ThreatMetrix CEO: RELX Buy Means ‘1+1=4’ In Fraud Battle

Payments is a business of scale.

So, too, is digital identity – and so is the eternal battle against fraudsters.

And in all cases, data must be reliable and actionable.

In the quest for scale, for robust digital identities, for real-time actionable data, a U.K. information and analytics firm has agreed to buy digital identity company ThreatMetrix for $819 million.

Under the terms of the deal, announced Monday (Jan. 29), ThreatMetrix will be folded into RELX’s Risk & Business Analytics operations, which does business under the LexisNexis Risk Solutions brand.

In an interview with PYMNTS’ Karen Webster, Reed Taussig, CEO of ThreatMetrix, said the deal had been in the works for a while, with a partnership already in place between the two firms. Each company, said the CEO, comes at the fraud problem from a different perspective. ThreatMetrix is responsible for the creation of digital identities, processing 130 million transactions daily across the globe.

Lexis, he said, “is coming at it [fraud] with literally billions of different data sets … it was just obvious that if you took our digital identities and you combined them with the Lexis physical identities, then one plus one equals three, or maybe even four.”

Post consummation of the deal, and the satisfaction of regulatory hurdles, such as Hart-Scott-Rodino considerations, the roadmap is one that bridges physical and digital realms.

“We will closely focus on further integration between ThreatMetrix, our products and the whole range of products that Lexis has – and most specifically on LexID,” said Taussig, referring to the analytics and identification product that ties into data as far-flung as drivers’ licenses and verified addresses, and is tracking 270 million people in the United States.

ThreatMetrix, he said, tracks as many as 1.2 billion people on a global basis in an anonymized fashion through tokenization. Beyond the technology, the key is to look at behavioral patterns and other telltale signs that would indicate that “you are either a good internet customer or a bad internet customer, a fraudster or a good citizen.”

In an illustration, Taussig said that someone involved in an account takeover may be on a device that clearly is recognized as belonging to a fraudster. The customer – in this case, the bank – will want to know that this identity has been compromised and may represent a high-risk transaction.

With a deal of this size and scale, the nature of digital identity comes into consideration.  What is required in the digital identity world, said Taussig, is a couple of major attributes.

“The first and foremost [attribute] is that it needs to be made on the basis of collectively shared information – a contributory model, provided by customers, through a trusted data source,” he said.

In order to do that, the data needs to be fully and completely tokenized in a non-reversible fashion. Otherwise, customers will not contribute to that shared data, he said. Citibank is not interested in sharing its customer information with JPMorgan Chase, for example.

Done well, though, the combination of the shared data across digital and physical arenas holds appeal. Banks, he noted, want to eliminate, wherever possible, step-up authentications and passwords. Other verticals want to minimize credit checks, which can be expensive. For its part, ThreatMetrix has seen more than half of its business come out of financial services.

As that financial service segment has grown, Taussig related that upon launching the company in April of 2009, ThreatMetrix was focused on eCommerce and device IDs. Device IDs, he said, are “a valuable tool to stop card-not-present fraud. CyberSource was our first customer, and within a year we had 600 merchants using ThreatMetrix through CyberSource … and I would sit down with the banks and tell them, ‘we have 2,000 eCommerce sites running ThreatMetrix.'”

And, he noted, when a person logs on with their bank, they “do the same thing over and over again [with transactions] … we see what Netflix, what StubHub … what Microsoft, what all of these different places” as a diverse view – and that view should be valuable to an issuing bank, to credit card banks or to acquirers.

“It took an amazing amount of time for them to really catch on to the fact that this federated network, this diversity of information that we are able to collect, is really very useful to them,” he said of the banks. But once they figured it out, he said, “we’ve done 35 bank deals since January 1, 2016 without a competitive loss.”

Writ large, “once you become a digital business, you are global by definition” – and thus other industries, and far-flung transactions, come into play. Taussig noted that Harrod’s is among the largest suppliers of Rolex watches to China – and yet only 20 percent of the Chinese population has a known address, so validation can be a tricky subject. Thus, tracking individuals across multiple metrics becomes paramount.

ThreatMetrix has a presence across thousands of websites around the world, he continued, and there are thousands of touchpoints where an individual can be seen executing transactions scores of times. “We look at digital IDs as a way to facilitate global commerce,” he said, noting that the firm will typically see a ThreatMetrix-tracked consumer three or four times a month – which “allows us to keep accurate near-term data” with an eye on whether an identity has been compromised, and then build that federated database.

Beyond scale, digital IDs need to operate in real time, with threats and responses measured in milliseconds. That seamless experience across space and time (so to speak) is the concept that underlies the federated database, where a firm can know “you are a Citibank customer, an eBay customer, and that you buy tickets for Broadway events on Stubhub … because you use those sites frequently, [ThreatMetrix and Lexis customers] get frequent updates about your behavior” – with the knowledge that a consumer has successfully executed 10 credit card transactions across the ThreatMetrix network and is likely a safe bet in letting a transaction go through.

But here’s a wrinkle: The system might identify someone who operates, as Taussig illustrated, as a fraudster Monday through Friday, but consistently as a good customer during the weekend at PetSmart, where they go to buy treats for their dog. So, they are what might be viewed as “bad internet citizens” with the exception of the soft spot they have for Fido, so some transactions can indeed be let through.

To put it bluntly: Context matters.

The impact to the payments ecosystem is one where the new ThreatMetrix/Lexis combination is “non-threatening to our customers,” said Taussig, stating that eight of 10 global banks use Lexis.

The combination will likely put a bigger spotlight on the identity space, Taussig noted.

“The investment and the amount of foresight that goes into digital identity networks in terms of really trying to understand them is absolutely going to be elevated a few notches,” he posited.