In the wake of the recently discovered data breaches at major merchants like Target Corp., Neiman Marcus Group, and Michaels Stores, much of the talk in the payments industry has focused on whether more advanced card technology, like chip cards, might have mitigated the risk of fraud. But one ambitious company is betting that the more important question is how much can be saved if the fraud can be detected days or weeks earlier.
Feedzai, a 5-year-old European company that launched its anti-fraud service in the U.S. on Wednesday, says its technology can suss out payments fraud 10 days sooner than conventional scoring technology, on average. With breaches, that advantage could make a difference of tens of millions of dollars in potential losses. “Today, money is really stored in bits and bytes of data,” says Loc Nguyen, Feedzai’s chief marketing officer. “Thieves steal the data because that’s where the money is.”
Founded by executives formerly associated with the European Space Agency, Feedzai deals in enormous oceans of information to establish patterns, or profiles, that characterize people and businesses. Its so-called machine-learning routines then continues to take in swarms of data to generate a score for each transaction indicating how far, if at all, it deviates from the profile norm.
Such data can include Facebook posts and Twitter feeds, the geo-location of a mobile phone, and recent purchases online compared to those made in stores. Even apparently irrelevant information can take on huge significance when paired with other facts. “There’s no such thing as junk data,” Nguyen tells Digital Transactions News.
An example, he says, is a person who posts on Facebook that he’s about to board a plane from the U.S. to the U.K. That fact tells Feedzai’s machines not to expect any transactions on his cards for at least nine hours, unless they have to do with drinks or meals. Or a person who buys a flat-screen TV in an electronics store and then buys a Blu-Ray player hours later online is probably a better risk than someone who follows up the in-store purchase with another flat-screen transaction online.
Now headquartered in San Mateo, Calif., Feedzai is talking to all four major card networks, along with the top 20 acquiring and issuing banks. Its potential clients also include retailers. “We go where the data are,” Nguyen says. It delivers scores ranging from zero to 1,000 on each transaction in the time it takes for Google to serve up online search results, he says, along with a so-called white box summary indicating the risk. “We’re keeping a profile on you, not on a segment [of people] that looks like you,” he adds.
Pricing is under a penny per transaction and varies with volume. Current clients include Coca-Cola and Vodafone.
From Feedzai’s point of view, the recent breaches, especially the one at Target, which exposed card and other personal information on some 110 million customers, have helped put the startup’s machine-learning, Big Data technology on banks’ and retailers’ radar screens just as it was preparing its U.S. launch. “We couldn’t have had better timing had we engineered the breaches ourselves,” says Nguyen.
Observers credit Feedzai with innovative technology but caution the U.S. transaction market is far larger and more complex than any the company has dealt with up to now. “It all sounds well and good, but show me the money,” says Alphonse R. Pascual, a senior analyst at Pleasanton, Calif.-based Javelin Strategy & Research who follows risk and fraud technology. “I can appreciate machine learning. It has a lot of value, and is far more efficient. But it needs to prove itself [in the U.S.]. This is the Big Leagues.”
Pascual also cautions that the criminals behind the breaches are likely for now to sit on their ill-gotten troves of card data, knowing that processors and law-enforcement agencies around the world are on the alert for those cards to show up. For cards with distant expiration dates, “there’s plenty of time for this to play out,” he notes. “[The criminals] can benefit from a bit of patience.”
But Feedzai says its machines will be waiting for the bad guys, even if they bide their time. “We keep three years of data,” says Nguyen. “We don’t forget. We’re always on, always there.’