Professional Documents
Culture Documents
PREVENTION,
ONLINE
AUTHENTICATION
&
DIGITAL IDENTITY
MARKET GUIDE
2015 / 2016
LATEST TRENDS
AND INSIGHTS INTO
SECURING DIGITAL
IDENTITIES AND
TRANSACTIONS
Building
MRC
Better Commerce
Fraud & Payments Professionals
Companyname
Title
Platte tekst
WEB FRAUD PREVENTION, ONLINE AUTHENTICATION & DIGITAL IDENTITY MARKET GUIDE 2015 / 2016
AUTHORS
Mirela Amariei
RELEASE
Tiberiu Avram
VERSION 1.0
Ionela Barbuta
Simona Cristea
Oana Ifrim
DECEMBER 2015
COPYRIGHT THE PAYPERS BV
ALL RIGHTS RESERVED
Sebastian Lupu
Mihaela Mihaila
Andreea Nita
Adriana Screpnic
Introduction
2015 has been a time of great change - and 2016 will definitely
follow the same trend. The online world as well as the payments
new chip embedded credit and debit cards as well as the new
the entire digital revolution that has been undergoing for the last
data protection.
internet payments.
Key matters such as machine learning and the need for a more
point out the key participants that are aimed at setting the scene
WEB FRAUD PREVENTION, ONLINE AUTHENTICATION & DIGITAL IDENTITY MARKET GUIDE 2015 / 2016
Table of contents
INTRODUCTION
10 Securing the User's Shopping Experience: Five Fraud Trends from 2015 | Markus Bergthaler, Global Director of Programs
and Marketing, MRC and Mike Splichal, Program Manager, MRC US
12
Confronting Card Fraud in the Global Travel Industry 2005 -2015 | Jan-Jaap Kramer, Chairman, Perseuss
14
Transacting with Retailers Is Now Omnichannel and So Is Fraud | Mark Beresford Director, Edgar, Dunn & Company
16
Exclusive interview with Neira Jones | Advisory Board Member & Ambassador, Emerging Payments Association
19
20 Machine Learning Keeping US One Step Ahead of Fraudsters | Jackie Barwell, Director of Fraud and Risk Product Management,
ACI Worldwide
22
Addressing Delivery and Returns Fraud to Protect Profits | Catherine Tong, General Manager, Accertify
24
26
Myths About Machine Learning | Dr. Pedro Bizarro, Chief Science Officer, Feedzai
28
Work Smart Does Your Fraud Team Suffer from Decision Fatigue | Mark Goldspink, Chief Executive Officer, ai Corporation
30
32
360-Degrees Fraud Management: Securing the Customer Journey | Hugo Lwinger, Digital Identity & Fraud Management, Innopay
34
E-ID: Fraud and Risk Prevention in Cross-Border Ecommerce | Elaine Oldhoff, Ecommerce Europe
37
38
Security of Internet Payments: the EBA Two-Step Approach | Javier Santamara, Chair, The European Payments Council
40
How EMV will Change Online Business in the US | Michael Roche, VP of Consumer Authentication, CardinalCommerce
42
Doing Business in Europe? Mandatory Data Protection Compliance in Every Single Country | Edwin Jacobs, Partner, time.lex
44
Will EMV Eliminate Card Fraud in the US? | Nicolas Raffin, President, Smart Payment Association
WEB FRAUD PREVENTION, ONLINE SECURITY & DIGITAL IDENTITY MARKET GUIDE 2014 / 2015
47
48
Moving Beyond Passwords: Next Steps in Consumer Authentication | Carlos Huser, Executive Vice President, Wirecard AG
50
Tokenization: From Account Security to Digital Identity | Tim Richards, Principal Consultant, Consult Hyperion
52
54 Bring Your Own Authentication: The Next Revolution against Web Fraud | Andr Delaforge, Head of Communication Advisory
Committee, Natural Security Alliance
57
58
Digital Marble - Onboarding in the Age of Electronic Identity | Gunnar Nordseth, CEO, Signicat
60
Electronic Identity Verification: How MyBank Can Help | Fatouma Sy, Head of Product Development, MyBank and John Broxis,
Managing Director, MyBank
63
64
Identity of Things (IDoT): A New Concept in Managing Identities | Emma Lindley, Managing Director, Innovate Identity
66
The Advent of IoT: Are We Facing A Trade-off Between Convenience & Security? | Ionela Barbuta, Senior Editor, The Paypers
68 COMPANY PROFILES
110
GLOSSARY
THOUGHT
LEADERSHIP
TRENDS &
DEVELOPMENTS
IN SECURING THE
TRANSACTIONAL
ECOSYSTEM
MRC
Securing the User's Shopping Experience: Five Fraud Trends from 2015
3. Mobile fraud
travel and event tickets) are projected to hit a staggering USD 1.6
1. Account takeover
4. Digital goods
selfies.
5. US EMV rollout
10
WEB FRAUD PREVENTION, ONLINE AUTHENTICATION & DIGITAL IDENTITY MARKET GUIDE 2015 / 2016
Markus Bergthaler
Building
MRC
Global Director of
Better Commerce
MRC
However, until merchants switch to authenticating purchases
using the chips on EMV cards, instead of magnetic stripes, the
change is unlikely to significantly reduce the incidence of fraud
Mike Splichal
Program Manager
MRC US
Conclusion
11
Perseuss
Confronting Card Fraud in the Global Travel Industry 2005 - 2015
For the past ten years, service suppliers in the travel industry
Technology-wise collaboration
the working group is small, this can be done via e-mail messages,
but once groups start to grow, automation is vital. Groups will need
Looking back, we can now see that there were certain key
developments which, collectively, led to a reversal of fortunes for
the initially successful fraudsters. Businesses are now back in
Data sharing
Merchant
Sees suspect transaction
so checks details against
Merchant
SHARED
DATABASE
used by fraudsters.
Focuses own fraud
detection efforts on that
declines booking.
Some of the meetings and online forums are for members only.
Others are open to verified fraud analysts and professionals from
any accredited organisation. For an individual who may be the
only fraud-fighter in their organisation and with no-one else nearby
to offer advice, these forums are like a life-support machine.
even after it has shared it. The database must be developed with a
12
WEB FRAUD PREVENTION, ONLINE AUTHENTICATION & DIGITAL IDENTITY MARKET GUIDE 2015 / 2016
Jan-Jaap Kramer
Chairman
enforcement agencies.
The travel industry had the foresight long ago to involve all of these
Steering Group.
bodies in the global war against card fraud. Since 2013, all of these
organisations have been mobilised into a number of concerted
are far more serious than the card fraud, which first brought them to
apprehend fraudsters.
www.perseuss.com
Cross-industry collaboration
A very exciting prospect is for the travel industry to work with
entirely different business sectors to fight fraud. Criminals do not
recognise industry boundaries, so why should we?
Of course, the scale of operations will be significantly increased.
There will be problems and challenges. But the lesson of the last
ten years is that we must all collaborate more in order to isolate
criminal gangs. If we do not, they will exploit the gaps between
us and take the initiative. Then, we will find ourselves cut off,
surrounded and struggling to catch up. That must not be permitted
to happen.
13
of the goods. The call will seem genuine and fraudsters will often
are targeting the loopholes that have appeared due to the lack of
Data mining
Edgar, Dunn & Company (EDC) has found that many retailers do
websites afterwards.
because it is the least protected area when it comes to card-notprotected (CNP) transactions and, therefore, the most vulnerable
False positives
modern retailers.
engaging with the retailer simply because the fraud detection rules
claiming that their credit card or bank account has been subject to
fraud during the transaction with the retailer.
14
WEB FRAUD PREVENTION, ONLINE AUTHENTICATION & DIGITAL IDENTITY MARKET GUIDE 2015 / 2016
Mark Beresford
Director
the shop window next to the goods on sale. However, the point of
omnichannel processes.
www.edgardunn.com
15
In the interview, Neira Jones points out that managing fraud in a hyper-connected environment will force businesses to
manage risk effectively to support growth, performance and reputation.
authentication?
By the end of 2015, there will be 7.2 billion people with an employment
successful ecosystem.
the drain.
10.5 billion by 2019 (CISCO, May 2015). All this connectivity means
irrespective of channel?
unfortunately, fraudsters.
Cybercrime has indeed gone mobile and, with the growth of the
Internet of Things (IoT), equally hyper-connected. There is, however,
at this stage, little evidence of serious harm. Indeed, with the rise
all bets are off. Technology alone cannot stop fraud, as evidenced
2015, there were less than 0.03% mobile devices infected with
mobile malware each year, and the rise of the IoT did not exhibit
when BitPay lost USD 1.8 million through a spear phishing attack.
16
WEB FRAUD PREVENTION, ONLINE AUTHENTICATION & DIGITAL IDENTITY MARKET GUIDE 2015 / 2016
Neira Jones
Emerging Payments
Association
Twitter: twitter.com/neirajones
LinkedIn: www.linkedin.com/in/neirajones
and regulatory stance, data will be key as are the many contractual
www.emergingpayments.org
of view?
Wearable technology is only a subset of the IoT and, therefore, the
same issues apply, with the added emphasis on data collection,
protection and privacy as there is a direct link to individuals.
Will it "transform" the payments industry? I dont think so. Will it
contribute to its evolution towards a payments ecosystem that is
frictionless and secure? I sincerely hope so. We are already seeing
some interesting deployments in the loyalty and engagement space
as well as in the production of new form factors (e.g. contactless
rings), which is where, I think, wearables will make the most impact
in payments.
17
1,500+
ATTENDEES
65
450 COMPANIES
COUNTRIES
EDUCATIONAL
SESSIONS
SAVE
$800
WITH
OUR
Building
MRC
MERCHANTRISKCOUNCIL.ORG/EVENTS/MRCVEGAS
Better Commerce
Fraud & Payments Professionals
BEST PRACTICES
IN IDENTIFYING
FRAUDSTERS
& PREVENTING
FRAUD LOSSES
ACI Worldwide
Machine Learning Keeping US One Step Ahead of Fraudsters
businesses from risk. But, what really is machine learning and how
real-time.
and programming expertise have also all kept pace with changes
rates.
attempted fraud.
save millions.
20
WEB FRAUD PREVENTION, ONLINE AUTHENTICATION & DIGITAL IDENTITY MARKET GUIDE 2015 / 2016
Jackie Barwell
Director of Fraud and Risk
Product Management
ACI Worldwide
coverage and protection. It is this holistic approach to fraud
prevention that provides effective protection against the risk
of fraud without compromising customer service, driving costs
resources.
21
Accertify
Addressing Delivery and Returns Fraud to Protect Profits
One of the challenges of fighting this type of fraud is that there are
or tuxedo? With this tactic, you dont have to pay a penny to have
But you did receive the goods. You didnt have to sign for the
parcel and so who knows whether the delivery driver did in fact
leave it. Or, if you were to claim you never saw it, even though it is
the retailer losing a product and sale from it, therefore impacting
as retailers have brought this area of risk under control, either new
offenders and stop them before they attempt this type of fraud
again. Many have also faced the challenge that some customers
only show this behaviour once or twice.
22
WEB FRAUD PREVENTION, ONLINE AUTHENTICATION & DIGITAL IDENTITY MARKET GUIDE 2015 / 2016
Catherine Tong
General Manager
Accertify
anomalies.
try to limit its losses. Retailers learning from each other is invaluable,
they can now use this tool to benefit from other participating
new ways to help protect themselves. They can still have different
managing all the data and fraudulent behaviour in the same place
23
Risk Ident
Risk Ident points out that technology should not replace fraud managers. Instead, it should be used to empower them
to take an educated, proactive approach by identifying and tackling fraud at the source.
system?
US companies.
24
WEB FRAUD PREVENTION, ONLINE AUTHENTICATION & DIGITAL IDENTITY MARKET GUIDE 2015 / 2016
Roberto Valerio
CEO
Risk Ident
data privacy and the ethics of data sharing into concentration for EU
believe in.
Risk Ident was founded and built specifically with European privacy
in Europe.
www.riskident.com/en
There are far too many organisations out there that give customers
the impression that giving up more of their privacy is in their
best interests in order to stay safer online in the long run. This is
definitely not the case. It is possible for personalised information
to be kept separate from anonymised data, such as device
identification, and to gain customers trust while keeping their
payments safe. It is paramount that businesses are transparent
with their customers and fully available to help manage any data
sharing concerns.
25
Feedzai
Myths about Machine Learning
in C++ and Python with more languages to follow. Lastly, the growth
that self-driving cars were thought impossible only a few years ago).
APIs, are the factors that are removing technology barriers for
Khosla-
control my business
As machines do more work and make more decisions, the fear of
it frees up time for your fraud and risk management team. They spend
sources, to name a few - have leveled the playing field for companies
learning is very wide - ranging from giants like Google and First
26
The same is true in the case of machine learning with the use
WEB FRAUD PREVENTION, ONLINE AUTHENTICATION & DIGITAL IDENTITY MARKET GUIDE 2015 / 2016
will take place at a much faster rate, with less need for human
supervision.
finding new loopholes and cracks in your system. The only way to
stay one step ahead of them is to continually feed new data sources
Data Sources
The fintech revolution is well underway. As electronic commerce
continues to rise, fraudsters have access to more sophisticated
tools and increased channels to commit fraud. To combat fastevolving fraud, organisations must adopt more sophisticated
methods. Machine learning, when combined with human intelligence
and intuition, can now have superior judgment and decision-making
capabilities so organisations can eradicate fraud.
27
ai Corporation
Work Smart Does Your Fraud Team Suffer from Decision Fatigue?
options to pay for goods and services. What is more, the channels
words, the greater experience a fraud analyst has, the greater the
risk for three key groups. Firstly, consumers have the opportunity
to choose how and where to buy like never before. This creates
28
testify, it is often our people that help drive other businesses. So,
Institute of Analytics top ten predictions for 2015 was that analytics,
age in 2015.
WEB FRAUD PREVENTION, ONLINE AUTHENTICATION & DIGITAL IDENTITY MARKET GUIDE 2015 / 2016
Mark Goldspink
Chief Executive Officer
ai Corporation
With the 2015 launch of ais neural modelling and automated rule
set engines, we believe they were right.
the art machine learning solutions. Over the past 2 years we have
Scientifically proven
There is undeniable evidence through peer-reviewed studies that
external influences cause human decision-making to change
during the day, leading to intraday inconsistencies. Isnt it human
nature to think about the weekend and evening events rather than
maintain complete focus through a work shift? For fraud teams,
such distraction could result in serious financial repercussions, but
is entirely foreseeable and indeed natural for humans to become
distracted like this, more so when working in an increasingly
complex payments environment.
The questions you should perhaps be asking are: could your fraud
team or fraud service provider be suffering from decision fatigue
and if so, how can you counter this?
29
CyberSource
The Future is Mobile
Apples OS.
experience and user interface for mobile websites and apps, many
are not tailoring their fraud management strategy in the same way.
All the differences in behaviour, data and tools require a set of rules
The latest CyberSource fraud survey reports that 45% of survey
the data that you can capture, the behavioural patterns and fraud
30
WEB FRAUD PREVENTION, ONLINE AUTHENTICATION & DIGITAL IDENTITY MARKET GUIDE 2015 / 2016
Neil Caldwell
Vice President
European Sales
CyberSource
For those just starting out with a fraud management strategy,
I recommend three simple steps to help get started:
- Start tracking mobile transactions. Measuring mobile chargebacks,
channels.
www.cybersource.co.uk
them for analysis and to spot activity and patterns in one channel
that affect actions in another.
In my experience, businesses that actively manage mobile fraud can
achieve fraud rates similar to rates achieved on other channels, and
for those experiencing above average rates, it is usually a sign that a
mobile-specific fraud strategy either is not in place, or needs to be
fine-tuned.
The ability to understand how consumer behaviour differs on mobile
devices; to capture the data that is relevant to the mobile channel
and implement appropriate fraud management tools and rules; to
track and analyse mcommerce chargeback, rejection and review
rates and fine tune your mobile strategy in response all have clear
implications for the experience that both customers and fraudsters
have when they interact with you through your mobile channel.
31
Innopay
360-Degrees Fraud Management: Securing the Customer Journey
When asked in the 1930s why he robbed banks Willie Slick Sutton
replied: because thats where the money is. Sure, banking has
what was true then remains as true today: criminals target financial
institutions because thats where the money is. As a result, both the
customers data and money safe, especially not from within the
The top line suffers as customer journeys are cut short for being
it as as such
32
WEB FRAUD PREVENTION, ONLINE AUTHENTICATION & DIGITAL IDENTITY MARKET GUIDE 2015 / 2016
Hugo Lwinger
Digital Identity & Fraud
Management
Innopay
Tier 3: Knowledge position
Last but certainly not least is the knowledge position of the organisation
which is essential in taking well informed decisions and action.
Capgemini Consulting.
defence effectiveness.
world.
www.innopay.com
33
Ecommerce Europe
E-ID: Fraud and Risk Prevention in Cross-border Ecommerce
Cross-border ecommerce
e-ID as a solution
and medication).
overcome.
(78%) across Europe, the Middle East and Africa consider online
fraud the biggest challenge at the moment. In particular, identity
theft, which is currently a major issue for 24% of businesses in
EMEA, is expected to double in the next five years and become
a serious concern for 48% of businesses. Ecommerce Europe
believes that the main reason for this problem is the lack of safe,
reusable and interoperable e-identities. This deficiency forces
online services providers to each provide their own consumer
registration and login solutions. Within the variety of solutions,
safe and secure digital interactions between businesses and
consumers are not always guaranteed.
In June 2015, Ecommerce Europe published the outcome of
the survey Barriers to Growth in ecommerce. Consumer
identification was specifically mentioned as a concrete example
when it came to barriers linked to online payments. The absence
of reusable e-identities proved to be a barrier for merchants who
wanted to participate in cross-border ecommerce.
34
WEB FRAUD PREVENTION, ONLINE AUTHENTICATION & DIGITAL IDENTITY MARKET GUIDE 2015 / 2016
Elaine Oldhoff
Policy Advisor
Thuiswinkel.org
knowledge.
www.ecommerce-europe.eu
35
tcommeterre.com
BECOMES
17 19
Nov. 2015
HALLS 3 & 4
Paris Nord
Villepinte
France
www.cartes.com
REGULATION,
PRIVACY
AND DATA
PROTECTION
would be issued only after the entry into force of PSD2 and the
If the EBA were to not accept the recommended option c, the EPC
guidelines in late 2014. Due to the fact that the finalised EBA
The EPC also pointed out that, in the last two decades, many
response
guidelines.
the negotiations of the PSD2 could have affected them. The EBA
payments
the European Union (EU) and provide legal certainty for market
participants.
(option a)
b) A nticipate these stronger PSD2 requirements and include
them in the final guidelines under PSD1 that enter into force on
1 August 2015, the substance of which would then continue to
apply under PSD2 (option b)?
38
WEB FRAUD PREVENTION, ONLINE AUTHENTICATION & DIGITAL IDENTITY MARKET GUIDE 2015 / 2016
Javier Santamara
Chair
whether they will be able to comply and, if not, they are asked
Iberpay Board.
comply.
www.europeanpaymentscouncil.eu
In this context, the EPC strongly advises against the possibility
for third-party PSPs to use the personal security credentials of
the customer to get access to its account. The EPC reiterates
that personalised security credentials should not be shared with
third parties and hopes that the EBA will take this concern into
consideration.
The EPC, furthermore, looks forward to the EBAs consultative
process in this area and the opportunity it will provide to contribute
to achieving secure and convenient internet payments, as well as
technological neutrality.
39
CardinalCommerce
How EMV Will Change Online Business in the US
October 2015 deadline for liability shift in the US. For merchants
locations, this means that they will not be liable for fraud at the
45 million the year before the cards were introduced to GBP 181.7
million five years later. Experts expect the same to happen in the
and online merchants, how will the use of EMV cards impact their
US. To combat the threat of CNP fraud, the use of 3D Secure was
Many banks and retailers in the US are now using the EMV system
regions, this system uses credit cards with an embedded chip, thus
requiring new POS readers on the merchant side. The chip makes
have dialed up their fraud tools. This helps control the increasing
that the fraud tool flags as potential threats and the merchant
is not present.
History of EMV
EMV is not a new technology, even though it is news in the US.
cannot be used for in-person fraud, the fraudsters look for the path
America, Canada and Mexico. The US, the last major holdout, is
transactions the way EMV cards prevent fraud at the cash register.
CCAs patented technology works with the 3D Secure protocols to
One of the major benefits of EMV cards is around how the chip
works. Each time the card is used in person, the chip creates a
stolen number and transaction code would not be usable and any
40
WEB FRAUD PREVENTION, ONLINE AUTHENTICATION & DIGITAL IDENTITY MARKET GUIDE 2015 / 2016
Michael Roche
VP of Consumer
Authentication
CardinalCommerce
Passive authentication happens behind the scenes, with no friction
during checkout for the consumer, using things the merchant
and the issuer know about the cardholder - like IP address,
merchant collects.
result in fraud.
commerce services).
the shift from fraud at POS to CNP fraud due to EMV, and protect
their online business with the 3D Secure protocols (like MasterCard
www.cardinalcommerce.com
41
time.lex
Doing Business in Europe? Mandatory Data Protection Compliance in Every
Single Country
A lot has been written about two recent court cases related
personal data from Europe to the US. The second case is the
the US. The CJEU found the Safe Harbour Decision to be invalid.
The first clear message from both court cases is that data
law has become a top priority for data protection authorities and
courts all over Europe.
M
ake use of the Model Contractual Clauses issued by the European
only the Irish data protection legislation apply and that only the
must comply with national data privacy laws, and not just with
In some EU member states you can make use of your own ad
legislation;
42
WEB FRAUD PREVENTION, ONLINE AUTHENTICATION & DIGITAL IDENTITY MARKET GUIDE 2015 / 2016
Edwin Jacobs
Partner
time.lex
Note that the Article 29 Working Party has indicated that, for now,
the model contractual clauses or the binding corporate rules
are still accepted but that they too may be re-evaluated in 2016
and the EU. Meanwhile, a new Safe Harbour regime between the
US and the EU is expected early 2016. Any new Safe Harbour
edwin.jacobs@timelex.eu
down.
telecommunications.
www.timelex.eu
43
Does the end of swipe and sign means the end of card payment
too: No.
What we, at the SPA, find most striking and most encouraging
lower rates for card fraud. In 2012, for example, the card fraud
about the PSD2 is its global nature. Its objectives and its principles
EMV US, the figure was over two and a half times higher, reaching
combat CNP fraud. The principles laid out in the PSD2 are not
Task Force.
world?
EMV chip and pin cards often support functions such as one-
authentication. It is the first time this has happened and is, therefore,
dynamic proof that both the legitimate card and the legitimate user
44
WEB FRAUD PREVENTION, ONLINE AUTHENTICATION & DIGITAL IDENTITY MARKET GUIDE 2015 / 2016
Nicolas Raffin
President
Smart Payment
Association
Global answers to the CNP question
So, if a new generation of EMV cards can offer a much more secure
CNP environment, the US move in this direction will potentially be
on a global level.
Innovation Management.
the world.
place to begin.
www.smartpaymentassociation.com
45
ONLINE PAYMENTS:
An all-in-one reference guide
on (online) payments
& ecommerce industry trends,
evolving business models, top
players and relevant (alternative)
payment methods.
IDENTITY:
& E-INVOICING:
STRONGER
CONSUMER
AUTHENTICATION
TO COMBAT
ECOMMERCE
FRAUD
Wirecard AG
Moving Beyond Passwords: Next Steps in Consumer Authentication
But what does this trend mean for customers, online merchants
dynamics.
identification?
quicker and safer, while also reducing the risk to the end customer.
This involves the user being asked for specific identifiers and the
a customer may be asked only for their card number and CVC code
Initial studies have shown, for example, that the use of fingerprint
friendly nature.
48
WEB FRAUD PREVENTION, ONLINE AUTHENTICATION & DIGITAL IDENTITY MARKET GUIDE 2015 / 2016
Carlos Huser
Executive Vice President
Wirecard AG
49
Consult Hyperion
Tokenization: From Account Security to Digital Identity
in which consumers can pay from multiple devices using the same
outsourced TSPs.
places the real PAN is stored in, the less likely it is to be stolen.
stores the token and uses it when the consumer wants to transact
de-tokenize the token back to the PAN before it is passed onto the
from retailers and onto the TSPs who hold the Token Vaults linking
and not the PAN and because the token can only be used on that
Added to this mix is the use of tokens for mobile EMV payment
methods like Apple Pay and Android Pay. The rationale for using
they can simply create a token for an existing one and use the
device can only be used from that device, a token issued for a
specific time period can only be used during that period, and so on.
networks.
50
WEB FRAUD PREVENTION, ONLINE AUTHENTICATION & DIGITAL IDENTITY MARKET GUIDE 2015 / 2016
Tim Richards
Principal Consultant
Consult Hyperion
Tokenizing identity
Tokenization offers issuers other opportunities. At the moment,
some merchants use PANs as a rudimentary form of digital
as seen in the Ashley Madison attack: a token does not carry the
the retailer, and as most bank accounts require that the cardholder
transaction processing.
www.chyp.com
51
Biometrics Institute
Biometric authentication has become commonplace in an array of fields, payments included. In this interview, the
Biometrics Institute emphasizes on how biometrics could be a privacy enhancing technology, if implemented responsibly.
not exist what happens with your face, your fingerprints in that
biometrics.
technology solution.
from the US, Europe and Japan. The BVAEG has regular exchanges
addressed and create trust and control for the consumer, I think
the burden of security given its simplicity and usability. All security
technologies have flaws, including PINs and passwords.
Most biometrics are not secret and should be used with a secure
second factor. Security relies not only on one factor but also on
on mobile devices.
52
WEB FRAUD PREVENTION, ONLINE AUTHENTICATION & DIGITAL IDENTITY MARKET GUIDE 2015 / 2016
Isabelle Moeller
Chief Executive
Biometrics Institute
work. So, it provides that extra level of security which allows those
The person gets identified more accurately and securely than with
biometric technology?
biometrics.
www.biometricsinstitute.org
53
Two major trends in the field of online payments have been confirmed
in the past two years. First of all, the increase in fraud is undeniable,
transactions.
number or password.
were scammed, one third had their payment details stolen while
shopping online.
offering a wider choice for the end user in terms of online payment.
there were those who refused standard office automation tools and
turned to tablets (more mobile, better suited for viewing content) and
an online payment.
54
WEB FRAUD PREVENTION, ONLINE AUTHENTICATION & DIGITAL IDENTITY MARKET GUIDE 2015 / 2016
Andr Delaforge
Head of Communication
Advisory Committee
manufacturer.
different formats, such as a chip card and reader (e.g. for payment
www.naturalsecurityalliance.org
55
PAY360
DIGITAL
PAYMENTS
SPONSORSHIP
AND EXHIBITION
OPPORTUNITIES
AVAILABLE
Lead sponsor
Themes
In partnership with
INSIGHTS INTO
ELECTRONIC
IDENTITIES IN
EUROPE
Signicat
Digital Marble - Onboarding in the Age of Electronic Identity
Background
and trust services (eIDAS), which was approved in 2014, will also
Nordic practice
stand out among the regions where electronic identity has been
interbank login and MyBank hold significant potential for the rapid
greater than the sum of its parts. This has led to the emergence
only for Norwegian BankID and the Buypass eID, but also for the
58
WEB FRAUD PREVENTION, ONLINE AUTHENTICATION & DIGITAL IDENTITY MARKET GUIDE 2015 / 2016
Gunnar Nordseth
CEO
Signicat
A new kind of service offering has emerged to address the need for
signature.
Signicat can also play the part of an e-ID issuer for customers who
59
MyBank
Electronic Identity Verification: How MyBank Can Help
how you pay for things is now becoming as important as what you
pay for.
want to apply for a loan, you will probably have to manually fill out
sheets of paper and send them all through the mail.
customers are who they say they are when both sides never
obliged to investigate that you are who you say you are before
letting you create an account.
60
you are who you say you are and that the attributes you claim
WEB FRAUD PREVENTION, ONLINE AUTHENTICATION & DIGITAL IDENTITY MARKET GUIDE 2015 / 2016
Fatouma Sy
Head of Product
Development
MyBank
John Broxis
Managing Director
MyBank
information).
b. Proven, fraud-resistant authentication mechanisms.
c. Experience of a collaborative network.
hold insurance through our bank. We already trust our bank with
Verification.
www.mybank.eu
61
http://webfraud-eidentity.thepaypers.com/
DIGITAL
IDENTITIES AND
TECHNOLOGIES
AT THE HEART
OF SECURITY
Innovate Identity
Identity of Things (IDoT): A New Concept in Managing Identities
of IoT, one small data breach can have a domino effect across
read.
several connections. This data also creates issues for the user
around privacy, consent and control over their personal data.
Who owns the data? Who can share it? Where is it stored? Can it
target the users around sports they enjoy or even offer location-
data is taken, the more links are made between person and device.
based special offers for local stores. This data is also valuable for
hackers and, with high profile data breaches in the press, daily,
there are no set standards across the board on how we should deal
with identity, which leaves multiple threat vectors for fraudsters to
exploit.
64
WEB FRAUD PREVENTION, ONLINE AUTHENTICATION & DIGITAL IDENTITY MARKET GUIDE 2015 / 2016
Emma Lindley
CEO
Innovate Identity
of dealing with security and identity. Still, they too are effectively
Conclusion
market place.
blockchain technologies.
need to ensure there are ways to make it easy for the end user (the
ultimate data owner) to understand and embrace. IoT presents a
www.innovateidentity.com
65
The Paypers
The Advent of IoT: Are We Facing A Trade-off Between Convenience &
Security?
The online world has never been more dynamic or more challenging
space. Over the past few years, technologies such as cloud, mobile
solutions, big data and analytics, which were once the frontier of the
the Internet of Things (IoT) has been perceived as the new game
source mentions that more than two thirds of the value will
changer. But what exactly is the IoT and why has it been heralded
take place. Additionally, a business model can now include not only
services, but also position those services in the center of the model
become digital disruptors. Until now, the IoT has been mostly linked
bought smart thermostat maker, Nest Labs, for USD 3.2 billion,
systems.
shortcomings. The first and most important side effect that comes
there will be more than three things connected to the internet for
66
WEB FRAUD PREVENTION, ONLINE AUTHENTICATION & DIGITAL IDENTITY MARKET GUIDE 2015 / 2016
Ionela Barbuta
Senior Editor
The Paypers
scan tags on all the items in a shopping cart, total the bill and debit
customers smartphone.
www.thepaypers.com
67
Companyname
Title
Platte tekst
COMPANY
PROFILES
Company
Accertify
Accertify Inc., a wholly owned subsidiary of American Express, is a leading provider of fraud
prevention, chargeback management, and payment gateway solutions to merchant customers
spanning diverse industries worldwide. Accertifys suite of products and services help ecommerce
companies grow their business by driving down the total cost of fraud and protecting their brand.
Website
www.accertify.com
Business model
Software-as-a-service (SaaS)
Target market
Online shoppers, financial institutions, payment services providers, online communities / web
merchants, gaming & gambling, other online businesses
Contact
emea@accertify.com
Geographical presence
Global
Active since
2007
Digital identity service provider, technology vendor, web fraud detection company, payment service
provider (PSP)
Services
Unique selling points
Accertify leverages its flexible platform to enable merchants to screen for multiple fraud use cases,
including, but not limited to payment, loyalty, claims, staff and social media reputation. Our unique
capabilities allow genuine customers to be efficiently removed from fraud processes, supporting
merchant growth.
Core services
Accertifys core suite of services includes fraud management, chargeback management, and
payment gateway.
Pricing Model
Accertify is integrated to multiple third party services which includes, but not limited to: Lexis
Nexis, Whitepagespro, Experian, InAuth, iovation, Threat Metrix, Perseuss, emailage, Neustar,
Maxmind, ebureau, Mastercard, Discover.
Other services
Professional Fraud Services, Decision Sciences, Manual Review outsourcing 24/7, Support
Services, Rule Management and improvement, Best Practice consulting,Training services.
United Parcel Services (UPS) and FedEx to obtain proof of delivery signatures; eFax (inbound and
outbound fax receipt).
Yes
CNP transactions
Yes
Yes
Bin lookup
Yes
Geo-location Checks
Yes
Device Fingerprint
Payer Authentication
Yes
Yes
Yes
Credit Rating
No
Follow up action
Other
COMPANY PROFILES
69
Authentication Context
Online
Yes
Mobile
Yes
ATM
No
POS
Yes
Call centre
Yes
other
Other databases
BIN, Oanda, Global latitude/longitude, Accertify Risk ID (multi-merchant negative dB), Accertify
Index (multi-merchant positive dB), Amex Risk Information Management dB
Yes
Yes
Certification
Type
Regulation
Other remarks
Clients
70
Future developments
WEB FRAUD PREVENTION, ONLINE AUTHENTICATION & DIGITAL IDENTITY GUIDE 2015 / 2016
Company
ACI Worldwide
Specialist provider of fraud prevention and management solutions for all payment transaction
types to merchants, issuers, acquirers, processors and switches. Through our ACI ReD Shield,
ACI ReDi, ACI ReD Fraud Xchange and ACI ReD Alerts we deliver real-time, multi-tiered
fraud solutions which are managed by our expert risk analysts. Our analysts and systems are
informed by our unrivalled access to data and business intelligence and its ability to connect
merchants, acquirers and issuers in the fight against fraud.
Website
www.aciworldwide.com
online fraud prevention, ecommerce, online fraud, fraud analytics, Card Not Present (CNP)
Business model
Target market
Contact
Geographical presence
Global
Active since
1975
Digital identity service provider, technology vendor, web fraud detection company, payment service
provider (PSP), issuer, acquirer
Merchant Risk Council, IMRG, Direct Response Forum, Vendorcom, Cross-Border eCommerce
Community
Services
Unique selling points
Automated processes and dedicated support from expert risk analysts. Global fraud data, fraud
solutions tailored to sector and customer needs, predictive models and unlimited, flexible rules.
Holistic fraud management real-time and post-transaction monitoring using our unrivalled
business intelligence solution. Presence across the payments chain, supporting merchant and
issuer collaboration in the fight against fraud.
Core services
Card Not Present (online, IVR, call centre and mobile) and card present fraud prevention; fraud and
risk consultancy; payment services
Pricing Model
Flexible
ACI partners with leading PSPs around the globe (see a full list at http://www.aciworldwide.com/
who-we-are/partners/our-partners.aspx).
Other services
Payment services: Base 24 EPS, Postilion, ACI Proactive Risk Manager, ACI Universal Online
Banker. Please visit www.aciworldwide.com to view all services available from ACI
Yes
CNP transactions
Yes
Yes
Bin lookup
Yes
Geo-location Checks
Yes
Device Fingerprint
Yes
Payer Authentication
Yes
Yes
Yes
Credit Rating
No
Follow up action
Yes
Other
COMPANY PROFILES
73
Authentication Context
Online
Yes
Mobile
Yes
ATM
Yes
POS
Yes
Call centre
Yes
Other
Other databases
Yes
Yes
Certification
Type
Regulation
EU Data Protection
UK Payments Administration accreditation, Visa Account Information Security (AIS and CISP)
accreditation, Amex Data Security Operating Policy
Other remarks
Clients
74
Upon Request
Future developments
WEB FRAUD PREVENTION, ONLINE AUTHENTICATION & DIGITAL IDENTITY GUIDE 2015 / 2016
Company
The ai Corporation
ai provides fraud prevention solutions to some of the worlds largest financial institutions,
merchants and PSPs. Our unique self-service solutions, including our new state of the art neural
technology, protect and enrich payments experiences for more than 100 banks, 3 million multichannel merchants monitoring over 20 billion transaction a year.
Website
www.aicorporation.com
Business model
Target market
Online merchants, multi channel merchants (traditional, mobile and online), financial institutions,
card issuers credit, debit, prepaid, fuel card, T&E, card acquirers/ISOs/payment facilitators,
alternative payment providers (e-vouchers, e-wallets), payment services providers, government
services, online communities/web merchants, gaming & gambling, other online businesses
Contact
Geographical presence
Global
Active since
1998
None
Services
Unique selling points
Self-service real-time rules engine and neural model builder, empowering the user to easily
build, deploy and operate their own fraud strategies quickly and efficiently without the need for
expensive, lengthy and often ineffective third party services. The software also allows for non fraud
analytics and rules deployment.
Core services
Omni-channel and enterprise wide fraud prevention technology and managed services.
Pricing Model
Other services
Partner
CNP transactions
Yes
Yes
Bin lookup
Yes
Geo-location Checks
Partner
Device Fingerprint
Partner
Payer Authentication
Yes
Yes
Partner
Credit Rating
Partner
Follow up action
Other
COMPANY PROFILES
75
Authentication Context
Online
Yes
Mobile
Yes
ATM
Yes
POS
Yes
Call centre
Yes
Other
Yes
Partner
Other databases
Partner
Yes
Yes
Certification
Type
Regulation
PCI
KII, SmartMinds
Other remarks
Clients
76
Future developments
More data feeds, more third party interfaces, full automation of fraud detection.
WEB FRAUD PREVENTION, ONLINE AUTHENTICATION & DIGITAL IDENTITY GUIDE 2015 / 2016
ADVERTISEMENT
A major benefit of chip cards is how the chips work at POS. Each time the card is used
in person, the chip creates a unique code that cannot be re-used. So if a card number
is stolen in a breach, the stolen number and transaction code would not be usable and
any fraudulent attempts at point-of sale would be denied.
Another benefit of the chip card is that the chips cannot be cloned by counterfeiters if
they steal a card number, so counterfeit cards cannot be used for in-person
transactions. This is also a drawback: because the chips are not read for a
card-not-present transaction, stolen chip card numbers can be and increasingly
are used to make fraudulent CNP transactions.
To thwart the influx of online fraud, many eCommerce merchants have dialed
up their fraud tools. This helps control the increased fraud, but also creates
false positives transactions that the fraud tool flags and the merchant declines
that are actually good orders. This is almost as harmful to a merchant as the
fraud because it results in lost sales and insults to good consumers.
This puts online merchants in a difficult spot. Because chip cards cant be used
for in-person fraud, the fraudsters look for the path of least resistance, the
card-not-present world. But there is a way to prevent fraud.
Cardinal Consumer Authentication (CCA) protects online
transactions the way chip cards prevent fraud at the cash register.
And combining CCA with a fraud tool, merchants can increase
their good orders by up to 15% vs using a fraud tool alone.
CCAs rules-based approach gives merchants choice in how each
transaction is authenticated, and control over the amount of
consumer friction during checkout. In many cases, using CCA,
authentication happens behind the scenes, with no friction during
checkout for the consumer, using things like IP address, device
identification, buying patterns, or any data point the merchant
collects.
visit: www.cardinalcommerce.com
Company
CardinalCommerce Corporation
CardinalCommerce is the pioneer and global leader in enabling authenticated payment transactions
in the card-not-present payments industry, and the largest authentication network in the
world. Through One Connection to the proprietary Cardinal SafeCloud, we enable friction-free,
technology-neutral authentication and alternative payment services (including digital wallets and
mobile commerce services).
Website
www.cardinalcommerce.com
consumer authentication, 3-D Secure, prevent online fraud, prevent fraudulent chargebacks
Business model
Sell directly to online merchants and financial institutions; sell through partners
Target market
Financial institutions, payment services providers, online communities/web merchants, gaming and
gambling
Contact
info@cardinalcommerce.com
Geographical presence
Global we do business in Europe, Asia, Africa, Australia, North and South America
Active since
1999
Technology vendor
Member of Merchant Risk Council (MRC) and Merchant Advisory Group (MAG); North American
Board member of MRC
Services
Unique selling points
With Cardinal Consumer Authentication you can increase sales, improve margins, control consumer
friction during checkout and eliminate fraudulent chargebacks for your online business. With your
One Connection to Cardinal, you can add alternative payment brands and digital wallets quickly
and easily, to give your consumers the payment options they want.
Core services
Cardinal Consumer Authentication, leveraging the 3-D Secure protocols to give merchants choice
of which transactions to authenticate and control over checkout friction.
Pricing Model
Other services
Through a partner
CNP transactions
Yes
Yes
Bin lookup
Through a partner
Geo-location Checks
Through a partner
Device Fingerprint
Yes
Payer Authentication
Yes
Yes
Yes
Credit Rating
No
Follow up action
Other
N/A
Authentication Context
Online
Yes
Mobile
Yes
ATM
N/A
POS
N/A
COMPANY PROFILES
79
Call centre
N/A
Other
N/A
N/A
Other databases
N/A
N/A
N/A
Certification
Type
N/A
Regulation
N/A
N/A
Other remarks
N/A
Clients
80
Future developments
WEB FRAUD PREVENTION, ONLINE AUTHENTICATION & DIGITAL IDENTITY GUIDE 2015 / 2016
Company
CASHRUN
Fraud Protection & Global Payment Solution
CashRun
CashRun has vast experience in the fraud industry protecting online merchants from high risk and
costs associated with online fraud. Our 100% chargeback protection allows merchants to focus
on their core business competencies and at the same time achieve higher revenue growth through
effective fraud risk management.
Website
www.cashshield.com
Business model
CashRun offers leading fraud protection technology, solely designed and developed by us.
Target market
Contact
enquiries@cashrun.com
Geographical presence
Global
Active since
2007
Web fraud detection company, payment service provider (PSP), technology vendor, digital identity
service provider
Services
Unique selling points
Core services
Comprehensive online fraud risk management for online merchants and PSPs.
Pricing Model
Other services
N/A
Yes
CNP transactions
Yes
Yes
Bin lookup
Yes
Geo-location Checks
Yes
Device Fingerprint
Yes
Payer Authentication
Yes
No CashShield does not use hard rules and limits that hampers growth.
Yes
No
Credit Rating
No
Follow up action
Our fully managed service tailors and configures the merchants risk template for them, giving them
only two optimized decisions: accept or reject. We make decisions, not predictions.
Other
CashShields machine learning system is updated daily with new fraud trends and data, to raise
alerts on potential threats.
COMPANY PROFILES
81
Authentication Context
Online
Yes
Mobile
Yes
ATM
No
POS
No
Call centre
No
Other
No
Other databases
Yes
Yes
Yes
Certification
Type
Regulation
PCI Compliance
Other remarks
Clients
82
Future developments
Constantly enhancing our system to stay one step ahead of the latest fraud schemes and provide
online merchants with the most comprehensive verification.
WEB FRAUD PREVENTION, ONLINE AUTHENTICATION & DIGITAL IDENTITY GUIDE 2015 / 2016
We make decisions,
not predictions.
ACCEPT
REJECT
mAnAge
gloBAl
frAud
increAse
order
AcceptAnce
Contact us:
europe@cybersource.co.uk
cybersource.co.uk
About cybersource: CyberSource, a wholly-owned subsidiary of Visa Inc., is a payment management company. Over 400,000 businesses worldwide use CyberSource and
Authorise.Net brand solutions to process online payments, streamline fraud management, and simplify payment security. The company is headquartered in Foster City,
California and maintains offices throughout the world, with regional headquarters in Singapore, Tokyo, Miami/Sao Paulo and Reading, UK. CyberSource operates in Europe
under agreement with Visa Europe. For more information, please visit www.cybersource.co.uk
2015 CyberSource Corporation. All rights reserved.
Company Name
CyberSource Ltd.
CyberSource, a wholly-owned subsidiary of Visa Inc., is a payment management company. Over
400,000 businesses worldwide use CyberSource and Authorize.Net brand solutions to process
online payments, streamline fraud management, and simplify payment security. The company
is headquartered in Foster City, California and maintains offices throughout the world, with
regional headquarters in Singapore, Tokyo, Miami / Sao Paulo and Reading, UK. CyberSource
operates in Europe under agreement with Visa Europe. For more information, please visit
www.cybersource.co.uk.
Website
www.cybersource.co.uk
fraud management, risk management, payment security, ecommerce, payments, payment gateway,
rules based payer authentication
Business model
Target market
Contact
CyberSource Ltd. Reading International Business Park, Reading, Berkshire RG2 6DH
VAT No: GB 927 433123
Geographical presence
Worldwide
Active since
1994
Payment Service Provider (PSP), fraud management company, web fraud detection, device
identification
Services
Unique selling points
The only global payment management platform built on secure Visa infrastructurewith
integrations to the worlds largest network of connected commerce partners and transaction
insightsCyberSource solutions power businesses to create new brand experiences, grow sales
and engagement, and keep payment operations safe.
Core services
CyberSource provides fraud management services to help manage the entire life cycle of payment
fraud, including account creation and takeover risk.
Pricing Model
Other services
Yes
CNP transactions
Yes
Yes
Bin lookup
Yes
Geo-location Checks
Yes
Device Fingerprint
Yes
Payer Authentication
Yes
Yes
Yes
No
Credit Rating
No
Follow up action
Other
COMPANY PROFILES
85
Authentication Context
Online
Yes
Mobile
Yes
ATM
No
POS
No
Call centre
Yes
other
No
Other databases
No
Yes
Certification
Type
Regulation
Other remarks
Clients
86
Future developments
WEB FRAUD PREVENTION, ONLINE AUTHENTICATION & DIGITAL IDENTITY GUIDE 2015 / 2016
Company
Entersekt
Please use the version without the mark in
very large or very small applications
www.entersekt.com
Business model
Target market
Contact
Geographical presence
Active since
2008
Services
Core services
Other services
Entersekts patented emCert technology generates public/private key pairs to uniquely identify
enrolled mobile devices and validate two-way communications. A self-contained cryptographic
stack and communications layer enables an end-to-end encrypted channel distinct from that
initiated by the device, so transactions originating from the phone can still be authenticated out
ofband.
Pricing model
Partners
Amazon Web Services, Citrix, IBM, Netcetera, Visa, MasterCard, American Express
Authentication context
Online
Yes
Mobile
Yes
ATM
No
Branch/Point of Sale
No
Call Centre
Yes
Other:
N/A
Yes. Identity proofing and enrolment processes are set by the implementing institution, but there is
no reason why remote device registration should take more than a few minutes. Options available
for enroling a user include phone-based registration via one-time password, scanning a printed QR
code, and a combination of scanning a bank card and inputting the associated PIN.
Yes. Identity proofing and enrolment processes are set by the implementing institution, but there is
no reason why in-branch device registration should take more than a few minutes.
Issuing network
COMPANY PROFILES
87
Attributes offered
Persons
Companies
N/A
Other databases
N/A
Certification
Type
Entersekts flagship product, Transakt, is FIDO Certified as a U2F (universal second factor)
authenticator. Transakt is also validated with the Ready for IBM Security Intelligence program and
Citrix XenApp. Entersekts card-not-present authentication solution is fully accredited by Visa,
MasterCard, and American Express.
Regulation
Entersekts solutions are engineered specifically for the heavily regulated financial sector and
adhere to all major digital banking security mandates, including the requirements set out by the
European Central Bank, the FFIEC, and the Monetary Authority of Singapore. They are compliant
with ISO 21188:2006 (Public key infrastructure for financial services) and utilize hardware
security modules certified as FIPS 140-2 Security Level 3 for encrypting and decrypting all
authenticationdata.
Other remarks
Clients
88
Those listed in the public domain: Capitec Bank; Equity Bank; Investec; Nedbank; Old Mutual;
Swisscard. For others, please contact our sales team.
Future developments
WEB FRAUD PREVENTION, ONLINE AUTHENTICATION & DIGITAL IDENTITY GUIDE 2015 / 2016
entersekt.com
Reduce fraud by up to
80% with Feedzai.
Schedule a demo today to
see what Feedzai can do
in real-time for your own
business data.
info@feedzai.com
US: 650-260-8924
EUR: +351-239-402-166
Company
Feedzai
Feedzai was founded in 2009 by data scientists and aerospace engineers to make commerce safe
for business customers through the use of artificially intelligent machine learning. Feedzais Fraud
Prevention That Learns technology is used by large financial services companies to risk-score over
USD 1 billion of commerce transactions each day.
Website
www.feedzai.com
Business model
Software-as-a-service (SaaS)
Target market
Contact
info@feedzai.com
Geographical presence
Global
Active since
2009
Services
Unique selling points
Feedzai makes commerce safe for business customers and creates a better experience for their
consumers through artificially intelligent machine learning. Financial services companies use
Feedzais anti-fraud technology to keep commerce moving safely.
Core services
Feedzai offers a machine learning platform to manage risk and prevent fraud that can process
transactions at big data scale.
Pricing Model
SAP, Emailage, Socure, Deloitte, EnCap Security, Azul Systems, Cloudera, Datastax
Other services
Yes
CNP transactions
Yes
No
Bin lookup
Yes
Geo-location Checks
Yes
Device Fingerprint
Yes
Payer Authentication
Yes
Yes
Yes
Yes
Credit Rating
Yes
Follow up action
Other
Machine learning
Authentication Context
Online
Yes
Mobile
Yes
ATM
Yes
POS
Yes
Call centre
Yes
Other
COMPANY PROFILES
91
Other databases
No
Yes
Certification
Type
PCIDSS Level 1
Regulation
Directive 95/46/EC
Other remarks
Clients
92
Future developments
Deep learning
WEB FRAUD PREVENTION, ONLINE AUTHENTICATION & DIGITAL IDENTITY GUIDE 2015 / 2016
Company
iovation Inc.
iovation protects online businesses and their end users against fraud and abuse, and identifies
trustworthy customers through a combination of advanced device identification, shared device
reputation, device-based authentication and real-time risk evaluation.
Website
www.iovation.com
device identification, device reputation, online fraud prevention, mobile fraud, account takeover
prevention, device-based authentication, customer authentication, trust scoring
Business model
SaaS
Target market
Online businesses such as retailers, financial institutions, lenders, prepaid cards, insurers, social
networks and dating sites, logistics, gaming/MMO, gambling operators, online auction sites, and
travel and ticketing companies.
Contact
Geographical presence
Active since
2004
Device Identification
Web Fraud Detection, Customer Authentication
Services
Unique selling points
iovation provides real-time SaaS for authentication and fraud prevention that tells our clients if a
customer visiting their site is risky based upon specific criteria for evaluating the transaction or
activity. iovation provides a score and result (allow, review, deny) for every transaction, allowing
our clients to use an automated workflow. iovations global consortium contains the reputations
of nearly 3 billion devices and 25 million fraud events such as chargebacks, identity theft, account
takeovers, online scams and many more.
Core services
iovation offers fraud prevention, customer authentication services and trust scoring/services.
Pricing Model
Per transaction fee based on system usage depending on volume, type of transaction, and length
of contract.
Fiserv, Equifax, ID Analytics, Accertify, Kaspersky, ACI Worldwide, Verisk, Callcredit, Imperva, Zoot
Other services
Our clients have access to the Fraud Force Community, an exclusive private B2B network of
the worlds foremost security experts sharing intelligence about cybercrime prevention, device
identification, new threats and other fraud-related topics.
iovation delivers data in XML format, allowing output to be integrated easily with third-party systems.
No: While we do not offer AVS services, we capture the IP address and its geolocation. We can flag
transactions from blocked countries, as well as notify clients when mismatches occur between
the IP address shown by the users browser and the IP address we collect with our Real IP proxy
unmasking feature.
CNP transactions
Yes: iovations service is primarily used to detect high risk activity at login, account creation, fund
transfer and checkout. In addition, our iovation score helps identity the most trustworthy customers
in our clients review queues so that they can take good business immediately, and offer highervalue promotions to their preferred customers.
Bin lookup
Geo-location Checks
Yes: iovations clients can flag transactions when activity is coming from an unauthorized country
or through a proxy, and they can use our Real IP technology to pinpoint the users actual location.
Device Fingerprint
Yes: iovation offers a defense-in-depth approach to device recognition, supporting native and web
integrations for mobile, tablet and desktop devices.
Payer Authentication
Device-based Authentication
Yes: iovations authentication service allows clients to use their customers known devices to help
verify identity. Authentication happens in real-time, behind the scenes, reducing unnecessary friction.
COMPANY PROFILES
93
Yes: iovations velocity rules flag transactions when thresholds are exceeded. These may include
situations where too many accounts are accessed per device, or too many new accounts are
created within a timeframe. Specific rules include Accounts per Device, Accounts Created per
Device, Countries per Account, Countries per Device, Transactions per Account, and Transactions
per Device. Our service also flags transaction value thresholds, and other transactional velocities.
Yes: iovation clients can flag transactions based on custom-built lists. These can be positive or
negative lists. List types include accounts, devices, IP ranges, ISPs, locations and others, and are
easily managed across rule sets.
Device Anomalies
Yes: iovation clients can flag transactions when device settings are anomalous and indicative of
risk. While individual device characteristics may not be proof of risk, certain characteristics may be
worth monitoring, and several in combination with each other may indicate attempts by the user to
evade detection.
Yes: iovation clients can flag transactions that originate from an account or device already
associated with fraud or abuse. Previous fraud or abuse is recorded in our system as evidence. The
customer sets the types of evidence they want to consider, and decides whether to leverage only
the evidence they log, or consider the evidence of other iovation subscribers.
No
Credit Rating
No
Follow up action
iovations fraud prevention service provides an Allow, Review or Deny result for each transaction.
Clients then decide the best course of action to take in response to these results. iovation also
returns detailed information about the device associated with the transaction; clients can store this
data and correlate it back to identity management and other systems as needed.
Authentication Context
Online
Yes
Mobile
Yes: iovations mobile SDK for iOS and Android identifies jailbroken or rooted devices, and captures
device location through IP address, network-based geo-location information, and GPS data. The
location services expose mismatches between the reported time zone and location, long distances
between transactions made in short periods of time, and other location-based anomalies. It also
detects transactions originating from virtual machines or emulators.
ATM
No
POS
No
Call centre
No
No
Other databases
MaxMind IP geolcation
Yes: iovation delivers comprehensive online fraud prevention for mobile, tablet and PC-based
transactions.
Our services focus on online transactions and complement a multi-channel prevention system.
Certification
Type
Regulation
iovation follows strict Quality Assurance processes for new products and services, and offers
Service Level Agreements (SLAs) which include 99.9% uptime as a part of all customer
agreements.
Other remarks
Clients
94
NetSpend, Bazaarvoice, Intuit, CashStar, Aviva Insurance, New Era Tickets, AT&T Performing Arts
Center, SG North and hundreds more.
Future developments
WEB FRAUD PREVENTION, ONLINE AUTHENTICATION & DIGITAL IDENTITY GUIDE 2015 / 2016
Company
Website
www.miteksystems.com
Business model
Transaction model
Target market
Contact
sales@miteksystems.com
Geographical presence
Global
Active since
2004
Identity verification
Services
Core services
Other services
Mobile ID verification bridges the gap between usability and security with mobile capture and ID
docment verification. This boosts conversion rates, lowers onboarding costs and allows you to
safely and securely approve more good customers for mobile transactions.
Pricing model
Transaction based
Partners
Saas
Authentication context
Online
Yes
Mobile
Yes
ATM
No
Branch/Point of Sale
Yes
Call Centre
No
Other:
ISO 27001
N/A
N/A
Issuing network
N/A
Attributes offered
Persons
Companies
N/A
N/A
Other databases
N/A
COMPANY PROFILES
95
Certification
Type
ISO 27001
Regulation
KYC
N/A
Other remarks
N/A
Clients
96
Future developments
N/A
WEB FRAUD PREVENTION, ONLINE AUTHENTICATION & DIGITAL IDENTITY GUIDE 2015 / 2016
Company
Perseuss
Perseuss is the global travel industrys own solution to the battle against fraud. Its flagship offering
is an online shared negative database, recently updated to include email age verification and
artificial intelligence. It also operates FraudChasers, an online forum for anti-fraud professionals.
Perseuss plays a major role in cross-border police Action Days to apprehend fraudsters.
Website
www.perseuss.com
fraud prevention, data sharing, collaboration, artificial intelligence, trusted platform, fraud data,
negative database, positive database
Business model
Subscription service
Target market
Airlines, online travel agents, rail companies, hotels, car rentals, gaming and gambling, other online
businesses
Contact
info@perseuss.com
Geographical presence
Global
Active since
2009
Technology vendor
IATA
Services
Unique selling points
Perseuss is a secure community platform where merchants can legally share information about
fraud cases they have encountered. Each member has access to the common database containing
details of online purchases which were involved in either suspicious transactions or in confirmed
fraud. It allows each business to verify their own sales data to identify any suspicious transactions.
Core services
Data sharing platform including analysis, reporting, scoring and e-mail age verification.
Pricing Model
Other services
Accertify, ACI Universal Payments, Adyen, DataCash, Ingenico Payment Services, Wirecard,
Worldpay, Ypsilon
No
CNP transactions
No
No
Bin lookup
Yes
Geo-location Checks
No
Device Fingerprint
No
Payer Authentication
No
No
No
Credit Rating
No
Follow up action
No
Other
Authentication Context
Online
Mobile
ATM
POS
COMPANY PROFILES
97
Call centre
Other
No
Other databases
No
Certification
Type
Regulation
Other remarks
Clients
98
Future developments
WEB FRAUD PREVENTION, ONLINE AUTHENTICATION & DIGITAL IDENTITY GUIDE 2015 / 2016
Company A
(e.g. Travel Agent)
Sees suspect transaction so checks
details against database. This shows
two other instances of same details
used fraudulently. Analyst reviews
case, decides to decline booking and
adds the booking data to Perseuss.
PERSEUSS
DATABASE
Company B
(e.g. Airline)
A few hours later Company B has
a match with one of the data
elements uploaded by Company
A. This uncovers a whole series of
bookings that turn out to be fraud.
Contact Us
Perseuss
Schellingweg 17D
NL-1507 DR. Zaandam
The Netherlands
+31 75 653 94 04
info@perseuss.com
ALWAYS ONE
STEP AHEAD OF THE
FRAUDSTERS
Reduce fraud and grow profits with smarter fraud prevention from Risk Ident
RETAIL
TRAVEL
TELECOMS
PAYMENTS
FINANCIAL SERVICES
GAMING
Company
Risk Ident
Risk Ident offers anti-fraud solutions for companies within the ecommerce and financial sectors,
empowering fraud managers with intelligence and self-learning machine technology to provide
stronger fraud prevention. Risk Ident are experts in device fingerprinting and behavioural analytics,
while its products are specifically tailored to comply with European data privacy regulations.
Website
http://riskident.com
online fraud prevention, account takeover prevention, device indentification, worlwide device pool,
automatic fraud detection, fraud case processing, credit risk evaluation, credit scoring
Business model
Target market
Web merchants, financial institutions, payment services providers, online communities, gaming and
gambling, other online businesses
Contact
contact@riskident.com
Geographical presence
Active since
2013
Services
Unique selling points
Risk Ident is a leading software developer for credit risk and fraud prevention tools. We are
experts in applying trending algorythms and other machine learing components on different data
feeds to indentify consumer credit and fraud risks in ecommerce. We also offer our own device
fingerprinting solution, specializing in recognition of mobile devices.
Core services
Pricing Model
Monthly fees per user (fraud and credit software) / per transaction (device fingerprinting)
Other services
Yes
Yes
CNP transactions
Yes
Yes
Bin lookup
Yes
Geo-location Checks
Yes
Device Fingerprint
Yes
Payer Authentication
Yes
Yes
Yes
Yes
Credit Rating
Yes
Follow up action
Various
Other
Authentication Context
Online
Yes
Mobile
Yes
ATM
POS
(Yes)
COMPANY PROFILES
101
Call centre
Other
Other databases
Yes
Yes
Certification
Type
Regulation
Other remarks
Clients
102
Client lists for DE, CH, AT, UK, FR on request / Key investor Otto Group (#2 European online
merchant)
Future developments
Full credit and fraud risk service for online merchants and financial institutions.
WEB FRAUD PREVENTION, ONLINE AUTHENTICATION & DIGITAL IDENTITY GUIDE 2015 / 2016
Company
Signicat
Signicat is a secure identity cloud service provider with deep expertise in online electronic id
(e-ID), advanced electronic signatures and PKI solutions. Wide coverage of national and public
e-IDs in Europe accessible through one single point of integration. Signicat offers a secure and
smooth integration for more than 150 customers cross border in industries like financial services,
ecommerce and public sector. The services are available cross channel on multiple devices.
Website
www.signicat.com
Business model
Target market
Horizontal, with focus on financial services industry including card issuers and PSPs, telco and
government
Contact
Arne Vidar Haug, VP Bus Dev & Ole Christian Olssn, VP Sales
Geographical presence
Norway, Sweden, Denmark, Finland, the Netherlands, Estonia, Lithuania, Latvia, Spain
Active since
2007
Services
Core services
Signicat offers customers access to wide range of European national e-IDs and eSignature services
including timestamping, long term archiving and re-signing as a service. The company also
provides issuing of IDs like password with SMS-otp and app-based Mobile ID in addition to single
sign-on and identity services.
Other services
Secure Web Forms, Single Sign-On based on pure SAML 1/2, ready made integration with IBM
Tivoli, JAVA, .NET, SharePoint Oracle IAM and WebCenter/UCM.
Extend customer relationships, dialogue and self-service capabilities through our range of services.
Connecting to available services through one standard interface (saml 1/2 etc.) that shortens time
to market, improves ROI and offers customers the ability to focus on their core business.
Pricing model
One time connection fee, pluss combination of monthly subscription and transaction fees.
Partners
Close relationships with ISVs, Sis, tech companies (IBM, Oracle, Microsoft) and Biznode among
others. Plug-ins to SalesForce and SuperOffice among others.
Cloud based services on industrial standardized protocols like XML, SOAP, SAML and HTTP.
Authentication context
Online
Mobile
ATM
N/A
Branch/Point of Sale
Call Centre
Other:
Standardized interfaces available for integration for multiple services in need of authentication and
digital signatures.
N/A
Self service process, issued in a minute. Establishment of solution takes approx 2-5 days.
Issuer process face-to-face is handled by public or national eID issuer dependant on country.
Issuing network
Online services like e-mail and SMS in addition to postal network, bank branches, notaries.
COMPANY PROFILES
103
Attributes offered
Persons
Name, address, SSN, birthplace, age, country, etc. Information available depends on selected
e-IDused.
Companies
Other databases
Certification
Type
Regulation
EU Signature Directive, ETSI in addition to the national directives for countries in Europe based on
the EU Directive.
OWASP, ETSI
Other remarks
Clients
104
Norwegian Post, SEB, If, Santander, Nykredit, Bank Norwegian and Norwegian Educational State
Fund among others.
Future developments
Continued support for new e-IDs in Europe including enhancements to Signature solutions, for
example German nPA, Dutch eHerkenning and Swiss SwissID.
WEB FRAUD PREVENTION, ONLINE AUTHENTICATION & DIGITAL IDENTITY GUIDE 2015 / 2016
Company
Socure
Socure is the leader in digital identity verification. By applying machine-learning techniques
with biometrics and intelligence from e-mail, phone, IP and online/offline and social media data,
Socure bolsters fraud prevention and KYC/OFAC compliance programs for enterprises conducting
business in over 180 countries, helping them to combat identity fraud, prevent account takeover,
and increase consumer acceptance.
Website
www.socure.com
identity verification, biometrics, fraud risk mitigation, KYC compliance, AML, OFAC, technology
Business model
Subscription-based SaaS
Target market
Financial institutions
Contact
info@socure.com +1.866.932.9013
Geographical presence
Active since
2012
Digital identity service provider, technology vendor, web fraud detection company
Services
Unique selling points
Patented technology that uniquely blends trusted email, phone, online and offline data including
social media network data and facial recognition. Ability to resolve identities across broad
population using alternative data and provide fraud risk estimation assistance, easily integrates into
existing processes. Technology is adaptive machine learning, where AI compensates to learn from
false positives and improve predictive power over time, both globally and on a per-client basis.
Core services
Socure provides identity verification services, fraud risk mitigation, CIP/KYC program compliance,
financial inclusion, facial biometrics for transation verification.
Pricing Model
Other services
Yes
CNP transactions
Yes
No
Bin lookup
No
Geo-location Checks
Yes
Device Fingerprint
Yes
Payer Authentication
Yes
No
Yes
Yes
Credit Rating
No
Follow up action
Other
OFAC checks
Authentication Context
Online
Yes
Mobile
Yes
ATM
No
POS
Yes
COMPANY PROFILES
105
Call centre
No
other
Customizable
Other databases
Yes
Yes
Certification
Type
Regulation
Privacy compliance
Other remarks
Clients
106
Future developments
WEB FRAUD PREVENTION, ONLINE AUTHENTICATION & DIGITAL IDENTITY GUIDE 2015 / 2016
Company
Wirecard AG
Wirecard AG is one of the worlds leading independent providers of outsourcing and white label
solutions for electronic payment transactions. Wirecard`s global multi-channel platform bundles
international payment acceptances, methods and fraud prevention. Wirecard provides companies
with an end-to-end infrastructure for issuing products, including the requisite licenses for card and
account products.
Website
www.wirecard.com
ecommerce, mobile payment, risk management, acquiring, issuing, credit cards, online banking,
POS payment processing
Business model
Target market
Online shoppers, financial institutions, payment services providers, government services, online
communities/web merchants, gaming and gambling, other online businesses
Contact
Geographical presence
Active since
1999
Digital identity service provider, technology vendor, web fraud detection company, payment service
provider (PSP), issuer, acquirer
Services
Unique selling points
Core services
Fraud prevention for card payments and alternative payment methods, credit scoring, decision
logics for credit limit calculation, transaction checks, merchant monitoring
Pricing Model
Other services
Yes
CNP transactions
Yes
Yes
Bin lookup
Yes
Geo-location Checks
Yes
Device Fingerprint
Yes
Payer Authentication
Yes
Yes
Yes
Yes
Credit Rating
Yes
Follow up action
Other
Fraud Prevention Suite with detailled Business Intelligence tools, 3D-Secure, CUP-Secure, Trust
Evaluation Suite
COMPANY PROFILES
107
Authentication Context
Online
Yes
Mobile
Yes
ATM
Yes
POS
Yes
Call centre
Yes
Other
Other databases
Yes
Yes
Certification
Type
Regulation
N/A
Other remarks
N/A
Clients
108
Future developments
Not to be disclosed.
WEB FRAUD PREVENTION, ONLINE AUTHENTICATION & DIGITAL IDENTITY GUIDE 2015 / 2016
FINANCIAL
TECHNOLOGY FOR
MORE THAN 20,000
CUSTOMERS.
Wirecard is the leading
specialist for payment
processing and issuing.
wirecard.com
Glossary
A
Authentication
Account takeover
Authorization
Account Creation Fraud
The first four to six digits on a credit card, which can be used to
identify the Issuing Bank that issued the card. BINs are traditionally
Big Data
card provided by the user with the address on file at the credit
card company. The other security features for the credit card
Biometrics
Biometric Data
Application fraud
knowledge.
ATM fraud
Biometric Verification
transaction at an ATM.
110
WEB FRAUD PREVENTION, ONLINE SECURITY & DIGITAL IDENTITY MARKET GUIDE 2014 / 2015
BYOD
Cookie
and systems.
preferences.
Credential
A device inserted into an ATM card slot which captures the data
Cardholder-not-present fraud
Using stolen cards or card details and personal information, a
or by mail order.
theft.
Crimeware Tools
Chargeback
Criminal organisation
Counterfeiting
case of fraud. The fraud can result from the unauthorized use of
original items.
Consumer authentication
The term used to describe tools intended to verify that the person
GLOSSARY
111
Cryptography
Detection rate
Digital Identity
Data breach
Data capture
E-ID services
Services for entity authentication and signing data.
Device ID
The unique serial number or fingerprint that a particular device has
(e.g. CPU + graphics card) and can include a threshold (i.e. less
that use EDI can transfer data from one branch to another and even
Device Spoofing
Encryption
End-to-end encryption
Endpoint authentication
A security system that verifies the identity of a remotely connected
112
EMV
EMV stands for Europay, MasterCard and Visa, a global standard for
businesses targeted.
WEB FRAUD PREVENTION, ONLINE SECURITY & DIGITAL IDENTITY MARKET GUIDE 2014 / 2015
Fraud prevention
Face recognition
False Positive
The amount of good or true accounts flagged by the fraud prevention
Fraud screening
system as fraudulent.
Firewall
reducing the need for manual reviews, minimizing bad sales and
Friendly fraud
Fraud detection
make the purchase and/or did not receive the goods or services.
Set of diverse and ideally automated tests which help fraud protection
forced to manage different credentials for every site they use. This
Location & Proxy Detection, and NPA NXX Area Code Web Service.
Ghost terminal
Skimming device where a fake ATM touch pad and reader are
First-party fraud
PIN, but will not process the transaction since the legitimate ATM
customers.
Forgery
GLOSSARY
113
Identity theft
Hacker
system or network.
theft can take place whether the fraud victim is alive or deceased.
Hash function
Identity Provider
are called hash values, hash codes, hash sums, or simply hashes.
recording or destruction.
Interchange fees
The interchange fee, also called the discount rate or swipe fee,
fee for accepting credit cards. The amount of the rate will vary
depending on the type of transaction, but averages about 2% of
Identity
The fact of being what an entity (person or a thing) is, and the
Interoperability
A situation in which payment instruments belonging to a given
Identity provider
Identity Spoofing
Internet fraud
114
WEB FRAUD PREVENTION, ONLINE SECURITY & DIGITAL IDENTITY MARKET GUIDE 2014 / 2015
IP Address Spoofing
Malware
techniques.
Man-in-the-browser
A form of internet threat related to man-in-the-middle (MITM),
Man-in-the-middle
In cryptography and computer security it is a form of active
making them believe that they are talking directly to each other
Money laundering
the degree of confidence that the individual who uses the credential
Machine learning
national economy.
GLOSSARY
115
Multi-factor authentication
One-time password
Pharming
by special software.
Online fraud
frauds.
Phishing
Online fraudster
OpenID
PIN
with their preferred OpenID identity providers, and then use those
OpenID authentication.
Password
PA DSS
116
WEB FRAUD PREVENTION, ONLINE SECURITY & DIGITAL IDENTITY MARKET GUIDE 2014 / 2015
Risk-Based Authentication
A solution that encrypts card data from the entry point of a merchant's
addition to who the user is, from where they are logging in, and
processor.
Privacy
Smart card
the user.
credential identification).
Secure element
Proofing
identity vetting.
Security
continuously.
fraudsters.
obsolete "consumer".
A method that identifies general business and security risks for the
purpose of determining the adequacy of security controls with the
Risk assessment
GLOSSARY
117
Skimming
Threat
on an asset.
Social engineering
The types of information these criminals are seeking can vary, but
when individuals are targeted the criminals are usually trying to
communication.
Third-party fraud
Social Security Fraud
third-party.
Third-party
A security authority trusted by other entities with respect to security
Spear Phishing
related activities.
Token
Spoofs
set to smart cards or mobile phones. Tokens can be used for both
Tokenization
The process of substituting a sensitive data with an easily reversible
3DSecure
Trust
118
WEB FRAUD PREVENTION, ONLINE SECURITY & DIGITAL IDENTITY MARKET GUIDE 2014 / 2015
Trusted framework
Vishing
The act of using the telephone in an attempt to scam the user into
security and privacy policies of the party who issues the credential
Trusted third-party
Voice authorization
Two-factor authentication
or telex communications.
User account
phone.
Unique identity
A partial identity in which at least a part of the attributes are
identifiers. Since at least some of the attributes (or combinations
thereof) are identifiers, the entity can be uniquely identified through
the unique identity within a certain context. A unique identity is an
identifier such as a unique number or any set of attributes that
allows one to determine precisely who or what the entity is.
Validation
Confirming that information given is correct, often by seeking
independent corroboration or assurance.
Verification
The process or an instance of establishing the truth or validity of
something.
Virus
A program that can replicate itself by inserting (possibly modified)
copies of itself into other programs, documents or file systems;
this process is described as the infection of a host.
GLOSSARY
119