ThreatMetrix Goes On the Offensive with Upgraded SaaS Fraud Prevention Solution
Posted March 10, 2009
Dozens of New Features Help Merchants and Financial Institutions Stop Fraudsters Before the First Transaction
LOS ALTOS, CA – March 10, 2009 – ThreatMetrix, Inc., the company pioneering device identification technology, today announced an upgrade to its industry leading software-as-a-service fraud and abuse-prevention solution. The first major release of the product since ThreatMetrix relocated to the United States from Australia at the end of last year, ThreatMetrix Fraud Prevention 2.0 includes more than two dozen feature enhancements, all of which are designed to help merchants and financial institutions thwart cyber criminals before the first transaction. ThreatMetrix’ patent-pending device identification software, which profiles the device used in an online transaction, is widely considered to be the most advanced technology for nabbing cyber criminals. ThreatMetrix Fraud Prevention 2.0 takes this functionality to the next level by introducing a real-time fraud engine, customer-defined rules and global fraud-pattern recognition capabilities that give ThreatMetrix customers unrivaled device identification and intelligence about the computer used in an online transaction.
Stops Bots in Their Tracks
Cyber criminals have become adept at skirting fraud prevention solutions – and their tactics and targets are increasingly nefarious. To wit, botnets and stealth proxies have emerged a favored tool of the cyber criminal. Research performed by ThreatMetrix shows that bot-infected computers are used regularly by criminals to send spam, perform phishing attacks and scan ports for network vulnerabilities. Five percent of the computers tracked by ThreatMetrix were found to be communicating back to a command-and-control host and of these 98% had engaged in malicious activities. The scale and scope of bot activity validates the incredibly high risk to merchants, financial institutions and consumers of credit card data being compromised or stolen.
ThreatMetrix has taken an aggressive approach to thwarting bot-centric cyber crime. The company’s pioneering device identification solution profiles the computer used in a web transaction, instantly collecting and correlating over 150 discrete pieces of information about the computer and session to develop a risk profile. ThreatMetrix then assigns a unique identifier to the computer – also known as a “device fingerprint” – so clients can quickly establish the status of returning customers. In addition to performing a deep inspection of the TCIP packets ThreatMetrix can pierce a proxy to identify the computer’s true IP and Geo location and check its reputation against ThreatMetrix Device Intelligence Network which tracks 12 million live compromised computers at any given time.
“Why just detect fraud when you can prevent it?” said ThreatMetrix president and CEO Reed Taussig. “Our customers can stop fraud before it happens with our on-demand offering that delivers device fingerprinting, proxy-piercing geo-location and botnet reputation scored in real-time. The latest release adds features that give customers more flexibility and control over online fraud to help keep them ahead of increasingly sophisticated and organized cyber criminals.”
The Future of Fraud Prevention
ThreatMetrix Fraud Prevention 2.0 provides instant risk assessment to help clients stop fraudsters ‘at the gate,’ before they commit fraud – an essential capability where transaction fulfillment occurs in real-time such as in bank wire transfers and online purchases. ThreatMetrix Device Intelligence Network alerts clients immediately when a device used in an online transaction has been compromised by a bot. Moreover, ThreatMetrix provides a meaningful risk-score with supporting information so that a ThreatMetrix customer can quickly gauge the degree of danger. ThreatMetrix Fraud Prevention 2.0 is delivered via the SaaS model and is easily integrated with previously installed fraud prevention systems. Sign-up is simple – a typical implementation takes less than one day and pricing starts at $1K per month.
Following is an overview of what’s new in version 2.0:
- Second-generation real-time risk engine platform – ThreatMetrix Fraud Prevention 2.0 cross-matches device data with real-time historical customer transactional data providing a comprehensive fraud detection solution. ThreatMetrix’ highly scalable and proprietary technology is capable of running hundreds of fraud-detection rules per transaction across multiple identifiers so merchants and financial institutions can immediately determine if a customer is legitimate or a fraudster before the transaction occurs. The risk engine is also user-customizable. Standard ‘out-of-the-box’ rules can be easily adapted to fit a client’s risk profile and be adjusted to meet changing conditions and requirements.
- More breadth and depth of device characterization – ThreatMetrix Fraud Prevention 2.0 makes more profiled attributes available increasing overall ‘device intelligence’ and risk assessment while at the same time reducing false-positives. Examples of these new attributes include improved cookie replay detection eliminating the opportunity for sophisticated fraudsters to clone the identity of previously validated devices; dynamic pattern recognition to better identify transactional risks including the use of a single credit card across multiple devices and/or multiple credit cards used on a single device. Additional capabilities include the tracking of user credentials across single or multiple devices and other attributes associated with the transaction. With ThreatMetrix Fraud Prevention 2.0, ThreatMetrix maintains its lead as the only company that performs deep packet inspection rather than just profiling the browser, which can be easily subverted.