Fraud & Security New Analytics Can Make Your Phone a Fraud Watchdog

Mobile phone with warning message
Sep142016

Have you ever had the frustrating experience of trying to use a credit card in a foreign country, only to have the purchase blocked because your bank was unsure it was legitimate?

This might seem like the bank doing a good job looking out for you. But when you have to abandon a purchase, switch cards or use up your cash, you’re probably not going to be feeling grateful.

Even domestic travel can cause problems. One of my colleagues recently traveled to Florida and had a gas station purchase declined, even though he had been there a few days.  His use of multiple cards and the time between transactions made the purchase look shifty.

This poor customer experience can be improved by looking at not just the activity of the card, but the activity of the cardholder’s mobile device. Is it where they are? Do they travel frequently?

I’ve discussed this simple use case of mobile analytics before. But it turns out mobile analytics offer all kinds of benefits.

As mobile banking becomes popular, and even the default for some customers, the channel becomes ever more attractive to hackers and cyber threats. Recent cases have included examples of malware designed to wrap around a legitimate bank app, then harvest the credentials and account data to send back to the cyber gangs. Hundreds of fake bank apps have been found, and millions of dollars have been stolen from banks around the world. And banks aren’t the only victims — some retailers in China have already been hit with malware that looks and acts just like their real mobile apps.

By using behavioral analytics, as well as malware and app-tamped detection, we can help protect against the threats. FICO has developed mobile security analytics that run within a suitable mobile app (such as a bank or retailer’s app) that collects a set of data from the device in the background.  We use advanced analytics to understand typical activity for the device and user, and create a threat score, where the high scores are a sign of the device or user not behaving normally. One of the machine learning techniques we use to do this is collaborative profiling, which learns archetypes of behavior and represents each customer’s activity as a mixture of these archetypes, even tracking changes in real time.

The mobile analytics would also help detect fake apps stealing banking account data. A fake banking app would not have the FICO component that collects data for the analytics engine, and so when you go to access your bank’s website through the fake app, the bank will see that there was no FICO data or associated scores – this is far harder for a fake app to reproduce and if they did they couldn’t replicate typical network accesses. If the fake app captured details of your login they would try to get another “real app” to try to access the site — but that would be an alternate non-registered device trying to reach your account and with the prior access to the account without mobile data or scores, this would be flagged as high-risk.

This is a fundamentally different approach than authentication systems, which validate the user with a password or other biometric like fingerprint, voice or face recognition. Certainly, biometric authentication has an important role for high-value transactions, but these methods are “high-friction” — they require time and effort from the customer. Our approach is “low-friction”— the behavior profiling happens in the background, without interrupting a customer’s activity. Our approach is a great alternative to biometric authentication and gives an extra layer of security when the phone can’t be used directly for real-time authentication (for example, payment card transactions), or where biometrics might be spoofed.

Another growing problem is card-not-present (CNP) fraud, which is driven by the shift to more physically secure EMV chip cards, as well as the general increase in internet and mobile purchases. As the liability for CNP fraud moves to the merchant, these retailers can directly benefit from Mobile Security Analytics integrated into their apps.  If the mobile is acting in a way that is abnormal for its user — in an unusual location, on an unusual network, with unusual network hashmaps, or making purchases at an unusual time — that knowledge can be used to block or challenge high-risk purchases, even if those purchases are coming from the same cardholder on other devices, such as their computers.

Now that our phones are under attack, isn’t it time we made sure they’re working for our protection — not against it?

Follow me on Twitter @ScottZoldi.

Leave a comment