In a Nutshell: More than 450 billion financial transactions take place every day on the internet. An unknown — but not insignificant — number of those transactions are tied to fraudulent activity, like credential theft or money laundering. The combined losses faced by companies each year from these transactions reaches into the trillions of dollars with little sign of a decrease anytime soon. ThreatMetrix’s 6,000+ clients assume very little of those losses thanks to the company’s Digital Identity Network that anonymously traces more than 1.4 billion digital identities around the world. ThreatMetrix monitors around 4 million transactions in more than 185 countries every hour of every day to spot anomalies in transaction data that may indicate fraud. ThreatMetrix clients receive updates in milliseconds if a transaction is flagged for potential fraudulent or anomalous activity.
The average person tracks three different email accounts using their smartphone. I have four — a personal account, two work accounts, and one that I’ve had for more than 15 years that my parents still insist on using when they send me email.
Until our recent chat with ThreatMetrix CFO Frank Teruel, I never thought of the multiple accounts each representing different versions of me on the internet. But a random work email discussing blockchain technology with a financial firm looks like an outlier when viewed next to the emails my mother regular sends me sharing pictures of Chihuahua puppies she found on the internet. What can I say? Mom loves puppies.
Those email accounts, when viewed individually, don’t show the entire picture of who I am. If I’m transacting with an online company that only knows my business side, the purchase of a Chihuahua calendar for my mother might be flagged as suspicious.
ThreatMetrix expertly stitches together the multiple pieces that make up more than 1.4 billion people who transact on the internet. More importantly, the company does it anonymously, without ever knowing the identity of the person being tracked or divulging any of their underlying personally identifiable information.
“If you look for the secret sauce of ThreatMetrix, it boils down to the combination of an incredibly fast-growing global network, where customers share anonymous global shared intelligence, and the anonymization of the data,” Teruel said. “The fact that we’re so broad now and cover so many identities gives us a recognition percentage around the world in the high 90s.”
Whenever someone visits a website to transact, ThreatMetrix likely knows who they are in their anonymous and digital form. Every hour of every day, ThreatMetrix analyzes around 4 million transactions from more than 185 countries to help identify cybercriminals and trusted customers in real time.
The data is used by a range of clients— from media companies taking a card not present (CNP) payment for a video streaming service to a large global bank trying to understand if a customer should be given a credit card. In either case, the potential for fraud can be great — and the losses even greater — if a bad transaction is accepted.
ThreatMetrix correlates device location and user credentials to follow transactions happening in real time. If the same digital identity applies for multiple credit cards or loans at once, the ThreatMetrix client receives a flag and knows to proceed with caution. The solution helps the company’s clients in the lending space save millions of dollars every year by minimizing the number of bad loans they’re forced to eat.
“We have customers who have billions of dollars out in their loan portfolios in the marketplace,” Teruel said. “Our ability to ensure that simultaneous loan application fraud isn’t going on is really important to them.”
Hundreds of Transactional Attributes Searched in Less Than 10 Milliseconds
Teruel used the example of a hypothetical online customer attempting to purchase a digital camera from one of the largest global online retailers to show how fast the ThreatMetrix Digital Identity Network processes transactions.
In the short time it takes the ecommerce company to run a user’s digital identity attributes through their network, ThreatMetrix can spot if that same combination has interacted with other businesses in other areas and look for anomalies. Suspicious online behavior could indicate a CNP transaction could be fraudulent, allowing them to proactively work to avoid a future charge-back due to fraud.
“We coordinate literally hundreds of transactional attributes,” Teruel said. “We’re able to look and see if a device and user-credential combination is applying for loans at 10 different places, which is clearly weird and unusual behavior that should be flagged.”
ThreatMetrix instantly notifies the retailer if the payment information looks to be compromised based on that unusual behavior. The client can then decide to either reject the transaction outright or require more verification before proceeding through the aid of a customized client portal.
ThreatMetrix also monitors bank account transactions to protect clients against laundering or muling — where money is quickly transferred between multiple accounts to make it harder to trace and easier to launder. Muling can be done using bank accounts owned by accomplices or unwitting participants in the scheme who aid in the transfers without knowing what is happening.
“We’re able, using our globally shared intelligence across our Digital Identity Network, to understand if one individual, or a subset of individuals, is rifling cash through different bank accounts,” Teruel said. “Many of our global bank clients use that for mule protection.”
Teruel stressed that the data received is anonymous and that consumers face no risk to their sensitive information when they’re part of ThreatMetrix’s global network.
“By being able to look at this anonymized digital information in real time, we can track a deposit that is made in London as it hops through multiple other bank accounts and flag it as anomalous,” he said.
“Trust is the Only Online Digital Currency that Matters”
ThreatMetrix’s dynamic decisioning recognizes customers instantly, with 95% of users having already transacted elsewhere on the network. This reduces false positives and gives customers a frictionless experience, ultimately driving up online revenue for digital businesses, which is the company’s main purpose with the solution.
“The number one reason people buy our services is not to reduce or eliminate fraud, but rather to reduce friction on good, returning customers,” Teruel said. “Some companies get hit hard by bad guys and their IT teams turn the screws so tightly that regular customers can’t get through the website. That’s how you lose sales and market share because those customers then go to your competitor.”
Device, location, and user-credential combinations aren’t the only tools ThreatMetrix uses when determining a customer’s intent and their true digital identity. The company analyzes extensive information on each user that creates a bigger picture of the pending transaction.
“We help our clients understand how people are interacting with their website, be it through a mobile browser, a Mac, PC, or a phone application,” Teruel said. “We can then understand if that application has somehow been compromised with malware, or if it’s an attack of some kind or if it’s a machine pretending to be someone else.”
Teruel said combining the wealth of information collected on its Digital Identity Network with the anonymity of the service gives peace of mind to both clients and their customers that every transaction is on the up-and-up.
“If we can provide our clients with a view of how their customers are interacting with their website, how the identity is all stitched together, and how those activities are all interacting in real time on a global network, then we have the basis for real trust,” he said. “In reality, trust is the only currency on the internet that matters. If I can’t trust you, everything stops there.”
Leveraging a Global Network to Transact Confidently
ThreatMetrix clients range from small ecommerce storefronts to massive global banking institutions. No matter their size, each client comes to the company with the goal of reducing security risks and increasing confidence that every transaction is legitimate.
“A lot of companies come to us with their hair on fire,” Teruel said. “They’ve been breached or they’re getting hammered with fraud and need help.”
Teruel said smaller implementations can generally be accomplished the same day an account is established with ThreatMetrix. Larger implementations, like global banks, can take a month or longer.
“Bigger implementations are much more complicated because they often involve multiple subsidiaries and different divisions or business units,” he said. “We can quickly implement our solution to a troubled area, though, and work out from there until a client is fully covered.”
The point, Teruel reiterated, isn’t to track consumers — which is nearly impossible when you factor in the anonymity of the data — but rather to help honest customers get the experience they deserve.
“Good customer recognition is the first step toward stopping bad guys,” he said. “A lot of our implementations are tuned around not just stopping the bad behavior, but making sure we’re going through the enterprise, looking at friction points and using our global shared intelligence to reduce those friction points for the good customers.”
So now I only have to worry about the cashier’s judgemental glare — not my credit card issuer’s decision-making — when I go to purchase my Mom’s Chihuahua calendar this year.