IBM® Security Trusteer Pinpoint™ Criminal Detection helps protect websites against account takeover and fraudulent transactions by combining traditional device IDs, geolocation and transactional modeling, and critical fraud indicators. This information is correlated using big-data technologies to link events across time, users and activities. Phishing, malware and other high-risk indicators are used for evidence-based fraud detection.

By matching new and spoofed device fingerprints, phishing incidents and malware-infected account access history, Trusteer Pinpoint Criminal Detection can help to identify account takeover attempts, minimize customer burden and eliminate IT overhead.

IBM Security Trusteer Pinpoint Criminal Detection provides:

  • Complex device fingerprinting that detects new, spoofed (proxy) and known criminal devices, and is dynamically generated by a state-of-the-art device ID component.
  • Login anomaly detection to provide protection from fraudulent access to user accounts.
  • Transaction anomaly detection to help safeguard payment to new payees or specific geographic locations and exceptional payment amounts.
  • Phishing detection that reports on phishing incidents and provides an accurate indication of compromised accounts.

Complex device fingerprinting

  • Fingerprints all types of devices, including PCs, Macs, laptops, mobile phones, smartphones and tablets.
  • Identifies session spoofing attempts such as browser or operating system (OS) manipulation and cookie hijacking.
  • Examines various session and network attributes to determine if the user is connecting to the website behind a proxy or a VPN.

Login anomaly detection

  • Detects device anomalies, including attempts to hide browser or operating system information, and the use of a spoofed device ID and cookies.
  • Looks for navigation anomalies such as failed login attempts or staying on specific pages for a long time.
  • Tracks interaction anomalies; most fraudsters have different interaction patterns with the website compared to the average user.
  • Detects device-to-user anomalies such as one device accessing numerous accounts (across one or more financial institutions or organizations).
  • Continuously configures and updates additional anomaly detection rules.

Transaction anomaly detection

  • Detects anomalies when users submit transaction data.
  • Returns an actionable indication of fraud, which allows the organization to determine if the transaction should be denied or reviewed.
  • Makes this determination based on the account historical activity and the broader context of account compromise history and login anomaly.

Phishing detection

  • Provides server-side technology that detects phishing incidents, including the site URL and compromised credentials.
  • Detects user submission of credentials to suspected phishing site with IBM Security Trusteer Rapport®.
  • Provides reports on all users who are accessing phishing sites and who may have compromised credentials.
  • Detects submission of user credentials to phishing sites and reports accordingly to the bank.
  • Correlates phishing, malware and other high-risk indicators for evidence-based fraud detection.