《KuppingerCole:2023领导力指南针:欺诈预防情报平台 (FRIP)报告(英文版)(107页).pdf》由会员分享,可在线阅读,更多相关《KuppingerCole:2023领导力指南针:欺诈预防情报平台 (FRIP)报告(英文版)(107页).pdf(107页珍藏版)》请在三个皮匠报告上搜索。
1、 Fraud Reduction Intelligence Platforms(FRIP)John Tolbert April 25,2023 LEADERSHIP COMPASS:81108 Fraud Reduction Intelligence Platforms(FRIP)2023 KUPPINGERCOLE ANALYSTS AG 2 This report provides an overview of the market for Fraud Reduction Intelligence Platforms and provides you with a compass to h
2、elp you to find the solution that best meets your needs.We examine the market segment,vendor service functionality,relative market share,and innovative approaches to providing Fraud Reduction Intelligence Platform solutions.LEADERSHIP COMPASS:81108 Fraud Reduction Intelligence Platforms(FRIP)2023 KU
3、PPINGERCOLE ANALYSTS AG 3 Contents Contents.3 Figures.4 Introduction/Executive Summary.6 Highlights.9 Market Segment.10 Delivery Models.10 Required Capabilities.10 Leadership.13 Overall Leadership.13 Product Leadership.15 Innovation Leadership.17 Market Leadership.19 Correlated View.21 The Market/Pr
4、oduct Matrix.22 The Product/Innovation Matrix.24 The Innovation/Market Matrix.26 Products and Vendors at a Glance.28 Product/Vendor evaluation.31 Spider graphs.31 Akamai Account Protector,Bot Manager,and Page Integrity Manager.33 Arkose Labs Arkose Bot Manager.36 BioCatch Platform.40 Broadcom Arcot
5、Network for Issuers.44 Experian CrossCore.47 F5 Distributed Cloud.51 Forter Trust Platform.54 GBG Fraud and Compliance Solution.57 Group-IB Fraud Protection.60 Gurucul Fraud Analytics.64 HID Global HID Approve,Authentication Service,Risk Management,and Identity Verification.67 LEADERSHIP COMPASS:811
6、08 Fraud Reduction Intelligence Platforms(FRIP)2023 KUPPINGERCOLE ANALYSTS AG 4 HUMAN Human Defense Platform.71 IBM Trusteer:Pinpoint Detect and Pinpoint Assure.75 ID Dataweb AXN Platform.78 LexisNexis Risk Solutions Dynamic Decision Platform,RiskNarrative,and more.81 Outseer Fraud Manager,3-D Secur
7、e,and FraudAction.85 Sift Sift Digital Trust&Safety Suite.90 Transmit Security Transmit Security Platform.94 Vendors to Watch.98 Amazon.98 Cleafy.98 Equifax.98 Feedzai.98 FICO.99 Imperva.99 Nice Actimize.99 OneSpan.99 Ping Identity.99 Ravelin.100 Telesign.100 ThreatMark.100 TransUnion.100 Methodolog
8、y.102 Types of Leadership.102 Product rating.103 Vendor rating.104 Rating scale for products and vendors.105 Inclusion and exclusion of vendors.106 Figures Figure 1:The Six Major Fraud Reduction Techniques.9 Figure 2:Overall Leaders in Fraud Reduction Intelligence Platforms.13 Figure 3:Product Leade
9、rs in Fraud Reduction Intelligence Platforms.15 LEADERSHIP COMPASS:81108 Fraud Reduction Intelligence Platforms(FRIP)2023 KUPPINGERCOLE ANALYSTS AG 5 Figure 4:Innovation Leaders in Fraud Reduction Intelligence Platforms.18 Figure 5:Market Leaders in Fraud Reduction Intelligence Platforms.19 Figure 6
10、:Market Champions in Fraud Reduction Intelligence Platforms.22 Figure 7:Technology Leaders in Fraud Reduction Intelligence Platforms.24 Figure 8:Big Ones in Fraud Reduction Intelligence Platforms.26 LEADERSHIP COMPASS:81108 Fraud Reduction Intelligence Platforms(FRIP)2023 KUPPINGERCOLE ANALYSTS AG 6
11、 Introduction/Executive Summary Fraud is a major cost to businesses worldwide and this has been exacerbated by the worldwide Covid pandemic.Banking,finance,payment services,and retail are some of the most frequent targets of fraudsters.However,insurance,gaming,telecommunications,health care,cryptocu
12、rrency exchanges,government assistance agencies,travel and hospitality,and real estate are increasingly targeted as cybercriminals have realized that most online services trade in monetary equivalents.After years of being the focus of cybercriminals,banking and financial institutions are more likely
13、 to be better secured than other industries,meaning that fraudsters are increasingly likely to attack any potentially lucrative target if given the opportunity.Fraud perpetrators are continually diversifying and innovating their Tactics,Techniques,and Procedures(TTPs).The most prevalent types of fra
14、ud businesses,non-profit organizations,and government agencies experience today are:Account Takeover(ATO)Fraud-occurs when fraudsters use breached passwords and credential stuffing attacks to execute unauthorized transactions.Additional means for account takeover fraud are malware attacks(man in the
15、 middle and man in the browser)as well as the use of Remote Access Tools via Trojan or social engineering scams.Account Opening(AO)Fraud also called New Account Fraud or Synthetic Fraud,often happens as a result of using stolen identities or assemblages of personal information to create synthetic di
16、gital IDs.Such fraudulently created accounts can be more difficult to detect,which is an advantage for the attackers.This type involves gathering complete sets of or bits of PII(Personally Identifiable Information)on legitimate persons to construct illegitimate accounts.Educational,financial,governm
17、ent,employment,and medical records and social media can be sources of PII used for assembling fake accounts,which are then often used to abuse promotions and instant loans and/or used as mule accounts to move money around.Various financial regulations require validation of users at registration time
18、 for Anti-Money Laundering(AML),Know Your Customer(KYC),US Office of Foreign Asset Control(OFAC),Politically Exposed Persons(PEP)validation,and other sanctions screening.Many other types of online fraud exist and they continue to proliferate and evolve.Examples are listed below based on categories:P
19、hishing/Smishing/Vishing threats,many of which can be perpetrated by bots:Shopping scams Caller ID spoofing detection(app-based)Fake investment opportunities(crypto,gold,real estate,etc.)Fake push notifications Fake delivery notices Fake utility,telco,broadband cutoff notices LEADERSHIP COMPASS:8110
20、8 Fraud Reduction Intelligence Platforms(FRIP)2023 KUPPINGERCOLE ANALYSTS AG 7 Fake invoices Malicious invoice payment redirection CEO/CFO email impersonation for sending fraudulent payments Financial institution impersonation misdirecting customers to transfer funds for safety Fake Drivers License
21、offers Fake government welfare signup and collection notices Fake tax refund notices Fake student loan offers Fake notices from utilities,medical providers,pharmacies Fake tech support scams Fake“questionable charge”scams impersonating credit card companies or merchants Travel deal scams Travel refu
22、nd scams Vacation rental scams Event ticket scams Fake vaccine cards(and scams)Lottery/inheritance/customs advance fee scams Realtor/mortgage email impersonation for escrow payment redirection SMS OTP harvesting Romance site scams Dox bots Issuer issues:Card-Not-Present(CNP)Counterfeit(Skimmed or cl
23、oned)Stolen cards Website operator issues,most of which are caused by bots:Malicious credential/payment skimmer code Inventory hoarding/Grinch bots Jingle bots(add to cart and abandon)API inventory checking bots Competitive price checking bots Headless browsers DDoS Fake reviews and comments Malicio
24、us link and ad insertion bots(comments,reviews,forums,etc.)Social media bots Ad Fraud/Click bots Account creation bots Credential stuffing bots File downloading bots LEADERSHIP COMPASS:81108 Fraud Reduction Intelligence Platforms(FRIP)2023 KUPPINGERCOLE ANALYSTS AG 8 Event ticket purchase and scalpi
25、ng bots Gift card cracking Malicious“overlay”apps SEO poisoning SIM swap(SMS OTP redirect)Email address harvest for spam bots Fake job postings Fake goods on auction sites Fake car,truck,and RV listings Cryptocurrency Fake ICOs Fake coins Fake wallet aggregators Fake exchanges Cryptocurrency address
26、/clipboard hijacking malware The chief mitigation strategies against these types of fraud employ real-time risk analytics and decisioning.Risk-based Multi-Factor Authentication(MFA)can eliminate a substantial portion of ATOs by increasing authentication assurance levels.Risk-based MFA often evaluate
27、s credential intelligence,device intelligence,user behavioral analytics,and behavioral/passive biometrics.To decrease NAF/AO/Synthetic Fraud,increasing identity assurance at registration and authentication time with identity vetting services are recommended.Bot detection and management can also be h
28、elpful at cutting other types of fraud.Risk-based MFA and transaction processing solutions operate optimally when integrated with or informed by Fraud Reduction Intelligence Platforms(FRIPs).FRIPs provide to risk-based MFA and transaction processing systems the information needed to make more accura
29、te decisions on whether or not transactions should execute.FRIP solutions generally provide up to six major functions:Identity proofing Credential intelligence Device intelligence User behavioral analysis Behavioral/passive biometrics Bot detection&management LEADERSHIP COMPASS:81108 Fraud Reduction
30、 Intelligence Platforms(FRIP)2023 KUPPINGERCOLE ANALYSTS AG 9 Figure 1:The Six Major Fraud Reduction Techniques Highlights Fraudsters continue to innovate,deriving additional techniques from existing ones and developing new methods delivered across all channels.Vendor solutions exhibit an increased
31、emphasis on providing identity proofing services,either within their platforms or through OEM or technical partnerships.Call center integration,while not common across all FRIP vendors yet,is a growth area given the multi-pronged nature of fraud attacks.Vendors offering call center integration repor
32、t that it is highly sought after by customers compared to just a few years ago.More FRIP vendors are using internal and third-party sources of compromised credential intelligence to prevent ATOs.Device intelligence is a mature capability utilized by most solutions;in some cases,FRIP service provider
33、s are members of the intelligence supply chain of other vendors.Bot detection and management have become more central to deterring many types of fraud attempts,since many forms of fraud are automated by bots.Vendors are improving their abilities to detect,classify,and provide options for handling bo
34、ts.The Overall Leaders in Fraud Reduction Intelligence Platforms are Akamai,BioCatch,Experian,F5,Forter,GBG,Group-IB,HID Global,IBM,LexisNexis Risk Solutions,Outseer,and Transmit Security.The Product Leaders in Fraud Reduction Intelligence Platforms are Arkose Labs,BioCatch,Experian,F5,Forter,Group-
35、IB,HID Global,IBM,ID Dataweb,LexisNexis Risk Solutions,Outseer,and Transmit Security.LEADERSHIP COMPASS:81108 Fraud Reduction Intelligence Platforms(FRIP)2023 KUPPINGERCOLE ANALYSTS AG 10 The Innovation Leaders in Fraud Reduction Intelligence Platforms are BioCatch,Experian,F5,Group-IB,HID Global,Hu
36、man Security,IBM,ID Dataweb,LexisNexis Risk Solutions,and Transmit Security.The Market Leaders in Fraud Reduction Intelligence Platforms are Akamai,Broadcom,Experian,F5,Forter,GBG,HID Global,Human Security,IBM,LexisNexis Risk Solutions,Outseer,and Sift.Market Segment The Fraud Reduction Intelligence
37、 Platform market is mature and still growing in response to increased fraud risk levels globally.As will be reflected in this report,the solutions in this space are quite diverse.Some vendors have about every feature one could want in a FRIP service,while others are more specialized,and thus have di
38、fferent kinds of technical capabilities.For example,some vendors are highly adept at device intelligence,including detailed histories of devices and information provided by working relationships with MNOs,but may not offer robust bot detection&management.Others excel at user behavioral analysis and
39、passive biometrics,but do not offer identity proofing.In general,identity proofing is quite specialized and is not built-in to all FRIP services.Many FRIP vendors allow customers to outfit their instances with identity proofing capabilities by enabling API callouts to 3rd-party ID proofing services,
40、and then processing the results at transaction time.Furthermore,KuppingerCole research indicates that the particular market segments that vendors choose to target often have a direct effect on the type of features available in their FRIP solutions.Some vendors specialize strictly in preventing fraud
41、 in financial transactions.Some have specializations for detecting and deterring ecommerce fraud.Others are more general purpose,offering their services for insurance,health care,gaming,hospitality,retail,travel,etc.Delivery Models In the Fraud Reduction Intelligence Platform market,solutions are ma
42、inly offered as SaaS.Vendors run their platforms in the cloud or in their own data centers and manage these services for their customers.FRIP services are consumed via APIs.For these SaaS offerings,the licensing model is often priced according to transaction volumes.There are a few vendor solutions
43、that can run(or in one case,only run)on customer premises.Required Capabilities For this Leadership Compass,we evaluate solutions that address most of the six major functionality areas outlined below.These are typically the requirements that customers pose to prospective vendors in RFPs:ID Proofing
44、verification that the proper user subject is issued digital credentials,often validated against government-issued ID credentials.Identity proofing tend to be localized to specific regions or countries.FRIP solutions generally call out via APIs to LEADERSHIP COMPASS:81108 Fraud Reduction Intelligence
45、 Platforms(FRIP)2023 KUPPINGERCOLE ANALYSTS AG 11 one or more ID Proofing services rather than building this functionality directly into their FRIP.Some vendor services have built-in ID proofing functions.Innovative solutions may include support for Anti-Money Laundering(AML),Know Your Customer(KYC)
46、,US Office of Foreign Asset Control(OFAC),Politically Exposed Persons(PEP),Sanctions,Special Interest Entity(SIE),Special Interest Person(SIP),and Relatives&Close Associates(RCA)list validation.Providing mobile apps and SDKs that facilitate remote identity verification is another innovative solution
47、 gaining traction in this market.Credential Intelligence-information about prior usage of digital credentials,to answer questions such as“has this credential known to have been recently compromised?”or“has this credential been used for fraud at other sites?”.Some FRIP vendors aggregate credential in
48、telligence from across their customer bases.Others receive and process such information from 3rd-party services,although this is uncommon.User Behavioral Analysis(UBA)examination of past user activities to determine if the current login attempt or transaction request is within normal parameters.For
49、example,“is the requested amount and recipient typical of what this user has successfully transacted before?”or“does the request originate with similar environmental attributes as prior transaction requests?”.Environmental attributes may consist of data points such as time/day,IP,cyber threat intell
50、igence,geo-location,geo-velocity,Wi-Fi SSIDs,and others.Longer storage periods allow for larger volumes of data to be evaluated,increasing accuracy and effectiveness.Storage of personal information may be subject to data privacy regulations depending on jurisdictions.UBA is necessary for basic ATO p
51、rotection.Innovative solutions in this space also perform transaction analysis.Device Intelligence-includes device hygiene(OS patch versions,anti-malware client presence,and RAT and other malware behavioral detection),device history and reputation,location history,IP reputation,MNO carrier informati
52、on(IMSI,IMEI,etc.).MNO identifiers,in conjunction with UBA and Behavioral Biometrics(see next bullet point),can enable FRIP services to detect SIM swap attacks.Some services may include consumption of other 3rd-party sources of information.Innovation here is demonstrated by including the widest sour
53、ces of relevant information for runtime analysis as well as consideration of the methods of acquisition.Behavioral/Passive Biometrics the ability to analyze metrics of users physical interaction with devices for comparison against registered samples.For desktop/laptop computers,this usually involves
54、 downloading JavaScript from the customer site to capture information on keystroke and mouse usage;for mobile devices,this may involve building a mobile app using a special SDK that allows for collection of information on screen pressure,swipe analysis,gyroscopic orientation,etc.Innovative vendors g
55、o beyond the basic attributes described above and can make predictions about fraudulent intent based on extrapolations and aggregations of this data type.Bot Detection and Management evaluation of pertinent cyber threat intelligence on botnet activities,request context behavior,and behavioral biomet
56、rics to determine on a per-session basis whether a real user vs.bot is requesting the action.Some FRIP solutions allow for granular bot management,as not all bots are bad.Bot management capabilities include challenging,redirection,and throttling.Innovation in LEADERSHIP COMPASS:81108 Fraud Reduction
57、 Intelligence Platforms(FRIP)2023 KUPPINGERCOLE ANALYSTS AG 12 this area involves extensive use of ML detection methods,unobtrusive techniques for challenging suspected bots,and highly configurable response options.Most vendor solutions that utilize these methods employ various Machine Learning(ML)a
58、lgorithms to process the vast amounts of data required to detect and classify anomalies across all the data types listed above.This enables more accurate determination of risk scores and helps customer applications make informed decisions.Solutions not meeting our general inclusion criteria but neve
59、rtheless strongly focusing on specific types of fraud reduction are mentioned separately in our“Vendors to watch”chapter.Consequently,we did not impose any additional restrictions on vendors,such as a minimum number of customers or revenue caps both large international companies and small but innova
60、tive startups were invited to participate.KuppingerCole does not charge vendors to participate in Leadership Compass reports.LEADERSHIP COMPASS:81108 Fraud Reduction Intelligence Platforms(FRIP)2023 KUPPINGERCOLE ANALYSTS AG 13 Leadership Selecting a vendor of a product or service must not only be b
61、ased on the information provided in a KuppingerCole Leadership Compass.The Leadership Compass provides a comparison based on standardized criteria and can help identifying vendors that shall be further evaluated.However,a thorough selection includes a subsequent detailed analysis and a Proof of Conc
62、ept of pilot phase,based on the specific criteria of the customer.Based on our rating,we have created the various Leadership ratings.The Overall Leadership rating provides a combined view of the ratings for Product Leadership Innovation Leadership Market Leadership The Overall Leadership chart is li
63、near,with Followers appearing on the left side,Challengers in the center,and Leaders on the right.Overall Leadership Figure 2:Overall Leaders in Fraud Reduction Intelligence Platforms The Fraud Reduction Intelligence Platforms market is mature,with a well-defined but diverse feature set.The market i
64、tself is quite large and continues to grow as the prevalence and types of fraud expand.The Overall Leaders in FRIP are Akamai,BioCatch,Experian,F5,Forter,GBG,Group-IB,HID Global,IBM,LexisNexis Risk Solutions,Outseer,and Transmit Security.The Overall Challengers are Arkose Labs,Broadcom,Gurucul,Human
65、 Security,ID Dataweb,and Sift.There are no Followers in this edition.Overall Leaders are(in alphabetical order):LEADERSHIP COMPASS:81108 Fraud Reduction Intelligence Platforms(FRIP)2023 KUPPINGERCOLE ANALYSTS AG 14 Akamai BioCatch Experian F5 Forter GBG Group-IB HID Global IBM LexisNexis Risk Soluti
66、ons Outseer Transmit Security LEADERSHIP COMPASS:81108 Fraud Reduction Intelligence Platforms(FRIP)2023 KUPPINGERCOLE ANALYSTS AG 15 Product Leadership Product Leadership is the first specific category examined below.This view is primarily based on the presence and completeness of required features
67、as defined in section 1.4.The vertical axis shows the product strength plotted against the combined/overall strength on the horizontal axis.The Product Leadership Chart is rectangular and divided into thirds.Product Leaders occupy the top section.Challengers are in the center.Followers are in the lo
68、wer section.Figure 3:Product Leaders in Fraud Reduction Intelligence Platforms Product Leadership,or in this case Service Leadership,is where we examine the functional strength and completeness of services.Product Leaders have the most complete mix of identity proofing,user behavioral analysis,crede
69、ntial and device intelligence,behavioral LEADERSHIP COMPASS:81108 Fraud Reduction Intelligence Platforms(FRIP)2023 KUPPINGERCOLE ANALYSTS AG 16 biometrics,and bot detection&management capabilities.Not all solutions contain all components,as will be detailed in each vendor entry below.Some FRIP solut
70、ions are more attuned to finance and payment security use cases,and others specialize in preventing fraud that impacts other industries web presences,such as gaming,hospitality,insurance,retail,and travel.Some of the Product Leaders solutions are more generalist,addressing the fraud protection needs
71、 of customers in multiple industries.The Product Leaders in FRIP(in alphabetical order)are Arkose Labs,BioCatch,Experian,F5,Forter,Group-IB,HID Global,IBM,ID Dataweb,LexisNexis Risk Solutions,Outseer,and Transmit Security.The Challengers in Product Leadership in FRIP are Akamai,Broadcom,GBG,Gurucul,
72、Human Security,and Sift.The Followers section is empty.Product Leaders(in alphabetical order):Arkose Labs BioCatch Experian F5 Forter Group-IB HID Global IBM ID Dataweb LexisNexis Risk Solutions Outseer Transmit Security LEADERSHIP COMPASS:81108 Fraud Reduction Intelligence Platforms(FRIP)2023 KUPPI
73、NGERCOLE ANALYSTS AG 17 Innovation Leadership Next,we examine innovation in the marketplace.Innovation is,from our perspective,a key capability in all IT market segments.Customers require innovation to meet evolving and even emerging business requirements.Innovation is not about delivering a constan
74、t flow of new releases.Rather,innovative companies take a customer-oriented upgrade approach,delivering customer-requested and other cutting-edge features,while maintaining compatibility with previous versions.This view is mainly based on the evaluation of innovative features,services,and/or technic
75、al approaches as defined in section 1.4.The vertical axis shows the amount of innovation plotted against the combined/overall strength on the horizontal axis.The Innovation Leadership Chart is rectangular and divided into thirds.Innovation Leaders occupy the top section.Challengers are in the center
76、.Followers are in the lower section.LEADERSHIP COMPASS:81108 Fraud Reduction Intelligence Platforms(FRIP)2023 KUPPINGERCOLE ANALYSTS AG 18 Figure 4:Innovation Leaders in Fraud Reduction Intelligence Platforms As a mature discipline,FRIP has many features that are expected and several features that a
77、re innovative enough to set some vendors solutions apart from the rest.Among the noteworthy innovative developments in FRIP are increasing use of identity proofing(including the leveraging of external services),customization of ML detection models,sophisticated behavioral biometrics,thorough bot det
78、ection and management,and coverage of specific financial and ecommerce use cases.The Innovation Leaders are BioCatch,Experian,F5,Group-IB,HID Global,Human Security,IBM,ID Dataweb,LexisNexis Risk Solutions,and Transmit Security.The Challengers in Innovation are Akamai,Arkose Labs,Broadcom,Forter,GBG,
79、Gurucul,Outseer,and Sift.No vendors appear in the Follower section.Innovation Leaders(in alphabetical order):BioCatch Experian F5 Group-IB HID Global Human Security IBM ID Dataweb LexisNexis Risk Solutions Transmit Security LEADERSHIP COMPASS:81108 Fraud Reduction Intelligence Platforms(FRIP)2023 KU
80、PPINGERCOLE ANALYSTS AG 19 Market Leadership Lastly,we analyze Market Leadership.This is an amalgamation of the number of customers,number of transactions evaluated,ratio between customers and managed identities/devices,the geographic distribution of customers,the size of deployments and services,th
81、e size and geographic distribution of the partner ecosystem,and financial health of the participating companies.Market Leadership,from our point of view,requires global reach.The vertical axis shows the market strength plotted against the combined/overall strength on the horizontal axis.The Market L
82、eadership Chart is rectangular and divided into thirds.Market Leaders occupy the top section.Challengers are in the center.Followers are in the lower section.Figure 5:Market Leaders in Fraud Reduction Intelligence Platforms LEADERSHIP COMPASS:81108 Fraud Reduction Intelligence Platforms(FRIP)2023 KU
83、PPINGERCOLE ANALYSTS AG 20 Market Leadership in FRIP is determined by many factors,including overall vendor financial position,company sizes,numbers and geographic distribution of customers,number and geographic distribution of ecosystem partners such as system integrators,and levels of regional and
84、 language support.The Market Leaders in FRIP are Akamai,Broadcom,Experian,F5,Forter,GBG,HID Global,Human Security,IBM,LexisNexis Risk Solutions,Outseer,and Sift.The Challengers in Market Leadership for FRIP are Arkose Labs,BioCatch,Group-IB,Gurucul,ID Dataweb,and Transmit Security.There are no vendo
85、rs listed in the Follower area.Market Leaders(in alphabetical order):Akamai Broadcom Experian F5 Forter GBG HID Global Human Security IBM LexisNexis Risk Solutions Outseer Sift LEADERSHIP COMPASS:81108 Fraud Reduction Intelligence Platforms(FRIP)2023 KUPPINGERCOLE ANALYSTS AG 21 Correlated View Whil
86、e the Leadership charts identify leading vendors in certain categories,many customers are looking not only for a product leader,but for a vendor that is delivering a solution that is both feature-rich and continuously improved,which would be indicated by a strong position in both the Product Leaders
87、hip ranking and the Innovation Leadership ranking.Therefore,we provide the following analysis that correlates various Leadership categories and delivers an additional level of information and insight.The following charts are rectangular and divided into nine equal sections.A dashed line intersects t
88、he rectangle at the point where x-and y-axis values are equal.LEADERSHIP COMPASS:81108 Fraud Reduction Intelligence Platforms(FRIP)2023 KUPPINGERCOLE ANALYSTS AG 22 The Market/Product Matrix The first of these correlated views contrasts Product Leadership and Market Leadership.The vertical axis repr
89、esents the market position plotted against product strength rating on the horizontal axis.Figure 6:Market Champions in Fraud Reduction Intelligence Platforms Vendors below the line have a weaker market position than expected according to their product maturity.Vendors above the line are sort of“over
90、performers”when comparing Market Leadership and Product Leadership.All the vendors below the line are underperforming in terms of market share.However,we believe that each has a chance for significant growth.LEADERSHIP COMPASS:81108 Fraud Reduction Intelligence Platforms(FRIP)2023 KUPPINGERCOLE ANAL
91、YSTS AG 23 The Market Champions in FRIP are(in alphabetical order)Experian,F5,Forter,HID Global,IBM,LexisNexis Risk Solutions,and Outseer.In the top center box(and above the line),we see Akamai,Broadcom,GBG,Sift,and Human Security.Gurucul appears below the line in the center of the chart.In the righ
92、t center box(and below the line),we find Group-IB,BioCatch,Transmit Security,Arkose Labs,and ID Dataweb.Given the strength of their products,we expect greater market growth opportunities for solutions in this section of the chart.LEADERSHIP COMPASS:81108 Fraud Reduction Intelligence Platforms(FRIP)2
93、023 KUPPINGERCOLE ANALYSTS AG 24 The Product/Innovation Matrix This view shows how Product Leadership and Innovation Leadership are correlated.It is not surprising that there is a pretty good correlation between the two views with a few exceptions.The distribution and correlation are tightly constra
94、ined to the line,with a significant number of established vendors plus some smaller vendors.The vertical axis represents the product strength rating plotted against innovation on the horizontal axis.Figure 7:Technology Leaders in Fraud Reduction Intelligence Platforms Vendors below the line are more
95、 innovative,vendors above the line are,compared to the current Product Leadership positioning,less innovative.LEADERSHIP COMPASS:81108 Fraud Reduction Intelligence Platforms(FRIP)2023 KUPPINGERCOLE ANALYSTS AG 25 The Technology Leaders in FRIP are(in alphabetical order)BioCatch,Experian,F5,Group-IB,
96、HID Global,ID Dataweb,IBM,LexisNexis Risk Solutions,and Transmit Security.Arkose Labs,Forter,and Outseer are found in the top center box.In the main sequence in the center box,we see Broadcom and GBG just slightly above and on the line with Akamai,Sift,and Gurucul below the line.Human Security is in
97、 the center right.LEADERSHIP COMPASS:81108 Fraud Reduction Intelligence Platforms(FRIP)2023 KUPPINGERCOLE ANALYSTS AG 26 The Innovation/Market Matrix The third matrix shows how Innovation Leadership and Market Leadership are related.Some vendors might perform well in the market without being Innovat
98、ion Leaders.This might impose a risk for their future position in the market,depending on how they improve their Innovation Leadership position.On the other hand,vendors which are highly innovative have a good chance for improving their market position.However,there is always a possibility that they
99、 might also fail,especially in the case of smaller vendors.The vertical axis represents the market position rating plotted against innovation on the horizontal axis.Figure 8:Big Ones in Fraud Reduction Intelligence Platforms LEADERSHIP COMPASS:81108 Fraud Reduction Intelligence Platforms(FRIP)2023 K
100、UPPINGERCOLE ANALYSTS AG 27 Vendors above the line are performing well in the market as well as showing Innovation Leadership;while vendors below the line show an ability to innovate though having less market share,and thus the biggest potential for improving their market position.The Big Ones in FR
101、IP are(in alphabetical order)Experian,F5,HID Global,Human Security,IBM,and LexisNexis Risk Solutions.In the top center square,we see Akamai,GBG,Outseer,Broadcom,Forter,and Sift.In the center of the chart,we find Arkose Labs and Gurucul below the line.In the right center,we see Group-IB,BioCatch,Tran
102、smit Security,and ID Data Web.LEADERSHIP COMPASS:81108 Fraud Reduction Intelligence Platforms(FRIP)2023 KUPPINGERCOLE ANALYSTS AG 28 Products and Vendors at a Glance This section provides an overview of the various products we have analyzed within this KuppingerCole Leadership Compass on Fraud Reduc
103、tion Intelligence Platforms.Aside from the rating overview,we provide additional comparisons that put Product Leadership,Innovation Leadership,and Market Leadership in relation to each other.These allow identifying,for instance,highly innovative but specialized vendors or local players that provide
104、strong product features but do not have a global presence and large customer base yet.Based on our evaluation,a comparative overview of the ratings of all the products covered in this document is shown in Table 1.Product Security Functionality Deployment Interoperability Usability Akamai Strong Posi
105、tive Positive Strong Positive Neutral Positive Arkose Labs Positive Positive Neutral Positive Strong Positive BioCatch Positive Positive Strong Positive Neutral Strong Positive Broadcom Strong Positive Positive Neutral Strong Positive Strong Positive Experian Strong Positive Positive Strong Positive
106、 Positive Strong Positive F5 Strong Positive Strong Positive Strong Positive Strong Positive Strong Positive Forter Positive Positive Neutral Neutral Positive GBG Neutral Positive Positive Positive Strong Positive Group-IB Positive Strong Positive Positive Positive Strong Positive Gurucul Positive W
107、eak Positive Positive Positive HID Global Strong Positive Strong Positive Positive Strong Positive Strong Positive Human Positive Positive Strong Positive Positive Positive IBM Strong Positive Strong Positive Strong Positive Strong Positive Strong Positive ID Dataweb Strong Positive Strong Positive
108、Positive Strong Positive Strong Positive LEADERSHIP COMPASS:81108 Fraud Reduction Intelligence Platforms(FRIP)2023 KUPPINGERCOLE ANALYSTS AG 29 LexisNexis Risk Solutions Strong Positive Strong Positive Strong Positive Strong Positive Strong Positive Outseer Strong Positive Positive Strong Positive P
109、ositive Neutral Sift Positive Positive Neutral Neutral Neutral Transmit Security Strong Positive Strong Positive Strong Positive Strong Positive Strong Positive Table 1:Comparative overview of the ratings for the product capabilities In addition,we provide in Table 2 an overview which also contains
110、four additional ratings for each vendor,going beyond the product view provided in the previous section.While the rating for Financial Strength applies to the vendor,the other ratings apply to the product.LEADERSHIP COMPASS:81108 Fraud Reduction Intelligence Platforms(FRIP)2023 KUPPINGERCOLE ANALYSTS
111、 AG 30 Vendor Innovativeness Market Position Financial Strength Ecosystem Akamai Positive Strong Positive Strong Positive Strong Positive Arkose Labs Positive Positive Positive Positive BioCatch Strong Positive Positive Positive Positive Broadcom Positive Strong Positive Strong Positive Strong Posit
112、ive Experian Strong Positive Strong Positive Strong Positive Strong Positive F5 Strong Positive Strong Positive Strong Positive Strong Positive Forter Positive Strong Positive Positive Positive GBG Neutral Strong Positive Positive Positive Group-IB Strong Positive Positive Neutral Positive Gurucul N
113、eutral Positive Positive Neutral HID Global Strong Positive Strong Positive Strong Positive Strong Positive Human Positive Strong Positive Strong Positive Positive IBM Strong Positive Strong Positive Strong Positive Strong Positive ID Dataweb Strong Positive Neutral Neutral Neutral LexisNexis Risk S
114、olutions Strong Positive Strong Positive Strong Positive Strong Positive Outseer Positive Strong Positive Strong Positive Strong Positive Sift Positive Strong Positive Positive Positive Transmit Security Strong Positive Positive Positive Strong Positive Table 2:Comparative overview of the ratings fo
115、r vendors LEADERSHIP COMPASS:81108 Fraud Reduction Intelligence Platforms(FRIP)2023 KUPPINGERCOLE ANALYSTS AG 31 Product/Vendor evaluation This section contains a quick rating for every product/service weve included in this KuppingerCole Leadership Compass document.For some of the products there are
116、 additional KuppingerCole Executive Views available,providing more detailed information.Spider graphs In addition to the ratings for our standard categories such as Product Leadership and Innovation Leadership,we add a spider chart for every vendor we rate,looking at specific capabilities for the ma
117、rket segment researched in the respective Leadership Compass.For the LC Fraud Reduction Intelligence Platforms,we look at the following six categories:ID Proofing&AO Protection-This category rates the quantity,quality,and jurisdictional variety of integration and interoperability capabilities for id
118、entity proofing and vetting as defined in Chapter 1.Many FRIP services programmatically query specialty 3rd-party identity vetting services.ID Proofing is not merely performing transaction time comparisons to templates created at registration time.Rather,this metric considers both built-in functions
119、 and configurable callouts to authoritative attribute providers.ID Proofing is a primary means of reducing Account Opening Fraud and is a regulatory requirement in financial use cases in many jurisdictions.UBA This category assesses the capabilities with regard to processing historical information a
120、bout the subject user and past transactions to determine baseline profiles for analysis against current request contexts to identify and classify anomalous behavior.Examples of common UBA parameters include frequency/time of logins,failed login patterns,transaction types and amounts,transaction freq
121、uency/patterns,payees,exceptions for known travel,and user profile changes.UBA is a key method for preventing ATO fraud.Device Intel-This category is the combination of device intelligence parameters including device fingerprint,type,health assessments,device and IP reputation,etc.,as described in C
122、hapter 1.FRIP services commonly draw upon multiple sources,both internal and external.Some of the vendors examined below provide these functions to other FRIP vendors.Device Intelligence is a key method for preventing ATO fraud and a contributing element to preventing AO fraud.Behavioral Biometrics
123、This measures the presence and sophistication of behavioral biometrics within the solution.Behavioral biometrics is generally implemented as JavaScript downloaded to consumer browsers and information collected from mobile devices by vendors SDKs.Behavioral biometrics can create profiles on users bas
124、ed on their interaction with keyboards,mice,and touchscreens as well as certain device specific parameters.Behavioral Biometrics is a key method for preventing ATO fraud and a secondary means for preventing AO fraud in some use cases.Behavioral biometrics is generally instrumental for detecting bots
125、.LEADERSHIP COMPASS:81108 Fraud Reduction Intelligence Platforms(FRIP)2023 KUPPINGERCOLE ANALYSTS AG 32 Bot Detection/Management-This category considers the ability of vendor solutions to analyze traffic in real-time to accurately identify whether it is initiated by legitimate users or bots.In many
126、cases,bots are detected through behavioral biometrics,but some services utilize overt methods that require end user interaction,activity signatures,cyber threat intelligence,and manual analysis.Bot Management addresses how the vendor services aid customers in handling bots.Common options are challen
127、ging,redirection,and throttling.Many of the fraud types experienced by website operators(as described in chapter 1)are perpetrated by bots.Bot Detection and Management can help prevent automated ATO and AO fraud attempts.ATO Protection-This category combines all the available information to represen
128、t the combined abilities of each solution to prevent ATO fraud,including credential and device intelligence,UBA,behavioral biometrics,and bot detection.Ecommerce Support-This rubric measures each vendor service with regard to how it protects against the many types of fraud and attacks experienced by
129、 ecommerce platforms,online businesses,and website operators in general,which is distinguished from the fraud protection functions offered for financial institutions described below.Examples of the types of fraud addressed here include API abuse,policy abuse,inventory checking and hoarding,fake good
130、s/postings/reviews/comments,headless browsers,malvertising,social media bots,account creation and credential stuffing bots,ticket scalping,malicious overlay apps,SEO poisoning,gift card cracking,etc.Most of these fraud types are instigated by bots.Finance&Payments Support-This metric considers each
131、vendor solutions capabilities in AML,KYC,OFAC,PEP,other sanctions list validation,EU PSD2,and 3DS2.x compliance,as well as detecting mule accounts,payments fraud,and fraud against banks and card issuers(including Card Not Present and detection of stolen or counterfeit cards).LEADERSHIP COMPASS:81108
132、 Fraud Reduction Intelligence Platforms(FRIP)2023 KUPPINGERCOLE ANALYSTS AG 33 Akamai Account Protector,Bot Manager,and Page Integrity Manager Akamai Technologies is a cloud and security provider headquartered in Cambridge,Massachusetts,USA.Founded in 1998,the company is one of the veteran players i
133、n the market,providing a broad range of security,compute,and delivery solutions through its Akamai Connected Cloud,one of the worlds largest distributed edge and cloud platforms.For FRIP,the Akamai offering is composed of the above listed services,which address the device intelligence,user behaviora
134、l analysis,behavioral biometrics,and bot detection and management components.The services are run from their own facilities and public IaaS providers across global data centers.Costs are based on traffic volumes for web application security products with zero overage fixed fees.Customer applications
135、 call Akamai services via the REST API,and JSON formats are supported.Akamais suite of services is focused on ATO prevention and does not have specific features for financial regulatory compliance such as AML,KYC,OFAC,PEP,3DS2,or PSD2.There are neither built-in identity proofing functions nor connec
136、tors to 3rd-party identity proofing services.Akamai does not gather or evaluate compromised credential intelligence.User behavioral analysis is limited to basic ATO detection without transaction-level awareness.For device intelligence,Akamai collects a wide range of attributes but omits device healt
137、h checks.Akamai deploys JavaScript and SDKs for behavioral biometrics,but only evaluates a limited set of such attributes.ML-enhanced detection models are used to discover anomalies,fraudulent user and device behavior,and bots.Akamai Bot Manager has extensive bot detection and management capabilitie
138、s addressing the majority of fraud types affecting website operators.Bot Manager allows customer configurable granular responses ranging from allow/deny-listing,throttling,redirection,and challenging.Call center integration is not currently possible.Case management and ITSM integration are not prese
139、nt within the Akamai solutions.Akamais Data Science Operations team can assist customers with changing the weighting of risk factors.The customer admin interface enables simulating the effects of changes to policies.Risk evaluation results cannot be packaged in SAML,OAuth2,or JWT.Customer dashboards
140、 are intuitive and provide detailed information and can be configured as needed.Akamai services are highly scalable and globally distributed.Their CDN components are SOC 2 Type 2 and US FedRAMP Moderate certified.Their solution is geared toward ATO and bot perpetrated fraud types rather than Account
141、 Opening and advanced financial and payment industry use cases.Organizations looking for robust bot and ATO protection,especially existing customers of Akamais other services,should consider Akamais suite of fraud reduction solutions.LEADERSHIP COMPASS:81108 Fraud Reduction Intelligence Platforms(FR
142、IP)2023 KUPPINGERCOLE ANALYSTS AG 34 Security Strong Positive Functionality Positive Deployment Strong Positive Interoperability Neutral Usability Positive Table 3:Akamais rating Strengths Fixed fee based on traffic volumes with zero overage protection cost model.Advanced bot management capabilities
143、 are present.Good support for preventing many common fraud types experienced by website operators.Excellent customer administrator/analyst interface Challenges No identity proofing capabilities or connectors.Does not perform Device Posture Checks.Modifying risk factor weighting requires Akamai suppo
144、rt.No call center or ITSM integration Leader in LEADERSHIP COMPASS:81108 Fraud Reduction Intelligence Platforms(FRIP)2023 KUPPINGERCOLE ANALYSTS AG 35 LEADERSHIP COMPASS:81108 Fraud Reduction Intelligence Platforms(FRIP)2023 KUPPINGERCOLE ANALYSTS AG 36 Arkose Labs Arkose Bot Manager Arkose Labs is
145、a mid-stage startup established in 2017 in San Francisco.Their solution is focused on reduction of ATO fraud,covering many finance,retail,gaming,etc.use cases,as well as inventory hoarding,screen scraping,loyalty card abuse,and fake reviews.Of the six core functional areas of FRIP,Arkose Labs has cr
146、edential and device intelligence,user behavioral analysis,behavioral biometrics,and bot detection.The service is hosted in public IaaS in data centers around the globe.Customer applications connect to Arkose Bot Manager via the REST API.Key exchange and SAML are supported for API authentication.The
147、pricing model is based on per-transaction rates.Arkose does not support AML,KYC,OFAC,or PEP compliance.Arkose can work with merchants for 3DS2 and PSD2,but this is not a primary focus.Their solution does not provide identity proofing or integrate with other identity proofing services.It does evaluat
148、e in-network credential intelligence.Arkose Email Intelligence helps deter AO and ATO attempts by leveraging partner information about the trustworthiness and risk levels of consumer email addresses.The UBA functions are constrained to login/transaction times and frequencies but not transaction type
149、s/amounts.Device intelligence functions in Arkose Bot Manager include device type,custom fingerprinting techniques,various external IP reputation sources,and computation of geo-velocity.Device health is not assessed and malware behavior on end user device is not detected.Arkose Labs behavioral biome
150、trics implementation considers gyroscopic analysis from mobiles,and it uses JavaScript to pull keyboard/mouse/touchscreen interaction characteristics.Mobile environmental attributes are not currently evaluated.Arkose uses its behavioral biometrics and 3rd-party intelligence sources for bot detection
151、,and it has advanced bot handling functions including redirection,throttling,and highly innovative and user-friendly CAPTCHA and proof-of-action challenges.Arkose can detect and handle a large subset of ecommerce fraud types,including inventory checking and hoarding,price checking bots,headless brow
152、sers,fake reviews/comments,social media bots,account creation and credential stuffing bots,ticket scalping,and gift card cracking.Customers can work with Arkose Labs Technical Account Managers to create detailed policies for advanced bot management.Arkose Bot Manager does not integrate with call cen
153、ter systems.The risk analysis engine outputs risk scores,risk bands,and/or verdicts with textual justifications which are only visible to customers.Customers work with Arkose Labs Technical Account Managers to define policies and weightings of risk factors within policies.Dashboards and reports show
154、 fraud types detected by groups,location/type trend analysis,session flows,throughput rates of legitimate vs.suspicious vs.fraudulent traffic.Customers would need to configure connectors to their ITSM and SIEM systems if desired.Arkose Labs is ISO 27001,27002,27018,and SOC 2 Type 2 certified.Arkose
155、is unique in offering an SLA for 100%remediation of automated attacks and$1M credential stuffing attack prevention warranties.The solution is specialized for ATO prevention and bot detection and management.Connections for ID proofing,and additional functions in the areas of UBA,device intel,and beha
156、vioral biometrics would strengthen the offering.LEADERSHIP COMPASS:81108 Fraud Reduction Intelligence Platforms(FRIP)2023 KUPPINGERCOLE ANALYSTS AG 37 Organizations looking for ATO protection and strong bot management should consider Arkose Bot Manager.LEADERSHIP COMPASS:81108 Fraud Reduction Intell
157、igence Platforms(FRIP)2023 KUPPINGERCOLE ANALYSTS AG 38 Security Positive Functionality Positive Deployment Neutral Interoperability Positive Usability Strong Positive Table 4:Arkose Labs rating Strengths User-friendly CAPTCHAs and proof-of-action challenges Good bot detection and advanced bot manag
158、ement capabilities SLA guaranteeing 100%remediation of automated attacks.$1M warranty against credential stuffing attacks Many relevant security certifications Challenges No identity proofing integrations Additional device intelligence attributes should be evaluated by the risk engine.UBA and behavi
159、oral biometrics functions could be expanded.Policy creation and maintenance currently requires vendor assistance.Leader in LEADERSHIP COMPASS:81108 Fraud Reduction Intelligence Platforms(FRIP)2023 KUPPINGERCOLE ANALYSTS AG 39 LEADERSHIP COMPASS:81108 Fraud Reduction Intelligence Platforms(FRIP)2023
160、KUPPINGERCOLE ANALYSTS AG 40 BioCatch Platform BioCatch is a well-funded,late-stage venture-backed FRIP service provider that was founded in Tel Aviv in 2011.They have offices around the world and are focused on risk reduction for financial industry customers.Their suite is composed of modules handl
161、ing Account Opening Fraud Protection,Account Takeover Fraud Protection,Social Engineering Fraud Detection,Mule Account Detection,Phishing Site Detection,and PSD2/SCA compliance.Of the six pillars of FRIP,BioCatch has identity proofing,device intelligence,behavioral biometrics,and bot detection.Their
162、 service is hosted in multiple Microsoft Azure locations across the EU and APAC regions.Subscriptions are priced per-user for ATO,Social Engineering,Mule Account,and Phishing Site Detection;and per-transaction for AO Protection and PSD2/SCA services.BioCatch has some features for AML,KYC,and Mule Ac
163、count Detection,and these can be extended with the BioCatch Rule Manager for OFAC and PEP checks.These functions comprise their identity proofing capabilities.No integrations for 3rd-party ID proofing services are available.The solution does not collect or evaluate compromised credential intelligenc
164、e.SCA for PSD2 and 3DS2 are supported via the behavioral biometric functions.BioCatch can also detect CNP and counterfeit cards.This solution provides support for a subset of the website operator fraud protection use cases described in the introduction.BioCatch uses JavaScript and mobile SDKs for co
165、llecting device intelligence and behavioral biometrics.Device intelligence parameters that are analyzed include geo-location(and geo-velocity);IP and reputation;device ID,type,fingerprint,and reputation;and device health checks;and SIM card properties.Behavioral biometrics are the foundation of BioC
166、atchs integrated suite of services,and as such it can look at all available parameters.The platform performs cognitive analysis to discover behavioral anomalies and criminal intent indicators including low familiarity with subject PII,high application fluency,excessive deleting,copy/paste activity,e
167、tc.The platform performs full UBA including transaction level analysis and it can take known travel into account.Behavioral analysis also enables malware detection.BioCatch has advanced bot detection through its behavioral biometrics.BioCatch deploys Invisible Challenges that fool bots but are unobt
168、rusive to real users.Of the list of ecommerce fraud types,BioCatch can detect headless browsers,account creation and credential stuffing bots,Buy Now Pay Later fraud,and Authorized Push Payment fraud.Customers decide how to handle detected bot activities independently.BioCatch outputs detailed trans
169、action risk analyses enabling customers to build granular rules.Customers access this information and conduct investigations in the BioCatch Analyst Station.REST APIs allow integration with customer applications.JWT,HTTP basic authentication,and mutual TLS are the available API authentication method
170、s.SAML,OAuth2,and OIDC are not supported.Call center integration is not currently offered but is on the roadmap.Customers manage fraud cases in the provided BioCatch Case Management component,integration with customer ITSM systems is not available.Dashboards are visible within the Case Management ap
171、plication.BioCatch has dedicated threat analysts assigned to each customer to extend and customize reports as needed.BioCatch is ISO 27001 and SSAE SOC 2 Type 2 certified.The solution is currently built on a single IaaS provider,but multi-cloud support is planned.The company specializes in financial
172、 LEADERSHIP COMPASS:81108 Fraud Reduction Intelligence Platforms(FRIP)2023 KUPPINGERCOLE ANALYSTS AG 41 use cases.BioCatch has excellent behavioral biometrics which form the basis of their FRIP.The advanced cognitive analytics are highly innovative.Plans are in work to add functionality to address t
173、he gaps mentioned above.Organizations across the finance sector looking to reduce fraud should consider BioCatchs range of services.LEADERSHIP COMPASS:81108 Fraud Reduction Intelligence Platforms(FRIP)2023 KUPPINGERCOLE ANALYSTS AG 42 Security Positive Functionality Positive Deployment Strong Positi
174、ve Interoperability Neutral Usability Strong Positive Table 5:BioCatchs rating Strengths Thorough implementation of behavioral biometrics Advanced cognitive analysis for reducing AO fraud.Built-in case management and fraud analyst workstation Transaction details analysis Mule Account Detection Socia
175、l Engineering Detection PSD2 and 3DS2 compliance support Challenges SDK does not allow remote ID proofing or document verification.3rd-party ID proofing integrations not available Compromised credential intelligence not collected or considered.Ability to detect additional ecommerce fraud types would
176、 be beneficial.Call center integration is on the roadmap.No support for 3rd-party ITSM systems.Leader in LEADERSHIP COMPASS:81108 Fraud Reduction Intelligence Platforms(FRIP)2023 KUPPINGERCOLE ANALYSTS AG 43 LEADERSHIP COMPASS:81108 Fraud Reduction Intelligence Platforms(FRIP)2023 KUPPINGERCOLE ANAL
177、YSTS AG 44 Broadcom Arcot Network for Issuers Broadcoms entry in this market originated with Arcot Systems,a 3DS pioneer acquired by CA Technologies in 2010.Arcot was founded in 1997 in the Bay Area of California.The Arcot Network for Issuers solution offering is heavily used by credit card issuers,
178、processors,merchants,and banks.Broadcom has a wide range of IT hardware and software products and services,with many in the cybersecurity and identity management areas.Broadcom Arcot Network for Issuers has functionality in UBA,device intel,credential intelligence,and limited behavioral biometrics a
179、nd bot detection.Arcot Network for Issuers is a SaaS that is hosted in Broadcom facilities and in one IaaS provider in the US.Service pricing is either on a per-transaction or fixed cost basis.Arcot specializes in 3DS2.x and PSD2 compliance and CNP fraud detection,but does not have AML,KYC,OFAC,or P
180、EP compliance support.Arcot does not perform identity proofing,nor does it offer integration with 3rd-party ID proofing services.It does leverage in-network compromised credential intelligence.Arcot has comprehensive device intelligence capabilities,examining IP reputation,device ID/type/fingerprint
181、/history and security posture.The solution performs detailed user behavioral and transaction analysis,such as user-merchant association,time and day patterns,location patterns,etc.Multiple ML detection models are employed.Behavioral biometrics from specialist 3rd-party providers can be integrated fo
182、r customers,many of which do have these in place for other digital service channels.While the base solution doesnt include such capabilities,it does provide Behavioral Analytics capabilities,a form of inherence which is accepted by some regulators based on transaction profiling.Bot detection is not
183、featured,but some bots can be detected by IP addresses and insights from their UBA.Arcot has integration with customer communications solutions such as FICO.Customers connect the apps via GraphQL,REST,SOAP,or WebAuthn APIs.Arcot APIs support multiple secure authentication methods including JWT,key e
184、xchange,mutual TLS,OAuth2,OIDC,and SAML.The risk engine output is granular and configurable by customers.Action recommendations provided to customers are allow,deny,log,alert,and step-up,with reason codes.Customer organizations can integrate Arcot with their ITSM systems,but no specific connectors a
185、re provided.Arcot provides case management within their interface.Many reports are available through the customer console,including admin activities,organization level summaries,risk advice summaries,rule configurations,and case activities.Report customization is not supported;instead,most customers
186、 extract this data via APIs and use 3rd-party tools for analysis.Broadcom is EMV 3DS 2.1/2.2,PCI-DSS,and SSAE 18 SOC 2 Type 2 certified.The solution is scalable.As a solution focused on e-commerce card payment authentication and fraud prevention,it lacks identity proofing,AML/KYC/OFAC/PEP compliance
187、,advanced behavioral biometrics,bot detection,and most website operator fraud protection functions.Arcot has significant clout in the areas of device intelligence,user behavioral analysis,transaction analysis,and its ML-enhanced risk analysis engine.Arcot offers a compelling mix of fraud reduction f
188、eatures for the finance and payments industries.LEADERSHIP COMPASS:81108 Fraud Reduction Intelligence Platforms(FRIP)2023 KUPPINGERCOLE ANALYSTS AG 45 Security Strong Positive Functionality Positive Deployment Neutral Interoperability Strong Positive Usability Strong Positive Table 6:Broadcoms ratin
189、g Strengths Thorough user behavioral analysis,including transaction details and history.Excellent device intelligence capabilities Advanced ML detection models employed.3DS 2.1 and 2.2 certified Fixed cost plans available.Support for WebAuthn and GraphQL Challenges Customer analyst interface needs t
190、o be updated.Report customization not available;data must be pulled via API and analyzed separately.Missing identity proofing and AML/KYC/OFAC/PEP compliance No built-in behavioral biometrics,but 3rd-party solutions can be utilized.Limited bot detection;no bot management Lacks support for most websi
191、te operator fraud types outside of financial use cases.Leader in LEADERSHIP COMPASS:81108 Fraud Reduction Intelligence Platforms(FRIP)2023 KUPPINGERCOLE ANALYSTS AG 46 LEADERSHIP COMPASS:81108 Fraud Reduction Intelligence Platforms(FRIP)2023 KUPPINGERCOLE ANALYSTS AG 47 Experian CrossCore Experian w
192、as founded in 1996 and is headquartered in Dublin.It is one of the“Big Three”credit rating agencies,processing information on over one billion people worldwide.It provides credit history information to financial institutions,and analytics and marketing information for other customers.For fraud preve
193、ntion,Experian has CrossCore,which addresses identity proofing,UBA,device intelligence,behavioral biometrics(via partners),and bot detection.CrossCore is designed to aggregate various fraud sources to consolidate decisioning for Experian customers at both account opening and transaction time.CrossCo
194、re runs as SaaS in globally distributed data centers in their own facilities,AWS,Azure,Cloud9,and Oracle Cloud.Licensing models are based on per-user and/or transaction per time period and by the types of fraud covered.Experian supports AML,KYC,OFAC,PEP,sanctions lists,SIE/SIP/RCA validation and com
195、pliance,and mule account detection.In the realm of payments security,Experian facilitates 3DS2.x and PSD2 compliance;moreover,CrossCore can detect CNP and stolen/counterfeit credit card usage.As an authoritative attribute provider,Experian offers comprehensive identity proofing services,with bi-dire
196、ctional links to various government agencies and financial institutions and partnerships with vendors of app-based remote document verification with liveness detection functions,behavioral and traditional biometric capabilities,email verification,alternative identity data,and mobile verification sol
197、utions.Partners include BioCatch,Boku,Daon,Ekata,eMailage,FacePhi,GBG,GDC,ID.me,IDfy,LexisNexis,Mitek,OnFido,Prove,and RapidID.Customers sign addenda to their agreements with Experian to get access to these partner services.Compromised Credential Intelligence is not present but planned.For device in
198、telligence,CrossCore looks at geo-location,geo-velocity,device fingerprint/ID/type,and device and IP reputations.Device intelligence evaluations are based on rules and deny lists.Device health assessments and malware detection are indirect.CrossCores UBA functions leverage multiple ML detection mode
199、ls to evaluate login patterns and profile changes but not device intel or transaction details.Behavioral biometrics are provided via partnership with a leader vendor and include all expected modalities plus advanced cognitive analysis and invisible challenges which obviate the need for CAPTCHAs.Beha
200、vioral biometrics also provide CrossCores bot detection functions.Bot management is limited,but CrossCore can detect and alert customers to many major website operator fraud types.Call center integration and SIM swap detection capabilities can be added via Experian partners.REST APIs enable customer
201、 application integration,and these APIs are secured by strong authentication mechanisms.ITSM integration is not supported.CrossCore has a modern admin interface that allows customers to select intel sources for evaluation and set weights per attribute for the risk evaluation processes.Analysts use F
202、raudNet and the Hunter application for investigations.Experian provides many BI and fraud reports.Experians CrossCore is very scalable,handling millions of transactions per day.They have obtained certifications for HIPAA,ISO 27001 and 22301,PCI-DSS Level 1,and SSAE SOC 2 Type 2.Experian is trusted b
203、y governments and financial institutions worldwide as an LEADERSHIP COMPASS:81108 Fraud Reduction Intelligence Platforms(FRIP)2023 KUPPINGERCOLE ANALYSTS AG 48 authoritative attribute provider.CrossCores technical capabilities for fraud reduction are well-suited for detecting AO and ATO fraud as wel
204、l as some types of fraud against websites.Beyond their native identity proofing,device intelligence,and transactional risk analysis capabilities,through partnerships,they add strong features in document verification,behavioral biometrics,and bot detection.Once again,Experian is a Leader in Fraud Red
205、uction Intelligence Platforms.Any organizations looking for a full-featured FRIP service with global support should consider Experian CrossCore.LEADERSHIP COMPASS:81108 Fraud Reduction Intelligence Platforms(FRIP)2023 KUPPINGERCOLE ANALYSTS AG 49 Security Strong Positive Functionality Positive Deplo
206、yment Strong Positive Interoperability Positive Usability Strong Positive Table 7:Experians rating Strengths Comprehensive identity proofing capabilities,including remote document verification Authoritative attribute provider for many partners and government agencies Widest variety of sanctions list
207、 validation features Numerous partners for identity and device attributes Ideally positioned to detect AO fraud.Supports detection and alerting on many of the major types of fraud that impact website operators.Easily configurable policy and decisioning engine Massive scalability;data centers across
208、six continents Challenges Compromised Credential Intelligence is not present but is in work.Does not evaluate SIM for device intelligence.Device intel and some UBA functions do not leverage ML-enhanced detection models.Coarse-grained UBA does not consider transaction details.Webhooks and WebAuthn AP
209、Is not supported.Leader in LEADERSHIP COMPASS:81108 Fraud Reduction Intelligence Platforms(FRIP)2023 KUPPINGERCOLE ANALYSTS AG 50 LEADERSHIP COMPASS:81108 Fraud Reduction Intelligence Platforms(FRIP)2023 KUPPINGERCOLE ANALYSTS AG 51 F5 Distributed Cloud F5 is a leading network application delivery a
210、nd security provider headquartered in Seattle.F5s entry in FRIP is largely based on Shape Securitys tools which they acquired in 2020.F5s portfolio includes BIG-IP,DDoS Hybrid Defender,and NGINX.For fraud prevention,their components described here include F5 Distributed Cloud Bot Defense,Account Pro
211、tection,Authentication Intelligence,Data Intelligence,Aggregator Management,Client-Side Defense,and Malicious Activity Detection.Their products cover credential and device intelligence,UBA,and bot detection&management.These services are hosted in their own facilities and public IaaS providers across
212、 North America,APAC,and EU locations.Licensing models are per-transaction/per-application with volume discounts available.F5 Distributed Cloud supports PSD2 SCA,CNP and carding fraud detection.F5 does not offer identity proofing,but customers could configure connections to 3rd-party services via API
213、s.In-network credential intelligence is used.Distributed Cloud makes use of a good range of device intelligence factors including geo-location and geo-velocity;IP address and reputation;device type,fingerprint,hygiene,and reputation.It can infer the presence of various types of malware on devices as
214、 well.For UBA,this solution examines all pertinent attributes including transaction types,amounts,and histories.JavaScript collects keystroke/mouse/swipe characteristics,gyroscopic,and network data.All these analysis techniques leverage advanced ML detection models.F5 Distributed Cloud has sophistic
215、ated bot detection and management,giving customers the ability to choose how to handle the various bot types encountered such as inventory checking/hoarding,price checking/scraping,carding,policy abuse,refund abuse,and ticket scalping.Distributed Cloud Client-Side Defense protects against MageCart,f
216、orm-jacking,skimming,PII harvesting,and other critical security vulnerabilities.While the risk engine is granular,F5 professional services can be engaged to provide around the clock monitoring and,if needed,to make attribute weighting and authentication policy changes on behalf of clients.Customers
217、connect their applications via REST API;webhooks and WebAuthn are not supported.API authentication methods are JWT and SAML.Integration with customers ITSM systems is not supported.Call center integration is not offered.F5 Distributed Cloud has customer dashboards and reports that provide all expect
218、ed basic reports and are further customizable.F5 Distributed Cloud is ISO 27001,PCI-DSS,and SSAE 18 SOC 2 Type 2 certified.Distributed Cloud does not have identity proofing capabilities,but F5 offers pre-built connectors for 3rd-party services such as Amazon CloudFront.The solution has advanced devi
219、ce intelligence and behavioral biometrics.F5 has compelling bot detection and management features that are especially relevant for payments,retail,and entertainment industries.Any organization looking for FRIP services,especially those that are already using other F5 products and services,will want
220、to consider these F5 Distributed Cloud components.LEADERSHIP COMPASS:81108 Fraud Reduction Intelligence Platforms(FRIP)2023 KUPPINGERCOLE ANALYSTS AG 52 Security Strong Positive Functionality Strong Positive Deployment Strong Positive Interoperability Strong Positive Usability Strong Positive Table
221、8:F5s rating Strengths Highly scalable,low latency services Utilizes granular device intelligence.Sophisticated behavioral biometrics Advanced bot detection and management Client-Side Defense protects against many forms of fraud that confront web properties,especially ecommerce vendors.Supports CNP
222、and carding fraud detection.Many relevant service certifications Intuitive dashboards and fraud analyst interface.Challenges Identity proofing capabilities not present.No call center or ITSM integration 99.9%uptime guarantee is comparatively low.Policy changes require engaging F5 professional servic
223、es.Leader in LEADERSHIP COMPASS:81108 Fraud Reduction Intelligence Platforms(FRIP)2023 KUPPINGERCOLE ANALYSTS AG 53 LEADERSHIP COMPASS:81108 Fraud Reduction Intelligence Platforms(FRIP)2023 KUPPINGERCOLE ANALYSTS AG 54 Forter Trust Platform Forter,founded in 2013 and headquartered in New York,is a l
224、ate-stage venture-backed fraud prevention specialist.The Forter Trust Platform is a suite composed of modules for improving customer conversions,reducing false declines,detecting policy abuse and adjusting policies,payments security,and ATO prevention.FRIP components present in the platform include
225、credential intelligence,device intelligence,UBA,and bot detection and management.Their services are hosted across US and EU data centers.Forter Trust Platform is integrated into some major ecommerce and payment service provider platforms in the US.Pricing for services is based on transaction volumes
226、.Forter Trust Platform assists with AML,mule account detection,KYC,and 3DS2.x and PSD2 compliance.The solution does not have built-in identity proofing functions,but customers can contract with identity proofing services and the Trust Platform can be configured to evaluate that input.Forter uses cre
227、dential intelligence from in-house and external consortia sources.Forter Trust Platform has access to a wide range of device intelligence attributes including geo-location and geo-velocity;device type,ID/fingerprint,and hygiene;and IP address and reputation.It does not detect malware behavior on dev
228、ices,however.Forter Trust Platform analyzes a large number of user behavior data points as well as transaction level details.Forter Trust Platforms real-time UBA and device analysis is powered by ML detection models.Behavioral biometrics are not part of the solution today.It detects bots by UBA and
229、activity signature matching.Customers often pair Forter Trust Platform with 3rd-party bot detection and management services.The solution helps prevent many forms of fraud against websites and policy abuses such as payment skimmer code,inventory hoarding,price checking,returns and item not received,h
230、eadless browser operations,fake reviews and comments,malicious ad insertions,credential stuffing,fake product listings,Buy Now Pay Later,and authorized push payments.For policy abuse cases,the solution can modify policies for individual accounts,for example,revoking returns privileges.Fraud teams,ca
231、ll center staff,and other support roles use their portal to drill down into details as to why transactions are rejected,but telecom/network operator information is not integrated.Forter Trust Platform applies policies for customers;it can import customer written rules and policies,but this is not st
232、andard and is not recommended.It is a decisioning engine,thus it does not output risk scores or reason codes.REST API and Webhooks are supported.Basic authentication and SAML used for customer API connectivity.Case management is provided within the portal.No connectors for ITSM systems are available
233、.Customer analysts can drill down into transaction analysis from the dashboard,which is easily customized if needed.Forter Trust Platform is ISO 27001,PCI-DSS,and SOC 2 Type 2 certified.It has one of the highest SLAs in the field.Forter is US based but serves EU customers with PSD2 requirements.Thei
234、r Trust Platform addresses many fraud reduction use cases specific to the ecommerce and payments industries and provides sophisticated remediation capabilities for policy abuse.Organizations in these targeted sectors which need FRIP services should consider Forter Trust Platform.LEADERSHIP COMPASS:8
235、1108 Fraud Reduction Intelligence Platforms(FRIP)2023 KUPPINGERCOLE ANALYSTS AG 55 Security Positive Functionality Positive Deployment Neutral Interoperability Neutral Usability Positive Table 9:Forters rating Strengths Integrated directly into major ecommerce and payment service provider platforms.
236、Protects against many fraud types affecting website operators as well as policy abuse.Ability to programmatically modify policies at the individual consumer level for cases of returns and item not received abuse.Very high availability SLA of 99.995%Straightforward pricing model Challenges No built-i
237、n identity proofing,but customers can connect service providers through their APIs.Does not detect malware on devices.No behavioral biometrics Additional API authentication mechanisms would be beneficial.Risk engine is not customer configurable.No ITSM integration Leader in LEADERSHIP COMPASS:81108
238、Fraud Reduction Intelligence Platforms(FRIP)2023 KUPPINGERCOLE ANALYSTS AG 56 LEADERSHIP COMPASS:81108 Fraud Reduction Intelligence Platforms(FRIP)2023 KUPPINGERCOLE ANALYSTS AG 57 GBG Fraud and Compliance Solution GBG is headquartered in Chester,UK,and was founded in 1989.GBG is a fraud prevention
239、specialist.In 2019,they acquired IDology,and in 2021 they acquired Acuant.GBGs suite of solutions has strong identity verification functionality and UBA,with credential intelligence,device intelligence,and behavioral biometrics capabilities coming from partners.The company is focused on the finance
240、and gaming industries.GBGs solution is hosted by customers either on-premises or in public or private cloud providers,and is also available as SaaS.The Fraud&Compliance Solution includes the Instinct,Predator&Next Generation Financial crime Studio,Compliance Platform,and ExpectID).Costs are calculat
241、ed per-user or per-transaction.GBG has extensive identity verification features with links to many authoritative attribute sources.GBG also interoperates with Equifax,Experian,Jumio,and Prove.A mobile identity and document verification app enables remote onboarding and customer due diligence.GBG fac
242、ilitates age verification,AML,KYC,mule account detection,and OFAC/PEP/Sanctions screening.It does not specifically address 3DS2 or PSD2.GBG can detect Card Not Present and counterfeit/stolen card fraud.Credential intelligence comprises in-network and external ID reputation sources.IP address,geo-loc
243、ation,geo-velocity,and device ID/fingerprint are analyzed.Other device intelligence and extensive behavioral biometrics may be provided via partner solutions.GBG performs user behavioral analysis,which includes looking at transaction amounts,frequency,and patterns.Their platform can receive and proc
244、ess external sources of user data as well.Some types of bots that impact ecommerce platforms can be detected by their GeoTrace service,which relies upon IP reputation.Customers can create and modify policies via an intuitive flow-chart style interface.Customer fraud analysts can easily drill down in
245、to details and history for investigations.Many reports are present out-of-the-box,and customers can define new report types as needed.Full case management is available,but there is no integration with external ITSM systems.GraphQL,Kafka,MQ,REST,and SOAP APIs are available for customer application in
246、tegration,which can be secured with JWT or SAML authentication.Caller name and phone number matching,account longevity,account status,and SIM swap detection risk information can be passed on to customers call center software.GBG is a provider of identity verification services to other FRIP solutions
247、.GBG is ISO 27001 and PCI-DSS certified.GBG has deep identity verification services,including a remote onboarding/mobile document verification app,and leverages partnerships for other key parts of their FRIP offering.Bot detection could be enhanced by additional intelligence sources and evaluation m
248、ethods.The solution is primarily customer-hosted and not a SaaS.Their target markets are finance and gaming.Organizations in those industries that need FRIP solutions focused on identity proofing for AML,KYC,and sanctions screening should take a look at GBGs Fraud and Compliance Solution.LEADERSHIP
249、COMPASS:81108 Fraud Reduction Intelligence Platforms(FRIP)2023 KUPPINGERCOLE ANALYSTS AG 58 Security Neutral Functionality Positive Deployment Positive Interoperability Positive Usability Strong Positive Table 10:GBGs rating Strengths Excellent identity verification features Mobile identity and docu
250、ment verification app for remote onboarding and KYC Extensive screening for AML,mule accounts,and OFAC/PEP/sanctions Easy-to-use policy authoring and investigative interfaces Challenges Lacks behavioral biometrics.Though focused on finance,it does not have specific support for 3DS2 or PSD2.No ITSM i
251、ntegration Leader in LEADERSHIP COMPASS:81108 Fraud Reduction Intelligence Platforms(FRIP)2023 KUPPINGERCOLE ANALYSTS AG 59 LEADERSHIP COMPASS:81108 Fraud Reduction Intelligence Platforms(FRIP)2023 KUPPINGERCOLE ANALYSTS AG 60 Group-IB Fraud Protection Privately held Group-IB was founded in 2003 and
252、 their global HQ is located in Singapore.Beyond FRIP services,Group-IB offers threat intelligence,Attack Surface Management,business email protection,and anti-piracy products.Group-IB Fraud Protection has functionality in compromised credential and device intelligence,UBA,behavioral biometrics,and b
253、ot detection.Their services are hosted in their own facilities and a public IaaS provider in the APAC,EU,and NA regions.Options for deploying at customer sites or on customer private clouds are available.Licensing costs depend on the number of active users per contract period,with per-transaction fe
254、es for PSD2 and 3DS2.Group-IB partners with Sumsub to provide built-in identity proofing,remote onboarding and legal document verification integration with their platform.Customers can also utilize their services with customization to aid in AML,KYC,mule account detection,OFAC,PEP,PSD2,and 3DS2 comp
255、liance.For payments clients,Group-IB Fraud Protection can detect CNP,Card Not Received/Stolen Cards,and counterfeit cards.Group-IB leverages in-network compromised credential intelligence for the benefit of all their customers.Group-IB Fraud Protection has comprehensive device intelligence capabilit
256、ies via their SDK and JavaScript.Attributes evaluated include IP addresses and reputations,geo-location and geo-velocity,device fingerprint/ID/type,device security posture and reputation,and IMEI/SIM card info.For user behavioral analysis,this solution can consider(if provided via API from customer
257、applications)all pertinent data points including transaction details such as amounts,payees,and patterns.The SDK also harvests behavioral biometrics,encompassing all expected characteristics.Their solution can recognize user behavior across multiple devices as well as recognize multiple users per de
258、vice.UBA,behavioral biometrics,and traffic metadata are analyzed within the Fraud Protection Preventive Proxy,and the bot detection and management component.Bot management options are granular and can be configured by customers,providing options such as deny-list,allow-list,challenge,and redirect.Th
259、is solution provides protection against most common ecommerce and web property operator fraud issues such as payment skimmers,inventory checking and hoarding bots,price checking bots,headless browsers,fake reviews and comments,fake posts and goods,social media bots,account creation and credential st
260、uffing bots,gift card cracking,mobile malware,Buy Now Pay Later,and Authorized Push Payments.Customers can determine storage periods for such data,and it can be depersonalized for privacy regulatory compliance.Multiple unsupervised and supervised ML algorithms are used with their detection models.Po
261、licies and weighting of attributes within policies are configurable by customers in an easy-to-use no-code interface.REST,Kafka,IBM MQ,and Rabbit MQ APIs are supported for customer integration.Several API authentication methods can be implemented.Case management is provided within their application,
262、and there are no out-of-the-box connectors for 3rd-party ITSMs.Many reports are available within their console,and customers can create more or export data for analysis in other programs.Group-IB has recently added a fraud analysis dashboard,based upon their reverse engineering of many fraud types,w
263、hich is arranged similarly to the familiar MITRE LEADERSHIP COMPASS:81108 Fraud Reduction Intelligence Platforms(FRIP)2023 KUPPINGERCOLE ANALYSTS AG 61 ATT&CK matrix.Call center integration is available,complete with call-to-web session mapping and anti-smishing/vishing technology.Group-IB asserts I
264、SO 27001 and PCI-DSS certification.Group-IB Fraud Protection has advanced features in device intelligence,user behavioral analysis,behavioral biometrics,and bot management.The GUI is modern and easy for fraud analysts to use.Group-IB also has fraud analysts on their staff assigned to each customer.T
265、hey do not cover North America at present.Support additional standards and connectivity for other IT and security systems would be beneficial for some customers.Organizations in the EMEA and APAC regions that need comprehensive FRIP capabilities should include Group-IB on their consideration shortli
266、st.LEADERSHIP COMPASS:81108 Fraud Reduction Intelligence Platforms(FRIP)2023 KUPPINGERCOLE ANALYSTS AG 62 Security Positive Functionality Strong Positive Deployment Positive Interoperability Positive Usability Strong Positive Table 11:Group-IBs rating Strengths Extensive device intelligence capabili
267、ties Wide range of compliance regimes supported,from AML,KYC,OFAC,PEP,etc.Strong customer authentication for PSD2 and 3DS2 Protection against CNP and stolen/counterfeit credit cards for payments service clients.Behavioral biometrics can recognize multiple users per device and single users across mul
268、tiple devices.Multiple methods for bot detection and highly configurable bot management options Broad coverage of use cases for protecting ecommerce and other web operators Dashboard contains TTP matrix for various types of fraud campaigns Challenges Identity proofing not built-in,but partnerships w
269、ith 3rd-party services can be leveraged.Little or no sales or support for North America No ITSM connectors SLA and latency guarantees are comparatively weak.Leader in LEADERSHIP COMPASS:81108 Fraud Reduction Intelligence Platforms(FRIP)2023 KUPPINGERCOLE ANALYSTS AG 63 LEADERSHIP COMPASS:81108 Fraud
270、 Reduction Intelligence Platforms(FRIP)2023 KUPPINGERCOLE ANALYSTS AG 64 Gurucul Fraud Analytics Gurucul was founded in 2010 and is a privately-owned company headquartered in Los Angeles.Gurucul has a suite of products and services including SIEM,UBA,Open XDR,Network Traffic Analysis,Network Detecti
271、on&Response,and Fraud and Risk Analytics.For FRIP components,Gurucul Fraud Analytics platform has credential and device intelligence,UBA,and bot detection.The solution architecture is centered on their data lake and analytics,meaning customers can configure their business applications and 3rd-party
272、FRIP services to gather and send information to Guruculs Fraud Analytics data lake.Guruculs SaaS runs in a public IaaS provider with global data centers.The solution can be deployed by customers as VMs or containers in their own data centers or in any public IaaS.Service pricing is based on the numb
273、ers of accounts monitored.Gurucul does not include identity proofing services.Customers could add 3rd-party services on via APIs.Gurucul could assist customers with various forms of compliance such as AML,KYC,OFAC,etc.,but this requires customers to acquire services and data sources beyond what is p
274、rovided with the platform.External but not internal sources of credential intelligence are utilized.For device intelligence,Gurucul evaluates IP address and reputation,geo-location and geo-velocity,and device type/ID/fingerprint.Device posture checks are not performed,and it can only use indirect me
275、thods to look for signs of malware involvement in transactions.Guruculs forte is in UBA.It has advanced ML-based detection models that consider a wide range of attributes,including transaction details such as amounts,payees,locations,times,etc.Behavioral biometrics are not part of the base solution
276、but could be added on from other vendors.Bot detection is enabled through UBA and network traffic analysis but can be enhanced with 3rd-party behavioral biometrics.Gurucul can provide basic protection against some types of fraud that are commonly experienced by retail,ecommerce,and other industries;
277、more advanced capabilities in these areas would require behavioral biometrics.Guruculs risk engine can be tuned by customers via a well-designed interface.Fraud analysts will find conducting investigations is straightforward,starting from the dashboard.Gurucul Studio allows extensive editing of dete
278、ction models and filters.Secure REST APIs are how customer apps communicate with Gurucul Fraud Analytics.Risk scores and detailed rationales can be provided to customer applications.Evaluation results can be packaged into other formats such as SAML tokens,JWT claims,and OAuth2 grants.Call center int
279、egration is available.Gurucul has case full case management and can interoperate with most of the major ITSM solutions.Gurucul is HIPAA and PCI-DSS certified but has not achieved ISO 27001 or SOC 2 Type 2 for its cloud-hosted services.Gurucul Fraud Analytics has a different approach in this market:t
280、heir emphasis is on acquiring data and using their sophisticated detection capabilities on that data,rather than deploying their own identity proofing services and behavioral biometrics functions.Having those capabilities as part of their own solution would improve their overall offering.Organizatio
281、ns that need advanced risk analysis and are comfortable with adding 3rd-party FRIP components if needed should consider Gurucul Fraud Analytics.LEADERSHIP COMPASS:81108 Fraud Reduction Intelligence Platforms(FRIP)2023 KUPPINGERCOLE ANALYSTS AG 65 Security Positive Functionality Weak Deployment Posit
282、ive Interoperability Positive Usability Positive Table 12:Guruculs rating Strengths Excellent implementation of ML detection models for UBA Call center integration Evaluation results can be rendered in multiple formats such as SAML,JWT,or OAuth2 tokens/claims.Gurucul Studio allows customers to exten
283、sively edit and create new detection models from templates.Analyst interface is easy to use.Ships with data masking templates for privacy regulatory compliance ITSM integration Challenges No identity proofing or use of in-network credential intelligence No behavioral biometrics Bot detection and man
284、agement are hampered by lack of behavioral biometrics.Does not perform device health checks.Lacks ISO 27001 and SOC 2 Type 2 certifications.LEADERSHIP COMPASS:81108 Fraud Reduction Intelligence Platforms(FRIP)2023 KUPPINGERCOLE ANALYSTS AG 66 LEADERSHIP COMPASS:81108 Fraud Reduction Intelligence Pla
285、tforms(FRIP)2023 KUPPINGERCOLE ANALYSTS AG 67 HID Global HID Approve,Authentication Service,Risk Management,and Identity Verification HID Global is a subsidiary of ASSA ABLOY Group AB of Stockholm.HIDs US headquarters is in Austin,TX.HID has IAM solutions,and makes physical access controls systems,R
286、FID tags and readers,biometric readers,smart cards,passports and some national identity cards,card readers,and mobile apps capable of remote identity verification.Their intersection of IAM,biometrics,and SDK allows them to perform identity card issuance for several organizations.The suite of product
287、s listed in the title bar offers fraud prevention components including ID proofing,credential and device intelligence,behavioral biometrics,UBA,and bot detection.The financial industry is their main focus.It can be installed on customer premises or in IaaS,and their SaaS is hosted in AWS in both EU
288、and NA regions.Pricing options include per-registered user,per-server,and per-transaction.HID provides identity assurance verification and credential issuance services.Government and enterprise customers can utilize HID for authoritative attribute lookups,remote document verification,and electronic
289、credential assignment.For remote document proofing scenarios,the mobile app can scan and register the authoritative documents,take selfies,and perform real-time biometric matching.More than 4,500 document types are supported.HID can interoperate with most 3rd-party identity proofing services as well
290、.HID supports AML,KYC,mule account detection,PSD2 and 3DS2 compliance.The Authentication Platform utilizes in-network compromised credential intelligence.For device intelligence,HIDs SDKs can pick up IP address,geo-location&geo-velocity,and device fingerprint/ID/type/hygiene.Device and IP reputation
291、s are also considered in the risk analysis.HIDs UBA functions encompass full transaction history details and discerns patterns.Data storage periods can be extended if customers need that.Behavioral biometrics are mediated by JavaScript and SDK;and the full expected range of biometrics attributes are
292、 analyzed.HID employs ML-enhanced(including Deep Learning algorithms)to examine gathered intelligence and biometrics.Bot detection functions are enabled by recognition of bot signatures and behavioral biometrics.Bot management is mostly limited to allow-and deny-listing.Support for ecommerce fraud c
293、ommonly perpetrated by bots is not present,but HID can detect CNP,Authorized Push Payment,SMS hijacking,suspicious extensions on users browsers,and various MITM attacks.HIDs risk engine allows customers to prioritize risk factors and set thresholds.The policy authoring interface is flow-chart style.
294、The fraud analyst interface is very easy to work with.All common report types are present,and customers can create additional reports if needed.The solution has built-in case management,and a connector for JIRA Atlassian ITSM is available.Webhooks are supported.Customer apps communicate with HID Glo
295、bals services via REST,OData,SOAP,and WebAuthn APIs.JWT,OAuth,and key exchange can be used for API authentication.Results of evaluations can be packaged as JWT claims,OAuth2 grants,and OIDC flows as well.Call center integration is available.HID attests and/or has certified on FIPS 140-2,ISO 9001/270
296、01/27018/27019,and SOC 2 Type 2.HID is a market leader in Passwordless Authentication solutions.In fact,some implementation partners package HID Authentication Platform to serve as the consumer LEADERSHIP COMPASS:81108 Fraud Reduction Intelligence Platforms(FRIP)2023 KUPPINGERCOLE ANALYSTS AG 68 fro
297、nt-end for their“bank-in-a-box”offerings.More sophisticated bot management should be possible and would extend the solution offering into the broader ecommerce space.The remote ID document verification for onboarding,strong identity proofing,device intelligence,and transaction level UBA features mak
298、e HID worth considering as a FRIP solution for financial and government customers.LEADERSHIP COMPASS:81108 Fraud Reduction Intelligence Platforms(FRIP)2023 KUPPINGERCOLE ANALYSTS AG 69 Security Strong Positive Functionality Strong Positive Deployment Positive Interoperability Strong Positive Usabili
299、ty Strong Positive Table 13:HID Globals rating Strengths Identity proofing and strong credential issuance capabilities present,including some government IDs.Secure mobile app for remote document verification Easy-to-use flow-chart style policy authoring GUI Detailed but intuitive fraud analyst inter
300、face.Device intelligence and behavioral biometrics are collected using secure their SDK and/or JavaScript,including some uncommon attributes.UBA includes transaction histories and patterns.Wide range of secure API types supported for flexible customer integration.FIDO 2.0 and FIPS 140-2 certified co
301、mponents Challenges Bot management could be enhanced to include additional response types.Sanctions screening is not present but is on their near-term roadmap.Lacks counterfeit/stolen card detection capabilities.Does not address most bot-induced ecommerce fraud beyond financial use cases.Leader in L
302、EADERSHIP COMPASS:81108 Fraud Reduction Intelligence Platforms(FRIP)2023 KUPPINGERCOLE ANALYSTS AG 70 LEADERSHIP COMPASS:81108 Fraud Reduction Intelligence Platforms(FRIP)2023 KUPPINGERCOLE ANALYSTS AG 71 HUMAN Human Defense Platform HUMAN Security was formed in 2012 in New York and has offices acro
303、ss the US and in Singapore,Israel,and the UK.In summer of 2022,HUMAN merged with PerimeterX,another bot management specialist,and acquired Clean.io,a malvertising protection specialist.The company is privately held and covers many industries including retail,ecommerce,government,insurance,media,SaaS
304、,ticketing,travel,and finance.The Platform is composed of Bot Defender,Account Defender,Code Defender,Credential Intelligence,Media Guard,and CleanAD(for malvertising protection).These products address the credential and device intelligence,UBA,behavioral biometrics,and bot detection and management
305、components of FRIP.The companys Satori Threat Intelligence and Research team enables specialized take down services.Their Human Defense Platform is hosted in two Top Tier IaaS providers in multiple data centers on three continents.Pricing is based on numbers of transactions.HUMANs Human Defense Plat
306、form does not include identity proofing,but it is under consideration for future inclusion.It can apply UBA and behavioral biometrics to assist in making determinations about AML,KYC,and OFAC compliance.CNP and counterfeit/stolen card detection and support for 3DS2 and PSD2 are not provided.Extensiv
307、e in-network and external credential intelligence sources are evaluated.IP addresses and reputations,geo-location and geo-velocity,device fingerprint/ID/type and security posture are the primary device intelligence attributes that are evaluated.It can also figure out if a known user is using a new d
308、evice or a trusted device.HUMANs UBA functions examine most user actions and transaction details with the exception of transaction amounts.It does not automatically make adjustments for user travel,however in these cases the detection will rely on device intelligence and UBA.HUMAN deploys JavaScript
309、 to collect behavioral biometric data including keystroke/mouse,mobile touchscreen,touchscreen,and gyroscopic analysis;some pertinent network attributes are not considered.Bot detection is based on signatures,embedded pixels,and behavioral biometrics,leveraging 350 algorithms that continuously adapt
310、 to changing threat conditions with support from the Sartori threat research team.Bot management options include issuing proof-of-work challenges,hidden JavaScript challenges,and CAPTCHAs.Responses to the challenges can lead to allow-or deny-listing and/or throttling.The Human Defense Platform prote
311、cts against most bot-launched ecommerce fraud types such as inventory checking and hoarding,price checking,headless browsers,fake reviews/comments/job postings,social media and ad-clicking bots,account creation and credential stuffing,ticket scalping,overlay apps,and Buy Now Pay Later.Customers can
312、request changes to risk factor weighting,which are performed by the internal operations teams,as the risk engine is not directly addressable by customers.However,a robust policy engine is provided to allow customers capabilities to define their own rules for internal or partner tools.By default,risk
313、 scores and recommendations are not output to customers as the solution handles all mitigation actions automatically on behalf of customer applications.App integration is possible via REST APIs,which are constrained to JWT authentication and authorization.However,most deployments are through custome
314、rs CDNs,ecommerce platforms,load balancers,CDNs,load balancers,app SDK/middleware,LEADERSHIP COMPASS:81108 Fraud Reduction Intelligence Platforms(FRIP)2023 KUPPINGERCOLE ANALYSTS AG 72 serverless or cloud frameworks,or IAM systems.Support cases are managed via their console and Slack or email,and it
315、 can integrate with Atlassian JIRA.HUMANs Human Defense Platform does not have call center integration.HUMANs Human Defense Platform provides robust activity reports,and the dashboard can be customized.The analyst interface is well-designed and presents a lot of information that can easily be filter
316、ed and navigated.HUMANs Human Defense Platform is ISO 27001 and SOC 2 Type 2 certified.US FedRAMP certification is in work.HUMANs Human Defense Platform has some omissions in key areas of FRIP,such as identity proofing,regulatory compliance support,and support for some payments security services.The
317、ir strengths are in their different approaches to bot and fraud detection and management which enables them to protect against most fraud types experienced by ecommerce vendors and other web property operators.Bot take down services offered by HUMAN also distinguish this offering.Companies and gover
318、nment agencies that are looking for FRIP services that are specialized at deterring these fraud types should carefully review what HUMANs Human Defense Platform has to offer.LEADERSHIP COMPASS:81108 Fraud Reduction Intelligence Platforms(FRIP)2023 KUPPINGERCOLE ANALYSTS AG 73 Security Positive Funct
319、ionality Positive Deployment Strong Positive Interoperability Positive Usability Positive Table 14:Human Securitys rating Strengths Leverages in-network and dark web research for compromised credential intelligence.Can detect known users on new devices from across its customer base.Bot management op
320、tions include unobtrusive JavaScript and proof-of-work challenges as well as take-down services.Extremely low reported latency Highly scalable service processing trillions of transactions per day Fast deployments predicated on embedding in CDNs,ecommerce platforms,load balancers,or application SDKs
321、and middleware.Easy to navigate and use the analyst interface.Challenges No identity proofing.PSD2 and 3DS2 not supported.CNP and stolen/counterfeit card detection not present.UBA omits some transaction details.Bot detection does not utilize behavioral biometrics.Leader in LEADERSHIP COMPASS:81108 F
322、raud Reduction Intelligence Platforms(FRIP)2023 KUPPINGERCOLE ANALYSTS AG 74 LEADERSHIP COMPASS:81108 Fraud Reduction Intelligence Platforms(FRIP)2023 KUPPINGERCOLE ANALYSTS AG 75 IBM Trusteer:Pinpoint Detect and Pinpoint Assure IBM is a global technology and consulting company headquartered in New
323、York.IBM offers a broad range of software solutions and infrastructure,hosting,and consulting services in such high-value markets as business intelligence,data analytics,cloud computing,virtualization,and information security.Pinpoint Detect and Pinpoint Assure are the components of Trusteer,their s
324、olution for fraud reduction.The integrated suite covers all aspects of FRIP.IBM services are hosted in AWS data centers on three continents.Licensing options include per-session or by numbers of active users.IBM offers industry-specific profiles and support for AML,KYC,OFAC,PEP,3DS2 and PSD2.Trustee
325、r is used in payment services for detecting CNP and counterfeit/stolen cards.Trusteer now has identity proofing built-in,with a mobile remote onboarding app,and integrations with Telesign and AWS Rekognition.Their service utilizes both in-network and 3rd-party credential intelligence in risk decisio
326、ns.Trusteers device intelligence is comprehensive,pulling all available attributes and adding external sources for IP and device reputation.Their UBA functions examine login context,transaction detail including amounts and patterns,profile changes,and client page navigation patterns.Data retention p
327、eriods are configurable,and the solution supports GDPR and the“right to be forgotten”.The client SDK collects the full range of behavioral biometric factors,including many that are unique to their implementation,such as higher-order insights from geometrical analysis,mobile accelerometers and gyrosc
328、opes,and touchscreen pressure.Behavioral biometrics,threat intelligence,and signatures provide the basis for their bot detection features.Trusteer informs customers of bot probability and allows for advanced bot management,including allow-and deny-listing,throttling,and redirection.The solution prot
329、ects against some common fraud types that plague ecommerce and web property owners such as inventory hoarding,price checking,headless browsers,malvertising,ad-clicking,account creation and credential stuffing bots,gift card cracking,mobile malware,aggregators,and Authorized Push Payment fraud.The ri
330、sk engine is powered by their advanced ML detection models.Customer applications connect via REST APIs,which are secured by JWT or client certs.Evaluation results can also be packaged as JWT claims.Customers admins use their TrustBoard to manage fraud thresholds and policies as well as see account r
331、isks and KPIs.The analyst interface provides all expected information and is straightforward to use for conducting investigations,Trusteer has case management built-in,and can export data as CSV files that could be imported by external ITSM systems.IBM has call center integration,including phone-to-
332、web session mapping,the ability to collect SIM information from MNOs,and detect SIM swaps.IBM Trusteer has achieved many security certifications including ISO 27001/27017/27018,SOC 2 Type 2,and FFIEC.Trusteer scales well and covers all aspects of FRIP,with highly innovative features in device intell
333、igence,user behavioral analysis,behavioral biometrics,and bot management.Adding support for detecting certain types of ecommerce fraud would be helpful for those market segments.IBM Trusteer should be on the short list for most types of organizations looking for FRIP services.LEADERSHIP COMPASS:81108 Fraud Reduction Intelligence Platforms(FRIP)2023 KUPPINGERCOLE ANALYSTS AG 76 Security Strong Posi