ThreatMetrix: Forensically Spotting Cybercriminals and Preventing Insurance Fraud

Reed Taussig, President & CEO, ThreatMetrixReed Taussig, President & CEO Last year’s hack of Anthem, one of U.S.’s largest health insurance companies, exposed the data of as many as 80million customers, including many of their social security numbers. The magnitude of the data breach underscores not only the risk consumers are at, but also just how valuable personal information is to hackers—especially healthcare data. While Health Insurance Portability and Accountability Act (HIPAA) is designed to protect patients against loss, theft, or disclosure of their sensitive medical information, the fines and penalties don’t appear to be having a discernible effect on either patient privacy or data security. Reason? The growing sophistication of data breaches in the insurance sector, which are not easy to counter and subjugate with the traditional solutions employed by a major part of the business community.

Insurance firms are striving extensively to keep such episodes of data breaches at bay—especially the ones that are aimed at Personally Identifiable Information (PII) of the insurers. The PPI has a sea of demand in the black market, as there are a number of buyers who leverage such accounts for illicit purposes in the form of account takeover, fraudulent account origination, and even blackmail. “The global cyber crime landscape is constantly evolving to include new, more sophisticated threats and the only way to combat these threats is through collective intelligence,” highlights Reed Taussig, President and CEO, ThreatMetrix—an advanced fraud prevention and context-based authentication provider. Headquartered at San Jose, CA, ThreatMetrix has created a prominent reputation with their unified fraud prevention solution that allows insurers to detect and prevent online fraud, while remaining agile and responsive for customers, agents, and brokers.

No Place to Hide for Malicious Activities

Today, insurance companies are more concerned about enforcing strict controls over their agents as they have direct access to corporate files, customer, and financial records. Here, ThreatMetrix ensures that customers’ systems are not breached due to stolen employee or third-party credentials through the use of phishing attacks or malware. The company uses advanced device and malware detection capabilities to pinpoint potentially malicious requests. By doing so, insurance carriers can instill confidence in their stakeholders that the information is secure.

ThreatMetrix’s robust solutions that protect customer accounts and assets are powered by the ThreatMetrix Global Trust Intelligence Network (The Network), which the company leverages to acquire information about insurance companies’ customers and agents across a global network of nearly one billion transactions per month. The Network now protects more than 210 million active user accounts across 3,000customers and 15,000 websites. “As the ThreatMetrix Network continues to grow, so does our customers’ shared view of cybercrime, enabling them to protect their businesses and valued customers by accurately identifying both good and bad online users,” says Taussig.

At ThreatMetrix, we’re aiming to solve the dilemma of building trust on the Internet through information sharing when many businesses are reluctant to do so

Being Proactive, Now a Plain Sailing Task

ThreatMetrix records tens of millions of users and their devices, and processes more than one billion online requests for new account originations, logins, and payments every month. “At ThreatMetrix, we’re aiming to solve the dilemma of building trust on the Internet through information sharing when many businesses are reluctant to do so,” says Taussig. The company does this by creating a ‘persona’ or a digital identity, which is an anonymous representation of a customer as he or she exists on the Internet.

As an individual browses the internet to make an online insurance payment or purchase, ThreatMetrix captures information about the user’s activities.“We call it ‘Persona Net Recognition Rate’ (PNNR),”states Taussig. The company assigns a Persona ID that performs behavioral analysis of a user’s activity. Persona ID uses entity association to connect users with their activities and related attributes, such as email addresses, credit cards, transactions, accounts, devices, IP addresses, geographical range, and proxies. This creates a comprehensive picture of the user. Using Persona ID, ThreatMetrix combines a customer’s business persona with its personal persona to see all aspects and help companies differentiate between good returning customers and bad actors.

This information resides in The Network, where the components are combined to build a holistic online persona that is analyzed against every access request, login, and payment. The result is an extremely accurate, instantaneous risk assessment for the submitted application requests based on real world data.

Combing the Power of Global Network

These days, transactions are widely done over mobile devices. “More than 40 percent of our current traffic initiates from mobile devices,” says Taussig. This number will soon rise to over 50 percent in emerging economies such as China, South America, and Southeast Asia. It is a real problem when it comes to mobile devices and it is very important to be careful about the kind of information one stores on such devices. Often, thousands of varieties of Trojans on Android devices attempt to steal customer credentials and the information is then transmitted over a4G network. ThreatMetrix has a mobile Software Development Kit (SDK) that combines the power of its global network for customers who use mobile insurance apps. The company’s technology enables insurance companies to identify malware in mobile devices—particularly Android—making certain that the devices are not stolen. “Through our global network, businesses can securely share information about devices and personas connecting to their sites, without sharing any personally-identifiable information about customers or visitors,” says Taussig. He continues, “ThreatMetrix anonymizes and encrypts information in the network, so personal identities are never revealed to other organizations.”

ThreatMetrix also offers Trust Defender Mobile, an embeddable library for mobile device applications that uniquely identifies each mobile device when it connects to a website, and analyzes all installed apps for threats or malware that can compromise the device and perpetrate crime. Through Trust Defender, insurance companies can use a single platform to uniquely identify and see the risks associated with every mobile device and user, across both browser and mobile app transactions.“With Trust Defender, we are addressing fraud prevention and malware protection as a single problem and deliver real benefits to customers at a lower cost,” says Taussig

Differentiating Between Good and Bad Actors

As insurance companies try to extend their markets, not only domestically but globally, they are vulnerable to risk son a broad basis with regards to online fraudsters.“These days, online activity drives our everyday lives—personal and business,” says Taussig. Due to its swelling importance, it is mandatory to keep internet safe from the malicious activates that threaten the efficacy of any business.

For instance, a life insurance company based in U.S. approached ThreatMetrix to ensure that fraudsters are not spoofing them with fake identities to set up insurance policies, particularly, for children and patients. “We identified offshore criminals who were using virtual private servers and hidden proxies to sell fake life insurance policies,” says Taussig. “ThreatMetrix quickly terminated the fraudulent activities and enforced security measures for the life insurance provider.”

"We identified offshore criminals who were using virtual private servers and hidden proxies to sell fake life insurance policies

In the case of health, automobile collision or liability insurance, fraudsters are trained to defraud insurance companies with stolen credit cards to create illegal insurance policies. Consequently, these fraudsters are taking advantage of legitimate insurance businesses. ThreatMetrix intercepts these crimes and identifies the fraudsters’ locations, devices, and potential sources of malware. “We then shut down their activities—stolen credentials, illegally obtained policies and similar activities—and authenticate that the agents issuing policies are qualified and authorized to do so.”

What happened in 2015 can be seen as a silhouette of irresponsible organizations or as a lesson to be come proactive in the coming days. “And it will be on companies like ThreatMetrix to make sure healthcare and other industries remain immune to data breaches,” remarks Taussig. As a part of their road map, ThreatMetrix is looking forward to expand their frontier to build trust on the internet. It will include empowering insurance companies to not only keep out the bad actors, but also protect and streamline the online experience for trusted employees and customers.”

- Aaron Pierce
    January 18, 2016