Darwinium upgrades its payment fraud protection platform

Security and fraud prevention vendor Darwinium has updated its Continuous Customer Protection platform to provide shared intelligence on anonymized data sets. The company claims that the update ensures customers remain in control of users’ data while also preventing Darwinium from becoming a target of cybercrime. Use cases for the Darwinium platform include account security, scam detection, account takeover, fraudulent new accounts, synthetic identities, and bot intelligence.

Darwinium services large B2C organizations (with $1 billion or more in revenue) and marketplaces, dedicated payments providers, ecommerce shops, banks, and some fintechs. In 2022, a study by Statista and Juniper Research estimated e-commerce losses to online payment fraud of $41 billion globally.

How Darwinium fraud prevention works

Darwinium Continuous Customer Protection enables continuous visibility and control of a user’s journey and experience, whether it’s from the web, a mobile device, or through an API. It is deployed on the edge, which eliminates the privacy, security, and latency downsides of a traditional security tool, Darwinium CEO Alisdair Faulkner tells CSO, “for example, a bot detection solution which requires you to route traffic through a third-party provider or through a single point of failure.”

Darwinium

To understand the intent of attackers, Faulkner said it is necessary to go beyond identity. Darwinium is an intent engine that combines identity insights and behavioral insights. “What’s different about us than other tools like behavioral biometrics is that we consume those third-party signals if the customer uses them. But we also produce what we call digital signatures, which turn behavior into identity,” Faulkner says.

Darwinium can run on existing cloud platforms used by Darwinium’s customers, avoiding another point of failure to exist between the customer and the user’s data center. “It does all the encryption and identification of sensitive data up front. Darwinium does not see any of this customer encrypted information. That is still stored within the organisation, but we do it in a way that enables us to encode, encrypt and anonymize data that we can use for shared intelligence sharing,” Faulkner says.

It communicates with existing products such as bot detection, it consumes their scores to provide users with intelligence. Darwinium is a complimentary to the user’s existing security and fraud stack. “We don’t just consume risk scores. We also dynamically inject any risk scores, variables, features, signals detections that can be proprietary to Darwinium or they can be risk signals that customers themselves wish to define,” Faulkner says.

What is new in Darwinium Continuous Customer Protection

Darwinium is launching an update it defines as a “trust nothing architecture.” This means it has the benefits of shared intelligence on anonymized data sets while enabling customers to keep control of all customer data.

The upgrade, Faulkner says, was in response to requests from CISOs and chief compliance officers, but also for Darwinium’s self-protection. “[Before the user] had a choice of either install something on premise so you have full control, no customer data leaves your infrastructure, or you have to compromise using some kind of SaaS solution where you’re sending them the data and hope that they’re encrypting and doing everything necessary, or that they don’t get hacked.”

“You can get all around a lot of these things by having the right kind of compliance credentials as a vendor, but at the end of the day we realized that Darwinium, if we achieve the vision and the ambitions that we have and our track record suggests that we hopefully should, we become a target ourselves,” Faulkner explained. “That’s what we want to avoid…. There is no way that Darwinium can become a target if we destroy any value or there’s no value of data coming to us other than anonymized insights that can be used for machine learning.”