Kemesa Looks to Banks to Help Sell Its New Online Security Tool

Kemesa LLC entered the war on online fraud on Monday with a product that allows consumers to pay e-commerce merchants using so-called anonymous data that would be useless to cyber thieves. The Aventura, Fla.-based startup says it plans to market the product to consumers through their financial institutions and is very close to signing its first bank deal. “We have a team talking to banks,” Steve Bachenheimer, founder and chief executive of Kemesa, tells Digital Transactions News. The product, called Shop Shield, guards against merchant data breaches by replacing actual customer data like credit card account numbers, card-verification values, passwords, and billing addresses with stand-in data generated by Kemesa. Its downloadable software automatically inserts the synthetic data in online forms. Shop Shield works for online bill pay, as well, and can fill in synthetic user names and passwords on non-transactional sites that require log-ins. Using the network sponsorship of Pittsburgh-based Dollar Bank, 5-year-old Kemesa (a conflation of the phrase “Keeps Me Safe”) generates both reusable and one-time-use virtual Visa cards for use at checkout. It acts as both issuer and acquirer for transactions on these cards, which are linked to actual consumer accounts kept on file at the company's data center. As issuer of the cards, Kemesa earns interchange income on each transaction, but as acquirer it pays interchange when consumers link to their actual cards. As a result, its pricing plan encourages consumers to link to checking accounts to fund transactions. After a 60-day free trial, consumers can continue to use the service for free, but must use a checking account for all transactions. If they want to link to a credit or debit card account, they must opt for a so-called Free Plus plan, by which they pay a $1.99 fee for each card-based transaction. They can avoid the card fee by signing up for a so-called Unlimited membership, which costs $9.99 a month or $99 a year. “Our revenue model is tied to interchange,” says Bachenheimer, a former executive with consumer-product companies, including Procter & Gamble and National Foods. He projects that after about a year around 55% of Shop Shield's users will be on the basic “free” plan. The Shop Shield software, known as the “Companion,” currently has full functionality on the Firefox browser, though the company says a version for the nearly ubiquitous Internet Explorer browser is coming soon. The Companion automatically launches at about 200 sites, a number Bachenheimer says will approach 1,000 by year's end. If the software doesn't launch, it can be prompted by clicking on an icon in the browser tool bar, or the consumer can use the system from the Shop Shield Web site. The company touts the security of its data center, which hackers have apparently already discovered. Up to now, even before Shop Shield's commercial launch, “we've had over 1.6 million attacks we've logged, and out of that we've had zero unauthorized access,” says Bill Niedermeyer, Kemesa's chief technology and security officer. Kemesa has been working on the technology for Shop Shield since 2004, and applied for a patent on it in 2005. Bachenheimer says he got the idea after the daughter of a close friend was arrested and jailed in a case of mistaken identity that, it turned out, resulted from identity theft. “That was the beginning of Shop Shield,” he says. “There had to be a better way.” Some payments experts see the product appealing more to consumers than to merchants. “This will work for some consumers who want security and anonymity, but won't be relished by most online merchants,” says Steve Mott, principal of BetterBuyDesign, a Stamford, Conn.-based consultancy, in an e-mail message. “Most merchants want to know who their customers are, and want to communicate with them.” He also says the company may have to work to earn consumers' trust. “It will be interesting to see if consumers will warm to this value proposition, trusting a [demand-deposit-account] link from the outset with a company (an “issuer”) they don't know,” he notes. The notion of using synthetic card data for online transactions to combat fraud is catching on. Shop Shield emerges weeks after a similar solution from Verient Inc., a San Jose, Calif.-based company whose system lets consumers create any number of so-called pseudo cards that can be linked to actual card accounts (Digital Transactions News, July 9).