Amex Acquires InAuth

The American Express that exists today (i.e., the one that just acquired InAuth) would look pretty foreign to its first employees of 166 years ago — since, to state the obvious, a lot has changed over that period of time. Long before Amex was a credit card issuer and a closed loop payments network, it was in the business of moving mail (and other things) quickly from one coast to the other.

These days, Amex mostly confines itself to moving money through its closed loop network. But however different Amex may be from its founding days, according to Anré Williams, President of Amex Global Merchant Services, there’s one thing that has never changed: Getting things — be they physical goods or digital payments — from point A to point B securely and without issue.

“Amex has always been about security — that is our heritage,” Williams told Karen Webster in a recent interview. “From the very beginning days of using the stage coach to take things East to West, that is just what the company is about.”

And beyond a storied history, Williams notes, Amex has some more contemporary numbers to back that up — fraud rates on its network are about half the rates at their card network competitors. Some of that, he notes, is the magic of the closed loop — and its more complete view of all the transactions on its network in real time.

But part of it, he noted, is just simple commitment to staying ahead of the trends and the fraudsters. Because fraudsters, he notes, are an ever-evolving group, which means the pressure is on Amex to be an even faster evolving entity.

And it’s that push toward forward evolution that leads to this week’s big news — Amex has acquired InAuth, Inc.

InAuth provides mobile device authentication and intelligence solutions for financial institutions, banks, payment networks and merchants — and its reason for being is to figure out fraud at the device level, before the transaction ever gets off the ground.

And that device-centric view will become increasingly important as commerce becomes increasingly digital, mobile devices proliferate — and fraudsters flock online.

The changing commerce landscape

The good news about EMV, Williams noted, is that it did make a notable dent in card-present fraud. The bad news is, as we all know, fraudsters didn’t go home — they just moved online and on mobile.

“We know where the trend lines are going,” Williams noted, and that staying ahead of the fraudsters means beating them to the punch.

And Amex has made several efforts in that direction, Williams noted, with SafeKey, and with their 2010 acquisition of Accertify.

It was actually the acquisition of Accertify that laid the groundwork for its latest acquisition of InAuth.

“Accertify started working with InAuth a few years ago, Williams noted. “We saw then a new way to identify the fraudsters — by not looking at the transactions but at the device used to initiate the fraud. This means you don’t ever have to really look at the transaction data because the device data clues you into the fact that it’s fraud immediately.”

And that kind of real time clue is key, Williams noted — first, because it is fast but second, because it is largely invisible to the customer.

Striking the delicate balance

The constant needle that every merchant has to thread when it comes to payment fraud is to lower the number of legitimately bad transactions — while making sure that the legit ones go through. And that, William believes, isn’t about getting to zero fraud, it’s about growing revenue. Interrupting a consumer transaction with intrusive authentication and fraud checks eventually works against the greater goal of growing revenue because it runs the risk of annoying the consumer and the merchant losing the sale.

InAuth makes the fraud detection process invisible by simply checking in with whatever device a customer is using in a transaction. A foreign transaction on a familiar device — for example, because its user is on a cruise ship somewhere exotic that she’s never been before — doesn’t look suspicious; a foreign transaction on a device it has never seen before — especially if that device is logging in from a region where fraud is endemic, does.

What’s next

Even though Accertify was purchased by Amex 6 years ago, it continues to operate independently today with a Chinese wall between it and its parent: American Express can’t see the transaction data Accertify monitors. Today their customer retention rate is in the high 90 percent range and merchant satisfaction levels remain high. Amex has also accelerated Accertify’s expansion from being mostly U.S. based to operating globally.

And, Williams says, Amex sees a similar path for InAuth.

“We are committed to running this as a standalone business powered by Amex — because that is how it works most valuably for the ecosystem, Williams noted.

Because InAuth is already a fairly established — and important — part of how many major financial services players are developing user authentication.  Already on InAuth’s client roster are JP Morgan Chase, Wells Fargo and Zelle, the bank-backed P2P service powered by Early Warning.

“At the end of the day, the industry values network intelligence that helps everyone maintain a safe and secure transaction environment,” Williams noted. “If everyone participates, it becomes more valuable.”

It also becomes more flexible and functional, which is becoming ever more necessary as the types of transactions consumers engage in digitally is rapidly expanding.  The inclusion of Zelle on the client roster speaks to that, noted Williams.

And, of course the definition of what a mobile device is, and what their role in enabling commerce will be, is evolving. Today we’re mostly talking about smartphone and tablets — tomorrow that definition will include cars, refrigerators and a host of connected devices. Being able to figure out which is logged in where it is supposed to be will be critical for Amex and the rest of the payments ecosystem. Assembling a knowledge network of device-level intelligence, worldwide, and across a variety of payments environments, including ACH, Williams believes, could be enormously valuable in stopping the spread of online fraud.

As for going forward, Williams told Webster that Amex sees a future in which “other use cases and synchronies between InAuth and Accertify could be developed.”