Newsletter Q3 2023

IBM Trusteer Pinpoint

Malware detection

IBM Trusteer Threat Research identified a new malware variant in the Gozi family. The Pinpoint malware detection signatures were updated to generate alerts when this new variant is detected. You can expect to see an increase in malware alerts that reference the Gozi malware depending on your region. See Gozi strikes again, targeting banks, cryptocurrency and more.

Fraud analytics updates

To combat the global increase in fraud that uses Remote Access Tools, IBM Trusteer has developed new capabilities to detect their use using behavioral biometrics. For more information about these new capabilities, see the following post on the Security Intelligence blog: https://securityintelligence.com/posts/remote-access-detection-in-2023-unmasking-invisible-fraud/.

New risk reason

To work in parallel with the target account blocklist feature that was added to Trustboard, we added a new reason code, 89, to be returned when a transaction is made to an account that is included in the customer blocklist. To use the target account blocklist, you must send transaction data to Pinpoint.

General improvements

We enhanced the policy assessment coverage to provide an assessment for accounts with a large number of sessions. If there was an extreme amount of data that is not typical for most users, to maintain cluster stability, Pinpoint performs a partial assessment and provides details in the Pinpoint API response. See Assessment Status Parameters.

Pinpoint Assure

Improve the efficacy of the Pinpoint Assure policy for existing clients and reduce time to value for new Pinpoint Assure deployments. The Pinpoint Assure policy was enhanced to increase the detection synergy between Pinpoint Assure and Pinpoint Detect. The enhanced Pinpoint Assure policy leverages the Pinpoint Detect consortium data and fraud-related attribute insights in the Pinpoint Assure policy detection. In addition, we created new insights in Pinpoint Assure to automatically identify fraud-related attributes based on customer feedback.

IBM Trusteer Mobile SDK

Release of IBM Trusteer Mobile SDK 5.8.

In this release, we made the following enhancements to Mobile SDK:

Behavioral biometrics

  • For customers that use the Pinpoint API, it is no longer required to set the PUID using the TasSetPUID API; however, you must send the PUID through the Pinpoint API. In addition, the configuration now controls the activation of the feature instead of the license.
  • General performance improvements and optimizations

Emulator detection on iOS

To improve risk detection on iOS devices, we added a risk item to detect whether the app is running in an emulator. The new risk item is automatically calculated.

License updates

Updated the license infrastructure to ease your app deployment. As part of this change, the configuration now controls several items that previously required an update to the license. Therefore, if you want to change which features are enabled in your deployment, you no longer need to request a new license file from IBM Trusteer.

New data collection

In this release, we added several new data collections:

  • Social engineering - call in progress and remote access tool improvements
  • Authentication
  • Device risk indicators

General improvements

Documentation - to improve the ease of use of the documentation and improve customer satisfaction with the content, we made several changes during the Mobile SDK 5.8 release cycle:

  • Update table of contents with updated titles and removing obsolete content.
  • Updates to provide extra details about the Mobile SDK flow with Pinpoint.
  • Addition of the Mobile SDK and Mobile SDK-S reference to the customer content.

Mobile SDK supported platform and versions

  • Mobile SDK 5.4 and above are supported. Older versions are not supported since Sep 2023.

    From 23 December 2023, Mobile SDK 5.4 and all its minor versions will become unsupported.

    From 7 March 2024, Mobile SDK 5.5 and all its minor versions will become unsupported.

    For more information, see Support Lifecycle.

  • Supported platforms (in supported Mobile SDK versions)

    • iOS - supports iOS 13 and later

    • Android - supports Android 8 and later

  • Supported iOS development environments: Xcode 13.3 or later (aligned with Apple)

  • Supported Android development environments: Android Studio 3.1.1 or later

Trustboard

  • Target account blocklist - Added the ability to blocklist target accounts as part of self-service policy management. Accounts that are included in the blocklist are treated as fraudulent in Trustboard. When an account in the blocklist is seen in subsequent sessions, you can take action based on your internal organization requirements; for example, block the transaction, require step-up authentication, and so on.

    To use the target account blocklist, you must send transaction data to Pinpoint.

  • TMA sunset - IBM Trusteer will sunset the Trusteer Management Application (TMA) worldwide, excluding Japan, on 7 January 2024. TMA will be sunset for Japanese customers on 14 January 2024. During Q3 2023, we have started to migrate some of the TMA functions to Trustboard.

    • Phishing reports - You can view reports with the detected phishing URLs, the redirection events after users visit a phishing URL, and submit phishing URLs to IBM Trusteer for review.

    • Mobile new account affiliation report - The report shows the number of accounts that were accessed from a device through the mobile channel. A new account affiliation indication occurs when a customer logs in to an account for the first time from a specific mobile device.

  • Marketing name - Added the marketing name column to display what specific mobile device the session was generated with.