Gartner Blog Network


$800M Digital Identity News – LexisNexis parent acquires ThreatMetrix

by Avivah Litan  |  January 29, 2018  |  Submit a Comment

RELX Group announced on Monday that it is acquiring ThreatMetrix, for £580m– or about $815M in cash. ThreatMetrix will become part of RELX’s LexisNexis Risk Solutions that provides fraud and authentication solutions across the glove.

This is a very successful exit for ThreatMetrix, which has diligently built up its digital identity business since 2005.  This acquisition is also promising news for organizations around the world who use LexisNexis or their competitors, e.g. the major credit bureaus, to help them prove identities of users they do business with, or to comply with ‘Know Your Customer’ regulations around the world.

I vividly recall meeting bank users of ThreatMetrix (aka Threat) years ago, who told me the dynamic identity data from Threat was more useful for their initial identity screening than the static identity data they got from the credit bureaus, but they were obligated to always use the less effective static data during account openings because of rigid regulatory requirements.

The intrinsic value of static PII data has significantly deteriorated over the past few years as a result of countless data breaches, the most infamous of which was the 2017 Equifax breach where sensitive PII data belonging to some 145 million Americans was compromised. (PII stands for Personally Identifiable Information, and includes any information, such as social security number, that can be used to distinguish one person from another).

Static PII data simply cannot be relied upon for vetting an individual’s identity.

For years, we have been advocating a layered identity vetting approach that increases reliance on dynamic digital identity data and reduces reliance on severely compromised static PII data. Refer to Absolute Identity Proofing is Dead; Use Dynamic Identity Assessment Instead

See Figure 1 and 2 below for a description of Dynamic Identity Data and a Five Layered Identity and Transaction Risk Assessment framework.

Figure 1: Increase Reliance on Dynamic Information

IDproofingblogTMslide1

Figure 2: Five Layers of Identity and Transaction Risk Assessment

IDproofingblogTMslide2

 

Nonetheless, it has been difficult for many organizations to make this transition, given the fact that many of them have to comply with somewhat outdated regulatory requirements and also have to contend with a shortage of IT resources required to implement this layered identity vetting approach.

The RELX Group acquisition of ThreatMetrix should make this work easier. Credit Bureau Experian has a similar offering partly based on its 2013 acquisition of The 41st Parameter for $324M.  At the time of Experian’s acquistion, The 41st Parameter was a direct competitor of ThreatMetrix in Gartner’s Magic Quadrant for Web Fraud Detection – see Magic Quadrant for Web Fraud Detection 2013.

Bottom Line

We can never be sure anyone is who they say they are. There is no such thing as black-and-white absolute certainty of someone’s identity. Dynamic digital identity information enables us to be more or less certain of an identity’s legitimacy with varying degrees of confidence.  That’s just the new world we live in and have been living in for years.  Old timers just need to get used to it.  It’s a simple fact of digital life.

 

 

Category: 

Avivah Litan
VP Distinguished Analyst
19 years at Gartner
34 years IT industry

Avivah Litan is a Vice President and Distinguished Analyst in Gartner Research. Ms. Litan's areas of expertise include endpoint security, security analytics for cybersecurity and fraud, user and entity behavioral analytics, and insider threat detection. Read Full Bio




Leave a Reply

Your email address will not be published. Required fields are marked *

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.