The following article has been featured in Cyber Defense Magazine 2019 Global Annual Edition.
XTN’s goal is to fight fraud in online services through our Advanced Behavior-based Security solutions we develop since 2014. Through the award-winning and multi-layered Cognitive Security Platform®, we protect the services of several kinds of environments, such as Banks, Fintech, e-commerce, and Automotive.
Fraud in online services
Online services suffer from a wide variety of frauds. One of the more common patterns is related to account or sensitive information takeover. Takeovers range from the control of the victim’s bank account up to stealing their credit card information. Most of the time, the result is an undesired transfer to a temporary account managed by the fraudster. There are more technologically advanced frauds where the attacker takes control of the application used to directly perform fraudulent transactions. With the rising online onboarding procedures in next-generation payment services, there is also a rising trend related to rogue identities and BOT driven account creation. In the end, the fraudster’s goal is to monetize the attack as quickly as possible, finding an easy to scale and maintain fraud flow.
XTN’s vision is to correlate different analysis layers to obtain a holistic approach to detect fraudulent events. The Platform considers the posture of the endpoint used to access a critical service, the user’s digital identity, and the risk profiling related to the business content of events. Our unique technology relies on cutting edge artificial intelligence to provide excellent accuracy and minimal false positives.
XTN technology conciliates different needs that are mandatory in the fraud analysis space: behavioral perspective, the intelligibility of the risk causes, flexibility, and real-time response.
We solve the challenge of providing visibility about fraud attempts coming from consumer-facing or internal critical services. The banking sector is one of our reference markets and is pretty evident the urgency of limit payment related frauds. But also other markets need this kind of protection. That’s why we are also working in the automotive environment to protect connected-vehicles services.
Mobile and web application security
We see, globally, very high pressure on mobile online services. Security awareness is increasing, and users demand secure services, both considering privacy and money. On the other side, service providers struggle with growing security while keeping an easy and enjoyable user experience in their apps. The result is that a new generation of service providers is starting to point to great functionalities designed to include security and ease of use by default. These new generations of services are finding spaces to compete in these fields. Our aim for the future is to face advanced threats while maintaining small or no impact on the user experience. At XTN, we are ready to embrace this challenge. Our goal is to provide the smoothest user experience possible while keeping the highest security level. To do that, we consider the endpoint, and in particular mobile devices, as the central actor in identity proofing.
Authentication for us is much more of a password or second factor of authentication. In the XTN Cognitive Security Platform®, digital identity validation relies on different layers: behavioral biometrics features, endpoint trust, and cryptographic quantities. These layers modulate the authentication factors considering the endpoint trust or risk and include continuous behavioral analysis to recognize anomalies.
In-App protection next level
At XTN, we believe that protecting the app goes beyond the app assets in the end-point. We think that modern protection requires implementing a probe-evaluate-react pattern, including the app’s technological threats detection together with behavioral and identity-related features. Our technology takes all relevant information from the app to our clients without any user experience impact and building risk-driven reaction flows that originate at the server-side, where the trust should be.