"Impossible travel" is a threat detection technique or risk-predicting algorithm that calculates whether sequential login attempts from different locations are realistically too far apart to travel within the defined time period. It evaluates whether the travel time between the current attempt and a previous successful attempt is logically possible.
For example, if you have a detection solution that includes impossible travel and one of your employees signs in to their account from New York and then the same account is accessed from San Francisco 15 minutes later, the session is scored as high-risk and mitigation begins.
In this blog, we'll delve into the mechanics of impossible travel, also known as geo-velocity anomalies, and discuss how Ping's threat protection tools can help businesses keep their identities secure.
A Note on False Positives
Before we get into the nitty-gritty of impossible travel, it’s important to talk about a fundamental concept of risk scoring - false positives. By nature, no single risk detection technique is immune to false positives. That is to say, there is always a margin of error, and one risk predictor alone is not enough to score a session high-risk with absolute certainty. You need more evidence, data, and risk anomalies to detect threats accurately.
Think about risk scoring like your senses: touch, smell, taste, sight, and sound. Through experiencing all those senses together, you know with great certainty where you are and what is happening around you. If you were only to rely on one sense, you could easily be misled. Risk scoring and the associated risk predictors are like each of your senses. Each one evaluates specific data sets – alone, they don’t give you much certainty, but when combined, they work together to tell the full story. Each predictor gathers evidence, and you need a lot of evidence to minimize doubt and false positives and to make the case strong enough to convict.
How Does Impossible Travel Detection Work?
It is easy to explain the concept of impossible travel: you can’t be in two different places simultaneously. But, the work that risk algorithms do in the background to identify this anomaly is more complex. Impossible travel detection and protection is not merely about evaluating login activity. It also includes:
Data aggregation & calculation: Different risk signals, like IP, geolocation, session tokens, device IDs, and behavioral biometrics, are combined to establish baseline “normal” activity. Travel velocity inputs are also used to calculate realistic travel distances based on different timeframes.
Login history evaluation: Machine learning algorithms take real-time aggregated data the minute it’s received and compares recent activity against login timestamps and historical behavior to identify anomalies and impossibilities.
Scoring for mitigation: All risk signals, including the impossible travel predictor, are combined to output an aggregated risk score. That risk score is used to automate mitigation, including:
Invoking multi-factor authentication or identity verification
Flagging the login attempt and alerting the account owner
Alerting the administration
The Risks of Ignoring Threat Detection
Not leveraging a threat detection solution with impossible travel is akin to not buying a smoke alarm: the consequences could be severe. Here's what could happen if your identity systems are compromised:
Personal Data & Identity Theft
If an unauthorized party gains access to a user's account, they obtain all personal information stored there, including contact lists and messages. If the compromised account contains information that could be used for identity theft, the potential for harm is more severe. With enough data, cybercriminals can impersonate users to open new accounts, secure loans, or conduct illegal activities.
Unauthorized users can conduct transactions, make online purchases, and even steal credit card or banking information. Cybercriminals who go unnoticed can gain complete access to your company’s financial information by hacking into your accounting department’s data, for example.
Loss of Business Reputation & Legal Consequences
If a fraud incident is made public, you lose customer trust, harm your reputation, and face significant financial and legal repercussions. By taking real-time threat detection seriously and automating mitigation, you not only protect yourself but also contribute to broader cybersecurity efforts. In the digital world, your first line of defense is being proactive about threat detection.
Additional Insight: Quick Q&A on Impossible Travel
Sophisticated systems use machine learning to adapt to user behavior over time, reducing the rate of false positives. Remember, though, impossible travel anomalies are not reliable enough as a stand-alone evaluation technique. The best threat protection includes multiple risk predictors across a wide array of signals.
Any organization concerned about cybersecurity should consider implementing threat detection that includes impossible travel, especially organizations dealing with sensitive data, such as financial institutions, healthcare providers, and government agencies.
The setup complexity depends on the system you are integrating with. Tools like PingOne Protect are designed to integrate easily with most existing identity systems.
While highly effective, impossible travel detection is not foolproof. False positives can occur, especially if a user is employing VPN services or if there are inaccuracies in geolocation databases. This is why it's usually used as a part of a broader, layered threat detection solution with multiple risk predictors that work together to provide accurate risk scores.
Yes, many systems that use impossible travel detection can trigger immediate actions, such as multi-factor authentication, thereby preventing potential breaches in real-time.
Protect Your Business with PingOne Protect
It's imperative to arm yourself with advanced threat protection solutions that include impossible travel detection. PingOne Protect is like a vigilant, 24/7 security officer, continuously analyzing digital behavioral metrics, login origins, and other risk indicators. It flags any suspicious elements for immediate scrutiny, which is vital in the rapidly evolving cyber threat landscape. Being proactive rather than reactive is not optional – it's imperative for staying ahead of cybercriminals.
Don't Let Impossible Travel Compromise Your Security
Safeguard your digital assets with fraud detection and prevention solutions.