What is most valuable?
The valuable features are:
- A robust DeviceID technology.
- Real time rule writing.
- A high level of versatility in rule variables that allows for a greater degree of customization and optimization.
- Strong model performance that allows you to focus on prevention rather than detection.
How has it helped my organization?
This product has improved our organization as follows:
- Helped reduce 3-D Secure losses to one of the lowest in the industry while having minimal customer impact.
- Enabled us to cut the 3DS losses in half, while declining 33 basis points of transactions. Twelve basis points of the 33 was fraud, i.e., a false positive rating of 1.8 to one.
- Developed new operational processes on the back of additional intelligence provided by the system. This helped reduce account takeover.
What needs improvement?
All 3DS systems assess the risks of all transactions, including closed cards. This drives additional workload for operations. Having said that, CA’s partnership with several authorization providers, such as TSYS, will help us to eradicate this issue.
These 3DS secure systems act independently from a bank’s man authorisation system ( Falcon, TSYS, SAS Raptor etc), and as a result they end up in position where they end up attempting to authenticate transactions that are closed card as they have no visibility of these type of statuses.
This essentially means that these fraud system generate alerts on closed card , wasting operational resource. This is the same for all systems in this space inc RSA.
Having said that there have been recent developments in this space that have allowed authorisation platform to work together with the 3DS system via an API. Meaning that the 3DS system can pass the data to the Authorisation system who in turn will make the decision, instead of the decision being made via a 3DS platform. One example of this is the TSYS/CA relationship.
For how long have I used the solution?
I have used this solution for six years across multiple organizations.
What do I think about the stability of the solution?
In the first two years, there were several issues with stability. In particular, there were card numbers that were not always visible. However, these issues disappeared around 2014 when CA decided to get more resources to assist them with system management.
What do I think about the scalability of the solution?
There were no issues with scalability. The first bank group I worked with started with 8 million cards being covered. This was expanded to 16 million with no detrimental issues.
How is customer service and technical support?
Of the third-party providers that I have worked with, the technical support of this solution is up there with the very best. They are easily approachable. There is no risk of your issue getting lost in an operation center. The relationship managers are very hands-on. As a result, it feels like they are on the journey with you.
Which solutions did we use previously?
We used RSA as an alternative solution.
How was the initial setup?
The setup itself was fairly easy, with plenty of support from the project team in regards to testing. The main challenge was internal, where operation sites required training and were hesitant in changing their way of working. CA offered project management resources in the event that the bank needed support to train their staff.
What's my experience with pricing, setup cost, and licensing?
The price is very competitive. If you deal directly with CA, they are considerably cheaper than the competitors. This may vary in cases where they partner with an authorization platform such as TSYS or FICO. In these scenarios, you may notice a premium hike on your setup and monthly running costs.
Which other solutions did I evaluate?
We reviewed RSA Adaptive Authentication for eCommerce.
What other advice do I have?
Have a dedicated project manager who will be responsible for direct dialogue with the CA project manager. Ensure that all stakeholders go to that single point of contact to avoid any potential slowdowns.
Make sure that all CA Risk Analytics data is pushed into your data warehouse daily. The out-of-box tool kit is good for providing a high-level view. However, you cannot carry out in-depth analysis. To do this, the data must be pushed to your data warehouse where you can run analytical tools such as SAS to identify patterns and recommend new rules.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Jan 19 2017