SOLUTION BRIEF
ThreatMetrix Two Factor Authentication Reduce Step-Up
Friction and Costs
raditional methods of relying solely on
username and passwords to protect accounts
simply cannot keep up with the evolving
digital business landscape. Ensuring users are
who they are is critical to prevent fraud and accounts being
compromised. One of the most accurate ways to verifying a
user is by interacting with them through a step up challenge
response mechanism. However, challenging users too often
introduces a negative online experience. Our SMS-based
two factor authentication, provides a simple, secure and
selective method for validating a variety of online and mobile
transactions.
THE THREATMETRIX ADVANTAGE
Traditional static models used with Two Factor Authentication
often leads to challenging users too frequently. For example,
many users are challenged after simply wiping cookies from
their device. These one dimensional authentication models
not only cause inconvenience for the users but also introduce
additional operational expense for organizations. ThreatMetrix
Two Factor Authentication provides an alternative identitybased solution that avoids such issues. ThreatMetrix Two
Factor Authentication solution can:
•
Reduce Step-Up Challenges: Establish an identity-based
framework that only challenge users when they are labeled as high risk based on business policy.
•
Lower Operational Costs: Automatic reduction of SMS
messaging fees when less step-ups are presented to users.
•
Decrease Hardware Costs: Other forms of two factor
authentication such as biometric readers, or one-time
password devices (tokens) are costly. ThreatMetrix helps you leverages your customer base’s mobile an and smartphones to instantly verify who they are.
KEY FEATURES
SMS-based two factor authentication is the industry’s
preferred challenge response mechanism to validate an
online user’s identity. In conjunction with ThreatMetrix Digital
Identity Network, this identity-based approach leverages
mobile phones and smartphones to satisfy two factor
authentication requirement for something that the end user
possesses.
160 W Santa Clara St
San Jose, CA, 95113
United States
Telephone: +1 408 200 5755
Fax: +1 408 200 5799
[email protected]
www.threatmetrix.com
ThreatMetrix provides the following key features for SMS two
factor authentication:
•
Identity-Based Two Factor Authentication
All aspects of a person’s online devices and behavior can be placed into one unique Digital Identity – including email addresses, geo-locations, devices and both personal and business personas. A step-up challenge only needs to
be presented when attributes or behavior deviates away from their normal Digital Identity based on business policies.
•
•
•
•
•
•
Global SMS Reach
Ensure SMS-message delivery to mobile phone users in over 200 countries and territories in 87 languages.
Long Message Support
Separates SMS message over 160 characters for the user’s
mobile phone to reassemble the message back in the correct order as one SMS.
Direct to Carrier Routes
Connects directly to thousands of worldwide carriers and
employs a reliable method across multiple routes to help
ensure the highest delivery and conversion rates.
Smart Message Splitting
The solution prevents the breaking of critical pieces of
information to ensure messages are delivered and viewed as intended. For example, information such as URLs and email are properly displayed when they are split within a long SMS message.
Phone Number Cleansing
Phone number entered by end-user are properly formatted to ensure global delivery.
Time-Based One-Time Passcode (TOTP)
Verifies users in real-time by sending a one-time verification code via SMS that can be used to authenticate a known user or verify a transaction.
Ensuring users are who they are is critical
to prevent fraud and accounts being
compromised.
1
SOLUTION BRIEF
TWO-WAY COMMUNICATIONS*
MOBILE AND LANDLINE PHONES
ThreatMetrix enables two-way SMS verification by sending
an SMS with a one-time password that allows a user to reply
via SMS with the code and approve or deny the request. This
reduces user friction and operational cost for customers as
the users can just use SMS for response and customers do not
need to maintain a separate web-page to accept passcodes.
Enables global reach of users in more countries who do not
wish to receive SMS-based messages and/ or have provided a
number that is not equipped to receive them.
* Two-Way Communications feature is not available in all regions.
Contact ThreatMetrix for specific details.
HOW IT WORKS
ThreatMetrix Two Factor Authentication is enabled by ThreatMetrix Integration Hub. Integration hub seamlessly invokes any
one time passcode (OTP) delivery platform so the verification can happen in context of the transaction’s risk assessment
for any existing application, user experience or workflow. The following is an example a customer attempting to access an
account:
1 A customer visits your website and enters their existing
username and password to access their account.
2 A ThreatMetrix policy is invoked to analyze the
connecting user.
USERS
1
CUSTOMER
SITE
2
TMX
3
OTP
DELIVERY
PLATFORM
3 A step-up decision is made based on your business
policy.
4 The customer’s phone number is sent to ThreatMetrix
from your website.
5 A time-based one-time passcode is generated and sent
4
5
6
to ThreatMetrix OTP Delivery Platform. (The passcode
is generated by OTP delivery provider for 2-way SMS
service.)
6 ThreatMetrix OTP Delivery Platform sends the passcode
to the customer’s mobile phone.
7 Once the customer’s mobile device receives the
7
8
9
passcode, the customer simply enters it in on the
webpage as prompted. (The end user simply responds
via SMS to confirm the code for 2-way SMS service.)
8 Compare retry attempts and send the passcode to
ThreatMetrix for verification.(Customer site will poll
ThreatMetrix to determine whether the end user
responded to the text for 2-way SMS service.)
9 ThreatMetrix sends a verification message to the
website for access approval or denial. (ThreatMetrix
confirms end user’s response by polling status updates
from OTP delivery platform for 2-way SMS service.)
ThreatMetrix®, The Digital Identity Company, is the market-leading cloud solution for authenticating digital personas and transactions on the Internet. Verifying
billions of annual transactions supporting tens of thousands of websites and thousands of customers globally through the ThreatMetrix® Digital Identity Network,
ThreatMetrix secures businesses and end users against account takeover, payment fraud and fraudulent account registrations resulting from malware and data
breaches. Key benefits include an improved customer experience, reduced friction, revenue gain, and lower fraud and operational costs. The ThreatMetrix solution is
deployed across a variety of industries, including financial services, e-commerce, payments and lending, media, government, and insurance.
© 2016 ThreatMetrix. All rights reserved. ThreatMetrix, TrustDefender ID, TrustDefender Client, TrustDefender Cloud, TrustDefender Mobile,
ThreatMetrix SmartID, ThreatMetrix ExactID, the TrustDefender Cybercrime Protection Platform, and the ThreatMetrix logo are trademarks or
registered trademarks of ThreatMetrix in the United States and other countries. All other brand, service or product names are trademarks or
registered trademarks of their respective companies or owners.