RELX Group announced on Monday that it is acquiring ThreatMetrix, for £580m– or about $815M in cash. ThreatMetrix will become part of RELX’s LexisNexis Risk Solutions that provides fraud and authentication solutions across the glove.
This is a very successful exit for ThreatMetrix, which has diligently built up its digital identity business since 2005. This acquisition is also promising news for organizations around the world who use LexisNexis or their competitors, e.g. the major credit bureaus, to help them prove identities of users they do business with, or to comply with ‘Know Your Customer’ regulations around the world.
I vividly recall meeting bank users of ThreatMetrix (aka Threat) years ago, who told me the dynamic identity data from Threat was more useful for their initial identity screening than the static identity data they got from the credit bureaus, but they were obligated to always use the less effective static data during account openings because of rigid regulatory requirements.
The intrinsic value of static PII data has significantly deteriorated over the past few years as a result of countless data breaches, the most infamous of which was the 2017 Equifax breach where sensitive PII data belonging to some 145 million Americans was compromised. (PII stands for Personally Identifiable Information, and includes any information, such as social security number, that can be used to distinguish one person from another).
Static PII data simply cannot be relied upon for vetting an individual’s identity.
For years, we have been advocating a layered identity vetting approach that increases reliance on dynamic digital identity data and reduces reliance on severely compromised static PII data. Refer to Absolute Identity Proofing is Dead; Use Dynamic Identity Assessment Instead
See Figure 1 and 2 below for a description of Dynamic Identity Data and a Five Layered Identity and Transaction Risk Assessment framework.
Figure 1: Increase Reliance on Dynamic Information
Figure 2: Five Layers of Identity and Transaction Risk Assessment
Nonetheless, it has been difficult for many organizations to make this transition, given the fact that many of them have to comply with somewhat outdated regulatory requirements and also have to contend with a shortage of IT resources required to implement this layered identity vetting approach.
The RELX Group acquisition of ThreatMetrix should make this work easier. Credit Bureau Experian has a similar offering partly based on its 2013 acquisition of The 41st Parameter for $324M. At the time of Experian’s acquistion, The 41st Parameter was a direct competitor of ThreatMetrix in Gartner’s Magic Quadrant for Web Fraud Detection – see Magic Quadrant for Web Fraud Detection 2013.
We can never be sure anyone is who they say they are. There is no such thing as black-and-white absolute certainty of someone’s identity. Dynamic digital identity information enables us to be more or less certain of an identity’s legitimacy with varying degrees of confidence. That’s just the new world we live in and have been living in for years. Old timers just need to get used to it. It’s a simple fact of digital life.
Read Complimentary Relevant Research
Leadership Vision for 2018: Infrastructure & Operations Leaders
I&O are key enablers for digital business. I&O leaders are accountable for delivering agility and innovation to their primary consumers...
View Relevant Webinars
Accelerating Deal Value Realization in Mergers & Acquisitions
With Tech M&A activities at unprecedented levels, Gartner continues to play an essential role with general managers and corporate development...
Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.