Imperva Blog|Login|中文Deutsch日本語
ThreatRadar Fraud Prevention

Detect and Stop Web-based Fraud

Web-based fraud, caused by identity theft, phishing attacks, malware, and other threats, costs organizations hundreds of millions of dollars every year. Web fraud also negatively impacts users' perceptions of online businesses. In fact, 34% of victims reported avoiding certain merchants and 17% switched their primary bank as the result of a fraud event.1

Reducing online fraud not only benefits consumers, it helps businesses slash fraud remediation costs, avoid reputation damage, and prevent customer churn. Unfortunately, many Web fraud detection solutions require modifying applications. This additional development and testing can dramatically lengthen deployment processes.

ThreatRadar Fraud Prevention enables organizations to rapidly provision and manage fraud detection solutions without needing to update Web applications. With ThreatRadar Fraud Prevention, the SecureSphere Web Application Firewall (WAF) can transparently identify and stop fraudulent transactions. It also provides powerful monitoring and enforcement capabilities, allowing businesses to centrally manage WAF and fraud policies together.

ThreatRadar Fraud Prevention applies intelligence from Trusteer, ThreatMetrix, and iovation to identify fraudulent devices, prevent high-risk transactions, and stop malware-based fraud.
Key Capabilities
Maintain brand and customer loyalty by preventing fraudulent activity
Correlate fraud and WAF policies for granular identification and blocking of illicit activity
Rapidly provision Web fraud solutions, eliminating the window of exposure imposed by manual integration
Reduce the cost and disruption of re-coding applications
Ensure fraud detection capabilities are up-to-date and support vendors' latest features
Quickly enforce fraud policies using intuitive Web-based policies
Monitor and assess fraudulent events using SecureSphere's powerful alerting and graphical reporting framework

To learn more, click on the Capabilities tab.

1 "True Cost of Fraud Study," LexisNexis

Intelligent Fraud Mitigation to Reduce Fraud-Related Expenses, Customer Churn

ThreatRadar Fraud Prevention enables organizations to lower fraud remediation costs, streamline fraud investigations and maintain customer loyalty. By integrating with leading Web fraud detection vendors like ThreatMetrix, Trusteer, and iovation, ThreatRadar Fraud Prevention offers best-in-class protection against online fraud. As an add-on service to the SecureSphere Web Application Firewall, this solution is the cost-effective, simple, and accurate way to detect and stop Web fraud.

Centralized Management of Fraud and Web Security Policies

ThreatRadar Fraud Prevention provides a single integration point for multiple fraud detection technologies. In addition, customers can combine fraud prevention policies with Web Application Firewall policies for granular access control. For example, SecureSphere administrators can define different outcomes based on Web browser agent, user reputation, geographic location, time of day, URL accessed, or other attributes. By correlating fraud, application user, and attack activity, organizations can block fraudulent requests with pinpoint precision.

Rapid Time-to-Security

Imperva enables organizations to roll out Web fraud prevention quickly and cost effectively. ThreatRadar Fraud Prevention, a simple add-on to the SecureSphere Web Application Firewall, enables organizations to implement fraud detection without updating Web applications. ThreatRadar therefore offers rapid fraud provisioning, decreasing the window of exposure imposed by lengthy Web application development processes.

Lower Total Cost of Ownership

ThreatRadar Fraud Prevention eliminates the need to manually add fraud detection code to Web applications. By incorporating Web fraud prevention into the SecureSphere Web Application Firewall, organizations can avoid costly development expenses and schedule disruptions. ThreatRadar Fraud Prevention also allows organizations to protect packaged enterprise applications and legacy applications—Web applications that may not support manual code changes.

Up-to-date Fraud Protection

Imperva promptly incorporates the latest updates and APIs from its fraud prevention partners into the ThreatRadar Fraud Prevention service. This enables Imperva customers to take advantage of new fraud prevention features quickly, rather than waiting for developers to manually update Web application code.

Active Enforcement of Web Fraud Policies

ThreatRadar transforms fraud detection into fraud prevention, enabling businesses to stop fraudulent activity, instantly notify end users of fraud risk, or open a fraud investigation case. Using SecureSphere's intuitive Web-based security policies, organizations can redirect compromised users to a custom error page, generate a syslog notification, or generate a ticket in a ticketing system. With the SecureSphere Web Application Firewall, organizations can also monitor fraudulent events and easily adjust policies as needed.

Detailed Alerts and Graphical Reporting of Fraud Activity

Because of SecureSphere's powerful reporting framework, customers can generate executive-level summary reports as well as detailed reports of fraudulent events. Security alerts capture full event detail for forensics analysis. Leveraging SecureSphere's monitoring and reporting capabilities, organizations can assess fraud risks and investigate fraudulent activity.

Fast, Simple Evaluation of Fraud Security Solutions

Imperva has partnered with leading Web fraud security vendors like ThreatMetrix, Trusteer, and iovation to quickly evaluate fraud prevention solutions. ThreatRadar Fraud Prevention eliminates the need to perform lengthy pilots and update existing Web applications to evaluate new fraud security solutions.

ThreatRadar Fraud Prevention Specifications

Specification Description
Fraud Prevention Partner Solutions
  • Trusteer Pinpoint: a log-in and transaction monitoring system that enables real time detection of malware infected devices visiting Web applications. Pinpoint prevents incidents of financial fraud and industrial espionage by identifying potential threats as they happen.
  • ThreatMetrix TrustDefender™ ID: a cloud-based, real-time device identification and identity verification solution that protects all online transactions including account creation, login authentication and payment authorization.
  • iovation ReputationManager 360: a device identification solution that provides advanced, multifaceted risk scores for more than a billion devices such as mobile phones, tablets and computers.
Fraud Detection Mechanism
  • SecureSphere transparently invokes third party fraud detection mechanisms. The process takes less than a second to complete and is completely transparent to end users. Fraud protection requires no changes to existing Web applications or Web infrastructure.
SecureSphere Integration
  • Geo-location of source IP
  • Pre-defined and custom SecureSphere security policies
  • SNMP
  • Syslog
  • Email
  • Incident management ticketing integration
  • Custom followed action
  • Custom graphical reports
  • Real-time dashboard
SecureSphere Deployment Requirements
  • Inline bridge, reverse proxy or transparent reverse proxy
Supported Products
  • SecureSphere Web Application Firewall