About HID Risk Management Solution (RMS)

The HID Risk Management Solution (RMS) is a comprehensive approach to safeguarding online banking channels and empowering organizations to effectively identify, assess, mitigate, and monitor risks. This solution offers a holistic defense against fraud, ensuring a secure and trustworthy digital experience for banks and financial institutions.

Key Concepts of HID RMS

  • Multi-dimensional Device Identification/Profiling: Uses risk profiles to determine if the behavior of the device/user fits known criteria and assess the associated risks of a transaction.

  • Risk Score and Adaptive Versatile Authentication: Adapts the level of authentication required for a given transaction based on the determined risks.

Layers of HID RMS

  • Proactive Focus: Early Warning and Threat Detection - Detects and stops fraud before it happens by examining and verifying all data displayed in a web browser and the data concealed in the application code.

  • Preventive Focus: Know Your Users - Utilizes behavioral intelligence and advanced device identification to verify user identities passively.

  • Predictive Focus: Transaction Risk Analysis - Monitors and scores all transactions to make informed decisions on flagging and stopping fraudulent payments and other transaction attempts.

  • Part of a Complete Portfolio Focus: Enhanced Risk-Based Authentication - Part of HID’s comprehensive portfolio of robust consumer authentication solutions for a seamless end-to-end journey.

Engines of HID RMS

  • Threat Engine: Detects cyber threats and tracks Device ID.

  • Anomaly Engine: Monitors the details of transactions.

  • Behavioral Engine: Creates a behavioral profile (keyboard, mouse, swipe behavior, etc.) of users.

HID RMS for Mobile

Provides mobile application developers with iOS and Android-specific libraries that leverage the HID Risk Management Solution for detecting fraud originating from mobile devices in real-time.

Rule Engine

The Rule Engine (RE) in RMS is a system of control over the bank's security and business needs, allowing the bank to react to actual situations by applying/changing rules on demand.

  • Managing Rules: Rules can be active or inactive, and actions such as deactivating, deleting, or reviewing rules are possible.

  • Creating Rules: RE can be used to create cases, which can be investigated in the Case Management (CM) views.

  • Graph Editor: Used to edit actions and create cases based on alerts.

  • Rule Engine Grammar: Defines the syntax for creating rules.

User Management

  • User Roles and Permissions: Different roles such as Auditor, Bank Analyst, Bank Admin, TM Analyst, and TM Admin have specific permissions and responsibilities.

  • Creating a New User: Only a Bank Admin or TM Admin can manage users accessing the RMS Panel.

Key Benefits of HID RMS

  • Comprehensive Fraud Detection: Built on a unique, multilayered defense approach that focuses on early warning and detection capabilities, knowing your customers, and transaction risk analysis in combination with HID’s robust portfolio of consumer authentication solutions.

  • Compatibility: Works on all devices across all channels through one integrated analytical engine.

  • Customization: Fully customizable to fit business needs and policies with a graphical editor and robust rule engine.

  • Modular Architecture: Can be used as a primary anti-fraud solution or as an addition to existing fraud management, effectively filling gaps in fraud and cyber threat protection layers.

  • Real-World Use Case Solutions: Effectively addresses real-world fraud scenarios, providing practical solutions to account takeover, authorized push payments scams, bot attacks, and more.

  • Risk-Based Authentication: Provides strong customer authentication (SCA) when paired with HID Authentication Service, offering best-in-class, risk-based authentication.

  • Fast Implementation: Quick proof of concept with real-time responses, ensuring rapid time to value.

  • Zero Impact: No impact on customer infrastructure; can augment existing fraud solutions deployed by the customer.

  • Cost-Effectiveness: Enriches data consumed by other fraud tools, reducing friction and costs.

Key Use Cases

  • Account Takeover: Detects suspicious activity related to account takeover attempts using device location, biometrics, and continuous user profiling.

  • Authorized Push Payment Scams: Identifies suspicious activity and behavior related to authorized push payment scams by monitoring factors such as active call sessions, session lengths, and unusual customer behavior.

  • Anti-Bot Measures: Differentiates between human and bot actions, stopping automated and brute force attacks.

  • Social Engineering Scams: Leverages a combination of data points such as session length, active call, accelerometer, gyroscope, geolocation, etc., to determine a risk score and accurately tag social engineering attacks.

  • Mobile Banking Threats: Safeguards mobile channels and devices against potential targeting and breaches by identifying indicators like jailbroken devices, malware presence, remote access attempts, app misusage, emulator detection, and numerous other factors in real-time.

  • PSD2 Compliance: Designed with PSD2 requirements in mind, addressing transaction monitoring, transaction risk analysis, and secure authentication of requests initiating from third-party providers.