Newsletter Q1 2023

IBM Trusteer Pinpoint

Updated intelligence in the Pinpoint API

Emulator detection

  • mobile_attributes.emulator - The detection mechanism has been updated to include mobile apps that run on an iOS simulator.

Customer-encrypted data

  • mobile_attributes.enc_data - Customers can send a specific set of data that they encrypted with their public key from user devices that use their mobile app. Customers can decrypt the data using their private key.

New transaction intelligence in the Pinpoint API

  • transaction_intelligence.risky_target_country_code - To help customers determine if a transaction is risky, a new field was added to the Pinpoint response that indicates whether the recipient account is in a country that is considered risky.

Efficacy

  • Chrome 100 introduced a significant change to the way the Pinpoint was required to work, namely the deprecation of the user-agent in Chromium-based browsers. IBM Trusteer work hard to ensure that our products are effective and compliant with the latest changes in the browser ecosystem, in this case to use the User-Agent Client Hints API. During the implementation of this change, we made sure that that customers did not experience any degradation of service due to changes in the Chrome browser.
  • We improved support for global device ID requests in proxy integrations, which helps to reduce network errors and failures on the client side and improves our global device ID collection and calculations.
  • We improved support for multi-applications that share a single domain in SPA sites. The improved multi-application indication can allow different policies for separate applications on the same domain.

Feedback

Added the fraud_mo field to the feedback loop API, which enables customers to specify the fraud method when they confirm sessions as fraudulent. When customers add this extra field to the feedback loop API request, it helps to enrich and improve Pinpoint detection capabilities. This change reflects the update to Trustboard in Q4 2022.

Monitoring

Added a monitoring capability to generate an alert when the device ID is not present in the Pinpoint API response.

Security

You can now access the Pinpoint API using JSON Web Tokens (JWT). IBM Trusteer recommend that you access the Pinpoint API using a JWT because it is considered an industry best practice for providing authentication to API servers. Tokens are more scalable, efficient, and enhance the overall system performance by removing the difficulties in managing certificates. Web tokens can also be used across multiple servers and can provide authentication for multiple websites and applications.

For more information about how to set up and use a JWT to access the Pinpoint API, see Accessing the Pinpoint API.

IBM Trusteer Mobile SDK

Release of IBM Trusteer Mobile SDK 5.7.

In this release, we made the following enhancements to Mobile SDK:

  • Improvements to device ID persistency to help to keep track of user devices even after reinstallation of the app without requiring extra permissions.
  • Security improvements - Updated Mobile SDK to use OpenSSL 3 and improved the obfuscation of the iOS APIs.
  • Several performance and stability improvements.
  • Improvements to the device collection for improved detection capabilities.

For customers that use Mobile SDK with Pinpoint, Mobile SDK can now detect when mobile apps are running on an iOS simulator.

Together with an update to Pinpoint, customers can now encrypt a specific set of user data fields with their public key. The data is sent to Pinpoint and is returned in the Pinpoint API response. Customers can decrypt the fields and use the values in their internal systems.

New attacks (signatures)

Mobile researchers detected and released notifications for the following campaigns:

  • PixPirate - “New Campaign Alert of New RAT Malware PixPirate Targets Customers in Brazil”

Mobile SDK supported platform and versions

  • Mobile SDK 4.9 and above are supported. Older versions are not supported since Sep 2021.

    From 15 June 2023, Mobile SDK 4.9, 5.0, 5.1, and all their minor versions will become unsupported.

    From 1 September 2023, Mobile SDK 5.2, 5.3, and all their minor versions will become unsupported.

    From 23 December 2023, Mobile SDK 5.4 and all its minor versions will become unsupported.

    For more information, see Support Lifecycle.

  • Supported platforms (in supported Mobile SDK versions)

    • iOS - supports iOS 11 and later

    • Android - supports Android 7 and later

  • Supported iOS development environments: Xcode 13.3 or later (aligned with Apple)

  • Supported Android development environments: Android Studio 3.1.1 or later

Trustboard

  • Session status tool - The session status tool is new to Trustboard and it allows customers to test JavaScript collections and provides Pinpoint API information for a given customer session ID. This tool expands the available self-service capabilities for customers and will be gradually rolled out to customers.
  • Device ID blocklisting capabilities - We added the ability to add and remove device IDs from a blocklist. This new feature reduces the time that is required to perform this task and provides customers with extra policy management capabilities.
  • Bulk encrypted user ID decryption - We added a new function to Trustboard that allows customers to upload a list of encrypted user IDs and decrypt them in a batch. This helps Trustboard users to be more efficient in their day-to-day tasks by reducing the amount of manual work that is required when they need to decrypt a large number of encrypted user IDs.