2020-10-19T09:33:42Z
it_user434868 - PeerSpot reviewer
Senior Director of Delivery at a tech services company with 51-200 employees
  • 0
  • 16

What needs improvement with ThreatMetrix?

Please share with the community what you think needs improvement with ThreatMetrix.

What are its weaknesses? What would you like to see changed in a future version?

5
PeerSpot user
5 Answers
SB
Lead Android Developer at a financial services firm with 10,001+ employees
Real User
2020-11-22T18:06:21Z
Nov 22, 2020

We are only using one feature. We haven't found the other features to be very good or very powerful. We'd like more tools that could help notify us as to if something is happening. The solution is providing a similar feature, however, it's not powerful enough. It doesn't really capture the threats as we'd like it to. It's like root detection. Anyone can compromise/hide it and ThreatMetrix is not able to report correctly. There should be an entire package that helps protect our users, instead of just one good feature. Currently, we have to use another tool to cover its shortcomings.

Search for a product comparison
BR
Product Owner at a tech services company with 51-200 employees
Real User
Top 10
2020-11-17T01:26:01Z
Nov 17, 2020

As much as I liked the rule engine, I would say that I didn't find it particularly intuitive. Thankfully, we had good engagement managers who walked us through what the fields meant, as it wasn't immediately obvious. There wasn't a clear mapping or description of these fields so that could be improved. We had to create an internal dictionary for distribution to users of the platform. While there were lots of data points, which was a positive, it was also somewhat of a negative. When you have 125 fields, it can be an overload of data that makes it difficult to know which are valid and useful. ThreatMetrix relied on us to understand some of that intelligence, but that's not our expertise. More understanding of which fields would be applicable for our use case, and that kind of collaboration, would have been helpful. You learn it over time anyway, but it creates challenges when setting up. I think the solution has some way to go in terms of its user-friendly nature, and in terms of some of the dashboards and metrics that it provides. In terms of some of the out of the box functionality, it would be good if there were some out of the box rules set up. We worked with the engagement manager to set it up, but having options would have been better.

JB
Senior Manager at Allstate
Real User
2020-11-16T17:44:00Z
Nov 16, 2020

There are no real pain points for us. One limitation is it only maintains six months' worth of data. It would be nice if it went back even further to help us really identify and flush out patterns that go on longer. I wouldn't say it's a pain point, however, it would be a nice feature and a nice enhancement of the tool. It would be great if there could be a streamlining of the case management process. If we identify a device that we're concerned about, what we'd like to do is if that device comes into our network, that we would automatically route it into our case so that we would know immediately that the device of concern has reappeared. Right now, you have to manually do that and it would be good if that could be automated.

TG
Payment Solutions Architect at a computer software company with 11-50 employees
Real User
2020-11-12T14:44:15Z
Nov 12, 2020

I'm not sure if I could answer questions about limitations accurately. Our implementation of it could definitely have used some improvement, however, that was a limitation on our part rather than on the part of the product. The initial setup is a bit difficult. During our implementation, we chose not to do a real-time integration. The integration was more of a batch asynchronous process. That could have been improved to make it more real-time. I'm not aware of any areas in which the product needs to be improved. The solution could be more powerful. It would be useful if they could offer real-time processing. There could be more features similar to what eCertify offers.

DO
Senior Architect at Naakuu Ltd. UK
Real User
2020-10-19T09:33:42Z
Oct 19, 2020

SDK is probably where the biggest issue is. The SDK configuration is a bit lacking. If you are integrating it into your workflow, it is very cumbersome and very difficult to integrate. You have to understand and be an expert in low-level mobile applications to integrate this stuff. Integration should be easy based on what they are providing, but unfortunately, it is not. It is very difficult. My work has been trying to simplify the integration process because integrations bring a lot of value. Most companies don't see their value because it is such a difficult process. For integration, you have to get it right as well, but it is very difficult to get it right because they don't help you in tuning your future parameters. Because of this, it is very difficult to tune your future parameters and your risk score. If you are Uber, your risk score will be very different from a banking client that is pushing funds. These two things need to be improved for me. The rest is pretty good.

Find out what your peers are saying about ThreatMetrix, IBM, iovation and others in Fraud Detection and Prevention. Updated: November 2022.
656,474 professionals have used our research since 2012.
Related Questions
Miriam Tover - PeerSpot reviewer
Service Delivery Manager at PeerSpot (formerly IT Central Station)
Nov 22, 2020
How do you or your organization use this solution? Please share with us so that your peers can learn from your experiences. Thank you!
2 out of 5 answers
DO
Senior Architect at Naakuu Ltd. UK
Oct 19, 2020
I was initially responsible for deploying this solution, and after that, I have done development for three major clients. I initially started using ThreatMetrix in an anti-fraud mobile application for detecting fraud. It was a mobile wallet, and I was responsible for the API in the mobile team, which was responsible for deploying it out in the field. The way ThreatMetrix works is that it has a corresponding mobile SDK and web service in the backend. My team was responsible for deploying it to effectively integrate it into the platform for the client. We started using this solution because the company was given a ransom or DDoS threat. A malicious group targeted the company and said that because they are a huge mobile wallet company, being used a lot for international money transfers, if the company doesn't give a payment, they are going to DDoS the company's service. Effectively, we decided to use ThreatMetrix to understand what our clients were using and which device they were using so that we can block and whitelist IPs which were coming in, and basically, giving us DDoS. That was the first time I was introduced to ThreatMetrix. Since then, I have deployed it in a few places. We have deployed it in a bank as well as in one of the new digital-only or mobile-only banks. It was again deployed for detection to whitelist IPs and manage the devices that were trying to steal your account. In the most recent use case, which was about three years ago, I created an open-source library that effectively allows you to easily integrate ThreatMetrix. I haven't actually maintained this library, but I am in the midst of talking to ThreatMetrix to see if I can revive that project. We initially deployed ThreatMetrix on-premises, but this was before the cloud became available. My last solution was on AWS, but ThreatMetrix is a SAS service. You don't deploy ThreatMetrix, you effectively call the API. They have their own SAS network, so you can call out to ThreatMetrix. They don't really care where you deploy your solution. They don't install anything on your network basically because you're going out and pushing information back to ThreatMetrix, and they are giving the response back to you. All you use is an SDK. You configure the SDK, and the configuration file lives on their server. You make a call out to their server. It gives you back the configuration details, and then from there, you configure the system and talk back to them effectively.
TG
Payment Solutions Architect at a computer software company with 11-50 employees
Nov 12, 2020
The solution is used for fraud assessment of credit card transaction processing in a retail environment. That's the main thrust of it. Basically, it's a fraud assessment tool.
it_user434868 - PeerSpot reviewer
Senior Director of Delivery at a tech services company with 51-200 employees
Oct 27, 2022
Hi, We all know it's really hard to get good pricing and cost information. Please share what you can so you can help your peers.
2 out of 6 answers
DO
Senior Architect at Naakuu Ltd. UK
Oct 19, 2020
I am not aware of the price. I have always come in after it has been negotiated. The clients do get a return on their investment. It mitigated a massive DDoS, and it definitely detects fraudulent activities on banking platforms. They have definitely got their ROI back because there is continued investment in ThreatMetrix over time.
TG
Payment Solutions Architect at a computer software company with 11-50 employees
Nov 12, 2020
The solution is a SaaS offering. My understanding was that the pricing was pretty good.
Download Free Report
Download our free Fraud Detection and Prevention Report and find out what your peers are saying about ThreatMetrix, IBM, iovation, and more! Updated: November 2022.
DOWNLOAD NOW
656,474 professionals have used our research since 2012.