whether an email address should be suspected as potentially fraudulent.
The phone number risk score takes into account several indicators including previous fraudulent activity associated with a phone number, and other attributes such as carrier, SMS capability, phone type and odd traffic problems. For example, if a single phone number requests a passcode in five different languages within the same week, this may indicate that the phone is being shared. Velocities can also flag suspicious behavior, such as a particular number or range of numbers showing up repeatedly on one or more web services within a relatively short time.
Botnet detection: iovation has new functionality to help identify the botnet risk for transactions from a device within FraudForce. The botnet risk score considers several key factors including the severity of previous botnet attacks, the historical presence of phishing or malware, and how long it’s been since any previous botnet activity has been seen on an IP address. Tracking network patterns and botnet activity contributes to a powerful, multi-pronged strategy to combat botnets up front.
De-registering a device used for transparent authentication: iovation ClearKey uses the device as a transparent factor of authentication for customers logging in to a website. The new update to ClearKey makes it simpler to remove a device from a customer account if they, for example, replace a device, log in to their account from a public computer using the “remember me” button or lose or had their device stolen. Now all a business has to do to remove a device from a customer’s account is to pull up the account in their Intelligence Center. They’ll see all the devices registered to that account, and the business will be able to selectively deregister a single device removing it as a known device used to access their account.
More insights and consumer options for authentication requests: iovation has released a number of new features that will enhance communication with consumers and give additional context and insight into their replies to authentication and authorization requests for its multifactor authentication solution, LaunchKey. This includes:
- Providing consumers with custom replies for denying authentication requests.
- Enabling companies to find out if an authentication request failed or was denied by a consumer and the reason behind it.
- Allowing businesses to set the amount of time after which an authentication request will expire.
- Empowering companies to customize the title of authorization requests, create custom text for push notifications for authorization requests and choose which authentication factors consumers can select.
“Many people think of fraud prevention and cybersecurity as putting up a wall,” said Shirley Inscoe, Senior Analyst at research and advisory firm Aite Group. “But it should be looked at from the consumer perspective. If you are simply stopping the bad guys without any consideration to customer friction, your business probably won’t thrive. Instead, use appropriate tools to detect and manage fraudsters while providing great service to all your good customers.”