Forter’s (“we” or “the Company”) goal is to fight online financial fraud. Our fraud solution provides merchants (“Merchants”), who use our expertise and proprietary technology in order to get real-time and automated decisions for every transaction made by Merchants’ customers (“Customers”).
When a Customer lands on any of the Merchant’s websites or applications (“Merchant Platforms), and subject to a full Merchant consent, we process relevant information pertaining to the Customer usage of the merchant websites or application (“Merchant Platforms”) and compare it to known fraudulent behavioral trends in order to protect the Merchant from fraudulent activity (collectively: “the Services“).
Our Services not only help Merchants, but also provide much safer and better online shopping experience for Customers, as they help prevent a customer account takeover by a fraudster, allow Customers to get rid of the delays in order confirmation, and minimize potential mistaken rejection of transactions, which can make shopping online very frustrating.
We process two types of information which relate to Customers.
The first type of information is un-identified and non-identifiable information pertaining to a Customer, which may be available or collected via Customers’ use of the Merchant Platform (“Non-personal Information”). We are not aware of the identity of the Customer from which the Non-personal Information was collected. Non-personal Information which is being collected may include Customer’s aggregated usage information, device fingerprinting, browsing events and technical information transmitted by Customers’ device, including certain software and hardware information (e.g. the type of browser and operating system the Customer’s device uses, language preference, access time and the domain name of the website from which the Customer is linked to the Merchant Platform; etc.) as well as information regarding Customer’s activity on the Merchant Platform (e.g. pages viewed, clicks, actions, etc.).
The second type of information, mostly the data in the checkout page, is individually identifiable information, namely information that identifies an individual or may with reasonable effort identify an individual (“Personal Information”). The Personal Information we process through our Services includes information which is submitted to Merchant Platforms directly by the Customer, such as phone number; full name; address; e-mail address and other information that we may need in order to provide our Services. With regards to Customer’s payment means, we are not collecting full credit card details, but only the credit card BIN and the last four digits of the credit number, alongside the cardholder name and expiration date.
We may also process Personal Information from Customer’s device, such as geolocation data, IP address and other unique identifiers.
If we combine Personal Information with Non-personal Information, the combined information will be treated by us as Personal Information for as long as it remains combined.
We use three main methods to collect information, which relates to Customers:
iii. We collect information which is available via public websites, social networks, etc. and from our trusted service providers and is relevant to our Services. For example, we may collect information such as phone type (e.g. mobile, landline, etc.), age and gender from different resources across the web and perform social network analysis in order to support our analysis of a transaction and the assessment of whether or not a transaction is suspected as fraudulent.
A “cookie” is a small piece of information that the Merchant’s website assigns to the Customer’s browser while the Customer is browsing such website. Cookies are very helpful and are used by us for the purpose of gathering relevant information in order to detect possible online and identity frauds.
We use ‘session cookies’, which are stored temporarily during a browsing session and are deleted from Customer’s device when the browser is closed, and ‘persistent cookies’, which are saved on Customer’s device for a fixed period and are not deleted when the browser is closed.
The Customer may disable the storage of and/or remove the cookies via his browser settings.
We may share Personal Information which relates to the particular Merchant from whom the information was collected in order to provide our Services. This includes sharing of information regarding each transaction decision the Merchant initiates and access to our ‘Decision Dashboard’;
In addition, in order to provide our Services we may share Personal Information with (i) affiliated companies within the Forter group of companies, as listed below; (ii) subcontractors (e.g. enrichment services with whom data points are shared securely and without the transaction context. For example, shipping addresses, without an individual’s name/phone/etc., are normalized using a dedicated address validation provider. All third party services must be evaluated and approved by the Forter security team before integration or chargeback dispute agencies); (iii) third party service providers (e.g. cloud web services for storing information on our behalf or processing information);
We may also disclose Personal Information, or any information submitted via the Services if we have a good faith belief that disclosure of such information is helpful or reasonably necessary to: (i) comply with any applicable law, regulation, legal process or governmental request; (ii) enforce our policies, including investigations of potential violations thereof; (iii) investigate, detect, prevent, or take action regarding illegal activities or other wrongdoing, suspected fraud or security issues; (iv) to establish or exercise our rights to defend against legal claims; (v) prevent harm to the rights, property or safety of us, the Merchants, the Customers or any third party; or (vi) for the purpose of collaborating with law enforcement agencies and/or in case we find it necessary in order to enforce intellectual property or other legal rights.
We value Customers’ privacy and control over their Personal Information. In cases where we are required under the applicable law (for example, under the EU Data Protection Directive), a Customer may request that we will correct errors with regard to his Personal Information and allow him to receive certain details with regard to his Personal information, by following this procedure:
We may rectify, replenish or remove incomplete or inaccurate information, at any time and at our own discretion.
We will retain the information we collect for as long as needed to provide our Services and to comply with our legal obligations, resolve disputes and enforce our policies.
We take great care in implementing and maintaining the security of the Services and safeguarding information which relates to Customers. We employ industry standard procedures and policies to ensure the safety of Customers’ information and prevent unauthorized use of any such information. Although we take reasonable steps to safeguard such information, we cannot be responsible for the acts of those who gain unauthorized access or abuse our Services, and we make no warranty, express, implied or otherwise, that we will prevent such access.
We do not collect any information, which relates to Customers who are under the age of 13. In the event that we become aware that an individual under the age of 13 has shared any information, we will discard such information. If Customers have any reason to believe that a minor has shared any information with us, it will be advisable to contact us at firstname.lastname@example.org.
If Customers have any general questions about the Services or the information that we collect about them and how we may use it, they may contact us at email@example.com
Details of Company and affiliated companies in the group:
Forter Ltd., Totseret ha-Arets St 7, Tel Aviv-Yafo, Israel 6789104
Forter, Inc., 12 East 49th St, New York, NY 10017
Last update: 22/12/2016