In this episode Frank is joined by Dan Welch, SVP of Global Services at ThreatMetrix. They explore the power of the network approach to fighting fraud, the benefits of the champion/challenger model, and the upward trend of the mobile channel.

Transcript

Frank:   Hey, everybody. Welcome to another edition of Digital Identity 360. I am privileged and honored today to be joined by Dan Welch, Senior Vice President of Global Services at ThreatMetrix, a valued colleague here and really Dan, you live at the tip of the spear, as it were, as it relates to the implementations that our customers go through in onboarding the ThreatMetrix service. So, a pleasure having you, man. Thanks for joining.

Dan:   I have to say, I see you doing these things in palatial resorts with palm trees and in front of huge auditoriums and we’re in this cramped studio, I mean, what gives?

Frank:   Well, here’s what’s really cool, the green screen accomplishes everything we need to and I’m sure that our production folks are gonna have a fantastic backdrop as we go to market.

Dan:   I want a palm tree.

Frank:   There you go. But hey everybody, it’s really neat to have Dan here because Dan really does live right where our customers are implementing and using the service and it’s really fascinating, Dan, to hear some of the stories that come from your team because they’re really dealing with the nexus of the actual use case problem. Fraudsters, you know, returning good customers with too much friction, those kinds of things. Maybe talk a little bit about what you’ve seen as general trends and themes across our various verticals last year in our customer base. And then as we talk about that, we’ll jump a little bit into the power to predict and empowering the network and those kinds of things.

Dan:   Great. Well, I’ve seen everything under the sun, Frank. We regularly hold QBRs, quarterly business reviews, with our customers and we’ve literally been demonstrating the portal and caught an attack in the meeting. Just because the network gives us that sort of visibility. We’ve also seen attacks where we’ve been able to go back and run multi-threaded queries and tell not only the history of the attack for that client, but everywhere in the network where that type of attack has occurred, and because then we can see the progression of the attack over time, we can spot new customers that are only just now in the first stages of the attack. And when I mean that it’s, stage one might be social engineering to get credentials, stage two might be changing a phone number in an account so that stage three, you can arrange a wire to yourself.

Frank:   It’s interesting, really two cool concepts to take away from that. And they are really demonstrative of what our view of empowering a network. I mean, we’ve gone from building a network and global shared intelligence to really having now such critical mass that these vectors and these trends become really meaningful to other customers. And it’s amazing to think of the real time power of catching an attack mid-flight, while you’re demonstrating the network, right? And not equally importantly, the fact that you now have kind of a DNA strand of what attacks look like and can be predictive when you see that same kind of behavior repeating itself at another customer. And maybe a different vertical, just a different attack where you go, “Hey, there’s something about this attack and these attack points that are familiar to us.” And we deal with it.

Dan:   And now, with the soon to be, I didn’t mean to talk over you. Soon to be introduction of consortium functionality, if anybody witnesses one of these attacks, they can share that data amongst themselves and say, “Hey, this persona is blacklisted as far as we’re concerned” and then other people in that consortium, you have to be in the consortium to play, but will be able to decide how they want to act on that information.

Frank:   Yeah, everybody, one of the really cool features of now having built this network of such pedigreed and fantastic customers is that we really are independent enough that they view us as good stewards of consortiums. So they realize, “Look, I wanna participate in this and share data amongst ourselves, knowing full well that it only ever will be used for front interdiction or preventing these known actors from propagating the same attacks somewhere else.” Talk a little bit, Dan, about the expansion of the consortium from financial services and where we think that might wind up going.

Dan:   Well, beyond financial services, there’s also other agencies and other joint ventures, if you will, by the banks and I’m forgetting the acronym right now, but it’s something like NFSTA or many letters like that, that basically exist to help these organizations cooperate and then take the next step into law enforcement.

Frank:   Yes. That’s right. It’s very neat. I think there’s enough people realizing, we’ve always said here at ThreatMetrix that it takes a network to fight a network.

Dan:   Yes.

Frank:   I think people are realizing it does take network to fight a network and I wanna be part of that, right?

Dan:   Well, because there’s criminal consortiums.

Frank:   That’s right. That’s exactly right. Swimming around so they can have a consortium model. One of the other interesting things, as you think about the deployment of our technology, has been the ability this year to bring physical attribution and digital attribution together. And this marks almost our first anniversary since the acquisition and there’s been a really concerted effort to say, how do we take the power of anonymous digital identities across the 1.6 billion or so identities that we have and inform them with very powerful physical attribution. How was your team seeing those two worlds coming together between our digital and identity issues and the physical world that Lexis brings to the table?

Dan:   Well, first off, our client could elect to augment their data with Lexis data but they could go further and augment the digital identity with that physical data, which will allow them to get a much higher match rate on the personas and do much more data science off of that.

Frank:   That’s right. Yeah. One of the interesting examples I like to use is imagine you’re a peer to peer lender and Frank shows up to apply for a loan and Frank’s digital identity is pristine but Frank’s digital identity is not predictive of credit worthiness. It simply means that Frank’s a good internet citizen, we’ve seen him operating within the bands of what’s normal behavior on the internet and yet, Frank’s applying for a $250,000 loan. And a quarter of a million bucks is enough for people to say, “Hey, is this guy gonna pay it back?” And I think the idea of being able to say in that same transaction workflow, his digital identity is great, we know who he is, we know how he behaves, we know a lot about Frank in terms of his digital identity and his behavior on the internet, and oh, by the way, we now have the ability to reach out to a record and say, “He’s also credit worthy. He’s never declared bankruptcy, he’s never missed a loan, his appropriate scores are where they are” and I think it’s really interesting in that same kind of context of an anonymous workflow, to be able to validate not just the risk of allowing the transaction to proceed, but also enriching it with ideas like, is there a credit worthy element to this individual? Are you seeing that kind of power manifesting itself, probably not yet, but sometime in the near future?

Dan:   Yeah, I can see it. I haven’t seen it. One thing that you made me think about, about not only cross-organization but cross-industry is, in some of these investigations that we’ve done, we’ve noticed that people are very active in retail or other industries, not just attacks on banks.

Frank:   Yeah.

Dan:   So we might see them at three or four different banking institutions but also at a auction site.

Frank:   Yeah, that’s right. I think the reality is most of the folks that we at deal with and here within the company are opportunistic. You know, wherever the point of least resistance is, I’m gonna try to take advantage of that. One of the interesting things, Dan, that we talked about getting ready for the digital episode, was this notion of champion/challenger. And one of the realities of how difficult it is in mid-flight, to assess whether or not you have the most efficient and proper deployment of a rule set. Talk a little bit about a champion/challenger in our opportunities this year.

Dan:   First, it’s one of the most popular features that we’ve ever launched. Customers love it. As a former technologist, I would have loved it because one of the biggest challenges I had was developing a pristine sandbox, perhaps comprised of prior periods that I could rerun. But then curating that data to make sure it covers enough of types of examples and that the dates are current and so forth became difficult. So it was always a challenge to make sure that our sandbox environment had the right efficacy. Now we can put the production role and the challenger role in production at the same time and over time measure the efficacy of the rule and then you can decide whether or not to swap the two and say, “Now, I’m gonna put my challenger rule into production and develop a new challenger rule.” So it’s extraordinarily popular and it solves a big problem.

Frank:   Yeah, here is the thing, one, it eliminates disruption. I’ve got a rule set I know wor