ThreatMetrix Persona DB Technical Brief



Similar documents
WHITEPAPER. Fraud Protection for Native Mobile Applications Benefits for Business Owners and End Users

TrustDefender Mobile Technical Brief

Combating Cybercrime A Collective Global Response

CA Arcot RiskFort. Overview. Benefits

White Paper. FFIEC Authentication Compliance Using SecureAuth IdP

ADAPTIVE AUTHENTICATION ADAPTER FOR JUNIPER SSL VPNS. Adaptive Authentication in Juniper SSL VPN Environments. Solution Brief

Top 10 Anti-fraud Tips: The Cybersecurity Breach Aftermath

WHITE PAPER Moving Beyond the FFIEC Guidelines

WHITEPAPER. Combating Cybercrime A Collective Global Response

WHITEPAPER. OFAC Compliance. Best Practices in Knowing Where and With Whom You Are Conducting Business

WHITEPAPER. Real Time Trust Analytics Next Generation Cybercrime Protection

Strengthen security with intelligent identity and access management

Websense Data Security Gateway and Citrix NetScaler SDX Platform Overview

How To Comply With Ffiec

Five Trends to Track in E-Commerce Fraud

ALERT LOGIC FOR HIPAA COMPLIANCE

NitroView. Content Aware SIEM TM. Unified Security and Compliance Unmatched Speed and Scale. Application Data Monitoring. Database Monitoring

SECURING IDENTITIES IN CONSUMER PORTALS

Stop advanced targeted attacks, identify high risk users and control Insider Threats

IBM Tealeaf CX. A leading data capture for online Customer Behavior Analytics. Advantages. IBM Software Data Sheet

Entrust IdentityGuard

The Identity Defined Security Alliance

Leveraging Symantec CIC and A10 Thunder ADC to Simplify Certificate Management

Authentication Strategy: Balancing Security and Convenience

Teradata and Protegrity High-Value Protection for High-Value Data

Big Data in Action: Behind the Scenes at Symantec with the World s Largest Threat Intelligence Data

ACI Response to FFIEC Guidance

INTELLIGENCE DRIVEN FRAUD PREVENTION

Protecting What Matters Most. Bartosz Kryński Senior Consultant, Clico

SOLUTION BRIEF PAYMENT SECURITY. How do I Balance Robust Security with a Frictionless Online Shopping Experience for Cardholders?

defending against advanced persistent threats: strategies for a new era of attacks agility made possible

Solution Brief Efficient ecommerce Fraud Management for Acquirers

Selecting the right cybercrime-prevention solution

Securing Internet Payments across Europe. Guidelines for Detecting and Preventing Fraud

Comprehensive real-time protection against Advanced Threats and data theft

Authentication Solutions. Versatile And Innovative Authentication Solutions To Secure And Enable Your Business

SOLUTION BRIEF CA TECHNOLOGIES IDENTITY-CENTRIC SECURITY. How Can I Both Enable and Protect My Organization in the New Application Economy?

Understanding Enterprise Cloud Governance

ACI SELF-SERVICE BANKING

How To Buy Nitro Security

How To Create An Insight Analysis For Cyber Security

IBM Security Privileged Identity Manager helps prevent insider threats

WHITE PAPER AUGUST Preventing Security Breaches by Eliminating the Need to Transmit and Store Passwords

When your users take devices outside the corporate environment, these web security policies and defenses within your network no longer work.

identity as the new perimeter: securely embracing cloud, mobile and social media agility made possible

Secure Data Transmission Solutions for the Management and Control of Big Data

The Relationship Between PCI, Encryption and Tokenization: What you need to know

SP Monitor. nfx One gives MSPs the agility and power they need to confidently grow their security services business. NFX FOR MSP SOLUTION BRIEF

RSA Adaptive Authentication and Citrix NetScaler SDX Platform Overview

A Websense Research Brief Prevent Data Loss and Comply with Payment Card Industry Data Security Standards

expanding web single sign-on to cloud and mobile environments agility made possible

Solution Brief for HIPAA HIPAA. Publication Date: Jan 27, EventTracker 8815 Centre Park Drive, Columbia MD 21045

agility made possible

Connecting Users with Identity as a Service

Solving Online Credit Fraud Using Device Identification and Reputation

one admin. one tool. Providing instant access to hundreds of industry leading verification tools.

THE 2014 THREAT DETECTION CHECKLIST. Six ways to tell a criminal from a customer.

WHITEPAPER. SECUREAUTH 2-FACTOR AS A SERVICE 2FaaS

DETECT MONITORING SERVICES MITIGATING THE EPSILON BREACH SUMMARY

BT Managed Fraud Reduction. Confidence in online business from stronger identity assurance

Identity Centric Security: Control Identity Sprawl to Remove a Growing Risk

Understanding the Value of Tokens

TRITON AP-WEB COMPREHENSIVE REAL-TIME PROTECTION AGAINST ADVANCED THREATS & DATA THEFT

Web Protection for Your Business, Customers and Data

Securing and protecting the organization s most sensitive data

Symantec Cyber Security Services: DeepSight Intelligence

How to select the right Marketing Cloud Edition

Protecting Online Gaming and e-commerce Companies from Fraud

McAfee Security Architectures for the Public Sector

A strategic approach to fraud

Citrix Ready Solutions Brief. CA Single Sign-On and Citrix NetScaler: Quickly Adapt to Your Dynamic Authentication Demands. citrix.

SOASTA CloudTest Performance Data Retention and Security Policy. Whitepaper

The Growing Need for Real-time and Actionable Security Intelligence Date: February 2014 Author: Jon Oltsik, Senior Principal Analyst

Your Network Has Been Compromised. Is It Time To Reevaluate Your Traditional Cybersecurity Paradigms?

RSA Adaptive Authentication For ecommerce

ACCEPT MORE ORDERS, FROM MORE PEOPLE, IN MORE PLACES.

Global Bank Achieves Significant Savings and Increased Transaction Volume with Zero-Touch Authentication

SOLUTION BRIEF SEPTEMBER Healthcare Security Solutions: Protecting your Organization, Patients, and Information

IBM Tealeaf CX. A leading information source for online Customer Experience Management. Highlights. IBM Software Industry Solutions

PRODUCT SHEET: CA Arcot Cloud Services Data Centers CA Arcot cloud services data centers. True multi-tenancy and scalability

PCI Compliance for Cloud Applications

SOLUTION WHITE PAPER. Remedyforce Powerful Platform

Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS

Cloud Contact Center. Security White Paper

When it Comes to Monitoring and Validation it Takes More Than Just Collecting Logs

journey to a hybrid cloud

White Paper Achieving PCI Data Security Standard Compliance through Security Information Management. White Paper / PCI

Compliance Overview: FISMA / NIST SP800 53

White Paper. BD Assurity Linc Software Security. Overview

Meeting FFIEC Guidance and Cutting Costs with Automated Fraud Prevention. White Paper

Technology Blueprint. Protect Your Servers. Guard the data and availability that enable business-critical communications

Marble & MobileIron Mobile App Risk Mitigation

HP Atalla. Data-Centric Security & Encryption Solutions. Jean-Charles Barbou Strategic Sales Manager HP Atalla EMEA MAY 2015

McAfee Global Threat Intelligence File Reputation Service. Best Practices Guide for McAfee VirusScan Enterprise Software

RSA SECURE WEB ACCESS FOR HEALTHCARE ENVIRONMENTS

The Changing Face of SSL

Securing the Database Stack

Smart Network. Smart Business. White Paper. Enabling Robust Logging of Web Applications

McAfee Web Reporter Turning volumes of data into actionable intelligence

Transcription:

ThreatMetrix Persona DB Technical Brief Private and Scalable Entity/Attribute Database

Persona DB is part of the TrustDefender Cybercrime Prevention Platform from ThreatMetrix. It s an extensible, enterprise-accessible database that allows an organization to privately and securely store and retrieve identifying attributes, characteristics, and behaviors associated with their users and customers. Information relevant to customers or employees can be stored in the database. This can include data such as the exact devices customers use, their access habits, normal locations, IDs, accounts, shipping addresses, and data necessary for step-up authentication such as mobile phone numbers or email addresses. The database may also contain IP or email addresses that have been compromised, previous associations with cybercrime or fraud, compliance data such as OFAC-banned countries, and countless other data elements. Data stored by organizations within the Persona DB, along with information available from ThreatMetrix device profiling and the shared Global Trust Intelligence Network, is used to establish a unique Persona ID for each user or customer. This comprehensive data set allows ThreatMetrix to perform detailed user, device, and behavior analytics for every access and transaction in real-time, resulting in an unprecedented level of actionable intelligence and visitor risk-scoring capabilities. Armed with this information, application policies can be created to allow/deny access or approve/ disapprove transactions with higher levels of accuracy and confidence. Extensible Solution Easily Deployed Because Persona DB is built into ThreatMetrix s SaaS-based solution, organizations can access private data at every login or transaction in real-time from a highly scalable, managed solution without significant deployment/integration effort or the expenses associated with provisioning and maintaining on-premise solutions. Data can be dynamically managed, including the ability to add, remove and return data during live end-user sessions or administrative functions. The data that organizations elect to store in the Persona DB can originate from their own business critical systems, or from data available from ThreatMetrix Common Use Cases Persona DB can be used in a multitude of ways, enabling organizations to easily aggregate and store any data that s needed for customizable, state-of-the-art fraud prevention and context-based authentication. Here are some practical applications for Persona DB: Data Aggregation: Pulling together related user or customer data from different business areas. These might include new account origination, user or customer authentication, human resources, rewards programs, purchase history, payment and fraud data, compliance, mobile device channels, and more. Data aggregation allows isolated business units to freely share relevant data and intelligence for the benefit of all. 2

Improved Customer or User Experience: Good customers or users can be identified as trusted, allowing them to bypass step-up authentication procedures. Expanded Customer / User Information: Persona DB allows organizations to easily add data relevant to user authentication and fraud prevention. Shipping and billing addresses, multiple email addresses, phone numbers essentially any data desired can be used to enhance the authentication process. Fraud or Cybercrime Associations: Accessing previously stored fraud-related incidents, high-risk device associations, ties to fraud rings, etc., can assist with the rapid identification of known bad actors or suspicious attempts to gain access. Step-Up Authentication: Data for supplemental or out-of-band authentication procedures may be stored within Persona DB. Examples include phone numbers, email addresses, or challenge questions and answers such as the last 4 digits of a customer s social security number, or the name of their first pet. Trusted Locations: Typical user or customer geolocations such as their home and office can be stored within Persona DB to indicate trusted locations. Temporary trusted locations like confirmed travel destinations can also be stored. User or Customer segmentation: Persona DB may be used to identify various groups of individuals. Examples include VIP customers, frequently returning consumers, frequent buyers, etc. Transaction Queries and Augmentation: Persona DB may be used to enable real-time queries to locate specific transactions identified by Stock Keeping Unit (SKU)/Category, Merchant Category Codes, or other product and transaction identifiers. Membership or Rewards Information: Membership program status and rewards data may be stored, making it accessible across business channels. Catalog of Recent Purchases: Businesses can use Persona DB to store specific customer information pertaining to owned products or recent purchases. Data Mining to Identify Good Customers: Easily access lists of customers with specific attributes and trust levels in order to offer them specific promotions or incentives. Compromised Account Identification: Organizations can identify user accounts that have been compromised or phished, either in real-time or in the past, and store them within Persona DB. Compliance: Data to help comply with company, industry, or legislative requirements may be stored. For example, recent user or customer localities may be preserved, along with lists of banned regions to help comply with OFAC or other government-mandated requirements. 3

Security and Privacy Like all PII (Personally Identifiable Information) submitted to ThreatMetrix, data stored in the Persona DB is encrypted and isolated from other organizations, enabling enterprises to easily and confidently secure their data. Only organizations storing data in the Persona DB are allowed access to that data - not even ThreatMetrix can access Persona DB in the clear. The ThreatMetrix system automatically generates a new private/public encryption key pair for each new organization. Public keys are associated with the user accounts of the respective enterprise. Private keys are securely stored in the ThreatMetrix FIPS 140-2 validated Key Management Server. Strong, 1,024-bit, asymmetric encryption is utilized to secure the system. Implementation and Integration Overview Persona DB is an integral part of the highly scalable, TrustDefender Cybercrime Prevention Platform. The entire solution is SaaS based, greatly simplifying its implementation and management, and eliminating the costs and complexity of traditional on-premise solutions. Persona DB utilizes the standard, predefined fields and custom attributes used by the TrustDefender Cybercrime Prevention Platform. This streamlines development and enables rules and policies to be easily created that act on both custom Persona DB data and on the comprehensive data available from the Global Trust Intelligence Network. Database Structure and Data Types Persona DB allows each organization to create multiple, privately encrypted, custom databases. These custom databases can be used for separate functions. For example, product data may be stored in one database, user device or authentication data stored in another, and compliance data kept in a third database. All data values are stored as strings, and may be up to 28 characters in length. A hashed value of each string is also stored, and can be referenced at any time for full string-oriented operations and matching. Data Insertion and Retrieval Persona DB uses ThreatMetrix Entities to reference data. Entities can be thought of as entire collections of individual attributes. Since multiple entities can be stored in a single record, queries can be extremely efficient and powerful. Individual entities or any combination of entities can be queried to access all associated data. 4

Data is stored and referenced using ThreatMetrix Rules, which are added to policies defined in the ThreatMetrix Portal. A number of new rules have been added to fully support Persona DB, enabling data operations such as set, check, remove, and return. When policies execute at transaction time, any triggered Persona DB rule will cause the intended action to be carried out against the specified Persona DB database. About ThreatMetrix ThreatMetrix builds trust on the Internet by offering market leading advanced fraud prevention and frictionless context based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world s largest trusted identity network. ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix Digital Identity Network, which analyzes billions of transactions and protects hundreds of millions of active user accounts across tens of thousands of websites and mobile applications. The Threat- Metrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance. For More Information: For more information about the TrustDefender Cybercrime Protection Platform, including Persona DB, visit our website at www.threatmetrix.com. ThreatMetrix Inc. 160 W Santa Clara St Suite 1400 San Jose, CA, 95113 Telephone: +1 408 200 5755 2015 ThreatMetrix. All rights reserved. ThreatMetrix, TrustDefender ID, TrustDefender Client, TrustDefender Cloud, TrustDefender Mobile, ThreatMetrix SmartID, ThreatMetrix ExactID, the ThreatMetrix Cybercrime Protection Platform, and the ThreatMetrix logo are trademarks or registered trademarks of ThreatMetrix in the United States and other countries. All other brand, service or product names are trademarks or registered trademarks of their respective companies or owners. V-6.15 5

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information