Facing millions of dollars in Web fraud losses, companies cannot rely solely on strong user authentication for online banking, e-commerce and similar sites (as underscored by the Federal Financial Institutions Examination Council [FFIEC]). Once user credentials have been stolen or spoofed, authentication controls are no longer effective by themselves. Web fraud detection systems then become critical for identifying and stopping fraud before the losses pile up. These products typically share a set of basic features, such as detection of account origination, account takeover and payment fraud, but may use different detection methods and offer value-adds that make individual products stand apart from others.
This article compares Web fraud detection systems from several leading vendors: 41st Parameter, Accertify Inc., Easy Solutions Inc., Guardian Analytics, IBM Trusteer, iovation, Kount Inc., RSA and ThreatMetrix, with Intellinx considered an outlier in this line-up. Let's look at how the products compare against purchasing criteria for Web fraud detection systems -- as outlined in the previous article in this series.
Industry sector focus: Web fraud detection
Guardian Analytics FraudMAP and IBM Security Trusteer are designed for the banking and financial services industry, although they both support general e-commerce as well. Accertify Fraud Management is geared mainly toward e-commerce environments (the company is owned by American Express Co.). In fact, Fraud Management is tightly woven into American Express and can integrate with that company's risk management features.
The rest of the 10 Web fraud detection systems featured in this article cover a gamut of industries, which include banking/financial services and e-commerce, as well as social networking, travel, gaming, insurance and government agencies engaged in e-government. For example, 41st Parameter (part of Experian) and Easy Solutions cater mainly to e-commerce merchants, financial institutions and travel services providers. Kount, on the other hand, aims at business-to-business (B2B) organizations, digital goods retailers, gift card issuers, online gaming, insurance, travel, ticketing and events, as well as many other industries.
Multiple layers of Web fraud detection systems
One of the most important features for Web fraud detection systems is the incorporation of multiple layers of detection. Endpoint features analyze user devices for identity, location and authentication data, among other factors. Navigation features analyze Web session data to detect anomalies and flag high-risk users or devices. Transaction analysis looks for fraudulent activity by comparing what are considered "normal" user transactions.
Multiple layers of general security are also essential to reducing Web fraud. Some vendors focus solely on fraud detection, with the expectation that customers will provide antimalware and other forms of security protection from third-party sources, where other vendors build in malware detection on endpoints, administer controls and checks for man-in-the-middle attacks, phishing and so on.
All of the featured Web fraud detection systems covered in this article provide multiple layers of detection and security to varying degrees.
Easy Solutions offers one of the most comprehensive products among the featured vendors. The company's Total Fraud Protection emphasizes "leveraged intelligence across multiple layers" and covers endpoint identification, strong authentication monitoring, navigation analysis and transaction monitoring, as well as proactive malware detection, controls for email spoofing, transaction risk monitoring and much more.
Kount, Guardian Analytics, IBM Security Trusteer and RSA also rank high regarding multiple layers of detection and security protection. The IBM Security Trusteer suite provides tools for preventing malware and phishing-related fraud attacks, as well as risk analysis. Online banking customers may already be familiar with Trusteer Rapport, one of the first readily available browser plug-ins that adds an additional layer of protection for user credentials and personal information. Easy Solutions also provides user-centric safe browsing, but it goes one step further by reporting detected malware on the user device to a deactivation tool.
RSA Transaction Monitoring requires the RSA FraudAction 360 Anti-Trojan Service and RSA Adaptive Authentication for more complete protection.
Accertify, part of AmEx, provides an adequate layered product, which focuses mainly on fraud management for payment card acceptors.
Iovation and ThreatMetrix are mainly device-based; that is, they focus on device recognition and device-based authentication. Likewise, 41st Parameter appears to be more endpoint-based.
Intellinx offers user behavior profiling and transaction analysis, as well as online application profiling to detect malware and distributed denial-of-service attacks. Its most unique feature is a visual replay of user screens, which allows an investigator to replay a user's activities.
Analytics and profiling
Easy Solutions, Guardian Analytics, Intellinx, Kount, RSA and ThreatMetrix employ predictive behavioral analytics, which analyzes account holder behavior and detects anomalies based on expected behavior.
41st Parameter and Accertify rely on rule-based analytics -- pattern-based recognition of what is already known. The problem with relying only on rule-based analytics is that statistical models can be inaccurate, which can result in a high rate of false negatives and false positives, thereby increasing costs and personnel resources needed to resolve such matters.
For its part, Kount Complete uses a combination of rule-based and behavioral analytics, thereby capitalizing on the strengths of each approach. That combination also helps offset certain weaknesses, especially by reducing false negative or positive findings.
Indeed, analytics is the meat in each Web fraud detection system -- the more accurate its analytics, the better the detection rate. Analytics are also a significant factor in the quality of a product. Vendors create proprietary analytics or modeling engines to achieve the highest detection rates possible. For example, Guardian Analytics' FraudMAP Online uses a proprietary behavioral analytics implementation called "Dynamic Account Modeling" to detect suspicious online activity, account compromise and fraudulent transactions. FraudMAP Online can also detect known and emerging threats.
IBM Security Trusteer includes proprietary Pinpoint Criminal Detection software that uses "evidence-based" methods of fraud detection. Pinpoint Criminal Detection correlates a combination of device, geolocation and transactional modeling with a database of fraud indicators. Like its competitors, the product detects login and transaction anomalies and creates a risk score for account takeovers, but also uses device fingerprinting to detect newly spoofed devices, can detect remote access tools (RATs) used by criminals and can identify phishing incidents in real time.
Integration of alternative data sources/external intelligence information
Accertify, Easy Solutions, Guardian Analytics, IBM Security Trusteer, iovation, RSA Transaction Monitoring and ThreatMetrix integrate external intelligence into their products. For example, Accertify relies on three data sources: a company's data generated across all channels (websites, call centers and so on), other merchants conducting the same types of transactions and third-party sources such as Emailage, an email fraud-risk assessment and scoring product.
Easy Solutions' threat intelligence is called Detect Monitoring Service (DMS). The company constantly monitors websites and social networks, and incorporates threat data into its DMS databases. Easy Solutions' Total Fraud Protection product includes Detect Safe Browsing (DSB), which is software installed on user devices that scans for malware and reports back to DMS. This combination helps to detect and prevent damage from threats, not only to users with DSB software installed, but to Easy Solutions customers in general.
RSA maintains the eFraudNetwork (eFN) service, a large cross-platform, cross-institutional (financial, e-commerce, healthcare, among others) global network that identifies and tracks online fraud. EFN facilitates threat information sharing, both confirmed and bogus, among its customers and partners. RSA Transaction Monitoring, as well as other RSA antifraud-related products, use eFN to help determine fraudulent activity.
ThreatMetrix has the ThreatMetrix Global Trust Intelligence Network, a digital identity network that analyzes over one billion transactions every month. The Network compares a consumer's device identity, persona and behavior from every transaction to previous activity, in real time.
Compliance with regulations and standards
There are two ways to look at compliance when evaluating Web fraud detection systems -- whether the vendor meets its compliance requirements and whether the product helps a customer meet compliance.
41st Parameter, Accertify, Easy Solutions, iovation and Kount are Payment Card Industry Data Security Standard (PCI DSS)-certified. Easy Solutions is also a Certified Qualified Security Assessor company, which means it is certified to assist e-commerce merchants and financial institutions in meeting their own PCI DSS compliance. Accertify is also ISO/IEC 27001-certified, a SSAE 16-certified data center provider and EU Safe Harbor-registered.
Easy Solutions, Guardian Analytics, IBM Security Trusteer, Kount, RSA and ThreatMetrix support FFIEC compliance.
Platform and pricing structure
Most Web fraud detection systems are sold as software as a service (SaaS), based on transaction volume. However, other factors such as industry sector, transaction risk, geography and partner integration can also affect pricing. Vendors who offer SaaS-based products include 41st Parameter, Accertify, Guardian Analytics, IBM Security Trusteer, iovation, Kount, RSA and ThreatMetrix.
Easy Solutions is a software product, is not SaaS-based, and is priced on a per-device basis. Customers must purchase Easy Solutions through a reseller.
Finding the right Web fraud detection system
Non-banking organizations that are in the market for a solid, comprehensive Web fraud detection system should look first to Easy Solutions Total Fraud Protection, Kount Complete and RSA products. Because Accertify is owned by American Express, it's designed with Amex integration in mind and can perform deeper analysis on Amex transactions. Banking and financial institutions may fare best with products geared specifically for that industry, such as Guardian Analytics FraudMAP and IBM Security Trusteer.
Be sure to check out the other features in this series:
Part one is an introduction to Web fraud protection products.
Part two defines four scenarios for deploying Web fraud protection products in the enterprise.
Part three outlines five criteria to consider before purchasing Web fraud protection products.