If an online merchant or bank composed a fraud-prevention wish list, it likely would have two important factors right at the top: Confirm the customer is actually who he says he is, and make sure the device he is using to access our website matches his profile and hasn’t been used in previous fraud attempts.
Executives at ThreatMetrix Inc. and TransUnion Corp. must have seen quite a few wish lists with those requests. As a result, the companies have agreed to cross-promote and sell each other’s key fraud-security software, creating a wall of defense that stresses customer and device identification for high-risk, high-volume e-commerce businesses.
“We realized that companies or banks involved in e-commerce want to have a wide range of defense mechanisms to minimize risk, and ThreatMetrix and TransUnion came to the conclusion that it made sense to cross-promote our products,” Bert Rankin, ThreatMetrix vice president of marketing, tells PaymentsSource.
For its part in the collaboration, ThreatMetrix, a San Jose, Calif.-based cybersecurity software provider, added the TransUnion Contact Verification service to its TrustDefender Identity Verification service. At the same time, TransUnion formally launched Device Verification service, its name for the ThreatMetrix software, as part of its Identity Manager program.
ThreatMetrix brings expertise in profiling devices the customer uses to access websites, a fraud-security measure the company strengthened with a recent acquisition of Australia-based TrustDefender (see story).
“A profile of the device helps keep bad transactions out by identifying inconsistencies or even previous fraud attempts,” Rankin says.
The device verification goes a step further in protecting the merchant from fraud attempts by identifying malware in the system of an otherwise “safe” customer, he adds.
“When a legitimate customer comes in, you also have to be certain his device has not been compromised with malware,” Rankin notes. “He could be a good returning customer, but the transaction session can be hijacked if malware is present.”
TransUnion, a Chicago-based credit bureau, provides sufficient data for customer-identification screening, Rankin says.
The TransUnion data helps e-commerce merchants concerned about fraud during high-value purchases or banks when determining whether to accept a new account, Rankin adds.
Merchants and banks using the fraud-prevention software determine their level of risk and establish guidelines to fit their business, Rankin notes. In addition, those clients define the dollar amount of “high-value transactions” as they pertain to their business.
“It makes sense that banks always seek the extra layers of defense because they have a large amount of assets,” Rankin says. “Banks do screening to limit access but also to make sure that once a valid customer is let in, they are who they say they are.”
ThreatMetrix and TransUnion provide fraud protection that represents the “first screen” of many layers, Rankin notes.
When a consumer visits a merchant website and enters the payments page, ThreatMetrix begins profiling the consumer’s computer or mobile device. The “pivotal point” occurs when the consumer hits the “submit” or “pay” button during the transaction, Rankin says.
“That is the time when the merchant has to decide to stop or allow the transaction,” he adds.
Using device- and customer-identification methods, ThreatMetrix provides a “risk score” to the merchant in about a half-second, Rankin says. The merchant, using a “decisioning engine” portion of his online program, receives a profile message that states “low risk,” “high risk–terminate” or “uncertain risk,” meaning the merchant should review the transaction more closely, Rankin adds.
When facing an “uncertain risk” rating on a transaction, the merchant must decide quickly if he sells virtual gift cards or downloadable products because the consumer can download shortly after transaction acceptance, Rankin says.
“The time factor would not be quite as important for shipping physical goods because the order can be reviewed, and the shipping address checked more thoroughly, before the order was sent out,” he suggests.
Julie Conroy McNelley, senior analyst and fraud expert with Boston-based Aite Group, tells PaymentsSource that the partnership provides clients with the most useful information at the time of a transaction.
“The client will know if a repeat customer is suddenly using a device not seen before or if a new customer is using a device associated with previous fraud attempts,” McNelley says.
The ThreatMetrix and TransUnion partnership “recognizes that merchants and banks are looking for multiple layers of fraud security in a seamless manner,” McNelley contends. “If they can do it through one integration point, it is really helpful,” she adds.
Merchants or banks interested in the product through ThreatMetrix or TransUnion estimate the number of transactions accepted in a year to establish their annual fee, Rankin says. “Higher volume would translate to higher fees,” he adds.
ThreatMetrix and TransUnion will sell the software directly and through independent sales organization partners and channels, Rankin says.
Rankin says the collaborative effort will not be affected by the fact that two private equity investors purchased TransUnion on Feb. 17, about two days after the companies announced the fraud-prevention offerings (see story).
What do you think about this? Send us your feedback. Click Here.