What is our primary use case?
We're using the solution to help us identify scenarios where the same device is appearing to purchase multiple policies from us. There are two scenarios of what that entails. Number one is ghost brokering. The second is identity theft. The scenario would be, I steal your identity, and I come to our website, where I purchase a policy in your name. What doesn't make sense is why would two different people, looking at two different addresses, be using the same device? That's the scenario we're concerned about.
What is most valuable?
The user interface, the portal, is very helpful in describing what attributes of concern are associated with the device.
They created a related events report for us. What that does is it helps us quickly identify any time the same device is associated with three or more transactions that are seemingly not related. If it's the same household, we wouldn't be interested in that, however, if it's coming from different addresses, etc., that's where we become concerned.
Those are the two most helpful features that we find.
What needs improvement?
There are no real pain points for us.
One limitation is it only maintains six months' worth of data. It would be nice if it went back even further to help us really identify and flush out patterns that go on longer. I wouldn't say it's a pain point, however, it would be a nice feature and a nice enhancement of the tool.
It would be great if there could be a streamlining of the case management process. If we identify a device that we're concerned about, what we'd like to do is if that device comes into our network, that we would automatically route it into our case so that we would know immediately that the device of concern has reappeared. Right now, you have to manually do that and it would be good if that could be automated.
For how long have I used the solution?
We installed it in May of 2019.
What do I think about the stability of the solution?
We've never had any problems with either the website being down or any errors regarding the way it interacts with our website. No issues with that at all. I'd say the solution is quite stable.
What do I think about the scalability of the solution?
The solution is scalable. A company shouldn't have any issues expanding it if they need to.
Within our organization, there's probably, I would say, between a dozen or two dozen, users. Some use it for technical purposes, and some use it from the business side.
How are customer service and technical support?
Technical support is great. We have weekly meetings with them and they've been, honestly, outstanding. They've been very responsive. Anytime we have questions or we need clarification or additional information, their technical people have been very responsive, both by email and by phone. If we have meetings, they've made themselves available on short notice. The experience has been outstanding.
How was the initial setup?
The setup isn't complex. We found the initial implementation relatively painless. From a technology standpoint, we didn't encounter any problems. The day we turned it on, it was working and we haven't had any outages or significant issues at all.
The actual deployment took place over a weekend. I'm not a technical person, so I don't know exactly how long it took due to the fact that other people in our company took care of that. However, I know it went in over a weekend and was working by Monday morning.
The implementation took longer, from our standpoint, as we needed to get all the necessary approvals and the testing done to make sure that there was no impact on other parts of the dot com portal itself. That said, the installation, once we got past all of our internal affairs in order, was pretty quick.
In terms of maintenance, from the technical side, there's one main contact person. We use a company to help us. They assist in managing our websites, so it's a partnership between us and a third party. There's one lead person on our technical side and then myself on the business side who are the primary users of the tool.
What's my experience with pricing, setup cost, and licensing?
We're just a customer. We don't have a business relationship with the company.
Due to the fact that contracts are handled by our procurement department, I don't know the exact price.
There are no licensing costs per se. The way they charge is by evaluation. We bought a bundle of evaluations. For example, 100,000 evaluations for a set amount of money. There are professional services that they charge for also, which go toward monitoring the rules that are in place and recommending adjustments and improvements to better isolate high-risk transactions, reducing false positives. There are two components of their charge, it's the evaluation charge that's on a per transaction basis, and then a professional services fee. You could also lump in SSL. There are a few other fees in there, however, they're minimal.
Which other solutions did I evaluate?
We spoke to a couple of different companies. We engaged with our procurement organization and they did a search of the marketplace, however, we only installed ThreatMetrix. We didn't install any other products. We spoke to people, however we didn't install any other products.
What other advice do I have?
We're using the web version. I'm not aware of if they have multiple versions.
I would recommend the solution to others.
I would tell potential users that it's important to provide ongoing feedback to ThreatMetrix as to the outcomes. That will help them further refine the tool. If you don't have a commitment to providing the feedback loop, my guess is it would be less successful. One of the reasons we've had success is that we've been providing information back on the outcomes, which helps them fine-tune the model and improve on it from that perspective.
Overall, I would rate the solution ten out of ten. We've had a very good experience using it.
Which deployment model are you using for this solution?