Reply provides cost effective fraud risk mitigation solutions for the financial sector. The presentation aims at providing an overview of antimalware, phishing and our own Active Fraud Prevention service.

1. Reply
Financial Sector Antifraud
Products and Services
V. 1.5 - 31072012

2. Solution outline
Reply engineered a point solution to contrast new type of automated
frauds toward financial institutions online services. The so called “Man in
The Browser” attacks are hitting the news and are a well known problem for
large financial institutions as they can circumvent strong authentication and
transaction monitoring systems.
Reply solutions provide a unique way to identify such frauds through the
technological chain, providing “Actionable Intelligence” information directly
to Enterprise Fraud Management systems or helpdesks.
http://www.bbc.co.uk/news/technology-16812064 (02/2012)
2

3. Reply Security competence centre
Reply Antifraud Assets:
• Niche high performance solutions, 100+ clients managed
• Dedicated Fraud Intelligence Team & CERT
• Owned Security Operations Centre H24x365, 60+ people dedicated to
Fraud Contrast & Analysis in the Reply SOC
• Self developed platforms, some of which released open source for the
anti-fraud community
• High involvement in international associations, such as Honeynet Project
• Flexibility to accomodate client’s integration and service requirements
Reply was identified by the Italian Banking Association
(ABI) as a leader for quality intelligence for the
financial sector. Reply provides monthly report of
malware trends to all associates
Reply provides malware intelligence information to UK
private agencies providing services to law enforcement
authorities and defence.
3

4. Reply Answer
Reply provides focused product and services for contrast
of emerging fraud phenomena in the financial sector.
REPLY FRAUD
ACTIVE FRAUD ANTIPHISHING
INTELLIGENCE
PREVENTION SERVICES
SERVICES
Active detection of Active detection and Intelligence information
online banking frauds. shutdown of phishing tailored on specific
clones, leveraging requirements, Botnet
Available in SaaS or multiple sources and Tracking, Botnet
On-Premise, 95% avg client information. infiltration and
score on true positives, shutdown.
measurable ROI. Top level detection rate.
4

5. Active Fraud Prevention (AFP): Fraud pattern
The AFP product leverages continuous intelligence activities and
proprietary platforms in order to actively identify compromised
clients during an online banking transaction attempt.
AFP produces Actionable Intelligence: your client’s account
number, details of the transaction direcly to your customer
support service and to your enterprise fraud management
system.
AFP has extremely low integration requirements.
5

6. Active Fraud Prevention (AFP): Fraud pattern
The AFP product leverages continuous intelligence activities and
proprietary platforms in order to actively identify compromised
clients during an online banking transaction attempt.
Typical online banking fraud pattern:
End user
Online Banking Online Banking
Front End Back End
1 The user connects to the home banking website with a client compromised by a trojan.
2 The connection triggers the trojan that seamlessly interacts with the user session
3 Since the attack happens in the user space, both the front end and the back end cannot detect the attack.
It is a common pattern to see average transaction volume and execute fraud wire transfer below that, in order
not to trigger transaction monitoring systems
6

7. Active Fraud Prevention (AFP): mitigation
Leveraging proprietary technology, with an easy to integrate sensor in the
front end, AFP is capable to detect «weak signals» coming from and infected
client.
AFP signatures and sensors are updated frequently by the Reply Fraud
Intelligence team.
7

8. Active Fraud Prevention (AFP): Fraud pattern
Reply AFP is available in the following:
• Software as a Service
Fully delivered from ISO/IEC 27001 certified Reply Security
Operations Centre (SOC).
• Licensing is flat for 1Y contract, not dependent on number of
logs/events/incidents/EPS/etc.
• Includes continuous updates of signatures and software components
• Full reporting and trend analysis via fully featured BI solution
• On-premise on hardware/virtual appliance
Remotely managed by experts team in Reply SOC.
• The product is licensed to the client, signatures and software
components updates are included in the maintenance fee
8

9. Example of Reply malware detection capabilities
Geolocalization of one of the monitored Fast Flux domains
9

10. Reply Antiphishing services
Reply Antiphishing Service provide value for customer’s reducing
brand abuse impact on the end user:
• Reduction of exposure to cloned websites
• High level of detection thanks to smart correlation of own
managed mailboxes network and weak signals derivd from
customer available data
• Shutdown of clone websites licensed on a flat fashion
• Full tracking of closure status via Reply services portal
10

11. Reply Fraud Intelligence Services
The Reply Fraud Intelligence Team monitor threats directed
toward its clients through botnets and trojans. The team can
provide valuable intelligence information to its customers,
including:
• Detection of malicious code samples
• C&C tracking and shutdown
• Analysis of detection techniques for new malware behaviours
• Full reporting and trend analysis through a full featured
Busines Intelligence platform
11

12. Want to try out?
Our experience tells us that the amount of frauds identified and
potentially prevented during a Proof Of Concept, highly exceed
expectations. And the final TCO is just a small portion of the
saving.
To organise a POC for Reply AFP solution, please contact
d.vitali@reply.eu
12

13. Thanks