Sign up for The Paypers newsletter Follow The Paypers on LinkedIn Follow The Paypers on Twitter Follow The Paypers on Facebook Follow The Paypers on Google +
The Paypers, paypers, Insight in payments, News, Reports, Events

MRC, Las Vegas 2012 - Ori Eisen, 41st Parameter: "We can dramatically decrease the threat of card-not-present fraud"

Friday 1 June 2012 | 01:18 PM CET

At the 2012 MRC Annual e-Commerce Payments and Risk Conference in Las Vegas, attendees chose the METAward winners from 3 finalists in the Start-up and Established company categories who presented their innovations live on stage. Finalists in the Start-up category included Curaxian, XYverify and Semafone. The Established company category finalists included iovation, ThreatMetrix and 41st Parameter. After delivering impressive presentations on stage, Semafone and 41st Parameter captured the most votes from the conference attendees.The Paypers sat down with Ori Eisen for a post-conference interview to gain some insights into the company’s vision of the industry, services and strategy.Ori Eisen, Founder, Chairman and Chief Innovation Officer at 41st Parameter has spent the last fifteen years in the information technology industry, and is respected for his business knowledge and leadership. His background includes an in-depth application of innovative solutions for preventing business to consumer e-commerce fraud.Prior to launching 41st Parameter, Mr. Eisen served as the Worldwide Fraud Director for American Express focusing on Internet, MOTO and counterfeit fraud. During his tenure with American Express, Mr. Eisen championed the project to enhance the American Express authorization request to include Internet specific parameters. Mr. Eisen is a founding member of the Merchant Risk Council and is currently serving on the Americas Advisory Board.

What is your company’s value proposition?
Ori Eisen:
People depend on a variety of internet-connected devices for everything from banking to booking travel to shopping. This makes preventing online fraud and creating relevant customer experiences constant and complex business challenges. 41st Parameter is the global leader in device recognition and intelligence and we’ve combined our patented technologies with years of expertise to identify devices without cookies, without compromising privacy and without impacting performance.

Our FraudNet platform protects businesses from fraud before it happens. AdTruth, our digital media division, gives marketers a new and better way to recognize and reach their most valuable audiences across all types of devices. Both of these products are totally privacy compliant and help keep the Internet more secure and relevant for everyone.

This year, your company has won the METAward at the MRC annual conference in Las Vegas. Could you elaborate a bit on the degree of innovation your product delivers?
Ori Eisen:
It was such an honor to have SafeSession receive the 2012 METAward. Being recognized by so many industry experts was incredibly satisfying. SafeSession is unique in the innovative approach it provides to preventing the latest and most threatening types of fraud attacks including Session Hijacking, Man-in-the-Browser and Man-in-the-Middle attacks. Because these attacks provide the attacker with authorized access to an account or other protected resources, it is critical that merchants, banks and other enterprises have the ability to detect and defend against these fraud schemes.

SafeSession is the only technology available that allows businesses to detect when a session is being used by more than one device concurrently. 41st Parameter was the first company to anticipate and “set the trap” for MITM attacks, the first to detect such an attack in the wild and the first to prevent the potential fraud loss it carries. The technology we’ve created for SafeSession is unique and has been recognized as such with a number of patents. We’ll continue to innovate as new threats arise.

How does your technology contribute to the commercial and operational success of merchants?
Ori Eisen:
As fraud attacks become more complex, it’s crucial that merchants establish sophisticated defenses in order to prevent fraudulent orders from being processed. By detecting hijacked sessions and preventing the fraudulent orders from being placed, merchants are able to improve their top-line revenue while increasing the lifetime value of their customers by keeping them protected.

SafeSession is just one of the many technologies that make up of our FraudNet fraud prevention suite. Unlike other fraud detection solutions, our technology allows merchants to permit legitimate transactions to continue even if a device has been compromised. This means customers – who are clearly unaware that their device may be compromised - can safely continue their interactions with a bank or vendor while being protected from any fraudulent transactions.

How can an e-commerce shop detect fraudulent payments for domestic and international orders?
Ori Eisen:
In order to prevent fraudulent payments, it’s critical to have as much visibility into as many aspects of a transaction as possible. By looking at the various parameters of the device placing the order and comparing it against the user-entered information (payment details, shipping and billing information, etc.) 41st can dramatically decrease the threat of card-not-present fraud. It is also critical to not rely on any single device parameter as “fool proof” such as cookies, tags, IP address, etc. It’s important to remember that anything someone can easily remove from the device can just as easily be replicated or spoofed by fraudsters. It is also important not to automatically reject an order simple because of the suspicion of fraud. Businesses can’t afford to turn away valid business simply based on suspicion. Auto rejection costs companies a great deal in lost revenue and customer insult rates. It’s just too heavy-handed an approach.

Whatever solution merchants use to help detect and prevent fraud, it needs to meet the following criteria:

  • Approve legitimate orders quickly
  • Identify fraudulent transactions quickly
  • Never auto-reject orders to avoid false positives
  • Reduce chargebacks
  • Minimize human review rates
  • Decrease fulfillment losses by stopping fraudulent orders before shipment
  • Protect valid customers' shopping experience

In your opinion, who should be most liable for personal internet security: customers, ISP providers or hardware and software vendors? What can federal authorities do to slow down security threats?
Ori Eisen:
As decided by US Supreme Court in Lopez vs. Bank of America, banks are liable for their customers’ losses in fraud attacks. Because online fraud is a multi-billion dollar problem, it was only a matter of time before the Internet, as it currently exists, came to carry a level of risk that could become unprofitable for businesses. It is difficult to say who should carry the burden of the losses but at the end of the day, the money is lost and all parties - except for the criminals - experience the pain. Because the Internet is available to any citizen of any nation, there is no true “Internet jurisdiction.” Authorities have little to no power to prosecute for Internet crimes. Additionally, most countries’ laws have not kept up with the times to reflect specific verbiage needed to prosecute many online crimes. These crimes continue to flourish because the criminals face little risk of being caught or prosecuted. Cybercrimes need to be recognized by authorities in all countries whose citizens have access to the Internet. Cybercriminals needs to be prosecuted if there is any hope to slow down these security threats. Further, governments need to be more agile in adjusting laws as new crime threats are detected – otherwise criminals’ innovation will always outpace the evolution of the market’s defenses.

Your technology makes a positive impact in the industry because …
Ori Eisen:
SafeSession has been making a positive impact in the industry because it provides businesses with an additional line of defense against some of the most elusive fraud schemes.

Businesses are quickly alerted when an attack is being attempted so losses can be prevented. Also, when coupled with our other technologies such as link analysis tools, fraud investigators can use the information to find any other orders or transactions with the same customer information, device information, etc. and stop them all. We’ve been working hard to stay a step ahead of the bad guys and that effort has paid off in the ability for our clients to conduct business online more safely and securely.

This interview was published in one of the special editions of our premium newsletter Online Paypers, focused on online fraud. You can take out a free trial here.