Ravelin, UK-based fraud specialists has today announced they have secured Payment Card Industry Data Security Standard (PCI DSS) certification as they continue to bring together the latest technologies for fraud detection.
Ravelin who already specialise in applying machine learning, artificial intelligence, graph networks and behavioural analytics to provide real-time fraud detection, have secured PCI DSS certification to enable the company to track fraudulent cards between clients and prevent the cards from being used across all their merchants.
Leonard Austin, CTO at Ravelin explains: “Before securing PCI compliance, we were unable to access the raw card numbers for each of our clients. But now, we’re able to take that raw data and create credit card fingerprints that can essentially be shared across merchants.”
Fraudsters will often operate across a number of merchants taking whatever goods they can. Therefore having access to data across a number of merchants is invaluable for detecting fraud: as you stop a fraudster for one merchant, you can stop them for all.
“PCI Compliance is still ultimately a necessary step towards the overall goal of keeping sensitive data secure, which is why we undertook the process. Combining this, and our ISO 27001 certification as well gives our merchants the confidence that our systems adhere to the highest security standards, with the added benefit of being able to better defend our clients against fraud attacks,” continued Austin.
The cardholder data that Ravelin now has access to has been tokenised, which means it’s not in a format readable to humans, ensuring that the numbers can never be compromised. The data is so secure that not even the Ravelin team has access to the card details.
David Robinson founder of Intruder.io, a proactive security monitoring company who carried out Penetration Testing of Ravelin’s systems said; “we performed a security assessment for Ravelin and were impressed by the robustness of the application. Most assessments result in a number of recommendations, but for the parts of the Vault API that we tested, we were happy to report a clean slate.”