Fraud detection covers a range of measures that are used to prevent unauthorised persons gaining access to user accounts under false pretences. Fraud detection can be deployed at various points in a process or in a technical system and offers the following advantages:
With Nevis, you can determine based on user signals and credentials whether a fraudster is trying to access another user’s account. Information gathered and analysed includes location, device information and the current time, but also typical user quirks such as typing behaviour and the dynamics of keystrokes, touching and mouse movements.
These dynamic aspects of a user identity can be compared with previous interactions in order to evaluate the risk. The effectiveness of the components is based on the fact that the correlation of multiple attributes such as behavioural biometrics, geolocation or device information creates a definitive digital user footprints. The analysis begins on the login page and continues until the session is ended.
Risk-based authentication checks the authentication process based on a risk assessment:
The risk score is calculated based on different signals such as geolocation, device, fingerprint or behavioural biometrics.
Customers can define their own rules for calculating the risk assessment based on their requirements.
There is no official definition to distinguish between risk-based and adaptive authentication.
In the case of risk-based authentication, a risk number is always used to specify how authentication is to proceed.
With adaptive authentication, a risk number or a fixed rule determines the number and type of authentication steps required.
Here at Nevis, we refer to adaptive authentication as our streamlined system that is based on configurable rules. Risk-based authentication uses more complex risk calculation methods.
Geo-Velocity as an enhancement of adaptive authentication refers to using geolocation information to optimise the accuracy of adaptive authentication.
Geo-Velocity minimises the risk of fraud by integrating an additional security feature by monitoring the user's location. Not only is the current location considered, but also the user's speed of movement to detect unusual activity. For example, if a user moves from one region to another within a few minutes, this may indicate that an unauthorised person is trying to access the system.
Protection Against Account Takeovers
An account takeover is an identity attack during which an unauthorised person uses a range of attack methods such as phishing, credential stuffing and session hijacking to gain control over a legitimate account. The fraudster then uses this account to make unauthorised transactions.
Account takeover protection includes the measures initiated to prevent an account takeover.
Credential Stuffing: Credential stuffing is a type of cyberattack where unauthorised persons attempt to use stolen credentials to log into another unrelated service. Since many users reuse the same password and the same username or the same email address to log into their user accounts, credential stuffing often leads to success for cybercriminals.
Phishing: phishing is a form of social engineering in which an attacker sends a fraudulent message to persuade a person to reveal confidential information. The attacker then uses this information to gain access to the user account.
Session hijacking: this is where an attacker compromises a legitimate user session by stealing or predicting a valid session identifier to gain unauthorised access. The session can be compromised in different ways, for example, by man-in-the-middle attacks or client-side attacks such as trojans or malware.
Fraud in Payment Transactions
Payment fraud is the term used to describes all types of false or illegal transactions carried out by cybercriminals. The perpetrator steals money, personal property, interest payments or sensitive information from the victim via the internet.
Nevis offers a variety of strong defences against fraudulent or unauthorised transactions:
Protection for Mobile Phones
To protect users, the integrity of their mobile phones must also be secured. It is also essential to detect if this integrity has been breached. Our mobile SDK and our apps are protected against reverse engineering, manipulation, API exploits and other attacks that could endanger your users. Protection is also guaranteed by mobile authentication procedures and transaction signing.
Overall, the main objective is to ensure the security of customers' assets and information while providing a safe and convenient user experience.