Facebook Becomes a Security Guard for WePay
Facebook Connect is an increasingly prevalent way for Internet users to skip registration for other websites by using their Facebook credentials instead — and to WePay, it's also a tool for fighting payment fraud.
WePay, which enables mostly smaller merchants to accept payments, has developed Veda, a fraud prevention tool that leverages Facebook Connect and the other social media sites. WePay uses Veda to vet its own clients.
"Social data can validate that the merchant is who they say they are," says Bill Clerico, CEO of WePay. "You can buy an [identity] on the black market, but it's harder to get [a social media profile] that correlates with that fake data."
Fraudsters typically sign up for a merchant account that is using a fake or assumed identity—then "pay themselves" with a stolen credit card.
"The original owners of the credit card get charged on the statement," Clerico says. The consumer cardholder gets reimbursed for those losses, but the fraudster can get away with the cash, leaving WePay caught in the middle.
WePay also makes Veda available to programmers that use its technology to build payment applications.
WePay uses information from Facebook, Twitter and Yelp, as well as technology such as pattern recognition and cross referencing, to analyze five pieces of data—first name, last name, name of business, email address and phone number. That's fewer than the 20 or so traits that are typically part of setting up an online merchant payment account, but Clerico says the five data fields are portals to a wealth of information that can inform fraud and ID risk.
"They are pieces of information that allow us to mine the social Web. For example, with an email address you can find out a lot about someone. You can access their social profile on Facebook, or Twitter, or other networks," Clerico says.
WePay offers Facebook Connect as registration option. If the user does not opt for Facebook Connect, WePay will direct them to another social network such as Yelp, or will requires a broader set of information to perform ID verification.
"We can access all publicly available information," Clerico says. "The merchant doesn't have to have a social media presence, but it does speed the process."
WePay is focused on merchants that need to accept card card-not-present sales instead of relying on mobile card-reading attachments. WePay is also expanding its ability to facilitate remote invoicing via mobile devices. Square and PayPal, WePay's primary competitors, did not return requests for comment by deadline. Revel, another point of sale acceptance company, is using photo ID technology to combat payments fraud.
Among other companies, Signifyd, a security firm that serves online businesses, builds social networking data into the scores that provide risk assessments, says Julie Conroy, a research director for Aite Group. "Square does something similar in its underwriting, leveraging Yelp, Facebook and others to help validate the micro-business," Conroy says.
Veda, which Clerico says improved fraud detection by 300 percent in preliminary testing, is being publicly introduced as the expansion of mobile commerce and remote payments heightens ID fraud risk.
"To stop and prevent online fraud requires new sophisticated tools that relies on both online and traditional data sources," says Phil Philliou, a payments consultant. "WePay should have no trouble finding online merchants and processors eager to test their solution."