Cybercrime never rests, nor does it know any bounds — a reality that hit home this week for retail customers and serial philanderers.
Some very big names got the week started off with a bang. The photo pages of some of retail’s marquee players, including CVS (as previously reported) and Walmart Canada disclosed that customers’ credit card data may have been compromised. In addition, the breach impacted the photo pages for Sam’s Club, Costco, Tesco and Rite Aid, all of which rely on the same third-party vendor, PNI Digital Media.
However, that headline rapidly lost traction in face of the slightly more salacious reveal that the online “matchmaking” site Ashley Madison was hacked, bringing new meaning to the definition of compromising consumer data. Currently, the site’s owners, Avid Life Media, is facing an ultimatum from the “Deep Impact” hacker group who stole the payment data of Ashley Madison’s customers and matched it to the most unsavory details of the sites (supposedly deleted) consumer accounts. In turn, the hackers have posed an ultimatum: Shut down entirely, or see your customers publicly embarrassed by having their names, addresses and weirdest desires published on the Web.
And while we all might be tempted to smirk over the karmic comeuppance coming into play, the reality is that in the world of cybercrime, bad things happen to good people far more often than they happen to those who somehow thought attaching their credit card data to their secret extramarital affair was a good idea.
The lesson here is that fraud, in general, and in most cases — Ashley Madison notwithstanding — has merchants and card issuers bearing the brunt of those costs through chargebacks, inventory loss and lost productivity. And while both banks and issuers have spent the last half decade warming up for battle against an ever-expanding army of cybercriminals, they’ve spent much of that time developing security solutions that some have characterized as solo acts.
[pullquote]What typically happens is that there is no way to share intelligence in any scalable way[/pullquote]
“What typically happens is that there is no way to share intelligence in any scalable way,” Ethoca’s Chief Marketing Officer Keith Briscoe told PYMNTS. “So what happens is that merchants are finding fraud that card issuers are not yet aware of and card issuers are discovering fraud that merchants have no idea about.”
Ethoca was formed five years ago to fill in that information gap — and to break those data siloes so the costs of fraud can be nipped in the bug before they are reflected in the cost of doing business.
“Typically, what happens is that both parties rely on a chargeback process to manage those disputes and the fraud losses associated with it,” Briscoe explained, noting that the chargeback process is slow by nature.
[pullquote]There is a whole series of things that have to happen once the issuer confirms the fraud with the cardholder. Often there is an investigation that has to work its way through the entire payment system, via the acquirer, back to the merchant. It just takes several weeks for all those things to happen.[/pullquote]
“There is a whole series of things that have to happen once the issuer confirms the fraud with the cardholder. Often there is an investigation that has to work its way through the entire payment system, via the acquirer, back to the merchant. It just takes several weeks for all those things to happen.”
But Ethoca steps into that process and speeds it up, mostly by cutting out a lot of intermediary steps.
“Instead of waiting three to six weeks to go through the chargeback process to find out about that fraud, the merchant can find out within hours or a day,” Briscoe explained.
Once an issuer alerts Ethoca’s system that fraud has been confirmed, Ethoca steps in and sends that data directly back to the merchant and the network as a whole.
“Because we operate outside that chargeback process as a secondary set of network rails, we can send that data directly from the bank to the merchants so there’s no need for all those data intermediaries that sit in between and impeded the sharing process,” Briscoe said.
With that speed, merchants have more options.
“They can stop the shipment of goods at the loading dock, for example, so it never gets out the door,” Briscoe said. “With the chargeback process they would never have the time to stop a shipment of goods. With Ethoca they have the ability to actually stop the bad orders.”
And, he noted, this also makes sure they don’t stop the good offers. They also offers order rescue so that merchants avoid being overly cautious and losing out on perfectly good sales.
“A big part of the problem is that it’s not all fraud. We help merchants deal with those false positives,” Briscoe noted. “In trying to reject all the fraud they can, they are going to start rejecting sales that are actually good.”
So before a merchant rejects a flagged transaction, Ethoca works directly with the issuer to verify the purchase with cardholder. If the issuer confirms, Ethoca will guarantee the transaction for the merchant.
Ethoca is busy platform, with more than 2,100 merchants signed on globally, as well as 30 issuers and all the major card networks in the U.S. They are also growing, as their revenue tripled last year. That revenue comes from merchant and retail partners who pay Ethoca for the chargeback frauds they help prevent. When a bad sale is stopped in its tracks, Ethoca gets 40 percent of the stocked price of the good or service saved.
And that growth is about to pick up, as Ethoca has just snagged a whopping $45 million in equity funding in an investment round led by Spectrum Equity.
“We’re going to put those funds to use,” Briscoe told PYMNTS. “We want global expansion. We are expanding our network into a lot of different regions, particularly Asia, South America and throughout India. It takes capital to expand globally and increase our footprint globally. This round will really help drive that.”
Briscoe also noted that some of the funds will go toward engineering the next generation of solutions the firm can deliver over its platform.
And though it wants to grow, Briscoe noted that what has really fueled the firm’s slow but steady growth has been its commitment to playing well with others.
[pullquote]The merchants and the card issuers are the prime participants right now, but we actually work with acquirers, with ISOs, with payment gateways and with all the major card networks so we are complementary to everyone across the payment value chain, which is an interesting position to be in because we don’t compete with anyone.[/pullquote]
“Ethoca took its time to carve a neutral position,” he said. “The merchants and the card issuers are the prime participants right now, but we actually work with acquirers, with ISOs, with payment gateways and with all the major card networks so we are complementary to everyone across the payment value chain, which is an interesting position to be in because we don’t compete with anyone.”
Ethoca’s value proposition is all about collaborating. Firms can have greater and less success fighting off fraudsters depending on the solutions they use. But to really make those various individual solutions maximally effective, Ethoca thinks they can be leveraged together in a concerted effort.
Now they’re building the platform for that collaboration.
July’s Third Week Sees Only a Few $100+ Deals
The third week of July saw some activity to the tune of $537 million with only a few deals touching the $100 million-plus range. Of this, key fund flows included Zeta Interactive, a data and analytics firm, which got $125 million in new funding from investors including Blackstone Group. The company has in past years focused on email marketing but now has been making the leap to move toward more big data exposure, with $75 million geared toward acquisitions.
An IPO – and it’s not First Data
The second biggest deal came from Houlihan Lokey, a boutique investment firm, that filed for a $100 million IPO on July 10. By going public, the equity issuance would separate Houlihan from Orix, its Japanese conglomerate parent, which has had a controlling stake in the firm for the past nine years.
Next came the $100 million push within the cybersecurity firm CrowdStrike, which got funding from a roster of investors that included Google Capital alongside Rackspace. The latter firm has also been a key customer, according to financial press reports.
This time around, a series of different funding levels came through despite the relatively paltry dollar tally. As can be seen in the chart below, the third round funding levels outpaced earlier seed and second rounds. Below are dollars (in millions)
And as has been the case with so many of our week-by-week regional breakdowns, the United States led the way, with regional dominance of a huge chunk of the week’s activity, followed this time around by Canada.
FinTech Leads the Way
Looking at all categories, financial technology led the bulk of the week, and this can be segmented to the dominance of data analytics, and security and fraud. This latter space has been gaining traction, and has in fact seen more than $1 billion in fund flows month to date, rebounding nicely from the roughly $279 million that marked a quiet June. No doubt the surge in credit card hacks, and other cybercrime —with targets ranging from banks to retail to government offices over the past few months — has fueled interest in the sector.
As we look to year-to-date activity, it becomes apparent that trade finance and banking are the heavyweight areas of focus for investors and investees. There are billion dollar deals in those sectors, which include a $4 billion deal for OneMain Financial, and the $3 billion deal for RBS North American assets.