RSA RISK ENGINE Intrductin t the machine learning risk engine ESSENTIALS Unparalleled fraud detectin The RSA Risk Engine (RE) analyzes an activity t determine hw reasnable and/r typical activities are fr individual users, and if it is indicative f fraud. Multiple, Diverse Data Inputs The RSA RE analyzes multiple, diverse data inputs fr every user activity. The activity details analyzed by the RE are actually a set f data facts that identify the activity, data frm the RSA efraudnetwrk and input frm RSA FraudActin intelligence. Machine Learning Methds Cmbining Bayesian Machine Learning methds with sphisticated analysis f device recgnitin and user behavir enables intelligent decisins t mitigate fraud. In tday s high-tech, fast-paced, hyper-cnnected wrld, peple are spending mre and mre time n the internet, phne, and mbile devices t cmplete mre f their daily activities such as nline banking and shpping. Emplyees, cntractrs, and vendrs demand cnnectins t the enterprise when and where they want t be able t wrk remtely. The cnvenience affrded by the access and availability f the nline wrld, hwever, is nt withut drawbacks. This increased access has brught with it an unparalleled grwth in nline fraudulent activity. Articles abut identity takever, filled with phrases like Trjan, Man in the Middle, Man in the Brwser, and Phishing, are increasingly in the news. These emerging threats have triggered a grwing awareness by institutins and cnsumers alike. These threats are serius and must be addressed. Financial institutins, trying t encurage cnsumer activity while at the same time minimizing lsses frm financial fraud, are lking fr ways t identify and blck fraudulent transactins while letting genuine activities prceed unimpeded. THE RSA RISK ENGINE The RSA Risk Engine (RE) is integrated with RSA Anti-Fraud and Authenticatin slutins t prvide efficient and effective risk detectin f nline activities. Used tday by leading banks, credit and debit card issuers, and ther rganizatins wrldwide, the RE detects, analyzes, scres and manages nline activity fr the purpse f cnsumer and emplyee prtectin. It reduces the risks f privacy and cmpliance expsure, lwers the level f fraud, detects pssible impersnatrs, and identifies new fraud trends as they develp. Authenticatin Feedback Rich feedback frm a variety f methds enables the RSA RE t self learn and tune when intrduced t new fraud patterns. The RE cllects and analyzes vast amunts f lgin and transactinal data frm multiple channels and cmpiles a risk assessment n the integrity f the end user s activity. This risk assessment serves as the basis fr allwing transparent authenticatin whereby the majrity f transactins pass unhindered, identifying nly the mst risky transactins fr additinal authenticatin. Taking int cnsideratin multiple factrs including user behavir and device, the RE emplys a self-learning statistical mdel that can be used alngside a plicy manager t create a layered apprach t security. ENABLES UNPARALLELED FRAUD DETECTION The RE analyzes an activity t determine bth hw reasnable and/r typical this activity is fr a user, and if it is indicative f fraud. It als lks at fraudulent patterns and uses advanced analytics t crrelate amng the varius variables. The accumulated knwledge f decades f security and fraud fighting experience and fraud intelligence wrk cmbined with an intelligent analysis f the data pints cllected thrugh a variety f means and appraches wrk tgether t create the best risk based fraud detectin in the marketplace. The RE cmbines rich data input, machine learning methds and rich authenticatin feedback t prvide intelligent, real-time risk evaluatins t mitigate fraud.
RICH DATA INPUT T achieve the best results and assign the mst accurate risk scre, the RE takes as many factrs as pssible int cnsideratin. In additin t quantity, the quality f the data cllected is als cnsidered. The RSA RE analyzes multiple, diverse data inputs fr every user activity. The activity details analyzed by the RE are actually a set f data facts that identify the activity, data frm the RSA efraudnetwrk and input frm RSA FraudActin intelligence. User activity facts can include: The activity type such as Sign-in, Payment, r a Passwrd Change. Details abut the user such as the user name, user language, user cuntry, etc. Details abut the device that is used by the user such as IP address, brwser characteristics, screen reslutin characteristics, etc. Details that are relevant t the mbile device in use, such as mbile sim id, mbile ge lcatin, wifi MAC address, etc. Details abut user interactins with the brwser such as muse mvements and key strkes. Details abut payments such as the amunt, currency, and the payee accunt. Details that can indicate a Trjan malware infectin. RSA efraudnetwrk RSA efraudnetwrk (efn) helps rganizatins t practively identify and track fraudulent prfiles, patterns, and behavirs acrss mre than 150 cuntries. The RSA efn is the industry s first and largest crss-institutinal, crss-platfrm, internatinal, nline fraud netwrk. In existence fr many years, it currently has ver 8,000 cntributrs wrldwide, including financial institutins, credit and debit card issuers, health care firms, Internet service prviders, wireless prviders, high-tech cmpanies, and gvernment and law enfrcement agencies. Nt nly des the intelligence added t the efraudnetwrk data repsitry cme frm multiple surces, it is cmprised f many different types f data elements: IP addresses, device fingerprints, ckies, mule accunts, etc. When a transactin r activity is attempted by a device, IP address, r payee accunt that appears in the efn as fraudulent, it will be taken int accunt with the RSA Risk Engine, which will deem the transactin t be high risk and either blck, prmpt fr further authenticatin, r pass t an analyst fr further review based n custmer plicies. The infrmatin sharing acrss thusands f RSA custmers and 1/2 billin end users and devices creates a vast surce f data. RSA FraudActin Intelligence RSA fraud analysts g "undercver" and scialize with nline fraudsters t gain valuable insight int their practices. This research prvides RSA with a unique understanding f the fraudsters' mtivatin and patterns, invaluable when devising fraud fighting techniques. The FraudActin team will add data t the risk engine by asking questins like - Is this IP address n a blacklist r has it been therwise flagged as suspicius based n RSA research and/r infrmatin frm ur Anti-Fraud Cmmand Center? SOLUTION OVERVIEW
RSA Risk Engine Inputs T achieve the best results and assign the mst accurate risk scre t detect fraudulent activity, the RE takes as many factrs as pssible int cnsideratin. In additin t quantity, quality f the data cllected is als taken int cnsideratin via a weighting and nrmalizing prcess. In ther wrds, the mre meaningful the infrmatin cllected and analyzed, the mre valid the cnclusins can be. MACHINE LEARNING METHODS The RE risk mdel is based n RSA s extensive fraud fighting experience. The risk mdel is self-learning meaning it learns frm case reslutin, as well as genuine r failed authenticatin feedback. The RE mdifies its risk predictins based n case investigatin results which autmatically update the risk mdel t be able t catch fraudulent activities that were missed, r genuine activities that were wrngly flagged. The cmbinatin f an efficient statistical machine learning Bayesian mdel with RSA s rich backgrund f fraud expertise, wide range f real wrld knwledge, and rich feedback enables the RE t meet the challenges f detecting and mitigating nline banking and ecmmerce fraud risks in real time. T meet the challenges f fraud detectin, the RSA Risk Engine: Quickly detects new patterns f behavir and adapts the RE analysis t these new patterns. This is valid t bth genuine and fraudulent activity as the patterns fr bth change quickly. Extraplate and generalize based n small samples. As fraud rates are lw, behavir patterns and early warning signs must be extraplated frm small bits f activity. The RE is able t extraplate crrectly by wrking with a backgrund pl f knwledge that enables small activity sets t be understd within a larger cntext. Allw the majrity f users t benefit frm behind the scenes authenticatin while targeting nly a fractin f the ppulatin fr extra security measures. Enable effective real-time learning. Due t the rich feedback, the RE can quickly crrect errrs as they ccur and minimize the impact f errrs.
Analyzes Activity Accrding t Histrical Prfiles The RE maintains prfiles fr histrical data cllectin. Fr example: Device prfiling is used fr maintaining the different device related data facts. Fr the web channel, data includes: HTTP headers, perating system versins, and patch levels. Brwser type and versin, sftware versins, display parameters (size and clr depth), languages, time zne, etc. IP address, extracted IP ge lcatin details, and additinal infrmatin n the ISP, IP wner, cnnectin type, etc. Fr mbile devices, the device prfile cntains additinal device identifiers such as the IMEI, the ICCID, and mre. In additin, the ge-lcatin f smart mbile devices is nt based slely n the IP, but als n infrmatin that can be cllected directly frm the mbile device itself. The device prfile is used t determine whether the current device is ne frm which the user usually accesses (data/infrmatin). The RE als checks if a device is knwn frm frmer fraudulent r genuine activities in the emplyee r cnsumer ppulatin as well as acrss activities f ther RSA custmers. User Prfiling is used t maintain behaviral facts related t end-users. The RE attempts t determine if the varius activities are typical fr that user by maintaining a histry r prfile f the user s activities and using that prfile fr cmparisn. The RE lks at items such as the type f payment being made, if the payee accunt has received payment in the past, the amunt characteristic f the user, etc. The RE attempts t determine if the varius activities are typical fr that user by maintaining a prfile f the user's activities and using that prfile fr cmparisn. In additin, the RE als checks the user prfile fr any histrical r real-time indicatin f the user being infected by a Trjan malware. If the activity appears typical, there is n indicatin f a Trjan acting n behalf f the user, and the activity is nt typical f fraudulent behavir, then the transactin will receive a lw risk scre and the user will be authenticated transparently. Otherwise, the RE will assign a higher risk scre t the activity and the user will be asked t authenticate himself/herself. In parallel, the RE tries t determine the dds that a transactin is fraudulent by lking at fraudulent patterns. Examples f fraudulent activity patterns include: Recent alert settings changes fllwed by a payment with high amunt r t a new payee. Payee accunts that have been invlved in previus fraud cnfirmed cases. High accumulated payment amunt instead f ne high amunt transactin, the fraudster cmpletes a number f lwer value transactins. High amunt depsit fllwed by withdrawal f the full amunt shrtly thereafter. Last but nt least, the RE examines the cllected data in relatin t the user and in relatin t the general ppulatin. This is dne t learn what legitimate activity is even thugh it may appear t be fraudulent and reduce false psitives
AUTHENTICATION FEEDBACK The Risk Engine is a self-learning mdule, which can change its future predictins based n the fllwing 3 types f feedback: Case management feedback the Risk Engine/RSA Adaptive Authenticatin fr ecmmerce slutin creates cases fr investigatin, and mdifies its future risk predictins based n the case investigatin results changing the risk mdel t be able t catch fraud cases that were missed, r genuine users that were wrngly flagged. Chargeback data feedback similar t case management feedback, the Risk Engine learns f missed fraud frm the chargeback and changes the risk mdel t be able t catch cases that were missed. Authenticatin result feedback - In the same manner as genuine and fraud feedback in case management, if a user was required t pass additinal authenticatin and failed, the risk engine is ntified and the assciated accunt and ther parameters are flagged as having failed authenticatin. Cnsequently, future transactins cming frm the same accunt with similar device parameters and similar behavir will have higher risk scres. If the authenticatin was cmpleted successfully, the risk engine is ntified and the assciated accunt and ther parameters are marked as having successful authenticatin. Cnsequently, future transactins cming frm the same accunt with similar device parameters and similar behavir will have lwer risk scres. THE RISK ENGINE IS A CORE RSA TECHNOLOGY The RSA Risk Engine is a central cmpnent f many RSA authenticatin and antifraud prducts. Fr example, RSA s Identity Prtectin and Verificatin suite f prducts utilize the RSA Risk Engine technlgy t understand risk when dealing with the ever changing fraud landscape. Fllwing is an example f hw RSA Adaptive Authenticatin and Transactin Mnitring rely n the RE t secure nline activities. RSA Adaptive Authenticatin and Transactin Mnitring are multi-channel risk-based authenticatin and fraud detectin platfrms that prvide cst-effective prtectin fr an entire user base. Pwered by RSA s Risk Engine, Adaptive Authenticatin and Transactin Mnitring prvide strng and cnvenient prtectin by mnitring and authenticating user activities based n risk levels, institutinal plicies, and user segmentatin. The RE s ability t learn frm histrical activities and t adapt the risk assessment allws a true risk-based apprach t authenticatin. Risk Based Authenticatin ffers behind-the-scenes mnitring that is invisible t the user. It is nly when an activity is deemed t be high-risk that a user is then challenged t prvide additinal authenticatin, usually in the frm f challenge questins r ut-f-band phne authenticatin. With lw challenge rates and high cmpletin rates, RSA Adaptive Authenticatin and Transactin Mnitring ffer strng prtectin and superir usability, and prvide an ideal slutin fr deplyment t a large user base.
RSA Risk Engine is central t RSA Adaptive Authenticatin & Transactin Mnitring With the RSA Risk Engine and input frm the RSA efraudnetwrk, RSA Adaptive Authenticatin and Transactin Mnitring are the frefrnt slutins fr fraud detectin and preventin. CONTACT US T learn mre abut hw EMC prducts, services, and slutins can help slve yur business and IT challenges, cntact yur lcal representative r authrized reseller r visit us at www.emc.cm/rsa. EMC2, EMC, the EMC lg, RSA, efraudnetwrk and the RSA lg are registered trademarks r trademarks f EMC Crpratin in the United States and ther cuntries Cpyright 2012 EMC Crpratin. All rights reserved. Published in the USA. 10/12 Slutin Overview h9096 re sb www.emc.cm/rsa EMC believes the infrmatin in this dcument is accurate as f its publicatin date. The infrmatin is subject t change withut ntice.