ThreatMetrix Approach: Prevent Fraud While Protecting Customer Privacy

ThreatMetrix (see previous CloudAve coverage), Los Altos, CA based vendor offering online fraud protection, today announced a new release that helps businesses prevent online fraud while protecting the customer privacy without the use of cookies or cookie equivalents like local stored objects. With this move, ThreatMetrix is clearly sending a message to companies that using cookies or similar techniques is not just an outdated approach but also risky for their customers’ privacy.

Who is ThreatMetix?

ThreatMetrix is a fast growing company that offers online fraud prevention solutions without requiring personally identifiable information. They offer low cost SaaS solution with powerful features like real time risk scoring. They have more than 250 customers on board. With ThreatMetrix SaaS based solutions, businesses can get up and running with fraud prevention tools in hours rather than weeks or months.

As I mentioned in my previous post about ThreatMetrix, their fraud network operates at three different levels

It authorizes payment transactions securely in real time, thereby avoiding large scale chargebacks, incorrect credit declines, etc.. ThreatMetrix offers the transaction protection by accessing the risk of the user, the device used, transaction data and historical contextual information to validate each transaction
It verifies new account creation and reduces loss and also large scale abandonment of accounts
It offers superior authentication of account logins by detecting problems at the device level and protect against fraudulent access in real time

In short, they offer superior fraud detection solution without needing any paranoid security measures from the website owners’ side.

What is important in the new release?

The new release incorporates a technology called ThreatMetrix SmartID which is responsible for stopping online fraud while protecting the customer privacy without the use of cookies and cookie like objects. Instead it allows businesses to detect returning visitors to their website based on the attributes of the device – be it a smartphone, personal or tablet computer – without using any cookie information and has improved rules to use this information to detect spoofed devices and IP addresses as well as sniff out botnets.

There are many reasons to move away from cookie based approach to fraud prevention

First and foremost, fraudsters can now easily delete cookies, thereby, escaping the cookie based detection techniques
Cookie based approach to tracking is old fashioned now and it is slowly losing steam. Customers are well informed and they take steps to delete cookies at regular intervals. Even flash based cookies are meaningless because they are also getting deleted regularly with other cookies. Apple mobile devices don’t support flash and Android devices like Droid have strict settings for browser and flash cookies. Clearly, cookies are slowly losing relevance and, hence, fraud detection technologies should also move away from cookies

Unlike the previous fingerprinting solutions, this new release from ThreatMetrix makes use of sophisticated device identification and real-time intelligent matching and confidence scoring techniques for fingerprinting. This greatly enhances the solution by authenticating the customers across PCs and smartphones without false positives.

This new version also has the following features, mostly targeted at financial institutions

20+ additional device attributes and anomaly flags to detect suspicious device configurations to protect banks and their customers
Integrated policy configuration and transaction analysis across the customer acquisition lifecycle including account origination, login authentication, and transaction authorization. Ideal for banks, credit card and payment brands
Customer configurable risk scoring and reason codes based on recognized fraudulent behavior across the ThreatMetrix Fraud Network

Clearly, they are moving aggressively to handle the needs of fraud prevention in this increasingly online world with a wide array of devices connecting to internet through different types of networks including mobile data networks. Any business with higher levels of interactions with their customer through their website should consider a solution like this.