How ReTrust works
How does ReTrust distinguish between fraudsters and true customers?
ReTrust is built on advanced technology from IBM. IBM Trusteer is a digital trust tool that uses five different technologies to separate the fraudulent sessions from the true sessions.
This means that every session is being picked up by ReTrust, leaving out all private and personal data, as this service is fully GDPR compliant and follows all laws of privacy. ReTrust creates IDs that are more a characteristic of user, behaviour and device-linked features than of a person. As all users go through the machinery of ReTrust, only the true customers will get access to their personal profile on your site. ReTrust will not know which account belongs to who, their password or anything like that. What ReTrust detects is how they type their password and how they move their mouse, and if they use the same IP address or where they are located.
How are sessions determined by IBM Trusteer, when there is a new user?
Like everything else involved in AI and machine learning, ReTrust is trained by its users. The sessions are accumulated and analysed by IBM Trusteer, which have 43 billion session scans every month. IBM is a security leader when it comes to digital fraud, and with the power of AI, the data is being used for increasing digital trust. As all sessions are scanned, ReTrust will learn to identify and know how your customers act. If the user has been seen before on a different application, you will immediately establish digital trust with the user.
All the analysed data from the scanned sessions is available from day 1 with ReTrust. This means that if we have detected a fraudster trying to access your competitor, or even a business outside your industry, we will make sure that you get the intelligence needed for the action you need to take: Disabling that user from logging into your site, posing as one of your customers.
Pinpoint data to be consumed by the application or third party risk engine
What happens, if ReTrust mistakes a true user for a fraudster?
When telling true users from fraudsters, ReTrust combines all of its technology and comes up with a score with 0 being a true user and 1000 being a fraudster. All sessions are scored on a scale between those two, and with ReTrust, you decide what happens in case of a fraudulent session and what factors should build up the score. You also decide, when you want us to sound the alarm.
Risk scoring with ReTust
Let’s say you have decided that users will be returned to your main page, if ReTrust detects behaviour that is not in line with that user’s normal activity. Now a true user is trying to log onto your site, but he has forgotten his password. In that case, ReTrust may detect this (maybe even give it a lower ranging score of 150-250), but it would be allowed, because although some factors may be off, it, overall, seems to be the same user due to his biometrical behaviour being somewhat the same, the device is known as is the network. This is how ReTrust keeps your customers safe, and because we monitor each session right from the beginning, in cases where sessions are hijacked the IP-address, network, global ID etc. or even suddenly managed over a TeamViewer, we will detect the change that would send the session score much higher. When that happens, your fraudster will be sent to, for example, your main page – no harm, no fault. Not only your website or application is protected, but so is your customer as a fraudster can’t even take over the session after the user login. And the data ReTrust detects on this fraudster will prevent him from trying to commit the same crime on another website. With this knowledge and technology, we believe that we can make the online environment safer and bring down cases of fraud worldwide.