The vendor has upgraded its Continuous Customer Protection platform in response to CISOs requirements and its own risk. Security and fraud prevention vendor Darwinium has updated its Continuous Customer Protection platform to provide shared intelligence on anonymized data sets. The company claims that the update ensures customers remain in control of users’ data while also preventing Darwinium from becoming a target of cybercrime. Use cases for the Darwinium platform include account security, scam detection, account takeover, fraudulent new accounts, synthetic identities, and bot intelligence.Darwinium services large B2C organizations (with $1 billion or more in revenue) and marketplaces, dedicated payments providers, ecommerce shops, banks, and some fintechs. In 2022, a study by Statista and Juniper Research estimated e-commerce losses to online payment fraud of $41 billion globally.How Darwinium fraud prevention worksDarwinium Continuous Customer Protection enables continuous visibility and control of a user’s journey and experience, whether it’s from the web, a mobile device, or through an API. It is deployed on the edge, which eliminates the privacy, security, and latency downsides of a traditional security tool, Darwinium CEO Alisdair Faulkner tells CSO, “for example, a bot detection solution which requires you to route traffic through a third-party provider or through a single point of failure.” DarwiniumDarwinium’s dashboard shows customer behavior.To understand the intent of attackers, Faulkner said it is necessary to go beyond identity. Darwinium is an intent engine that combines identity insights and behavioral insights. “What’s different about us than other tools like behavioral biometrics is that we consume those third-party signals if the customer uses them. But we also produce what we call digital signatures, which turn behavior into identity,” Faulkner says. Darwinium can run on existing cloud platforms used by Darwinium’s customers, avoiding another point of failure to exist between the customer and the user’s data center. “It does all the encryption and identification of sensitive data up front. Darwinium does not see any of this customer encrypted information. That is still stored within the organisation, but we do it in a way that enables us to encode, encrypt and anonymize data that we can use for shared intelligence sharing,” Faulkner says.It communicates with existing products such as bot detection, it consumes their scores to provide users with intelligence. Darwinium is a complimentary to the user’s existing security and fraud stack. “We don’t just consume risk scores. We also dynamically inject any risk scores, variables, features, signals detections that can be proprietary to Darwinium or they can be risk signals that customers themselves wish to define,” Faulkner says. What is new in Darwinium Continuous Customer ProtectionDarwinium is launching an update it defines as a “trust nothing architecture.” This means it has the benefits of shared intelligence on anonymized data sets while enabling customers to keep control of all customer data.The upgrade, Faulkner says, was in response to requests from CISOs and chief compliance officers, but also for Darwinium’s self-protection. “[Before the user] had a choice of either install something on premise so you have full control, no customer data leaves your infrastructure, or you have to compromise using some kind of SaaS solution where you’re sending them the data and hope that they’re encrypting and doing everything necessary, or that they don’t get hacked.”“You can get all around a lot of these things by having the right kind of compliance credentials as a vendor, but at the end of the day we realized that Darwinium, if we achieve the vision and the ambitions that we have and our track record suggests that we hopefully should, we become a target ourselves,” Faulkner explained. “That’s what we want to avoid…. There is no way that Darwinium can become a target if we destroy any value or there’s no value of data coming to us other than anonymized insights that can be used for machine learning.” Related content feature Cyber resilience: A business imperative CISOs must get right With ransomware at an all-time high, companies need to understand that being cyber resilient means going beyond compliance to considering all aspects of a business, from operational continuity to software supply chain security. By Andrada Fiscutean May 16, 2024 12 mins Regulation Incident Response Supply Chain news US AI experts targeted in cyberespionage campaign using SugarGh0st RAT Threat actors use phishing techniques to obtain non-public information about generative artificial intelligence. By Lucian Constantin May 16, 2024 4 mins Phishing Data and Information Security news Cycode rolls out ASPM connector marketplace, analysts see it as bare minimum Application security posture management tools need to integrate with other security tools to do their job. By Evan Schuman May 16, 2024 4 mins Application Security news BreachForums seized by law enforcement, admin Baphomet arrested Official telegram channels operated by BreachForums members confirm law enforcement seizures and arrest. By Shweta Sharma May 16, 2024 4 mins Data Breach Cybercrime PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe