What is our primary use case?
We have a mobile application for Android and iOS. We just want to know that the application installed on the mobile device is good or not. If some hacker is installing the application or the application is installed on compromised device, we should know this so we can block it.
How has it helped my organization?
We have around 800,000 applications installed on Android and iOS. In the past, We've had fraud issues. After using ThreatMetrix solution, We were able to figure out the compromised devices and doing so helped to find that 1400 devices are compromised. We were able to not allow payment, a standing order, direct debit, or any other kind of payment, and that ultimately protects us and the user.
What is most valuable?
The most valuable feature for us is the fact that basically, we don't use paid metrics. We'd only use them for extensibility. We basically use it for device profiling and we just want to see if the device installed is correct or not. And if it is not correct, we don't allow them in there. We don't allow any kind of a standing order directive at any time.
The integration is fairly simple.
The solution has been stable over the two years we've used it.
There doesn't seem to be any issues with scalability.
Technical support was very helpful throughout the deployment process.
There is excellent documentation available.
They are very proactive in enhancing their product on a regular basis.
What needs improvement?
We are only using one feature. We haven't found the other features to be very good or very powerful.
We'd like more tools that could help notify us as to if something is happening. The solution is providing a similar feature, however, it's not powerful enough. It doesn't really capture the threats as we'd like it to. It's like root detection. Anyone can compromise/hide it and ThreatMetrix is not able to report correctly.
There should be an entire package that helps protect our users, instead of just one good feature. Currently, we have to use another tool to cover its shortcomings.
For how long have I used the solution?
I've been using the solution for about two years so far.
What do I think about the stability of the solution?
The solution is stable. I would say it's really good. It's been two years and only once or twice did we have to change the certificate hash, however, that did not impact anything in terms of the customer. I'd say it's pretty reliable.
What do I think about the scalability of the solution?
We haven't had any issues with scaling. I would say to various levels, we have a huge user base and we have not seen any issue yet. Not even a single issue or a product has been affected by an inability to scale so far.
Typically, we just have developers that actually have access to the solution.
How are customer service and technical support?
Technical support from the very beginning has been excellent. They were invaluable during deployment and continue to be responsive and helpful.
Which solution did I use previously and why did I switch?
We didn't previously use a different solution. We've only ever really used ThreatMetrix.
How was the initial setup?
The implementation is in two parts, for the front end and back end. The front end is straightforward. You just need to add the SDK call for the profiling that's all. In the back end it's a little complex. There are little complexities to an installation in the on-premise deployment version.
We had a back end team and an environment team that assisted with the deployment, along with ThreatMetrix. I'm not sure, in total, how many people ultimately got involved.
The deployment is ongoing. It's been two-plus years and we'll deliver the entire solution in two months.
The implementation strategy was to first have regular developers and a development server. The first thing we have done is to deploy on-premise ThreatMetrix to the deployment server, and, when everything is ready, come to the front end. The front-end is calling to the ThreatMetrix on-premise telematics server and the data, to create a multi-stack. Basically, there are four or five touchpoints.
Post deployment it does not require too much maintenance. However, we have one person who takes care of this product. He's largely checking on the fraud data. He'll watch to see if there is Is anything wrong or if any profile is missing, etc. He's a fraud detection analyst.
What about the implementation team?
We tried on our own at first, however, we could not implement on our own, so we needed ThreatMetrix to help to install and assist with ordering everything for on-premise.
Their support is really good. They create a pretty good relationship with the customer. We have a relationship manager and we have some guys we can definitely call or send an email to. We can ask anything anytime.
What's my experience with pricing, setup cost, and licensing?
I don't handle any aspect of payments or licensing.
Which other solutions did I evaluate?
I joined the company after ThreatMetrix was selected. I'm unsure of if other solutions were looked at or what they might have been.
What other advice do I have?
I'm not sure which version of the solution we are using. It may be some variation of version five.
The solution in terms of implementation is pretty good and it can be a fairly simple deployment. It seems complex at first, however, it's very, very simple and the documentation is fairly good. That said, we thought we would be getting more benefit and only later realized some areas are not as robust as we had thought.
In terms of our requirements for device detection, I'd rate the solution a nine out of ten.
Which deployment model are you using for this solution?