The user interface, the portal, is very helpful in describing what attributes of concern are associated with the device. 

They created a related events report for us. What that does is it helps us quickly identify any time the same device is associated with three or more transactions that are seemingly not related. If it's the same household, we wouldn't be interested in that, however, if it's coming from different addresses, etc., that's where we become concerned. 

Those are the two most helpful features that we find.

The profiling of it that can show me many of the details of the client. 

The speed is very good. 

The way they set up rules from their experience, like collecting the rules from other banks and other enterprises, is very helpful. They can give us better rules and better solutions.

The interface is good. I haven't worked with the behavioral biometrics part yet and will need to explore it. 

It can scale. 

The solution is stable. 

The solution's most valuable feature is its capability to thoroughly investigate a device and see all the sessions and login attempts. It creates a nice visualization displaying the device's location and activity. It also integrates quite well with other applications. It helps us track one application through another.

The most valuable feature for us is the fact that basically, we don't use paid metrics. We'd only use them for extensibility. We basically use it for device profiling and we just want to see if the device installed is correct or not. And if it is not correct, we don't allow them in there. We don't allow any kind of a standing order directive at any time.

The integration is fairly simple.

The solution has been stable over the two years we've used it.

There doesn't seem to be any issues with scalability.

Technical support was very helpful throughout the deployment process.

There is excellent documentation available.

They are very proactive in enhancing their product on a regular basis.

The most valuable thing is about the IP. They have a database of malicious IP addresses against which they check. They have a huge database for routed devices and the devices that have been used in the past to commit fraud. They have extensive historical records of all of that information, and that's probably the most valuable thing about ThreatMetrix.  Over the years, they have been collecting and persisting globally across all the banking and financial services. They have been storing all this information. 

It is this stored information that I and my team find valuable; it is not so much their technology. If you are running it on a simulator and trying to maliciously clone and copy IP addresses and stuff like that, they have a bunch of technologies, like routes section and all the other stuff. It is just that they have something that no one else can deal with, that is, massive amounts of big data about the malicious IP addresses, malicious device fingerprinting, the fingerprinting router devices, and the fingerprints. 

You can query against this stored information to find out whether your app is in a good, nice environment. If yes, you get a green light. The last time I checked, there were about 400 or 500 features that they can stack against, which is pretty extensive. They give you a score against all those features for every application that you installed on it. It is pretty good in that sense.

I liked the rules engine, the fact that there were custom rules that were accessible, that we then got an update every month in terms of how it was performing. It meant we could keep updating our rules and tweaking them to suit. Sometimes they gave false positives and sometimes we made them a bit too lax. It was quite easy to use and customize as we went through that journey. The other thing was that we had our own proprietary admin console, so we could easily consume the API and bring the data onto our custom application. It was easy to use and implementation was fairly quick.

The most valuable feature the solution has is that it is able to do a fairly accurate fraud assessment of a credit card transaction.  The rules used in fraud scoring can be based on many transaction attributes such as purchased IP address (country), amount, email address, etc.  Scoring rules can be configured by the merchant. The accuracy in its assessment is the most important thing for such a tool.