Fraud Management Today

When protecting online services and users, the weakest link is represented by the web and mobile devices used by your end users. These unmanaged endpoints can be easily infected by advanced attacks leveraging a variety of vectors and techniques, including Man-in-the-Browser (MITB), Man-in-the-Middle (MITM), Remote Access Tools (RAT), Mobile Overlay and SMS Grabbing. 

Traditional solutions are ineffective in detecting today's advanced attacks in real-time and heavily impact the operational efficiency of your security teams, as they generate many false positives and in-doubt cases to be investigated. The rapid growth of real-time/instant payments is exacerbating the situation as manual security checks cannot be performed. 

When planning your next-generation Fraud Management system, the following key requirements should be considered:

  • Continuous real-time monitoring and adaptive security approach aligned to Gartner's Continuous Adaptive Risk and Trust Assessment (CARTA)
  • Innovative malware detection able to identify advanced attack techniques and complex attack scenarios involving multiple sessions across channels 
  • Deep threat visibility providing insights on attacker tactics, techniques and procedures (TTPs) and user experience under attack 
  • Single real-time risk scoring engine to correlate both deterministic and heuristic IOCs provided by malware, behavioral, transaction analysis

How Cleafy Helps

Cleafy protects online services and customers against the most advanced attacks from infected web and mobile endpoints. Cleafy makes it possible to detect in real-time advanced threats and account takeover, identity hijacking, transaction tampering and payment frauds scenarios. Moreover, Cleafy provides threat protection capabilities and effectively supports an adaptive threat response approach.

Cleafy is successfully adopted by major Corporate & Retail Banking, Payment Services, Online Lenders and other companies offering critical online services to external users. Cleafy quickly provides tangible benefits, in terms of fraud reduction, regulatory compliance and improved efficiency of the security team.

Cleafy key differentiators include:

  • Passive, continuous monitoring of the application traffic and real-time risk assessment - no impact on application delivery and end users
  • Patented malware detection technology based on real-time application integrity and multi-entity, cross-session/-channel correlation
  • Automatic extraction and clustering of threat evidences represented by malicious web-injects and malicious mobile apps 
  • Customizable risk engine supporting real-time threat classification and risk assessment based on malware, behavioral, transaction analysis
  • Open architecture and comprehensive set of APIs to easily integrate any component of the security eco-system (e.g., SIEMs)
Cleafy introduces a quite unique and unorthodox approach towards threat detection and anti-fraud protection for financial service providers. As opposed to disjointed security products covering individual threat vectors, the company focuses on business and regulatory requirements for banks, e-commerce and other similar companies and offers an integrated, clientless real-time platform that directly integrates with adaptive authentication and incident response solutions most of their customers already have in place due to industry regulations. Directly addressing most of security clauses of the PSD2 directive, Cleafy offers a promising one-stop-shop solution for financial service providers’ regulatory compliance needs.

Eric Ogren 451 Research