SafetyDetectives spoke with Gustavo Monteiro, managing director of AllowMe, about detecting suspicious network behavior, some of the worst cyberthreats he’s seen, tips for how to prevent hackers from accessing a private network, and more.
Can you tell me a little bit about your background and your role at AllowMe?
I have a Bachelor’s degree in Computer Science. I joined Tempest in 2005, when it was still a small company, as an intern, and since then, I have held numerous positions – with a hiatus between 2010 and 2012, when I decided to leave Tempest in order to start my own startup.
I eventually returned to the company. From 2013 to 2016, I held several positions until I started to work fully focused on the creation of AllowMe. I grew professionally as the product evolved. We’ve grown so much that in 2020 we became an independent business unit.
Now I am the managing director of AllowMe, a business unit of Tempest, which has become the largest cybersecurity company in Brazil.
While Tempest mainly works in the cybersecurity area, with a portfolio of services and technologies focused on companies that need to protect their operations, AllowMe is a SaaS platform focused on digital identity protection, preventing fraud, and enabling businesses.
What are some of AllowMe’s main services?
AllowMe is a platform focused on fraud prevention and digital identity protection, with expertise in analyzing device usage context and user behavior. AllowMe offers a complete and customizable solution, allowing businesses to identify and manage fraud attempts at every stage of a user’s journey, from registering on a website or application to completing a transaction or purchase.
The primary layer of our solution is focused on what we call Contextual Analysis. Based on the user’s device context, AllowMe is able to evaluate the risk of fraud in a transaction in order to not negatively impact the experience of legitimate users while at the same time separating potentially fraudulent users.
This is our first step in the fraud prevention process. Filtering the good from the bad user, avoiding activating further unnecessary authentication steps, making the end-user experience more fluid, reducing overall operation costs, and contributing to the conversion of more businesses.
In addition to Contextual Analysis, we also have AllowMe Bio and Multiple Factor Authentication (MFA) – both resources for digital identity validation. AllowMe Bio is an enhancement of conventional facial biometrics precisely because of its combination with device analysis. Most common, multi-factor authentication can be done through voice calls, app OTP, email, or SMS.
How do you detect suspicious behavior, and what are the next steps if you find a client’s network is compromised?
The device analysis is at the core of AllowMe’s analysis engine. AllowMe can map and analyze hundreds of device variables, whether it is mobile or desktop, as well as identify any changes in user navigation patterns.
Consider, for example, a user accessing his checking account via an application. Is the cell phone he uses already registered? Is the usual wi-fi network you are connected to? Does your geolocation match your routes? Do the number of transactions and the speed at which they happen seem to match your usual transactions? These and dozens of other questions are asked by the platform and answered automatically in milliseconds. Once changes in pre-existing patterns are identified, we are able to trigger a new layer of validation – such as facial biometrics and/or MFA.
At the end of this verification, we assign a score to this transaction that indicates its degree of reliability and share it with our customer – in this case, the digital bank. However, the cutoff score is the responsibility of the customer. For some businesses, a specific change, a single suspicious behavior, is enough to block that transaction. For others, there is greater flexibility. This varies greatly from business to business and the risk appetite of that company.
Moreover, if we confirm that a particular device was involved in fraud, we mark it as compromised, feeding our Network Effect. Going back to the example above, let’s suppose we can confirm that the device used was not one of the usually used by the user, and, by triggering a facial biometrics, we confirm that it was a fraudster. This phone will not only be blocked for any transaction with that digital bank but with all our customers. If that fraudster tries to access a health insurance app through the same device, they will immediately be identified as potentially fraudulent.
What are some of the worst cyberthreats you’ve come across, and how do you help prevent them?
AllowMe works primarily on fraud prevention and the protection of digital identities. Among the main fraud attempts we face daily, there is the account takeover, in which the fraudster manages to take over a victim’s account, modifying the login data, thereby having a free way to make various transactions. To carry out the fraud, the criminal uses techniques such as phishing, social engineering, and malicious software over leaked data or brute force attacks that quickly discover fragile passwords.
Another scam that AllowMe prevents and detects is the creation of mule accounts. Fraudsters use leaked data such as CPF (the equivalent of SSN in the United States), photos, and addresses to create a registration using third parties information, usually in financial institutions, in order to apply for loans or issue credit cards. In these cases, the victim only becomes aware that he had an account opened in his name months later when he receives charges he is unaware of.
Quite similar to the fake account is the synthetic identity scam, which has also been growing in recent years. In this case, however, the fraudster combines true and false information to create records from a new identity and waits a few months to start making transactions – in an attempt to make your profile more reliable.
Cybercriminals often bet on the synthetic identity to apply financial scams, open accounts in digital banks, practice promotion abuse, receive cashback, and promote fake ads, among other actions.
Although complex, AllowMe manages to prevent and detect these three types of fraud (as well as many other threats) by combining device analysis with layered protection. Another difference is that the security and fraud prevention flow is customizable – built according to the client’s business model, segment, and risk appetite.
What are the challenges in creating secure mobile apps for businesses?
We often say that ensuring zero fraud to a digital business without jeopardizing its financial sustainability is impossible. Enforcing fraud prevention tools to each access or interaction of a user would make their experience on the journey poor, and full of friction. That is, it would most likely to prevent the action of most fraudsters, it is true, but it would also drive away good consumers. Our biggest challenge is, therefore, to ensure the security and protection of users’ digital identities without jeopardizing the experience they have in these journeys.
How can the average user prevent hackers from gaining access to their computer or network?
Cyber threats have always been a very present reality in the daily lives of Brazilian companies and citizens. Criminals take advantage in many cases due to system vulnerabilities to attack them, invading their networks and capturing user data. However, the failures are not limited to virtual environments. Human errors can also compromise sensitive structures and information, and social engineering can be at the root of all this trouble.
In the context of fraud, it is urgent that every citizen seek an education focused on digital security, as many of the current scams are only carried out thanks to the lack of knowledge on the part of users. Generally, fraudulent approaches occur through phishing techniques, actions in which criminals use false information to convince victims to share data or perform a certain action.
In Brazil, for example, it has been common to approach users via WhatsApp. There are criminals who offer a job vacancy that does not exist at extremely attractive conditions from a financial point of view. In most of these cases, criminals request some personal data and then ask the “candidate” to download an application from which they will supposedly be able to monetize. No wonder these apps are out of official stores – Google Play and Apple Store – precisely because they have a series of vulnerabilities that can expose the user.
More broadly, it is worth saying that every message with links should be viewed with distrust by the user. If he receives a huge proposal that seems too interesting, an easy recipe to make money, this distrust must be even greater, even if the message comes from one of his contacts. That person may have had their WhatsApp either cloned or compromised. Paying attention to all the points highlighted above is essential to ensure your digital security.