Cybercrime Fighting ThreatMetrix Wrangles Another $12M

ThreatMetrix, a Los Gatos, Calif.-based startup that stops online fraud by “fingerprinting” the devices used to commit it, has closed an “oversubscribed” $12 million Series C round of funding, led by Tenaya Capital, formerly Lehman Brothers. Tenaya was joined by Technology Venture Partners of Sydney, Australia; CM Capital of Brisbane, Australia; and U.S. Venture Partners.

When peHUB first talked with the 36-employee company in March, CEO Reed Taussig said he was looking to raise “between $7 million and $10 million,” because business was “doubling quarter over quarter.” When “you’re experiencing that kind of growth, certain rivets that you thought were secure you find to be insecure,” he said at the time.

Business has since sped up. In a call late last week, Taussig said the traffic of ThreatMetrix–which works with partners like social networks and online dating and gaming sites–is now growing at 25 percent compounded monthly.

Seemingly, ThreatMetrix is just getting started.

Internet retailers lost more than $3.3 billion to fraud last year, according to the most recent fraud report issued by payment processing giant CyberSource. Conveniently, ThreatMetrix works hand-in-hand with CyberSource, which agreed to be acquired by Visa in April for $2 billion. CyberSource, which tried out ThreatMetrix’s technology in late 2008, has since sold it through CyberSource’s online fraud management product, DecisionManager, to more than 100 new customers.

“We get customer traction, and we provide them with a differentiated advantage and fraud capabilities within their own products,” says Taussig of the relationship.

ThreatMetrix may get more than that. The company, which has roughly 250 customers and is “at about a $10 million run rate” for 2010, was asked to make room for CyberSource in its newest round. Taussig said the “timing wasn’t right” because CyberSource was entering into an agreement to be acquired by Visa for $2 billion around the same time, in April.

He added that through a “continue expansion” of ThreatMetrix’s partnership with CyberSource, a “Visa relationship is possible and probable. Certainly, we’re working together and [our] products could very well find their way into Visa as well.” (About 70 percent of ThreatMetrix’s technology is sold through resellers.)

ThreatMetrix was founded as a device identification provider in 2005, as part of a consulting project with the Australian government. The company was trying to keep spammers and hackers off sensitive military and financial sites when it discovered that a lot of people were attacking from hidden proxies and botnets.

Its technology has since evolved to enable its customers to learn what kinds of devices people are using, what kinds of transactions they are executing, and from where, among other things.

For example, when a user signs up on a social network or a dating site, no personally identifiable information is collected to verify that the user is who he says he is. ThreatMetrix can inform such sites that a user may not be who he says he is if his stated place of residence doesn’t jibe with his IP address, or his email says he’s in the U.S., but ThreatMetrix can see that he’s in Vietnam, or his Linux computer is masquerading as a Windows computer.