Create a smooth and safe login experience.
Device-based two-factor authentication (2FA) secures consumer accounts without sacrificing their experience. Augment or replace passwords by recognizing authorized devices.
Stop account takeover (ATO).
Stolen passwords are no longer enough to compromise an account. Our device-based authentication technology identifies both authorized and high-risk devices. Trust that every login is secure.
Avoid unnecessary challenges.
Add two-factor authentication to every login without the cost or poor consumer experience of one-time passwords (OTP). Configure your acceptable risk threshold and bypass step-ups when you know a device is trustworthy.
Here’s how ClearKey works.
ClearKey allows you to register your consumers’ known safe devices to their accounts. Every time a consumer logs in, check if the device is authorized for that account or exhibits risk signals such as geolocation anomalies, data inconsistencies, anonymizing proxies, TOR networks, and other evasion methods.
Still using passwords? Strengthen security using a customer’s device as a transparent, two-factor mode of authentication.
Device Registration Check
Authenticate consumers by confirming the device they are using is authorized for their account.
Choose Trusted Devices
Consumers choose which devices they want linked to their accounts. For example, avoid registering public or shared devices.
Unpair Lost or Stolen Devices
Unpair lost, stolen or retired devices from a consumer’s account with one click, eliminating the need to reset an account.
Device Change Tolerance
Device changes don’t phase us. All devices change over time. We use fuzzy logic technology to recognize the difference between normal and risky.
Minimal Data Collection
Recognize and register devices without the need to collect and store directly-identifying personal information.
Proof of performance.
Toby Celeski Business Data Analyst III
Password-based attacks such as credential stuffing aren't much of a concern. We know fraudsters aren't getting around ClearKey at login.
Here’s what you get with ClearKey Device-Based Two-Factor Authentication.
Our customer success team is ready to help you quickly integrate and configure ClearKey two-factor authentication to meet your needs.
- Don’t redesign a thing: It’s easy to add ClearKey to your existing login process.
- Authenticate in real time: In about 100ms we are able to recognize a device, check if it's authorized for an account and check for risk signals.
- 99.9% uptime: Our distributed SaaS infrastructure supports some of the largest transaction volumes in the fraud prevention business.
- World-class fraud and ATO experts: Add our trusted fraud advisors to your team. Our customer success team partners with you to solve your unique business challenges and adapt to an ever-changing fraud environment.
- Equipped for success: We provide continued training on new features and functionality through our help portal, eLearning webinars and our active user community.
Questions? We have answers.
Can you deploy ClearKey as the sole method of authentication?
Yes, ClearKey can be deployed as the sole method of authentication. ClearKey provides a solid method of authenticating users that is most often deployed within an existing authentication process as a second, transparent factor for additional assurance without adding customer friction. ClearKey is typically employed at login, but you can also employ it at checkout or post-login for assurance at any point in the customer online journey.
Does ClearKey decide which transactions are allowed or denied?
No, ClearKey simply checks to see if the consumer device in use has authorized to the account they are logging into. ClearKey will examine the device and account pairing and return a status of Match, No Match, or None Registered. The Match status will also tell you the amount of change (None, Low, Medium) according to your specified tolerances. Then your system can decide whether to allow the transaction, deny it, or forward it for step-up authentication.
What is a device fingerprint and how does ClearKey use it?
When you register a device, or check for registration, your system calls our service via API. We use a unique multi-layered and pattern-matching approach to device recognition which yields high accuracy. We collect over 100 device attributes such as OS version, screen resolution, and others. We then match not only individual attributes, but groupings of attributes, and apply fuzzy matching algorithms that allow for certain device attributes that logically change over time. The device fingerprint checks for risk signals and whether the device matches any devices that are registered to the account.
What is ClearKey’s device capture rate?
Capture rate is determined by our ability to collect the attributes needed for us to recognize or identify the device. Our capture rate exceeds 98% which means that we capture those attributes 98% of the time. Our high capture rate is due to our multi-domain recognition (MDR) capability. With MDR we capture those attributes even when 3rd party script is being blocked.
As with all security technology, no solution is 100% effective at recognizing devices. And fraudsters often employ tactics in an attempt to evade detection. That’s why evasion detection is an equally important component of our strategy for recognizing devices. We use technologies like IP proxy piercing, VM and emulator detection, and checks for device data integrity, among others, to find evidence of fraudsters attempting to defeat recognition technology.