Group-IB Fraud Hunting Platform ранее Secure Bank/Secure Portal

Main article: Fraud Detection System (fraud, fraud detection system)

Fraud Hunting Platform (FHP) is an end-to-end system of Group-IB for fight against fraud. Provides pro-active protection of the digital personality and fraud prevention in real time.

Fraud Hunting Platform became the successor of a product line of Secure Bank/Secure Portal which Group-IB developed since 2013, having won a grant of Skolkovo Foundation on the innovative development of means of protecting against an online fraud.

Data of 2020

2020: Presentation of Fraud Hunting Platform

On October 30, 2020 within the virtual presentation the Group-IB company provided an end-to-end system for fight against fraud of Fraud Hunting Platform. With its help for the first 6 months of this year it was succeeded to prevent damage for the amount of 320 million rub in five large Russian banks. Fraud Hunting Platform daily protects 130 million users.

Within the presentation the product which received the name Preventive Proxy is also provided. It was created in response to the growing problem of the harmful bots attacking the market of e-commerce and online banking. According to Group-IB, on harmful bots about 30% of Internet traffic are necessary. At the same time the most widespread of them – the bots used for selection of passwords using earlier stolen credentials. Their share makes about 60%.

The virtual action of Group-IB was devoted to the relevant concept of protection of the digital identity of the user against different threats — cracking of an account, theft of identification data, money transfer from his name and other actions of the potential malefactor. The leading role in protection is executed now by an end-to-end system of Group-IB Fraud Hunting Platform. She became the successor of a product line of Secure Bank\Secure Portal which Group-IB developed since 2013, having won a grant of Skolkovo Foundation on the innovative development of means of protecting against an online fraud.

In real time Group-IB Fraud Hunting Platform analyzes each session and behavior of the user both on a web resource, and in mobile application. Based on the behavioural analysis and algorithms of machine learning, a system creates the unique digital fingerprint of devices, "connects" with them the user and his accounts that allows to distinguish with a bigger accuracy his actions from actions of swindlers even if those, for example, took control of its mobile phone or payment data. This technology received the name Global ID — global user identification.

At the same time unified information environment for all products Group-IB allows the Fraud Hunting Platform system to use unique data of Threat Intelligence & Attribution that gives the chance to reveal the hidden threats and suspicious communications, to use this information at investigation and also "hunt" for malefactors, contacting persons, involved in an incident.

The key module FHP — Preventive Proxy — is created especially for the companies working in the field of online trade and also the "classical" business selling products and services online. Inclusion of Preventive Proxy in the structure of Fraud Hunting Platform gives the chance to distinguish "good" bots and harmful using which malefactors carry out different attacks on the websites, web and mobile applications of the companies.

According to Group-IB, on legal bots about 20% of all Internet traffic, on harmful – about 30% are necessary. Preventive Proxy task — a comprehensive protection of the websites, mobile applications and their users from cracking of accounts, collecting of personal information from personal accounts, illegal copying of author's content from the websites, "attacks" on mobile API and its unauthorized use.

Preventive Proxy can be implemented in infrastructure of web or mobile application and also to use it through Group-IB cloud. "Smart" protection against bots also applies the behavioural analysis to identification harmful a bot activity. Preventive Proxy, for example, investigates behavior of the user to estimate who performs these or those operations in network – the person or a bot. Besides, the solution collects parameters of the browser, the application and the device, protecting a real user session from reuse by "bad" bots. At this Preventive Proxy does not block requests from the entrusted sources or legal bots.

Group-IB counted that up to 60% of activity of "bad" bots it is the share of Credential stuffing (the attacks using the stolen credentials). The skraping share (from engl. "scraping", technology of obtaining web and data by their extraction from pages of web resources) — makes 30%. Another 10% are the share of other types of fraud.

Having analyzed types of harmful bots, specialists of Group-IB came to a conclusion that in 80% cases, for example at Credential stuffing, cybercriminals use Shell bots which do seamless accesses to the server of the console. Web bots are involved in the skraping-attacks (20%), these are more intellectual bots for which creation headless-browsers are, as a rule, used. These are vulnerability scanners, skreyper, spammers, bots for autoorders, buying up of goods. The third category of harmful bots (less than 1%), emulate behavior of the person, for example, for authorization and verification of accounts of bank.

2019

Group-IB Secure Bank/Secure Portal is the system of pro-active prevention of online fraud on all devices of the client in real time.

Integration with InterBank RS

On October 22, 2019 the R-Style Softlab company reported that together with the international company Group-IB signed the agreement on technology partnership. Integration of technologies of vendors allowed to create the joint solution which gives the chance to banks to unroll a secure channel of remote service with the built-in function of the behavioural analysis of actions of the user. Read more here.

Integration with SafeTech PayControl for protection against financial fraud

On October 9, 2019 the companies Group-IB also SafeTech offered the approach to protection financial of transactions in systems of remote banking based on risk assessment of the user session in real time. Consolidation of products of the companies SafeTech PayControl and Group-IB Secure Bank provides the adaptive authentication user, confirmation of transactions electronic signature and also scoring the client's devices for the purpose of detection of signs of financial frauds and immediate response to a suspicious event. In more detail here.

Integration with FRAMOS within service for protection against fraud in Internet banks

On August 27, 2019 the company Group-IB reported that together with the Center Financial of Technologies (CFT) developed service for protection against financial fraud in systems Internet- banking. Components of the joint solution are cloud service fraud- monitoring FRAMOS from Faktura.ru (enters into CFT Group) and the system of pro-active detection of financial fraud on all devices of the client of Group-IB Secure Bank. In more detail here.

Appointment, possibilities of Secure Bank/Secure Portal

According to information for July, 2019 the solution Group-IB Secure Bank/Secure Portal is intended for protection:

• Financial and insurance services, including banks and payment systems;
• Ecommerce-websites;
• The portals providing public services;
• Tourist websites;
• Entertaining online services;
• Corporate portals.

Without installation of the additional software on devices of clients Group-IB Secure Bank/Secure Portal reveals preparation and plunder of money with use:

• implementations of harmful injections on pages of Internet banking for receiving authentication and optional data for carrying out payment;
• phishing attacks and acceptances of social engineering;
• unauthorized remote connections to the device of the client and transaction from his name;
• malicious code for automatic creation of payment or substitution of details of the receiver on the client's device;
• cross-channel attacks.

A system also allows:

• block actions of the harmful bots attacking online portals;
• reveal fraud with programs of loyalty of online resources;
• reveal networks of laundering of income;
• optimize the customer's costs due to decrease in number of SMS confirmations of transactions and calls to clients;
• lower load of divisions a fraud monitoring;
• improve user experiment thanks to reduction of steps on security check.

The product is implemented as solution SaaS of Group-IB Secure Bank/Secure Portal is loaded together with web pages or mobile application and does not require changes in infrastructure and in the software of the customer.

Group-IB Secure Bank/Secure Portal uses technologies of digital "print" of the device (device fingerprinting), the behavioural analysis, agentless detection of the malicious software, global profiling of users and cross-channel analytics and also unique information on cybercriminals and the compromised data from Group-IB Threat Intelligence.

Compliance to requirements of regulators for banks

Group-IB Secure Bank/Secure Portal allows bank to conform to requirements 167-FZ "About making changes in separate legal acts of the Russian Federation regarding counteraction to plunder of money", keeping track of signs of fraud concerning money transfers of clients of banks, namely:

• Define the devices which were earlier used and noticed in the fraudulent attacks that completely satisfies to point No. 2 from the list of signs of implementation of money transfer without the consent of the client approved by the Bank of Russia.
• Reveal suspicious changes in technical characteristics of the device and in actions of the user during the session, different from standard work, according to sign No. 3 of the list of the Bank of Russia.

The solution reveals such anomalies as:

• run from the device, atypical for the user;
• use of the device from other accounts which were not connected with each other earlier;
• change of geography of use of an account;
• identification of social engineering and cross-channel fraud (for example, theft using a mobile trojan for further use in Internet bank);
• determination of registration of an account in RBS and carrying out typical transactions for the swindler.

2018: Announcement of Secure Bank Mobile SDK

On September 11, 2018 the Group-IB company provided Secure Bank Mobile SDK. According to the company, the product will allow to prevent fraud attempts, to detect attacks on users of the systems of electronic banking and also to add effectively existing an antifraud system in banks.

As it was reported, emergence in a line of Group-IB of the product Secure Bank Mobile SDK broadens a range of the analyzed channels, supplementing it mobile that allows bank to implement complex approach to protection in the systems of the remote banking (RB).

Secure Bank Mobile SDK develops Group-IB philosophy about need of prevention of the attacks at a planning stage. At the expense of "smart" behavioural analytics, identification of anomalies, daily updates of rules and signatures on the basis of given the Threat Intelligence systems, analysts of Laboratory of computer criminalistics Group-IB and in-depth studies of a malicious code, the products Group-IB allow to be one step away ahead of malefactors.

Use of the "maternal" product Secure Bank with enhanced capabilities of Secure Bank Mobile SDK in the amount gives the reliable tool for the cross-channel analysis and correlation of data on behavior of the user during the work on different devices (the smartphone, the tablet, the notebook, the PC) via any channels of interaction with bank (mobile application, online banking and dr). Use of algorithms of machine learning and the advanced designer of rules will prevent fraud at a preparation stage, detecting suspicious actions of the swindler issuing itself for the real client.

Secure Bank Mobile SDK allows bank to bring control of security of clients to other level, revealing cross-channel fraud and considerably increasing safety of transactions through mobile banking of both physical, and legal entities. We created the "smart" product which incorporated Group-IB technologies, such as additional system of identification of the device of the client (device fingerprinting), number of the patented methods of identification of remote connections and own practices in the field of machine learning. Pavel Krylov, the head on development of products of the Secure Bank and Secure Portal direction

Secure Bank Mobile SDK is easily embedded in the mobile banking application and works at the party of bank, performing functions of identification of the mobile device of the client, detecting of the malware, identifications of unauthorized change of the SIM card of the client, detection of start of the banking application on the emulator of the mobile device or on unofficial versions of mobile platforms. Identification of activity, atypical for the specific client, increases the probability of recognition of fraudulent activity, thereby reducing number of false operations an antifraud systems and removing need of additional calls to clients for check of transactions.

2017: Inclusion of Secure Bank/Secure Portal in the Unified register of the Russian software

The solution Secure Bank/Secure Portal of the resident of an IT cluster of Skolkovo Foundation, Group-IB company is included in the Unified register of the Russian programs for electronic computers or databases created according to amendments to law 188-FZ. New edition of the law sets restrictions for purchase of foreign software by the Russian state structures if in Russia there is a domestic analog.

2016

Integration with SAS Fraud Framework

On October 5, 2016 the companies SAS also Group-IB announced integration of the products for increase in accuracy of identification of fraud in the RBS systems in real time, creation of a system on the platform SAS Fraud Framework and Bot-Trek Secure Bank.

Schemes of fraud become more and more sophisticated, it becomes more difficult to reveal them therefore today it is natural that different vendors willingly cooperate for the purpose of increase in efficiency of the tools and guaranteeing the due security level of the RBS systems to customers. It is at the moment obvious to all that uses only of expert knowledge for fraud identification already insufficiently. Symbiosis of advanced approaches, non-standard solutions and the saved-up examination is required that at a stage of planning of a compromise to define and level threats. Pavel Krylov, head Bot-Trek Secure Bank, Group-IB

The hybrid approach of SAS to identification of fraud allows to combine flexibly business rules, methods of predictive analytics, model of identification of anomalies, the analysis of unstructured information and also to carry out the intellectual analysis of interrelations between system objects (transactions, clients, incidents and so forth). But it is important not just to reveal a fraud, but also to reduce the number of false operations an antifraud of systems and, as a result, to reduce load of security experts. The solution of these tasks depends, first, on ability to estimate correctly how specific actions in the RBS system and the subsequent to it transactions are characteristic of the client. We draw such conclusions, proceeding from information which is available directly in the systems of bank. And secondly, knowledge which we gain in an analysis result of the network environment and the client's environment at the time of commission of such transaction are necessary: whether the machine is infected whether the fact of remote connection was recorded, whether there are signs of application of a phishing and other. Dmitry Konovalov, head of counteraction to fraud of SAS Russia/CIS

Along with integration of solutions of the company announced creation of service for the banks using SAS Fraud Framework and Bot-Trek Secure Bank for operational informing on cyberfraud cases. All data on the revealed incidents and the appeared schemes will be immediately interpreted in the form of algorithms an antifraud system that will help to increase efficiency and security of remote links of service taking into account changes and emergence of threats.

Compatibility of the InterBank RS and Bot-Trek Secure Bank platforms

R-Style Softlab, the Russian developer and integrator of banking software entering into the international holding Asseco, and Group-IB, the company on prevention and investigation of cybercrimes and frauds using high technologies signed the agreement on technology partnership in September, 2016. In its framework the companies will provide compatibility of the platform for development of RBS services of InterBank RS and the system of early detection of threats Bot-Trek Secure Bank.

Description of Bot-Trek Secure Bank

According to information for July, 2016 Bot-Trek Secure Bank is service of protection of online payments, addition to an antifraud systems. The product is focused on use in financial institutions. Bot-Trek Secure Bank helps to control the risks arising on the party of clients of bank - the weakest link in security of online payments.

Without installation of the additional software on devices of clients, in real time Bot-Trek SB reveals preparation and plunder of money with use:

• implementations of harmful injections on pages of Internet banking for receiving authentication and optional data for carrying out payment
• phishing attacks and acceptances of social engineering
• unauthorized remote connections to the device of the client and transaction from his name
• malicious code for automatic creation of payment or substitution of details of the receiver on the client's device
• upgrades of a malicious code and penetration through vulnerabilities of "zero" day.

Screenshot of the software window, (2014)

Software does not require installation on the device of the client and investments into IT infrastructure of bank. At early stages reveals fraudulent payments and preparation for their commission. Defines the attacks and schemes of fraud. Rules and signatures of API for integration about an antifraud systems are daily updated. Group-IB provides analytical support and consultations of specialists.

The expected result of implementation

• Decrease in direct losses due to early detection of fraud
• Decrease in number of false operations of the classical systems of counteraction to fraud due to integration into the solution Bot-Trek SB
• Increase in a customer loyalty

Description of Bot-Trek Secure Portal

According to information for July, 2016 Bot-Trek Secure Portal is service of security of personal data and protection against fraud. It is focused on corporate and state portals, e-commerce and online stores.

Bot-Trek Secure Portal helps to prevent personal data leakages and theft of information on bank cards. Reveals purchases according to stolen cards, interception of buyers and other types of fraud. Provides the additional information about users in real time. Group-IB provides analytical support and consultations of specialists.

Scheme of interaction Bot-Trek Secure Portal, (2015)

Possibilities of service

Bot-Trek Secure Portal helps to control risks from users of the Internet portal. Without installation of the additional software on devices of users of Bot-Trek Secure Portal in real time reveals:

• unauthorized access and use of valuable or confidential information
• collection of data on payment cards and use of stolen cards
• phishing attacks and acceptances of social engineering
• unauthorized remote connections to the user's device, use of its identifiers and commission of actions from his name the third parties
• the fraudulent activity made on user side.

Results of implementation of Bot-Trek Secure Portal

• Online stores and e-commerce websites
  • Quality improvement of targeting of offers for visitors
  • Reduction of losses from the purchases missed as a result of implementation of the proposal of competitors on pages of online store
  • Decrease in volume of compensations (chargeback) in money after payment by stolen cards
  • Prevention of unauthorized use of a brand for sale of a counterfeit and spread of viruses

• The services providing paid content
  • Reduction of damage from sharing of a paid subscription
  • Prevention of use of stolen identifiers for authorization on the website
  • Decrease in volume of compensation (chargeback) in money after payment of a subscription by stolen payment cards

• Portals of public services
• Prevention of personal data leakages and frauds with their use
• Suppression of unauthorized access to confidential information
• Prevention of plunders of money

2012: Protection of a workplace of the client of RBS

Group-IB started the service "Protection of a workplace of the client of RBS" aimed at security of personal computers with installed systems of Internet banking in January, 2012. This service is unique thanks to consolidation of technical solutions and the round-the-clock monitoring performed by the situational center Group-IB.

The service "The protected workplace of the client of RBS" represents a complex of the technical and organizational measures aimed at increase in level of information security of clients of the banks using services of remote banking. The unique complex of solutions includes the round-the-clock audit of the security level of a workplace of the client by the staff of the situational center Group-IB. Control of degree of security allows to trace and analyze each event of information security. In case of approach of an incident the center of reaction without delay notifies the client on it and gives it organizational technical support, including legal support.

"In the conditions of the permanent growth of number of the purposeful attacks on the systems of Internet banking producers of means of protecting are faced by a difficult task to secure the end user — Sachkov Ilya, the CEO of Group-IB says. — We also decided to apply the accumulated experience got at investigation of cases of fraud in the systems of Internet banking and to develop own solution. The provided service provides not only traditional protection against cyberthreats, but also gives the chance to the attacked party timely reaction to render worthy counteraction to malefactors. At the same time our specialists will be near and will provide it full support".

Collection of data on events of cybersecurity is performed by the program agent which transfers accumulated information to the situational center Group-IB for the further analysis. In addition to use of the agent of monitoring protection of a workplace is reached by implementation of technical tools, such as antivirus software, system of additional authentication, module of a trusted boot, intrusion prevention system, firewall, system of protection against unauthorized access, etc.

Later this product was renamed into Secure Bank.