Thursday , March 28, 2024

The 41st Parameter Fights Online Fraud with Not-So-Obvious Data

The need among online merchants and banks to harden their Web sites against phishing, pharming, and other attacks only rises by the month, and that's helping to drive business for startup companies like The 41st Parameter Inc., Scottsdale, Ariz. The company, formed last year, takes its name from its belief that transaction fraud can be better managed with data that's available but not captured by Web sites. While online merchants and their gateway processors typically collect up to 40 pieces of information on each transaction, including cardholder name, card-verification value, and other such data, The 41st Parameter collects this information plus other, less obvious data?hence its name. “What they're not collecting is the 41st parameter,” says founder Ori Eisen, who resigned last year from American Express Co. to start his company. “With 40 parameters you can only do so much analytics.” Much of the data his system captures is floating on the Internet, he says. The trick is to recognize it, analyze it, and interpret it properly. Some of these are telltale data points that help identify fraudulent users but are not intuitively obvious. Take, for example, the time difference registered between a PC's clock and a server's clock when a user logs onto a merchant's site. It turns out this “time diff linking,” as the company calls it, can be used in tandem with other information to establish the odds that the user is who he claims to be. Then there's “EZKeys,” a program that identifies suspicious users by assigning values to the distances between keys on a computer keyboard and totaling the values on a user's keyed entry. Fraudsters, looking to make quick work of their transactions, will tend to use closely grouped keys to type nonsense entries when the actual data aren't required, Eisen says. These are just the programs Eisen is willing to talk about. Altogether, The 41st Parameter's system runs some 266 algorithms, up from 22 when it started. It has three patents pending, including those on TimeDiff Linking and EZKeys. The common thread running through all of these programs is the identification of users without requiring any extra action by users, from entry of elementary passwords up to plugging in hardware tokens. “I'm against changing customer behavior,” Eisen says. “You can't change millions of consumers.” The company's two main products, FraudNet and PhishingNet, are aimed at mid-sized and larger Internet merchants?those doing at least 5,000 orders a day. Says Eisen: “It took us four years to write [this software]. It's intended for people who can benefit the most from the technology and can pay for it.” Eisen won't discuss pricing but says it includes consulting services after installation. Although The 41st Parameter's software is geared to batch-processing, Eisen says he will roll out a second-generation, real-time system by the end of June that will be capable of handling 5,000 transactions a second. So far, Network Solutions?where, as an employee, Eisen tamed a rampant chargeback problem that had led to Visa threatening termination of card acceptance?has installed the company's software, as have two other clients, 2checkout.com and Intelius, whose site sells background information on persons and businesses. Eisen says another two or three clients should be on stream by year's end. Business is beginning to percolate. Revenues will hit $1 million this year and could quintuple next year, Eisen projects. Says he: “If everything goes as planned, we'll have exponential growth in '06.” Eisen stresses he is in the business of increasing the odds that clients can identify fraudulent transactions, an exercise in probabilities in which certainty can't be achieved. “Everybody's trying to find a binary answer?is it good or is it bad?” he says. “Fraud work can't be done this way. It's risk management. There's no such thing as risk elimination.”

Check Also

Visa And Mastercard Agree to Merchant Rate Cuts and Acceptance Changes in a Major Settlement

Merchant lawsuits challenging credit card interchange and payment card network rules that began nearly two …

Digital Transactions