The Secure Access Hub stops fraudulent actions before they even reach an application or service. Security alerts of suspicious sessions are triggered in a timely manner and valuable technical information is stored for detailed analysis.
Effective fraud prevention
User interaction attributes such as IP address, browser, malware detection and monitor resolution are recorded and checked by the Web Application Firewall (WAF). All these attributes are monitored in so-called ‘client and session fingerprinting’ to identify manipulation attempts within a session or to detect session hijacking.
An additional option to prevent fraud on the WAF is dynamic whitelisting or Dynamic Value Endorsement (DyVE). Typical use cases include online banking transactions: Airlock uses DyVE to ensure that payment orders can only be charged to accounts that have previously been presented for selection by the banking server.
The effectiveness of fraud prevention measures increases considerably when combined with risk-based authentication.
Additional protection with IBM® Security Trusteer® Pinpoint
Integrating IBM®’s Security Trusteer® Pinpoint into the Secure Access Hub provides additional boost in fraud prevention. The Pinpoint solution identifies banking trojans by their behaviour and generates biometric user profiles. If the behaviour of a session deviates from that expected from the known user the emergency brakes are triggered.
With the Airlock Pinpoint add-on, Pinpoint can be quickly and easily integrated into Airlock with no need to change back-end services. The combination of IBM Pinpoint and Airlock’s on-board features delivers a comprehensive and centralised approach to fraud management.
Highlights of fraud prevention
- Client fingerprinting
- Dynamic whitelisting (DyVE)
- Risk-based authentication
- Strong authentication
- IBM® Security Trusteer® Pinpoint integration
- Machine learning