The company provides the technology that organizations can embed into their web applications to deliver the device-profiling protection -- at the instant a computer connects to a protected website. HTML tags are placed on the appropriate page(s) of a client's website where they want to manage fraud risk for any transaction, such as account login, new account setups, and card-not-present purchases.
ThreatMetrix profiles the computer and gives it a unique identifier ("fingerprint") built on 150-plus attributes collected from TCP/IP packets, browser, operating systems and more. The query from the client application runs across the web back to ThreatMatrix's hosting site. The example we saw ran very quickly. We were told that the profiling query averages between two and three seconds and that the system as configured today can handle millions of queries at a time.
ThreatMetrix pierces hidden proxies to get the true IP address and geolocation of a device, inspects it for anomalies in configuration and actions, assesses risk by device reputation in a network of known compromised computers, including botnets, and then derives a device-risk score. The rules can be customized to fit the policies of each client to determine the final risk score. There is a nice rule-building tool on the portal to assist clients with this task.
There is also a default rule set for those clients that lack the in-house security skills necessary to build out their own policies. Event logging and email notification is available. Notifications are near real time, and the client can determine for what they want to be notified. The technology does not rely on cookies to determine device characteristics, so it can match a device ID even if different browsers are used.