Is the industry ready for an open approach to sharing online fraud data?
Two players in the competitive field of online security systems and databases - Entrust Inc. and VeriSign Inc. - say the industry is indeed ready and have joined forces to make something happen.
The two vendors have taken a step toward providing institutions the ability to purchase online fraud data from multiple vendors while maintaining a single platform to view and analyze it.
Entrust, a provider of fraud detection software, and VeriSign, a provider of fraud data through its network, say they are addressing a problem common to all users of anti-fraud software: Anti-fraud systems are only as good as the data they are fed. The more complete the data, the better such systems function. Currently, the vendors say, if an institution wants to analyze more data, it must buy multiple systems and run them separately.
In response to this problem, the two vendors have co-written an open specification that facilitates fraud-data sharing, and have tailored their offerings to the standard.
Now the two are trying to get competitors to write interfaces adhering to the specification. But they confront some obstacles. RSA Security Inc. - a leading anti-fraud vendor, with customers such as Bank of America Corp., Washington Mutual Inc., and ING Bank FSB - says it has no interest in participating.
When contacted by American Banker, Amir Orad, the vice president of marketing for RSA's consumer solutions division, said, "Just collecting the data and putting it in the network is not enough." RSA, a unit of EMC Corp. of Hopkinton, Mass., also validates the data and weighs the relevance of each bit of information according to its origin.
"The last thing you want to do is contaminate the network with the wrong information," Mr. Orad said.
But Entrust, of Addison, Tex., and VeriSign, of Mountain View, Calif., disagree.
Nico Popp, the vice president of authentication services for VeriSign, said, "The more you see, the more you know."
Peter Relan, Entrust's chief strategist, said that for banks, "fraud intelligence is siloed," because vendors have previously been too competitive to share their online fraud data. "However, criminals are collaborating and organized."
VeriSign's database already benefits by including fraud data from PayPal Inc., which has more active online accounts than any bank, and according to Gartner Inc., is also by far the biggest target of online fraud attempts.
But Mr. Popp said VeriSign's system can be improved by combining its data with data that has been unreachable because it has been locked away in a rival's database. "The big idea is the need to collaborate," he said.
A draft of the vendors' new specification was published last week on the Web site of the Internet Engineering Task Force, a standards organization.
Mr. Relan and Mr. Popp said they are optimistic that RSA will want to connect its network with VeriSign's, though they have not approached RSA with the idea.
RSA's Mr. Orad, who questioned the value of sharing anti-fraud information, said RSA agrees that collaboration is important.
The company works with other industry standards through its participation in the Financial Services Technology Consortium and BITS, the technology arm of the Financial Services Roundtable, but it is not interested in working with other vendors' technology, he said. "Right now we don't see any business need or technical need or customer demand to do that," he said.
However, Mr. Orad said he does encourage banks to use more than one fraud detection application. Banks can use more than one product as "separate layers of defense, and that's typically what you see," he said. "Those products will not cooperate, but they will not collide either."
Avivah Litan, a vice president and research director at the Stamford, Conn., market research company Gartner Inc., said that sharing data among anti-fraud networks is "a really good idea."
"If you share information with your colleagues, you'll catch 20% more fraud," Ms. Litan estimated. "It's just more effective if everyone's sharing information."
However, she also noted that RSA's network has become one of the biggest in the industry, which is probably one of the motivating factors for VeriSign's calls for collaboration.
"Anytime there's a vendor that's winning in the market, the other competitive vendors tend to get together and say, 'Let's come up with an open standard,' " she said.
Banks are not all that concerned with the number of financial companies that participate in a particular vendor's fraud detection network, Ms. Litan said; their main concern is whether the data is being put to good use. "The banks that I have talked to just look at the results," she said.
