Broadcom Payment Security Reviews

The valuable element is the data that I have. They have a lot of machine fingerprint data and that's data that we miss on non-3D Secure card not present transactions. We see a high value in that. With all the fraud rules that we built, we have a very good false positive ratio because of the big data that CA has.

We are using CA Transaction Manager for authentication and have CA's Risk Analytics for rules and case management. As an authentication method, we currently have static password + OTP via SMS (2-factor) and softOTP in our App. SoftOTP is an OTP generator within our own banking app delivered by CA. Soon we are going to migrate from SoftOTP to a new sdk that includes biometrics, also delivered by CA.

I work under fraud analytics. So I use this product to extract cases from there and then send it to Ops to review and analyze. Then mark it as either fraud or genuine. And if we get bad IPs from there, I add it up to our negative IP list. So it's pretty useful operation wise, and also in terms of some inquiries from us, if a customer is disputing they didn't receive an OTP password on their online transaction, and then they're disputing that it's not theirs, and it's unauthorized, but it was a successful transaction,

I use this product to see the customer's previous IP addresses. If they used it genuinely before then we ask them again, that this IP address or this device was used genuinely on these so and so days. And how come they say it's unauthorized. Maybe check if it's your son who used your phone or so forth.

In other scenarios we would require if you are saying someone has ported your phone to get the OTP from your phone, please get a certificate from your network, something like that.

It's pretty useful for our daily online pretty secure needs. So I don't know yet, I don't know yet. I'm still new as an analyst, but if I had wish it would be this one, this authentication for fingerprint and face would be promising.

That will solve my problems with a customer saying they didn't authorize, they didn't sent that OTP, when in fact we saw that it's a successful one, and how can you prove that it wasn't you? Yeah. Will solve that problem.

In terms of the fraud that we see on the card site, card not present fraud, the person gives contribution to what the total fraud has increased substantially.

Therefore, having a robust solution to manage your 3D security rules authentication strategies is very important. And that's, again, balancing customer experience with fraud, so that's where all this becomes important.

I definitely brought over a lot of my learnings from a previous company. I was already familiar with the interface over there on rules, etc. We were doing the space for authentication over there. So that's something, which I tried to influence once I started working here. Based on my knowledge, I've been able to get and write better rules over here and try to drag down challenge rates.

For us, it enables the bank or the issuer to offer their customers protection on their online transactions. It also gives some sense of security to the merchants, and it enables us to confidently accept that liability that comes over when both teams are playing. So when your issuer and your merchant are participating, it gives us a significant amount of control over accepting that risk.

Hopefully with 2.0, we are going to see improvements. I think improvements for us, it's making it simple enough that anybody can understand how it works. But then, that's having the ability to give us access to that really deep information. Again, in an easy manner. I think at the moment, getting into that rich data is quite an effort. I think if, moving forward once 2.0 comes in, there's going to be a real benefit in being able to communicate that complex data quickly and readily.

The process will look after itself. I think that that's there already but it's the insights that come from that. At the moment, they are quite complex and quite difficult to access. Possibly just from getting access to the information, but how it's represented, and how it's interpreted by the people that aren't eating and breathing fraud every day.

I think for us, the value that we get out of CA is their effective scheme diagnostics. It can be utilized by any scheme issue for us. Then, the fact that it's quite similar in a sense that there's not really a lot of onus on us to manage the service itself.

CA does a great job of being able to manage it in and of themselves. They then come to us with issues if there are any other suggestions where they feel as though we could improve.

This solution can improve around the challenge rates and the failures. I don't know if that's necessarily incumbent on CA to solve that problem. I think it's more of an industry problem, so it's not necessarily the solution itself that needs to be improved. It's probably more around us as an industry focusing on education, the data integrity, and a few other aspects.

The service works as described, the Admin console is very good along with customer service, and the management support, which is excellent.

Our organization is able to see fraud transactions and the subsequent realized losses.

All of the features are valuable in my day-to-day work.

It has added another layer of security in which it reflects customers' confidence in dealing with our organization.

I think the performance from my organization's perspective is excellent in terms of minimizing the friction on genuine transactions with genuine customer, whilst optimizing the bad transactions, the fraudulent transactions that it stops. It achieves a tremendous balance.

Customers want to be able to use their cards online in a manner which is fast but secure and minimizes friction, so the solution that we have from CA means we can achieve that objective.