WePay's Risk Engine Gets Open Development Tools

WePay is adding application programming interface (API) capabilities to its risk management product, Veda, in an effort to streamline the way WePay's clients enroll new customers and handle transactions.

"Traditional payment processing pipes give you very little information, so processors have to ask for so much up front," says John Canfield, vice president of risk at WePay. "With [Veda], you can get a lot of information about the merchant, the merchant's payer and the transaction."

With the new feature, called Risk API, Veda users can stitch together various data sources such as behavior patterns, custom data from platforms, data from WePay’s own transactional graph, and social data from sources such as Facebook, LinkedIn, Twitter and Yelp to produce a risk score for every customer.

WePay, which initially focused on enabling group payments, recently shifted its focus to serving third-party developers. Its target market includes fundraisers, crowdfunding sites and merchant marketplaces that provide e-commerce services for entrepreneurs and charitable organizations.

Veda will provide the transaction information and other data that its partners gather through an API. "This API allows us to review and digest that information, so we don't have to require as much information from the user," Canfield says. "The primary benefit here is making things faster for the end users."

Veda also uses pattern recognition and cross referencing to analyze first name, last name, name of business, email address and phone number.

WePay originally used Veda to vet its own prospective clients by leveraging Facebook Connect and social media data from other sites such as Twitter and Yelp. A legitimate business would have a strong online presence, but a fraudster establishing a fake merchant identity would not, WePay says.

"We're now taking Veda further beyond these social tools," Canfield says, adding the payment fee will remain the same. WePay charges a standard 2.9% plus $0.30 for each transaction, Canfield says.

InvoiceASAP, which processes more than 125,000 invoices per month for its merchant clients, will pilot the Veda API. The information from its payments traffic, combined with Veda's API, will enable merchants to accept payments via a single click, says Paul Hoeper, CEO of InvoiceASAP.

"We can turn on our users' payment account instantly, and as we pass this data via the Veda API, the result is our users can get their money faster," Hoeper says.

Other companies that make use of cloud-delivered technology to prevent e-commerce fraud, include ThreatMetrix and 41^st Parameter, who have built robust databases to analyze the behavior of entities access sites, says Julie Conroy, a senior analyst at Aite Group. Another example is Signifyd, which establishes a social graph to assess risk.

"The ability to incorporate large merchant-supplied datasets is very interesting," Conroy says. "While I'd imagine that there are some privacy hurdles to overcome, the addition of the right kind of data, particularly SKU (stock-keeping-unit) level data, would be valuable in assessing transaction risk."