RSA Adaptive Authentication vs ThreatMetrix comparison

"Risk Engine’s risk score, eFN, GeoIP, and device binding all coming together in the Policy Rules to decide when to escalate to MFA."

"Our customer are seeing value from the product, as they experience cost reductions. They can stop fraud from their customers, then their customers can have a better experience from their services."

"The most valuable feature is the stock tokens. That works the best for us."

"The capability to manage your business policy related to security when required without vendor involvement."

"Ingestion of logs and raising alert space on those logs are the most valuable features."

"There is excellent documentation available."

"The most valuable feature the solution has is that it is able to do a fairly accurate fraud assessment of a credit card transaction based on a variety of parameters configured by the merchant."

"The solution is stable."

"Accessible custom rules with a monthly update on performance."

"The user interface, the portal, is very helpful in describing what attributes of concern are associated with the device."

"The solution can be easily integrated with applications."

"The most valuable thing is about the IP. They have a database of malicious IP addresses against which they check. They have a huge database for routed devices and the devices that have been used in the past to commit fraud. They have extensive historical records of all of that information, and that's probably the most valuable thing about ThreatMetrix. Over the years, they have been collecting and persisting globally across all the banking and financial services. They have been storing all this information. It is this stored information that I and my team find valuable; it is not so much their technology. If you are running it on a simulator and trying to maliciously clone and copy IP addresses and stuff like that, they have a bunch of technologies, like routes section and all the other stuff. It is just that they have something that no one else can deal with, that is, massive amounts of big data about the malicious IP addresses, malicious device fingerprinting, the fingerprinting router devices, and the fingerprints. You can query against this stored information to find out whether your app is in a good, nice environment. If yes, you get a green light. The last time I checked, there were about 400 or 500 features that they can stack against, which is pretty extensive. They give you a score against all those features for every application that you installed on it. It is pretty good in that sense."

"It is a stable solution."

"The product is basically unusable. We need better ease of use; it's overly complicated."

"Reporting modules is one of the major areas that can be improved further."

"RSA Adaptive Authentication lacks a mechanism to verify the identity of a new user in the Enrollment event workflow."

"Better filters when searching for events. The current features for current filters when searching fraud events are not very comprehensive. You can only filter by certain fields in the transaction."

"It has taken years to implement."

"I would like to see a more adaptive type of solution, something that we could use on our web pages..."

"It would be useful if they could offer real-time processing."

"SDK is probably where the biggest issue is. The SDK configuration is a bit lacking. If you are integrating it into your workflow, it is very cumbersome and very difficult to integrate. You have to understand and be an expert in low-level mobile applications to integrate this stuff. Integration should be easy based on what they are providing, but unfortunately, it is not. It is very difficult. My work has been trying to simplify the integration process because integrations bring a lot of value. Most companies don't see their value because it is such a difficult process. For integration, you have to get it right as well, but it is very difficult to get it right because they don't help you in tuning your future parameters. Because of this, it is very difficult to tune your future parameters and your risk score. If you are Uber, your risk score will be very different from a banking client that is pushing funds. These two things need to be improved for me. The rest is pretty good."

"One limitation is it only maintains six months' worth of data. It would be nice if it went back even further to help us really identify and flush out patterns that go on longer."

"We encountered a few issues with API calls to the solution."

"Could be more intuitive and user friendly."

"The interface does look a bit outdated."

"We are only using one feature. We haven't found the other features to be very good or very powerful."

"The tool is very expensive."

"Customers need to deploy the solution in a very expensive infrastructure. RSA should should think about a less expensive infrastructure for customers because the solution costs around $100,000, and the infrastructure needed to support that solution may be even more expensive than that price."

"Keep the proxy service layer on premises. That consumes SaaS security services on the back-end."

"The pricing is $50 per head, yearly."

"You may need to opt for second best if funding is low and the number of users is huge. However, the pricing is able to be negotiated if your user figures are huge."

"I am not aware of the price. I have always come in after it has been negotiated. The clients do get a return on their investment. It mitigated a massive DDoS, and it definitely detects fraudulent activities on banking platforms. They have definitely got their ROI back because there is continued investment in ThreatMetrix over time."