Reply

Financial Sector Antifraud

Products and Services

V. 1.5 - 31072012

2

Solution outline

Reply engineered a point solution to contrast new type of automated

frauds toward financial institutions online services. The so called “Man in

The Browser” attacks are hitting the news and are a well known problem for

large financial institutions as they can circumvent strong authentication and

transaction monitoring systems.

Reply solutions provide a unique way to identify such frauds through the

technological chain, providing “Actionable Intelligence” information directly

to Enterprise Fraud Management systems or helpdesks.

http://www.bbc.co.uk/news/technology-16812064 (02/2012)

3

Reply Security competence centre

Reply Antifraud Assets:

• Niche high performance solutions, 100+ clients managed

• Dedicated Fraud Intelligence Team & CERT

• Owned Security Operations Centre H24x365, 60+ people dedicated to

Fraud Contrast & Analysis in the Reply SOC

• Self developed platforms, some of which released open source for the

anti-fraud community

• High involvement in international associations, such as Honeynet Project

• Flexibility to accomodate client’s integration and service requirements

Reply was identified by the Italian Banking Association

(ABI) as a leader for quality intelligence for the

financial sector. Reply provides monthly report of

malware trends to all associates

Reply provides malware intelligence information to UK

private agencies providing services to law enforcement

authorities and defence.

4

Reply Answer

Reply provides focused product and services for contrast

of emerging fraud phenomena in the financial sector.

ACTIVE FRAUD

PREVENTION

ANTIPHISHING

SERVICES

Active detection of

online banking frauds.

Available in SaaS or

On-Premise, 95% avg

score on true positives,

measurable ROI.

Active detection and

shutdown of phishing

clones, leveraging

multiple sources and

client information.

Top level detection rate.

REPLY FRAUD

INTELLIGENCE

SERVICES

Intelligence information

tailored on specific

requirements, Botnet

Tracking, Botnet

infiltration and

shutdown.

5

Active Fraud Prevention (AFP): Fraud pattern

The AFP product leverages continuous intelligence activities and

proprietary platforms in order to actively identify compromised

clients during an online banking transaction attempt.

AFP produces Actionable Intelligence: your client’s account

number, details of the transaction direcly to your customer

support service and to your enterprise fraud management

system.

AFP has extremely low integration requirements.

6

Active Fraud Prevention (AFP): Fraud pattern

The AFP product leverages continuous intelligence activities and

proprietary platforms in order to actively identify compromised

clients during an online banking transaction attempt.

Typical online banking fraud pattern:

Online Banking

Front End

1 The user connects to the home banking website with a client compromised by a trojan.

The connection triggers the trojan that seamlessly interacts with the user session 2

Online Banking

Back End

Since the attack happens in the user space, both the front end and the back end cannot detect the attack.

It is a common pattern to see average transaction volume and execute fraud wire transfer below that, in order

not to trigger transaction monitoring systems

3

End user

7

Active Fraud Prevention (AFP): mitigation

Leveraging proprietary technology, with an easy to integrate sensor in the

front end, AFP is capable to detect «weak signals» coming from and infected

client.

AFP signatures and sensors are updated frequently by the Reply Fraud

Intelligence team.

8

Active Fraud Prevention (AFP): Fraud pattern

Reply AFP is available in the following:

• Software as a Service Fully delivered from ISO/IEC 27001 certified Reply Security

Operations Centre (SOC). • Licensing is flat for 1Y contract, not dependent on number of

logs/events/incidents/EPS/etc.

• Includes continuous updates of signatures and software components

• Full reporting and trend analysis via fully featured BI solution

• On-premise on hardware/virtual appliance Remotely managed by experts team in Reply SOC. • The product is licensed to the client, signatures and software

components updates are included in the maintenance fee

9

Example of Reply malware detection capabilities

Geolocalization of one of the monitored Fast Flux domains

10

Reply Antiphishing services

Reply Antiphishing Service provide value for customer’s reducing

brand abuse impact on the end user:

• Reduction of exposure to cloned websites

• High level of detection thanks to smart correlation of own

managed mailboxes network and weak signals derivd from

customer available data

• Shutdown of clone websites licensed on a flat fashion

• Full tracking of closure status via Reply services portal

11

Reply Fraud Intelligence Services

The Reply Fraud Intelligence Team monitor threats directed

toward its clients through botnets and trojans. The team can

provide valuable intelligence information to its customers,

including:

• Detection of malicious code samples

• C&C tracking and shutdown

• Analysis of detection techniques for new malware behaviours

• Full reporting and trend analysis through a full featured

Busines Intelligence platform

12

Want to try out?

Our experience tells us that the amount of frauds identified and

potentially prevented during a Proof Of Concept, highly exceed

expectations. And the final TCO is just a small portion of the

saving.

To organise a POC for Reply AFP solution, please contact

d.vitali@reply.eu

Thanks