Stop fraud before it happens by detecting changes in user behavior indicating possible account takeover attempts.
Make sure legitimate users are quickly authenticated and dramatically reduce the number of false positives.
Remove unnecessary friction from your fraud detection process by relying on a silent and dynamic 2FA.
SIM swap attacks, are used to takeover user accounts. In a SIM swap attack a fraudster convinces the mobile phone service to transfer or port a legitimate user's phone number to a new device belonging the fraudster. This is typically accomplished by pretending to be a legitimate user that has lost their phone. With the phone number successfully ported to a new device, the fraudster is then able to intercept one time passcodes sent to the phone as part of two-factor authentication or for password resets.
The answer to accurately combatting this type of fraud lies in relying not only on what users know (credentials and knowledge based questions) but also on unique signals fraudsters cannot simply forge: real world behavior. Static credentials and knowledge based answers are increasingly easy for fraudsters to purchase on the Dark Web or obtain via social engineering. User behavior history is much harder for fraudsters to mimic.
Incognia enables risk-based authentication through a risk score based on each user's location behavior history (or location fingerprint). By integrating the Incognia mobile SDK within mobile apps, companies can detect suspicious logins based on anomalies in user behavior while still delivering a great experience for legitimate users.
Our silent 2FA authentication helps companies decrease fraud losses, reduce false positives and authenticate legitimate users faster.
Learn how Incognia's location-based risk score helps companies make well-informed fraud decisions.
The fraudster attempts to login entering the correct (stolen) credentials and correct (redirected) one time passcode received on their phone.
The Incognia API compares the device's location to the user's historical location behavior, including where previous logins were recorded.
If the detected location is anomalous, a high risk-score will be delivered, leading the fraudster to additional security checks.
Our customers see rapid return on investment through:
This API uses real-time location data to check the users’ current location in the exact moment they login. If that location is not familiar to their behavioral pattern, our API will deliver a high risk score to trigger step-up authentication. At the same time, if the legitimate owner of that account is logging in from a new device, they will be quickly authenticated.
To ensure the integrity of location data used within our location-based features, we continuously monitor for any attempts to send forged, spoofed or emulated location data to mobile applications.