Defending Native Mobile Apps From Fraud

Mobile + online = the optimal environment for fraud. But not for the reasons you may think. Native mobile apps downloaded to a mobile device, says ThreatMetrix, are generally “lightweight” in the security department compared to traditional browsers. In a new whitepaper, ThreatMetrix breaks down the methods and steps to equip these apps with the necessary infrastructure and intelligence to identify fraud risks, establish user trust and fuel an overall seamless user experience.

Mobile + online = the optimal environment for fraud. But not for the reasons you may think. Native mobile apps downloaded to a mobile device, says ThreatMetrix, are generally “lightweight” in the security department compared to traditional browsers. In a new whitepaper, ThreatMetrix breaks down the methods and steps to equip these apps with the necessary infrastructure and intelligence to identify fraud risks, establish user trust and fuel an overall seamless user experience.

 

ADDRESSING THE MOBILE APP FRAUD PROBLEM

Native mobile apps that users download onto their tablet or smartphone are often designed for a specific website or Web app. Therefore, they do not typically contain the infrastructure required to both identify the device and determine fraud risks associated with it, according to ThreatMetrix.

So what’s the solution? Upgrading and equipping those mobile apps with the right intelligence and technology – but doing so requires “a great deal of work and very specific knowledge, both of which are generally outside the experience of most mobile application developers.”

By providing a software development kit (SDK), ThreatMetrix aims to solve that huge problem for developers. That SDK provides a lightweight library for developers to easily integrate into their mobile apps. Called TrustDefender Mobile, it immediately recognizes legitimate users of the apps, and is able to conduct their transactions without needing to respond to additional authentication procedures. That, says ThreatMetrix, introduces unbeatable benefits to both business owners and their customers or end-users.

 

DEFEATING MOBILE FRAUD: HOW IT WORKS

TrustDefender Mobile is fully integrated with ThreatMetrix’s TrustDefender Cybercrime Protection Platform, and provides full context-based authentication and fraud prevention for websites and Web applications.

When users login, pay and register their accounts, organizations use the tool for their protection. A code is embedded within the app to provide an advanced, detailed threat and risk assessment of the mobile device. The device is then uniquely identified and analyzed for the presence of malware, says ThreatMetrix, and other attributes are also compiled to determine whether the device is configured normally, has suspicious settings or other anomalies including risk.

According to the whitepaper, TrustDefender Mobile takes on the bad guys by going after the following information:

  • Persistent Device Identification: Identifies individual mobile devices for iOS and Android platforms
  • Location Services: Gathers latitude and longitude information from GPS hardware
  • Jailbreak (iOS) and Rooted (Android) Devices: Determines when device security controls have been thwarted
  • Malware Detection: For Android-based systems, verifies the integrity of the app in which it is embedded to ensure there is no compromise or infection
  • Anomaly Detection: Detects device tampering and attempts to masquerade as a different device
  • Packet Fingerprinting: Automatically detects device and data spoofing via analysis of the network traffic packet signatures originating from the device

 

CAPABILITIES & TECHNOLOGIES: WHAT’S UNIQUE?

There is a plethora of solutions available to detect whether devices have been compromised or disguised – but according to ThreatMetrix, “TrustDefender Mobile contains capabilities and advanced technologies unavailable in other solutions.”

For Android systems, TrustDefender Mobile performs an integrity check to verify that the app is genuine and unmodified. It also analyzes and verifies the integrity of all apps installed on the device to detect malware without degrading mobile device performance. Signatures of each app, for example, are stored locally on the device itself.

TrustDefender Mobile is also designed to minimize app updates – it can be dynamically updated and configured by ThreatMetrix’s cloud-based servers. Businesses therefore don’t have to re-release their apps as malicious users develop new methods to disable security features.

The ThreatMetrix Shared Global Trust Intelligence Network, which profiles tens of millions of users and their devices daily, is also a unique component of TrustDefender Mobile. The solution also takes advantage of Persona DB, an extensible, enterprise accessible database to allow an organization “to privately and securely store and retrieve identifying attributes, characteristics and behaviors associated with its users and customers.”

Finally, TrustDefender Mobile is also easy to embed within mobile apps, says ThreatMetrix, with integration taking only a day or less. Mobile app developers just need to “include the TrustDefender Mobile library and, with a few lines of code, place calls to it in strategic situations.”

 

For a complete list of TrustDefender Mobile’s unique capabilities and technologies, as well as the benefits for both businesses and mobile app users, download the whitepaper below.

Download Here Orange