ThreatMetrix : Integrated & Open Digital Identity Solutions

Threatmetrix security

About ThreatMetrix

ThreatMetrix leverages the power of global shared intelligence with the largest digital identity network that combines device, identity, behavior, and threat analytics with powerful forensic, decisioning, and case management tools to capture millions of daily consumer interactions, including logins, payments and new account originations.

This integrated digital and open digital identity solution captures all fraudulent activities in detail has them available via a Dashboard with embedded case management for easy to evaluation and mitigation botnet attacks and other activities as they happen.

Multi-channel, Cross-Application Visibility and Sophisticated Analytics to Protect Against Fraud

ThreatMetrix enables visibility into user activities across all digital devices and interactions. The Digital Identity Network provides historic context for real-time detection of account misuse.

Real-Time Protection against Online Fraud and Threats

ThreatMetrix offers the benefits of predictive analytics to protect businesses and reduce customer friction. Cross device and channel solutions are built on a common backend that leverages global shared intelligence across millions of daily transactions processed by the ThreatMetrix Digital Identity Network.

Compliance Assurance with Regulations across Industries and Countries

ThreatMetrix assesses digital identities by using global shared intelligence to detect illegitimate use of personal device and personal information. Our solutions include location detection, sophisticated device identification, malware detection, and crimeware tool detection, which can help meet industry-specific compliance and regulations.

Identity Analytics

ThreatMetrix Identity Verification Solution builds a comprehensive online persona of each user attempting an online transaction by combining online identities and device fingerprints. User personas within the ThreatMetrix Digital Identity Network are used to identify anomalies and malware-based attacks.

Accurate Enterprise Authentication Based on Anonymized and Trusted Identities

ThreatMetrix creates an anonymized identity of each consumer attempting an online transaction by analyzing every aspect of their digital identity – including email addresses, geo-locations, devices and both personal and business personas. It accurately authenticates users in real time – without compromising user privacy.

Why ThreatMetrix?

ThreatMetrix provides the only truly integrated cyber crime technology protection across Web, mobile and endpoints. This cybercrime and fraud prevention solution profiles user devices to identity anomalies, tampering, malware and associations with actual users.

Leverage a New Type of Cloud-Based Defense against Fraud, Malware and Data Breaches

ThreatMetrix Web works transparently to the user, protecting online transactions from a wide range of potential threats, including malware and Man-in-the-Browser (MitB) attacks. It helps businesses detect and prevent fraud from compromised devices or accounts.

This web solution applies clientless technology to evaluate logins, payments, new account creations and other interactions with your site to stop fraud and reduce friction. It examines how a device interacts with a page to automatically determine the presence of bots, scripted, and other automated attacks. Its unique combination of web fingerprinting and device identification technologies reduces risk exposure from fraud while securing customer data.

ThreatMetrix Web leverages all features in the ThreatMetrix Digital Identity Network to detect anomalies and potential threats between device and website in the following four key ways.

  • Honeypot Technology
  • Webpage Fingerprinting
  • Device Identification
  • Location identification

Simplify Protection for Sophisticated Mobile Platforms

Threatmetrix Mobile is a lightweight software development kit (SDK) for Google Android and Apple iOS mobile devices. It comes with embeddable library with jailbreak applies root detection technologies to provide context and depth that is simply not available with other solutions. 

This mobile data security solution enables legitimate mobile users to connect easily and securely to mobile channel while identifying fraudsters and devices with the potential security risks.  It verifies the integrity of the application to ensure it has not been modified or infected. It also analyzes all other apps installed on the device, and reports their reputation and the presence of any malicious code.

ThreatMetrix Mobile integrates with all features in the ThreatMetrix Digital Identity Network to uniquely identify and protect each connecting mobile device in the following six key ways.

  • Location Services
  • Device Identification
  • Malware Detection
  • Anomaly & Device Spoofing Detection
  • Jailbreak & Root Detection
  • Application Integrity Evaluation

Mitigate Against End User Computers that Compromise Authenticated Sessions to Steal Data, Identities or Money

ThreatMetrix Endpoint is a small, lightweight software solution designed to secure the weakest link in security. It can be installed on end users’ computers to validate and protect session with your business, and help find and eliminate any security issues.

This small client component will automatically perform a compliance check of users’ systems when they attempt to authenticate and transact with online resource such as your banking Website, corporate VPN or other remote access solutions. It identifies hidden malware and unknown threats, verifies legitimate websites, and validates computer security health status to ensure connecting devices meet a minimum security baseline.

Subsequently, it will mitigate the risk on computers that compromise authenticated sessions to steal data, identities, or money.
ThreatMetrix Endpoint provide protection in the following two ways.

  • Secure Browsing
  • Compliance Check

Who Does ThreatMetrix Protect?

ThreatMetrix solutions are successfully deployed in over 600 customers in various industries, including but not limited to e-commerce, banking and brokerage, payment and lending, insurance, workforce authentication, government, healthcare, media, and gaming.


Merchants often find themselves in a tough balancing act with fraud controls. Consumers are likely to buy from the competitors when fraud controls are set too strictly. Whereas, credit card chargebacks become an issue when fraud controls are set too loosely. The problem is further exacerbated with the shift to mobile orders where consumers are even less patient.

ThreatMetrix offers real-time, behavioral analytics-based fraud detection and prevention that addresses these challenges for e-commerce, digital commerce and mobile commerce merchants to maximize profit while minimizing fraud-related losses.

  • Increase customer loyalty and sales by delivering accelerated checkout for trusted customers across mobile and Web 
  • Automate fraud screening and malware detection to minimize card not present payment fraud, user account takeover and use of stolen credentials to create new identities and accounts
  • Reduce costs of credit card fraud chargebacks and fees
  • Prevent use of stolen credentials to create new identities and accounts
  • Detect compromised accounts across multiple channels, Web and mobile, by understanding customer login attempts from suspicious devices and locations

Banking and Brokerage

Financial institutions face conflicting requirements when balancing customer convenience against cybercrime prevention. Traditional multi-factor authentication adds friction to the customer experience, while device-centric anti-fraud solutions lack behavioral context about returning customers and fraudsters.

ThreatMetrix addresses these challenges with a frictionless, behavior-based solution that overcomes and augments multi-factor authentication and mere device fingerprinting. With Digital Identity Network, ThreatMetrix combines world-class device identification with identity analytics and behavioral intelligence to build complete online personas for every registration, login and payment transaction.

  • Adopt a layered approach by using device identification, identity analytics and behavioral intelligence to build complete online personas for every consumer interaction
  • Fight online crime and lower operational costs without impacting the experience for trusted users
  • Increase customer satisfaction by accelerating customer logins
  • Reduce usage and costs of multi-factor and out-of-band authentication
  • Decrease fraudulent transactions
  • Reduce operational costs of manual reviews
  • Increase cybercrime detection efficacy
  • Demonstrate FFIEC compliance

Payments and Lending

Fast and easy online loans and payments attract not only borrowers and consumers, but also cybercriminals. With cybercriminals increasingly leveraging stolen identities to appear legitimate, lenders and alternative payment providers are often left with the risk of approving fraudulent loans and payments. This problem is further exacerbated by the short transaction cycle that borrowers and consumers expect.

ThreatMetrix offers real-time, behavior-based fraud protection that alleviates these lending and payment challenges by filtering out fraud at the front door before it enters your review process.

  • Use real-time defenses to accelerate genuine loans and payments
  • Increase legitimate loan acceptance rates
  • Reduce operational costs of verifying fraudulent loan applications
  • Decrease risk exposure to illegitimate loans and payments


Crowd funding heralds a new platform for money lending and investment. The complex interplay between donors and fundraisers and the way the crowd funding platform enables the exchange of money and rewards does, however, provide cybercriminals fertile ground for schemes using stolen identities, malware, and other crimeware tools.

ThreatMetrix checks for malware and validates the end user’s digital identity against our global Digital Identity Network of known and fraudulent transactions. This all happens in milliseconds and is transparent to users at login. Our analytics platform also delivers real time insights to thwart cybercrime and enable crowdfunding organizations to deliver a safe, secure and efficient platform for lending and investment.

  • Prevent cybercriminals setting up fake ventures or campaigns on existing crowdfunding sites
  • Protect existing accounts from fraudulent takeover
  • Reduce payment fraud using stolen credentials
  • Safeguard customer experience by reducing friction associated with account set-up and transaction processing


Insurance carriers leverage online applications and business processes to deliver services to their customers and expand their reach using brokers and field agents.  However, these carriers are under constant attacks from fraudsters looking to access personal information they house or to use stolen credentials to access their customers’ accounts.

ThreatMetrix ensures that insurance brokers and field agents, who may not be employed by the insurance company and may be using their own laptops and mobile devices, are accessing critical information securely. With ThreatMetrix, insurance carriers can secure user accounts and ensure that they are neither compromised nor a source of data theft.

  • Streamline business processes, bring more brokers/agents online and meet regulatory compliance
  • Protect brokers, field agents and brand by keeping customers’ personal data secure
  • Flag suspicious accounts that may be illegitimately used to retrieve customer information
  • Safely enable your independent network of brokers and agents to deliver increased business efficiency and sales
  • Deliver enhanced experience for trusted consumers
  • Detect attacks from malware, bots, compromised devices and masked machines


Government-related data breaches and tax frauds are known to be costly and publicly humiliating. Government agencies need protection against sophisticated cyber security-attacks that involve compromising user accounts, which can lead to stealing of critical data or exploiting tax refund processes. ThreatMetrix ensures users are who they claim to be by detecting government accounts that may be compromised.

  • Ensure government data stays secure by adding a layered security system
  • Use a comprehensive end-point solution to defend against account takeover, advanced persistent threats, malware, identity theft and data breaches
  • Protect sensitive and classified records from unauthorized access
  • Reduce income, value-added (VAT), goods and services (GST) tax refund fraud
  • Prevent access attempts from outside your jurisdiction or beyond your borders
  • Detect viruses and phishing attempts and flag potentially compromised user accounts


Cybercriminals continue to breach troves of patient medical data, resulting in hefty brand and compliance damages for providers and payers. This trend is expected to worsen with health information exchanges (HIE) potentially increasing the attack surface for cybercriminals.

ThreatMetrix ensures that anyone connecting to online medical portals are who they claim to be. Our security solutions detect accounts that may be compromised and alert security risk analysts before hackers log into online medical portals.

  • Protect online sessions with patients and clinicians alike using integrated device identification and malware detection 
  • Ensure confidential records are secure and accessed only by those who are authorized to do so
  • Flag suspicious accounts that may be illegitimately used to retrieve PHI and medical records
  • Enable physicians to use their own devices while interacting with healthcare applications
  • Protect doctors, nurses and healthcare staff from attacks targeting sensitive PHI and medical records
  • Demonstrate HIPAA and HITECH compliance


Fraudsters and scammers target on-demand streaming providers, social networks, forums and digital content websites with hijacked and fake credentials. Illegitimate content and access not only pose problems for users but also has regulatory, contractual and brand implications.

ThreatMetrix ensures that users are who they claim to be, by detecting accounts that may be compromised or falsely created

  • Lower fraud losses and prevent malicious behavior in the community by leveraging the end users’ digital identities
  • Detect the use of proxies and VPN to ensure users access content in accordance with their location and country-specific regulations
  • Preserve user trust by preventing identity theft, account takeover and other social networking fraud
  • Identify bots used to target social networking sites for financial gain
  • Prevent abusive behavior associated with bad conduct, spam or other malicious behavior in the community


The online gaming player experience is crucial and has a lasting impact on loyalty. Therefore, cheating, collusion, bonus abuse, credit card fraud, fraudulent deposits and money laundering not only degrades the online player experience but also hinders operators from a providing a fair playing environment.

ThreatMetrix ensures that anyone accessing these online games and /services are who they claim to be without adding friction to the user experience.

  • Identify trusted users and high value customers
  • Reduce abandonment and fraud losses
  • Minimize misuse of promotions/offers
  • Improve enforcement of compliance
  • Stop the misuse of promotions
  • Use customers’ digital identities to better enforce compliance and privacy regulations.

How Does ThreatMetrix Benefit the Market?

Promote a Better Customer Experience by Building a Persona for Each User

ThreatMetrix enables the capture, examination, and retention of comprehensive details regarding behavioral attributes required to develop a trusted identity or an online Persona ID. In addition to the discovery of more than 200 device attributes associated with every site visitor, ThreatMetrix incorporates substantial supplementary information, including username/password, email addresses, and bill to/ship to information, as well as up to 25 user attributes.

ThreatMetrix evaluates any incoming logins, payments, transactions, or new account requests against the identity intelligence and Persona IDs in the ThreatMetrix Digital Identity Network real-timely to help distinguish returning good customers and legitimate users from fraudsters.

Gain Clarity and Resolution about when to Trust Combinations of User, Device, and Persona Data

ThreatMetrix indicates the trustworthiness of user, whether it is a customer accessing online services or an employee using company business applications. For example, when a company validates a user ID with a strong out-of-band authentication, a Trust Tag can be applied to the combination of the user ID and device ID.  During subsequent transactions involving that user and device, a positive Trust Tag gives a high degree of confidence to the querying organization, allowing it to bypass additional challenges securely.

Discover Hidden Relationships between Activities

ThreatMetrix does not only examine the device and identity elements being presented, but also looks for connections and associated entities. For example, a family shares a laptop computer and a tablet. The first time the mother picks up the tablet to log into her favorite online store, ThreatMetrix immediately recognizes the same tablet and identity that has been successfully used at other sites, and that someone else from the same household has successfully logged in using the same device in the last month. Instead of seeing the mother as a complete stranger and potentially putting her through additional verification, the online store can choose to present promotional offers—or to simply streamline the checkout experience based on the recognition of a trusted household.

Treat Known Customers with Confidence, Efficiently Deal with Hackers and Fraudsters

ThreatMetrix tracks velocity and frequency on a global, per-site, per-event type, per-device, and per-identity basis. Crucial legitimate and fraudulent insight can derivate from velocity and frequency, or how quickly and often something occurs over a particular period of time. These two attributes form an expected baseline that allows for historical comparisons. When a returning customer’s behavior fits the baseline, he or she can be accelerated into your website without additional verifications. This baseline can also be used to keep cybercriminals away when they match known bad and fraud behaviors.

Know when Trouble is Brewing with a Real-Time Warning System

ThreatMetrix allows the use of custom fields for creating customer-specific user profile building and scoring the anomalies between current and historical attributes. It provides a powerful statistical model that enables you to examine beyond traditional simple combination matching. For example, you can find transactions that exceeded the sales average amount by a certain percentage over a period of time.

Understand the Customers’ Environment and Travel Behavior

ThreatMetrix analyzes the customers’ trusted location, distance from the trusted location and also the distance between events. As a result, businesses can leverage this data to identify any potential anomalies associated with location, event frequency, event timing and distance traveled between events.

Outsmart Sophisticated Bots Attacks by Analyzing Their Behavior and True Location

ThreatMetrix examines how a device interacts with a page to automatically determine the presence of bots, scripted and other automated attacks. Our solution can locate hidden proxies that botnets operate through and find the IP address of the fraudster behind the proxy, including traditional anonymous proxies and ones used by botnets.

Unmask Cybercriminals Hiding behind Proxies and VPN Servers

ThreatMetrix can determine if cybercriminals are trying to mask their true locations to cover up their tracks. With a foundation of intelligent packet and browser packet analysis, the solution allows you to pierce through proxies and uncover the malicious user’s true IP address.

Our unique VPN and TOR detection capability performs deep analysis to incoming TCP/IP connections that reveals connection specific attributes. These attributes help analyze the network connection type from an originating device, such as Ethernet, 3G, WiFi, VPN and others. Our technology also has the ability to distinguish between normal IPs and VPN-based IP addresses.