With the welcome growth in mobile banking, financial institutions must manage the increased

risk associated with the mobile channel. FFIEC guidance requirements for layered security,
continuous risk assessment and complex device fingerprinting naturally extend to the mobile
channel. Organizations looking to mitigate mobile fraud risk should address complex cross
channel attacks and the unique challenges associated with the mobile channel.

The Mobile Channel is a Hot Target for Cybercriminals

Mobile device adoption will ultimately surpass personal computers in both units and online banking usage
Mobile banking apps are designed with limited security controls and are unaware of device risk
Immature mobile fraud detection systems increase the likelihood of a successful attack
Expanding mobile banking and payment capabilities make the mobile channel an increasingly attractive target
With a growing number of targets and limited fraud detection and prevention capabilities, the mobile channel is
becoming an attractive target for cybercriminals.

Account Takeover via Mobile Devices Defeats Device ID Solutions

Cybercriminals steal credentials from the victims PC via malware or phishing attacks to commit account takeover
using the mobile device browser. This method represents a major challenge for device ID systems, as many
mobile devices have the same fingerprint. For example, most iPhones look alike (same OS, browser, fonts, etc.).
A comprehensive risk assessment that incorporates device ID, device risk factors and detailed account compromise
history is required to detect account takeover.

Rogue Applications and Mobile Malware Steal Banking Credentials

Cybercriminals leverage security vulnerabilities and social engineering to infect mobile devices with
malware. Fake gaming or security mobile applications embedded with malware are offered through
application stores and marketplaces. Mobile devices are also infected by accessing websites
with exploit code that targets mobile browser vulnerabilities (i.e., drive-by-downloads).

Mobile/PC Combo Attacks Circumvent SMS

One-Time Password Authentication
Cybercriminals can easily infect a victims mobile device to overcome
SMS one-time password (OTP) authentication. After a users PC is infected with
malware, the user is presented with a message to download security software to
their mobile device. This software intercepts SMS messages and allows the criminal
to obtain the victims OTP. These malware variants leverage both the online and
mobile channels to execute the attack.

MOBILE RISK MANAGEMENT

Trusteer
Mobile Risk Engine

Trusteer Mobile Risk Engine

Conclusive Mobile Fraud Risk Detection Based on Device and Account Risk
Factors Across Channels
Assesses Mobile Fraud Risk in Real-Time
Trusteer Mobile Risk Engine (MRE) protects the mobile channel by performing a mobile risk
assessment based on device and account risk factors. It enables organizations to mitigate risk
by producing accurate and conclusive recommendations to allow, restrict or deny user access.
Organizations can use these recommendations to apply stepped-up authentication or extended
transaction review for truly high-risk users, sessions and transactions.

Trusteer Mobile Risk Engine

Capabilities
Detects vulnerable and compromised
devices
Captures persistent device ID, geolocation and detailed device risk factors
Correlates device and account risk factors
across online and mobile channels

Detects High-Risk Devices Based on Multiple Data Sources

MRE generates accurate security recommendations based on multiple device risk factors. To
accommodate deployment or integration restrictions, MRE can consume risk data from the
included Trusteer Mobile SDK and Trusteer Mobile App (i.e., on-device components) or from the
customers web app via an API. MRE maintains a global fraudster device database that is shared
across organizations.

Conclusively stops account takeover

attacks from mobile devices using stolen
credentials

Correlates Online and Mobile Banking Risk Data for Conclusive Mobile Risk Detection

Web-based service

To address complex attacks across online and mobile channels, MRE can incorporate account risk
factors including malware infections and phishing incidents. This extended data set is collected by
Trusteers client-based (Trusteer Rapport) and clientless (Trusteer Pinpoint Malware Detection) fraud
prevention solutions. The risk data is used to accurately detect account takeover attempts from
mobile devices using compromised credentials from other channels.

Trusteer Mobile Risk Engine

Components
Trusteer Mobile SDK
Trusteer Mobile App
Custom Data API
Trusteer Mobile Risk Engine Data
Risk Sources

Meets FFIEC Guidance for Continuous Risk Assessment

The FFIEC guidance requires financial institutions to implement continuous risk assessment
and implement multiple security layers to detect fraudulent transactions. MRE detects high-risk
activity by assessing the risk of every mobile device, mobile login and mobile transaction. The
risk-based recommended actions can range from authenticating the user to preventing access to
the account.

Trusteer Pinpoint Malware Detection

Trusteer Pinpoint Account Takeover
(ATO) Detection
Trusteer Rapport

Ensures a Secure and Hassle-Free Mobile

Banking Experience

Device
By relying on multiple risk factors across multiple
Vulnerabilities
channels, MRE can accurately track the full attack
lifecycle. It uses a set of mobile risk detection
rules that map current attack patterns and
are updated based on Trusteers global
intelligence. Only truly high-risk users
and transactions are flagged for review
or stepped-up authentication
Persistent
in order to minimize the
Device ID
burden to the customer.

Phishing
Incidents

Trusteer
Mobile Risk Engine
Malware
Infections

Global Fraudster Device Database

Global
Intelligence

!
Trusteer Mobile Risk Engine correlates device risk factors
and account compromise history to automatically tag
fraudsters devices across all protected organizations.

Account
Access/ Trx

Trusteer Mobile SDK

Embedded Security Library for Android and iOS Native Mobile Banking Apps

Detects High-Risk Access from Compromised or Vulnerable Devices

Trusteer Mobile SDK Risk Factors

Trusteer Mobile SDK is invoked when the mobile application is launched to collect various device
risk factors. These include: geolocation, device time, IP address, missing OS security patches, rooted/
jailbroken device status, risky system configuration settings, malware infections, use of unsecured
Wi-Fi connection and more. Risk data is provided to the mobile banking app and can be used to
restrict functionality based on device risk level. For example, limiting specific application functions
(adding a payee or transferring money) on a jailbroken device. The risk data can also be sent to the
Trusteer Mobile Risk Engine where it is correlated with additional device and account risk factors
(such as malware infections and phishing incidents) to flag high risk access and transactions.

Persistent Device ID

Generates a Persistent Mobile Device ID for Unique Device Identification

User ID

Trusteer Mobile SDK creates a persistent mobile device ID allowing the organization to uniquely
identify any device using the native mobile banking app. The persistent device ID is associated with
the users account and uniquely identifies the device, even after the phone is re-imaged. This ensures
new devices are identified, login attempts from known devices are unchallenged, and potential
fraudster devices are flagged.

SIM Data

Trusteer Mobile App

Secure Mobile Browser for Online Banking
Secures Mobile Web Access to Online Banking
Trusteer Mobile App includes a secure mobile browser. End users use the mobile browser to safely
access the online banking website and financial institutions can mandate that their online banking
websites are only accessed via the Trusteer Mobile App. Whenever a protected website is accessed,
a complete security posture assessment is performed on the device. Trusteer Mobile App collects
mobile device risk factors and a persistent mobile device ID and sends these to the online banking
website and Trusteer Mobile Risk Engine where they are used for mobile risk assessment.

Alerts the User of Device Security Risks

Trusteer Mobile App users can view their device security status via a dedicated dashboard.
Indications of malware infection, unsecure Wi-Fi connections and other security risks are
identified. The user can resolve these risks by following step-by-step remediation guidance
provided by the app.

Protects the User from Fake Banking Websites

Trusteer Mobile App protects against pharming attacks. By validating both
the IP address and the SSL certificate when a protected website
is accessed, both session hijacking (Man-in-the-Middle)
and redirection attacks are prevented.

Jailbreak/Rooted Device
Malware Infection
OS Patching
Wi-Fi Security
Rogue Apps
Application ID

Geolocation
And more

Trusteer Cybercrime Prevention Architecture

Trusteer Cybercrime Intelligence
Global threat intelligence and fraudster database

Trusteer Pinpoint

Cybercrime Intelligence
Layer 2:
Clientless Fraud
Prevention

Trusteer Pinpoint
Account Takeover (ATO)
Detection

Malware
Detection

Trusteer Mobile
Risk Engine
er
Custom

e
Prot

c tio

Account Takeover (ATO) Detection

Correlation of multiple fraud risk indicators for
conclusive account takeover and mobile risk
detection
Malware Detection
Clientless detection of Man-in-the-Browser
malware infected endpoints

Trusteer Mobile Risk Engine

Detects mobile and cross-channel fraud risk via
web-based services and the included mobile
client components

Trusteer Apex
Zero-day exploits and data exfiltration prevention
for employees endpoints
Em

plo

Trusteer Apex
ye e

Prote
c

Trusteer Rapport Trusteer Mobile

tion

Cu

r Pr
stome

o te

c tio

Layer 1:
Endpoint Security

Trusteer Rapport
Prevention and remediation of malware and
phishing threats on PCs and Macs

Trusteer Mobile
Embedded security library for native mobile apps,
dedicated secure mobile browser, out-of-band
authentication

Trusteer is the Global Leader in Financial Fraud Prevention

Boston-based Trusteer is the leading provider of endpoint cybercrime prevention solutions that protect

MOBILE
RISK
MANAGEMENT

organizations against financial losses and data breaches. Hundreds of organizations and millions of end

users rely on Trusteer to protect managed and unmanaged endpoints against exploitation and compromise

by online threats that are invisible to legacy security solutions. Global organizations such as HSBC, Santander,
SunTrust and Fifth Third are among Trusteers customers.

Trusteer Inc.
545 Boylston Street, 5th Floor
Boston, MA 02116
T: +1 (866) 496-6139
T: +1 (617) 606-7755
info@trusteer.com
trusteer.com