Stopping Fraud in Real Time

Posted February 22, 2018

In this episode Armen is joined by Dan Welch, SVP of Global Services at ThreatMetrix. They discuss the importance of proactively preventing fraud.


Armen:   Hello, this Armen Najarian, host of Digital Identity 360, and I’m here today with Dan Welch, who heads up professional services at ThreatMetrix. Dan, welcome to the show.

Dan:   Thank you, Armen.

Armen:   Great, great. We’re gonna do something a little bit different today. We’ve spent a lot of great time in some of the earlier episodes, Dan, talking about, what is digital identity? And sort of getting into the depths of the technology and even some of the use cases and some of the value, but what we haven’t spent time on on this program, is really sort of the customer end of customer success, and what does a successful implementation look like, what are the organizational constructs that we’ve seen with visibility within the client end that sort of sustains a successful implementation? So I think there’s a lot there that I’d love to unpack in this episode, and what better person than you to dive deep into the subject. You ready to go?

Dan:   I’m ready. Let’s go.

Armen:   Alright. Good, good. Let’s just start at the end, right? When you think about the best reference examples, and again, you don’t have to name names, to protect the innocent, but when you think about the best examples, or even example of just a customer that’s taken a digital identity implementation to bright, and has sort of all the dials turned on the right leaders involved in the organization, the right levels of visibility, what does that look like? What have you observed?

Dan:   Well, I definitely see different types of customers in our portfolio from those who almost treat it like a “fire and forget” … to use a military term … missile. They say, “I’m gonna craft a rule set to reduce fraud and reduce friction, and then just let it sit, because it’s working and I’m gonna go on and do and work on other projects now.” Versus customers who have a continuous improvement sort of paradigm, where they’re constantly looking at, what new features have we come out with? How can we introduce those features in our product? How we can broaden the use of ThreatMetrix across a wider swathe of their website, so that they can effectively create maybe concentric rings of elevated security until they get to those very key events that need to be protected. So I would say those customers that have this continuous improvement philosophy tend to be the ones that take training, tend to be the ones that incorporate new features, tend to be the ones that notice new fraud incidents occurring in the data.

Armen:   Yeah. So when you think about the leaders that you interact with on the customer end, generally speaking, what level of leader, what roles are you seeing that have the wherewithal to carry the torch organizationally and sort of elevate the concept of digital identity higher up in the organization?

Dan:   Well, certainly people that worry about risk and fraud at the executive level have to be signed into the process. It’s like anything else in engineering. You’ll have the VP of engineering setting the vision for a company and the programmers maybe actually writing the code. In our paradigm it would be fraud data analysts and those types of people writing rules to help eliminate fraud or to increase the confidence of digital identity, but the executives need to have a vision as well and need to be involved. We do things like quarterly business reviews with our customers, and frequently, very senior executives are in the room. I had one recently say, “I thought this was gonna be another boring vendor meeting and you just demonstrated that I could save six million dollars if I implemented your recommendation.”

Armen:   That’s a big enough number to catch some people’s attention, yeah.

Dan:   I’m sure he claimed credit for it.

Armen:   Well, of course. Yes. Wouldn’t we all? That’s great. Clearly, just from where we sit at ThreatMetrix, I think the industry, this concept of digital identity and certainly the use cases around stopping fraud, removing friction from digital transactions, I think by definition is going to apply to a fairly broad audience on the client side, right? Heads of business are going to care. Heads of customer experience are certainly gonna start to pay attention to this. I guess, would you sort of echo that, that you’re seeing a broader array of types of personas and roles that are getting involved in these types of projects?

Dan:   Definitely, and to the extent that the customers are augmenting the data with things like telephone numbers and emails and addresses, even SSNs in some cases, it’s enriching the data so that that digital identity, which may be interacting with dozens of other companies around the world, becomes richer and richer and our confidence level in that digital identity goes up. Because of that, I’ve seen an interest in, “How can we use that data for other purposes?” How many shipping addresses do my premium customers have? How many other financial instruments do they have? We don’t know this since it’s data that’s all hashed, but even the existence of these things can lead customers to perhaps marketing programs or just understanding more about not only their fraudster customers, but their premium customers as well.

Armen:   Know your best customers. So, when we were chatting just before we went on air right now, you had referenced you often encounter scenarios where there’s some great opportunities that haven’t yet been implemented. When your team’s in there at the customer level, what patterns do you look for, where you say, “Hey, with just a few tweaks to the model, we could really substantially increase the effectiveness.” What patterns do you look for?

Dan:   Well, at the simplest, the customer may contact us or we may notice that their false positive rates have gone up, or their unknown sessions have gone up, or their fraud has gone up, be requesting assistance. Some of the best customers basically have a health check relationship with us, where we will come in on a periodic basis and look at the data for signs of an unhealthy pattern. And then if desired, we can actually come out and do a role optimization using our machine learning technology, which again, is greatly enhanced if you’re sharing account market data with us. But we’ll come in and initially look at, are there emerging use cases in the world that you’re not protected for? You may not have experienced them yet, but you’re also not protected for them. Are you currently under attack? So we can look at the data and say, “Here’s a specific digital identity that has attempted 500 transactions in 40 different countries in the last 24 hours. Okay, this is a pattern. We’re gonna start analyzing it.” And then we can look at what features have come out since you’ve last optimized your roles and how can we incorporate those new ThreatMetrix features to provide more value for you?

Armen:   Very good. So fairly recently here at ThreatMetrix, we introduced a framework called the Digital Identity Maturity Mental, which is, at it describes, it sort of looks at the customers we’ve interacted with broadly over the last 10 years, and has this stair-step model framework, if you will, of how these companies are embracing technologies like ThreatMetrix to transform their businesses. It’s a four-step step function, starting with exploring at the lowest level to leading at the highest level.
My assumption when we went through this model, when we built the model, is that the majority of our high, most sophisticated customers are probably at level three today. They’ve embraced the concept of digital identity, maybe using more than one business unit and maybe more than one use case, but that fourth level, which is really aspirational, where digital identity permeates the entire set of digital touch points across the business, across geographies, across use cases … Maybe we see far fewer customers there, but I’d love to hear from your perspective. When you think about the hundreds, maybe even thousands of customers your team interacts with, where would you say we are, as an industry, with seeing customers progress along the curve?

Dan:   I’m a little bit less optimistic than you are.

Armen:   I’m a marketing guy, remember?

Dan:   I think I’m optimistic about tomorrow and a little bit less for today, and the reason I would say that is, we’re kind of at a tipping point with a lot of our higher-end customers, where maybe they bought up for a division or a particular pain point in their business, and then having realized the value that they received, they’re now moving onto global deployments. We’re gonna see in ’17, some massive global deployments …

Armen:   ’18.

Dan:   Or ’18, sorry. Yes, you’re right. So we’re gonna see in 2018, just massive global deployments, beyond the levels that these organizations have themselves even done, and a little of cooperation interaction amongst the global business units, that they’re not even used to doing. I’m very optimistic about these leading organizations in ’18 and ’19, and then for those companies that kind of have that continuous focus on improvement, coupled with the features that we’ve come out with during the past year, I think we’re gonna see a great increase in functionality and value for them as well, but we’re still in that adoption curve.

Armen:   We are, and I think … you know, you didn’t quite say it this way, but one thing I heard from you is that the adoption curve isn’t necessarily linear. You can have some customers that are fairly nascent in their use of digital identity, working very closely with ThreatMetrix and then all of a sudden they make a decision one year to go all in and significantly expand the scope of what they’re doing, and maybe jump a level or two up the curve.

Dan:   Very much so. In fact, one of those examples that had come to mind was, we were in almost a proof of concept mode and a few divisions on a few pain points, and then as you said, went all in and now we’re global deployment with hundreds of touch points.

Armen:   Yeah. But I think the word you used earlier, a tipping point, not just for ThreatMetrix, but for the industry at large, right? Just around the awareness of the power of digital identity as really being the future of how to authenticate customers in all digital channels.

Dan:   Well, yeah. Look at the adoption of digital channels and it’s a leading economic indicator for ThreatMetrix. We’re gonna be dragged along with that tsunami.

Armen:   That’s right, yup. Well, good. I guess, at a more tactical level, when your team’s in there managing the implementations, and optimizing how ThreatMetrix is being used, for example, what are some of the capabilities that maybe aren’t used out of the gate, but if they are implemented properly, you see sort of significant value increase for the customer?

Dan:   On the e-com side, if we get chargeback information on the financial services side, if we get truth data, we get account markers, we can do amazing things with machine learning. Amazing. I mean, some of the data visualizations I see and things that we’re able to demonstrate to customers, are just really “gee whiz” moments, but we have to do it kind of in concert with the customer, and so if we’re not getting that information, there’s only so much information that we can provide. It’s like trying to walk down a street with a blindfold on. You can probably get there, but it’s a lot more difficult without that visual access to data. That, to me, is some of the stuff that we’ve been able to discern. And then, I keep on making this point, but just the focus on it. We were doing QBR for a very well-known retail name, and during the meeting, uncovered an attack from a foreign entity that was going on as we were sitting there.

Armen:   Happening live, wow.

Dan:   We had the right guys on-site at the right time and actually stopped it before it actually succeeded. So, yeah. Just that focus on the data, focus on the portal, focus on continuing improving roles is just key for us. And I think there’s a complacency sometimes, because you can be generating an ROI where people will say, “Oh, we should definitely renew with ThreatMetrix because we got an ROI.” But our most usual experience when we have contact with a customer is, we improve the ROI over what their current run rate is.

Armen:   Yeah. One final topic. ThreatMetrix positioning around being a decisioning engine, right? We are empowering our customers to make the very best decisions around authentication to stop fraud, reduce the friction, accelerate revenue, et cetera. That’s great and that sort of has defined a lot of how we’ve done what we’ve done. However, newer capabilities like case management sort of maybe extend the usage of ThreatMetrix, where there’s maybe just more intelligence, knowledge-sharing, the closed loop truth data coming back. Are you seeing more customers think about these types of decisions, with sort of broader transfer of knowledge internally, capturing that truth data, having the routing in the workflows … with the case management type capability, are you seeing more, I’d see, perspective with the customers that, “Hey, it doesn’t just stop with the data analytic. There’s more management involved here to sort of sustain the concept of digital identity and really help it become institutional within the company.”

Dan:   Yeah, I would say so. In this sort of market, you have to coopetition relationship with everybody, so we maybe in an environment where there’s layers of security or layers of products targeted … and I think you’ve seen that one slide from one of our customers that maybe has a hundred logos on it of people that they do business with.

Armen:   Yeah, I have.

Dan:   And so it’s important for us to be an open product, but at the same time, customers that have been with us for a while are saying, “I’m eliminating some of these other technologies, because as you guys grow and expand and add functionality, I’m looking at you less and less as a point solution and more and more of a platform solution,” and so we need things like case management so we can stay in the environment and look at things from cradle to grave. So I definitely am seeing a trend towards that sort of platform view of ThreatMetrix.

Armen:   Yeah, yeah. Good way to point it. Well, great. Dan, really appreciate the insights. I thought this was a very interesting discussion, something that we haven’t really gone deep on on this program, and I’m sure our audience will find it of value too, so thanks very much.

Dan:   Thank you, Armen.

Armen:   Alright, and that’s it for today’s episode of Digital Identity 360. Thanks a lot.

close btn