Deduce Intelligent MFA
Deduce risk signals reduce false positive MFA challenges by >50%
Dedicated to democratizing risk and fraud technologies, Deduce prevents consumer-facing Account Takeover (ATO) and registration fraud via the constantly growing Deduce Identity Network—the largest real-time identity graph across cyber risk and fraud in the U.S. today with over 400M profiles and in excess of 1.2B daily activities. Honors and awards include 2021 Fortress Cyber Security, Global InfoSec, and silver Edison Awards, as well as spotlights from Fast Company, Artificial Intelligence Excellence, and more. To learn more, please visit Deduce.com.
Augment your risk model to reduce false positive MFA challenges by using Deduce risk signals including; new IP, new device, new email, hosted IP cycling, proxy server, impossible travel, malicious activity and suspicious activity.
Reduce False Positive MFA
False positive MFA challenges to legitimate customers causes friction, frustration and can lead to churn. Inform every MFA challenge in real-time using the collective intelligence derived from the Deduce Identity Network and reduce false positive MFA challenges by more than 50%.
More accurately identify fraud
ATO and new account creation fraud has risen 67% since the beginning of COVID as consumers turn to online services such as banking, retail, food delivery and entertainment. Tap into the power of the US's largest, independent identity network to stop fraud dead in its tracks.
Deduce ingests real-time activity data from over 150,000 websites, analyzes over 1.2B daily events (logins, checkouts, account creations etc.), and has collected historical telemetry data from over 400M U.S. identity profiles, to establish patterns of behavior across devices, networks, geographies, activities , and accounts for users. Applying machine learning techniques to the largest, independent identity graph in the U.S. allows Deduce to build associations between live user activity data in real time, to determine patterns of behavior to support or defend against suspicious activity..
This guide details how to use the Deduce Insights API at account login and elsewhere in the User Flow in combination with Auth0, to enable Intelligent MFA. Deduce Insights can be configurable to augment existing risk and trust signals to more accurately determine when to MFA challenge a login attempt and reduce false positive MFA challenges that add friction to legitimate users, lead to negative brand impressions and may result in churn.
- An Auth0 account and tenant. Sign up for free here.
- An API Key and a Site ID. Reach out to firstname.lastname@example.org to receive those.
- A tenant with MFA enabled.
Add the Auth0 Action
- Select Add Integration (at the top of this page).
- Read the necessary access requirements and click Continue.
- Configure the integration using the following fields:
|Site ID||Site ID is provided by Deduce during on-boarding.||abc123|
|API Key||API key is provided by Deduce during on-boarding.||abcdef1234|
|Test Mode||Enable Test Mode so no user flow decisions are made. (Read more below.)||Enable/Disable|
|Risk Signals||Enable signals individually based on your organizational security posture. (Read more below.)||Enable/Disable|
- Click Create to add the integration to your Library.
- Click the Add to flow link on the pop-up that appears.
- Drag the Action into the desired location in the flow.
- Click Apply Changes.
Configuring the Action
The Deduce Intelligent MFA Action can be added without any decision action. In Test Mode Deduce can observe the API requests, but the action won't act on the user flow. Your Deduce account representative can review with you findings from the observations of the API requests.
To enable Test Mode, in the configuration section, select "Enable" in the Test Mode dropdown. This will result in Auth0 User data being sent to the API, but no action taken.
In order to allow Deduce Intelligent MFA decisioning to impact the user flow, Test Mode must be disabled. To disable Test Mode, in the configuration section, select "Disable" in the Test Mode dropdown. Based on your organization's security posture, toggle Enable or Disable for each of the Deduce Insights Risk Signals available on the Configuration page.
Enable indicates users will by challenged with MFA if the Deduce Insights API returns a match for an Enabled Risk Signal.
Disable indicates users will not be challenged will be bypassed even if those signals are returned for the user.
|ACTIVITY_NEW_IP||Is this IP new to this identity?|
|ACTIVITY_NEW_DEVICE||Is this a new device for this identity?|
|ACTIVITY_SUSPICIOUS_TIMEOFDAY||Is this time of day not normal or suspicious for this identity?|
|RISK_IMPOSSIBLE_TRAVEL||Would it be impossible for a user to travel to a new location from the last known location in the given time-frame?|
|RISK_IP_ACCOUNT_CYCLING||Has this IP frequently cycled over many different accounts?|
|RISK_IP_MALICIOUS_ACTIVITY||Malicious activity observed for this IP across our network|
|NETWORK_PROXY||Is this identity using a malicious proxy?|
|NETWORK_HOSTING||Is this identity using a hosted network?|
If none of the signals are enabled, then effectively, MFA will be bypassed. Since the Deduce Risk signals can be enabled or disabled individually this allows you to tailor this action to your organization's security posture without any code changes. Connect with your Deduce technical account representative or email@example.com to discuss further.
If you have any questions, please reach out to firstname.lastname@example.org