Newsletter Q2 2025

Updated intelligence in the Pinpoint API

We've enhanced the Pinpoint API response with insights related to the user behavior identified in the session and insights related to detecting scams.

• In release 26 of the Pinpoint API, we updated several sections of the API response.
  • account_behavioral_patterns - A new section in the response that represents behavioral insights for the account (user) for the session. For example, the first time the account was accessed in general, from the online channel, or from the mobile channel as well as the number of accesses. For more information, see Account Behavioral Patterns.
  • risk_indicators.infections - To help better identify mobile malware, the API response contains two new fields, app and package. See Risk Indicators.
  • pinpoint_assessment.device_intelligence - To help to identify dormant devices and to distinguish between social engineering attacks and account takeover attempts, the API response contains two new fields, previous_seen_in_account and device_age. See Device Intelligence.
  • device_data.mobile_attributes - To help to identify social engineering attacks, the API response contains a new field call_direction. See Device Data - Mobile Attributes.
• Transaction types

  transaction_type - To make sure that the correct policy runs for each transaction that you send, we added a set of recommended values that you can use for each transaction. see 'data' or 'l_data' Parameters.

Ease of deployment

The elastic snippet is the next generation for snippet deployment, which enables you to expand your web application protection coverage while significantly reducing the deployment costs and efforts.

Using the elastic snippet simplifies the web development and maintenance with the following features:

• One snippet for all pages in your deployment
• The elastic snippet is resistant to page changes
• No requirement for the unified callback function
• Uses an auto-generated CSID

For more information, see Elastic Snippet.

Detection enhancements

In this quarter we included several new behavioral biometric risk reasons.

These new risk reasons, enhance the explainability of the risk policy outcome by increasing the granularity of existing risk reasons and adding more details regarding the detected risk in the session. The new risk reasons help you to take more accurate actions on the suspicious sessions.

• 26 - The user's OLB account was accessed using a device while screen capture activity was in progress.
• 27 - The user's OLB account was accessed using a new device following an access when there was a call in progress, which is indicative of an account takeover attempt as part of social engineering.
• 36 - The user's OLB account is considered as a new account based on Pinpoint sessions for the account and was accessed to make a transaction.
• 37 - The user's OLB account was accessed after an alert was generated and is pending confirmation by the bank.
• 38 - The user's OLB account was accessed using a new desktop device using an abnormal keystroke pattern.
• 39 - The user's OLB account was accessed using an established desktop device using an abnormal keystroke pattern.
• 42 - A behavioral anomaly was detected in the user's OLB account based on previously learned behavioral data, which is indicative of social engineering.
• 60 - A behavioral anomaly was detected in the user's OLB account based on previously learned behavioral data such as keystroke and mouse movement analysis, which is indicative of the use of a remote access tool.
• 65 - The user's OLB account was used to make a transaction using a mobile device while a call was in progress, which is indicative of social engineering.
• 80 - The user's OLB account was accessed using a mobile device that is suspected to be remotely controlled by another device.

For more information, see Pinpoint Reason Reference.

Reliability

To mitigate timing issues when using the unified callback function, Pinpoint was updated so that the function can be called with a delay.

Mobile SDK supported platform and versions

• Mobile SDK 5.8 and later are supported.

  From 24 November 2025, Mobile SDK 5.8 and all its minor versions will become unsupported.

  From 24 December 2025, Mobile SDK 5.9 and all its minor versions will become unsupported.

  For more information, see Support Lifecycle.

• Supported platforms (in supported Mobile SDK versions)
  • iOS - supports iOS 15 and later. From Mobile SDK 5.11, Mobile SDK will not compile your app for iOS 9 or earlier.
  • Android - supports Android 10 and later
• Supported iOS development environments: Xcode 15.4 or later (aligned with Apple)
• Supported Android development environments: Android Studio 3.1.1 or later