ThreatMetrix: Empowering Insurance Companies to Differentiate Between Good and Bad Actors

Reed Taussig, President and CEO The latest wave of cyberattacks directed at global enterprises including Apple, Anthem, Sony Pictures, and JPMorgan Chase have defined a new age of cyber terrorism. Historically, 75 percent of all cyberattacks have been financially motivated, resulting in direct financial gain to the criminals. The “New Age” of cyber-attacks, while still most often financially motivated, now have the added risk of disabling the entire enterprise. The scale at which these attacks are mounted is unprecedented in terms of scope and consequences.

After the very recent online attack on Anthem—the second-largest health insurance plan provider in the U.S.—security experts warned that increased attacks on health insurance organizations are likely because of the high value (stolen health information is worth 10 times more than credit card numbers) of the data on the black market. With today’s relatively open and interoperable global digital infrastructure, legions of hackers are on the loose to cripple many insurance firms. Experts also claim that criminals are becoming increasingly creative in their use of medical information.

"We combine a customer’s business persona with his personal persona to see all aspect and help companies to identify good customers"

“The most valuable data stores for fraudsters are stolen patient records that are associated with a valid health insurance policy,” said Reed Taussig, President and CEO, ThreatMetrix. As insurance firms strive to rapidly expand their online presence to create a better and more competitive customer experience, cybercriminals have leveraged the opportunity to steal large amounts of personally identifiable information (PII) about their customers. These patient records and associated medical insurance plans are then sold to people, often illegal immigrants, who cannot obtain health insurance policies for one time use to address urgent medical issues. Additionally, the PII that is acquired by the legitimate policy holder can now be used for illegal purposes in the form of account takeover, fraudulent account origination and even blackmail.

“Although insurance companies are running behavioral analytics and data loss prevention systems to prevent insider breaches, the threat has now been moved from ‘inside to outside’,” continued Taussig. This can be prevented with ThreatMetrix, an advanced fraud prevention and context-based authentication provider. The company offers unified fraud prevention that enables insurers to detect and prevent online fraud, while remaining agile and responsive for customers, agents, brokers and others. “We build a trust on the Internet and secure enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware and data breaches,” said Taussig.

Adopting Perimeter Defenses

Today, insurance companies are more concerned about enforcing strict controls over their agents as they have direct access to corporate files, customer and financial records. “We ensure the companies’ systems are not breached due to stolen employee or third-party credentials through the use of phishing attacks or malware and that the user has the authority to access the network,” said Taussig. “We use advanced device and
malware detection capabilities to pinpoint potentially malicious requests. By doing so, insurance carriers can instill confidence in their stakeholders that the information is secure.”

ThreatMetrix’s strong solutions that protect customer accounts and assets are powered by the ThreatMetrix® Global Trust Intelligence Network (The Network), which the company leverages to acquire information about insurance companies’ customers and agents across a global network of nearly one billion transactions per month.

Extremely Accurate and Instantaneous Risk Assessment

ThreatMetrix records tens of millions of users and their devices, and processes more than one billion online requests for new account originations, logins and payments every month.“After collecting the anonymized personally identifiable information, ThreatMetrix can authenticate each customer’s credentials, both positive and negative, based on the customer behavior,” said Taussig. “We call it a ‘persona’ or a digital identity, which is an anonymous representation of a customer as he or she exists on the Internet.”As an individual browses online to make an online insurance payment or purchase, ThreatMetrix captures information about the user’s activities.

We combine a customer’s business persona with his personal persona to see all aspects and help companies to identify good customers

“We call it ‘Persona Net Recognition Rate’ (PNNR),” said Taussig. “We also assign a Persona ID that performs behavioral analysis of a user’s activity. Persona ID uses entity association to connect users with their activities and related attributes, such as email addresses, credit cards, transactions, accounts, devices, IP addresses, geographical range, and proxies. This creates a comprehensive picture of the user. Using Persona ID, we can combine a customer’s business persona with his personal persona to see all aspects and help companies differentiate between good returning customers and bad actors.”

This information resides in The Network, where the components are combined to build a holistic online persona that is analyzed against every access request, login and payment. The result is an extremely accurate, instantaneous risk assessment for the submitted application requests based on real-world data.

Detecting Mobile Malware

These days, transactions are widely done over mobile devices. “More than 40 percent of our current traffic initiates from mobile devices,” said Taussig. “This number will soon rise to over 50 percent in emerging economies such as China, South America, and Southeast Asia.

There is a real problem when it comes to mobile devices and it is very important to be careful what kind of information one stores on such devices. Often, thousands of varieties of Trojans on Android devices attempt to steal customer
credentials and the information is then transmitted over a 4G network,” said Taussig. ThreatMetrix has a mobile Software Development Kit (SDK) that combines the power of its global network for customers who use mobile apps, including insurance apps. The company’s technology enables insurance companies to identify malware and mobile devices—particularly Android—making certain that the devices are not stolen and the right person is using the devices.

“We offer TrustDefender Mobile, an embeddable library for mobile device applications that uniquely identifies each mobile device when it connects to a website, and analyzes all installed apps for threats or malware that can compromise the device and perpetrate crime,” said Taussig. Through TrustDefender, insurance companies can use a single platform to uniquely identify and see the risks associated with every mobile device and user across both browser and mobile app transactions. “A lot of customers are using ThreatMetrix to protect their mobile apps,” said Taussig. “We see that as an absolute growing trend across industries, including insurance.”

Holistic Approach to Fraud Prevention

As insurance companies are trying to extend their markets, not only domestically but globally, they are open to risks on a broad basis with regards to online fraudsters. “We look at the behaviors of the individuals as they interact online across companies,” said Taussig. “Rather than looking at actions of an individual within a narrow context, we look at them across a much wider context—social media sites, interactions with e-commerce sites, credit card applications, airline and event tickets and much more.”

For instance, a life insurance company based in U.S. approached ThreatMetrix to ensure fraudsters are not spoofing them with synthetic identities to set up insurance policies, particularly, for children and sick people. “We identified offshore criminals who were using virtual private servers and hidden proxies and selling fake life insurance policies,” said Taussig. “ThreatMetrix quickly shut down the fraudulent activities and enforced security measures for the life insurance provider.”

In the case of health, automobile collision or liability insurance, fraudsters are trained to defraud insurance companies with stolen credit cards to create illegal insurance policies. Consequently, these fraudsters are taking advantage of legitimate insurance businesses. ThreatMetrix intercepts these crimes and identifies the fraudsters’ locations, devices, and potential sources of malware. “We then shut down their activities—stolen credentials, illegally obtained policies, and other activities—and authenticate that the agents issuing policies are qualified and authorized to do so,” he adds.

As the global threat environment rapidly evolves, ThreatMetrix makes use of the most innovative technologies and deploys solutions to deal with compatibility and security issues. “At ThreatMetrix, we have always focused on helping businesses prevent cybercrime,” said Taussig. “Now we’re broadening our focus to building trust on the Internet. This means empowering insurance companies to not only keep out the bad actors, but also to protect and streamline the online experience for trusted employees and customers.”


San Jose, CA

Reed Taussig, President and CEO

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network