Author: Alessio Parzian,
Head of Security and Fraud Analyst, XTN
It’s a matter of educating enterprises and help them understand there
are alternatives available and that this could be an excellent opportunity
to improve their competitive advantage. XTN from the very beginning has
provided such tools to support enterprise to have full visibility of fraudulent
events. Trust Your Digital User is our approach, offering a comprehensive
multi-layered and multi-channel fraud prevention solution.
XTN is a security software vendor providing advanced behaviour-based
solutions designed to recognize and prevent frauds. XTN was being founded
in 2014, but our story started back in 2008 when part of the original team
worked as consultants for one of the top 20 banks in Europe, designing their
custom transaction monitoring software. From that experience, we really
got in the fraud prevention process and understood which the impacts
There is a massive opportunity for companies who
decide to move forward by taking advantage of the
need of digital users to have better user experience
along with higher security. Thanks to the technological
evolution of personal devices and the improvement in
artificial intelligence, there are new solutions that can
provide innovative security approaches.
BIO
Alessio Parzian is a cyber security expert and is acting as
Head Of Security at XTN Cognitive Security taking care of
three areas: Business/Threat Intelligence, Product Security
and Security Governance. He has a Bachelor Degree in
Applied Computer Science and pursed his double Degree
Master in the field of Security and Privacy at the European
Institute of Innovation and Technology specializing in
Network Security. He is a certified penetration tester and
shellcoding writer. A strong experience in the field of
Mobile Security is also part of his know-how. Passionate
about information security he strongly believes in practical
approaches and everyday struggles to deliver efficient and
robust security mechanisms.
were both on the bank side and on the customer
side. We quickly understood that fraud prevention is a
delicate balance between security, client’s resources and
customer experience.
When in 2014 we became a company, we inherited all
the experience and technology we developed over the
years. Today our technology is used daily, in production,
by several clients all over the globe. We monitor over 1
billion events, 20M end-users and devices every month.
It’s not a secret that times have really changed for the
financial environment. Customers now expect a higher
level of personal data security to be provided as part of
the service. Security has become a mainstream topic
and we are used to news about data breaches, APT,
privacy infringements in the cyberspace. Consumers are
realizing that this is an important topic and they expect
their service supplier to be providing high-security
standards. On the other side, we are all used to access
services with great user experience and we expect our
bank or retail app to be easy to use. We also want real-time interactions and
complete online experience.
Nowadays technology has evolved offering great ways to improve
security while providing a frictionless experience. That’s why, in our opinion,
there are no more excuses.
Next generation services are competing on user experience and easiness
of use. Security should be presented as a value to the user and should be
a transparent layer that protects customers from being harmed without
impacting the experience. Last but not least, costs optimization requires
autonomous processes and minimizing human support. Moving from one
service provider to another is increasingly easy to do and everyone is now
only one click away from the loss of the business.
Let’s make an example to show you how to improve security maintaining
user experience. One of our clients is an EU multi-national next generation bank.
All their services are provided through web and mobile apps. They process about
30M transactions every month and they provide retail banking services with a
strong accent on financial management and advisory. In the beginning, they
contacted us because they were experiencing an increase in fraud-related losses
and operational costs caused by targeted malware campaigns. 
In fact, last year, during our threats intelligence activities we detected
an increase of advanced malware that exploits dark corners usually only
partially monitored: from supply chains attacks to fileless malware and
mobile malware that becomes remote administration tool.
The client quickly realized that our continuous behavior-based risk
evaluation could be used to build user-tailored profiles to access critical
features. In particular, they were introducing new critical services to
their apps and wanted to protect some of them from being available in
untrustable endpoints or without proper secure identity validation.
Having XTN technology continuously providing risk evaluation,
integrated with their backend services in real-time, they were able to design
their app considering the risk. The result: the user is always able to access
the service experiencing a tailored app that responds to the identity and
security threats, dynamically detected by the service. This integration let
them activate awareness campaigns as well, targeting specific users and
sending them useful suggestions about how to fix dangerous conditions
in their devices.
Sum up the results they obtained great user experience, higher security
standards and completely autonomous process (no human interaction
needed on both sides).
What about XTN approach? We think that fraud
prevention, not only in banking but in retail or enterprise
security as well, passes through a holistic view of the
perimeter. This essentially means that is not the single
feature that makes the difference but is the aggregation
of the results from many features coming from several
layers and channels. Our Platform is designed to analyze
hundreds of touchpoints correlating different channels
and layers of analysis. We consider:
the posture of the endpoint
the identity of the user both behavioral and
cryptographic
the risk profiling of the business content of each
event
The posture of the endpoint means monitoring any
interesting security aspect and interpreting them as a
whole understanding changes over time. Identity means
cryptographically identifying a user along with his usual
behaviors to identify anomalies. Risk profiling means,
given the posture of the endpoint and the identity of
the user, generating autonomously a very granular risk
evaluation related to a specific business content that is
used by our client to trigger contextualized reactions:
from denying to the final user action because considered
insecure to run tailored awareness programs. This allows
us to be effective, flexible and tailored to the need of our
client keeping a smooth final user experience.
Visit us: https://xtn-lab.com
