Fraud Prevention at the Edge

Complete Visibility of User Behavior, Everywhere

Use Cases Powered by the Edge

Business Logic Abuse

Monitor and block unwanted behavior that is designed to exploit legitimate workflows, processes, or application functionality to achieve malicious goals.

Complex AI-Powered Bots

Identify low-and-slow automated bots that bypass rate control measures, infiltrate an account and make fraudulent payments or abuse loyalty bonuses.

Scams and Social Engineering

Separate trusted customer behavior from potential scams by identifying anomalies in journey behavior, signs of coercion or unusual payment patterns.

Benefits of Delivering Security and Fraud Prevention at the Edge

The edge brings new capabilities for uniting security and fraud prevention functions seamlessly across the customer journey. Darwinium can integrate via your Content Delivery Network (CDN) to provide complete visibility of user behavior across every interaction. This approach better solves complex and hard-to-detect fraud such as business logic abuse, complex bot attacks and scams.

Unmatched Speed

Real-time decisions with microsecond latency for seamless customer experiences.

Scalable Security

Protect every endpoint without straining IT resources or compromising performance.

Enhanced Privacy

Encrypt and store data within your infrastructure, ensuring compliance with GDPR and CCPA

Comprehensive Insights

Gain visibility into entire customer journeys, from browsing to payment.

Resilience

Deploys to your existing infrastructure, and fails-open on errors. No DNS redirects or other single-points-of-failure.

Cost Efficiency

Avoid requirement for lengthy release cycles. Focus your IT and engineering resource on delivering to their core competencies.

Solving Complex Fraud with Cyberfraud Fusion at the Edge

Fraudsters evolve faster than traditional defenses. While legacy solutions have focused on protecting high-risk touchpoints, such as logins or payments, fraudsters have simply pivoted attacks to focus on new vulnerabilities in the customer journey, such as change-of-details pages or exposed API endpoints. Businesses need the ability to adapt to evolving threats as they happen, protecting new touchpoints instantly.

Moving security and fraud prevention functions to the edge provides a new level of visibility of user behavior across every touchpoint. Look beyond identity details to understand intent, particularly useful for scenarios where users are being coerced, or where fraudsters are using stolen or spoofed credentials.

What Advantages Does the Edge Deliver Over Traditional Fraud Solutions?

Until recently, when security and fraud teams required solutions to issues like complex bots attacks, account takeovers, identity abuse, and scams, they deployed JavaScript tags on individual pages for data profiling. Each additional touchpoint required time and resource from the IT and engineering teams to protect, while also adding latency to requests.

Adversaries adapt faster than software release cycles, and often fraudsters were quick to determine points that were protected and devise solutions that worked around this.

With Darwinium, your organization is able to configure fraud prevention in much the same way that you configure your WAF. You simply define the endpoints you need to protect, define mappings for in-stream content, and run your risk model.

By virtue of operating at the network edge we’re able to obtain far deeper insights into the network, as well as the ability to monitor and observe new touchpoints without the pain of core application release cycles and human resource.

Deploying Darwinium on the Edge

How do you Deploy a New Journey on the Edge?

Darwinium operates on the concept of Journeys. Each journey defines Steps that correspond to a URL and HTTP method - for example the loading of a login page, or the posting of a login request to an API.

Within a step, a journey author is able to define which data points they wish to extract from the HTTP request or response, as well as the risk decisioning and remediation logic they wish to perform.

When it deploys, Darwinium converts each step into a Route and Worker which is then deployed to your CDN infrastructure (also known as Behaviors and Lambdas in AWS).

Deployment can be initiated automatically by the Darwinium platform when a journey is updated (requires your CDN credentials to be entered into Darwinium), or manually by your infrastructure team using tools like Terraform or Pulumi.

Within a step, a journey author is able to define which data points they wish to extract from the HTTP request or response, as well as the risk decisioning and remediation logic they wish to perform.

When it deploys, Darwinium converts each step into a Route and Worker which is then deployed to your CDN infrastructure (also known as Behaviors and Lambdas in AWS).

This is primarily controlled by your organization and its fraud intelligence requirements. By default, we collect insights at the network level such as browser, JA3 fingerprint, user agent, and primary IP address.

Journeys can be configured to inject additional profiling, which provides deep insights around VPN, DNS IPs and browser/OS/device fingerprints, as well as behavioral biometrics on keyboard, mouse, touch, and sensors at a page and form-field level. In total there are over 800 possible profiled data points.

Edge workers play a key role in Darwinium's ability to process data securely. We use Hybrid Public Key Encryption (HPKE) to facilitate encryption and anonymization at the Edge.

Darwinium’s SaaS infrastructure does not see personally identifiable information (PII) values in the clear at ingestion, nor do they travel across the internet in the clear.

Darwinium can also be configured to store data on your own infrastructure - simply provide an AWS S3 bucket with separate read-only/write-only role credentials, and your encrypted event data is sent there immediately after a request is processed.

Darwinium stores an anonymized version of PII records (using a proprietary 1-way elliptic curve hashing function), on its infrastructure for feature engineering calculations and post-event forensics.

Darwinium supports all the main Content Delivery Networks including Cloudflare, AWS CloudFront and Akamai.

Darwinium implements a custom Cloudflare Service Worker to integrate with Cloudflare platform. Cloudflare Workers provide a serverless execution environment for augmenting Cloudflare with custom features without configuring or maintaining infrastructure.

Darwinium uses Lambda@Edge extension of AWS Lambda service for integration with Amazon CloudFront. Lambda@Edge offers provides flexible and highly secure computing capabilities for custom application logic deployed to edge locations.

Darwinium can be configured to proxy web traffic at any Akamai Core Data Site. This enables you to perform decisioning at the edge from within the Akamai network.

Why Choose Darwinium for Cyberfraud Prevention?

Digital account security remains an unsolved problem. Businesses are currently relying on legacy solutions that were built to protect high-risk touchpoints - such as onboarding or login - but are repeatedly breached by fraudsters targeting new vulnerabilities in the customer journey. The speed and efficacy of attacks have increased, facilitated by AI tooling and human click farms. Businesses are restricted by siloed systems, multiple disparate solutions, and privacy constraints that fraudsters bypass.

Darwinium is a cyber-fraud fusion platform that can deploy on the perimeter edge, uniting digital security with fraud prevention to detect intent online. It provides complete visibility of user behavior across every digital touchpoint, giving businesses the agility and control to protect end user accounts from fraud, scams and abuse. Real-time analytics are combined with the ability to decision and act on intelligence immediately.

Download Whitepaper: Uniting Security & Fraud at the Edge

Journey-Level Insights

Understand user behavior across complete digital journeys, not point-in-time interactions

Real-Time Risk Decisions

Orchestrate decisions and actions across customer journeys. Plug & play integrations play nicely in existing stack.

Behavioral Identification

Look beyond identity data to understand user intent, using Darwinium's proprietary digital signatures.

The Darwinium Advantage

Monitor Every Interaction in One Seamless Platform

Darwinium provides end-to-end visibility into every step of the customer journey, from the moment a user lands on your site to checkout and beyond.

End-to-End Insights
Anomaly Detection
Dynamic Orchestration

Respond to Threats Instantly with Microsecond Latency

Darwinium leverages the power of edge computing to make split-second decisions at the network perimeter.

Latency Reduction
Proactive Defense
Scalable Threat Management

Integrates with Your CDN with Less Operational Effort

Darwinium’s deployment process is designed to be fast, efficient, and minimally disruptive.

Integration Simplicity
No IT Bottlenecks
Unite Security and Fraud Teams

Encrypt and Anonymize Data at the Edge, Maintaining Privacy and Security

Darwinium has designed its cyberfraud prevention platform with privacy-by-design principles, leveraging advanced encryption techniques at the edge.

Edge-Based Encryption
Future-Proofed Against AI Attacks
Full Control of Your Data

Ready to see Darwinium in action?

Please share your details with us and we'll be in touch.

“We are passionate about helping protect those least able to protect themselves, delivering on the promise of the internet to be fair, equitable and accessible to everyone.”

Alisdair Faulkner

CEO and Co-Founder, Darwinium

Frequently Asked Questions

How does fraud prevention at the perimeter edge work?

By integrating with your Content Delivery Network (CDN) using a piece of technology called edge workers, Darwinium can deliver enhanced account security and fraud prevention capabilities. Your security and fraud controls sit in front of your web traffic and are therefore able to view, enrich, decision and act on everything that happens across a user’s online journey. This allows for real-time detection and action on fraudulent activities, reducing latency and improving scalability while keeping sensitive data secure. Solutions like Darwinium use edge infrastructure to enhance customer journey protection without compromising user experience.

How does edge computing improve account security and fraud detection?

Edge computing improves account security and fraud detection by enabling real-time decisioning at the network level. Unlike traditional solutions, edge-based systems analyze user behavior closer to the source, allowing for faster responses to threats like scams and credential stuffing. It also allows businesses to easily protect new touchpoints by orchestrating customer journeys from within the Darwinium portal.

What are the benefits of deploying fraud prevention at the edge?

Deploying fraud prevention at the edge offers several benefits, including:

Block Complex Fraud: Detect fraud that bypasses traditional solutions, such as business logic abuse, complex bots and scams.

Reduced Latency: Real-time decisions in microseconds.

Enhanced Privacy: Localized and encrypted data storage.

Scalability: Seamless integration with global CDNs.

Improved User Experience: Tailored interactions based on risk assessments.

Resilience: Fail-open systems ensure uninterrupted service during outages.

What are Edge Workers, and how do they enhance fraud prevention?

Edge Workers are a serverless computing platform that allows developers to write and deploy code to networks of servers around the world. Code is executed closer to the end-user, resulting in faster response times and reduced latency.

By running code at the edge, Edge Workers can analyze incoming traffic in real-time and identify both trusted and risky behavior. For instance, they can identify bots that are attempting to use stolen credentials to log into an account by monitoring user behavior patterns such as IP addresses, login attempts, and navigation paths. Or they can identify trusted users that are displaying normal patterns of behavior but are perhaps getting caught by overzealous blanket authentication checks.

How does Darwinium ensure data privacy and security at the edge?

Darwinium ensures data privacy and security through edge-based encryption and anonymization, and by allowing businesses to store sensitive data within their infrastructure and control access with their keys. This setup can support businesses to comply with regulations like GDPR and CCPA.

Why is fraud prevention at the edge better than traditional API-based fraud solutions?

Integrating account security and fraud prevention at the perimeter edge provides businesses with full visibility of user behavior across every digital touchpoint, without the operational burden and time delays of reploying tags on every individual page. Businesses can also respond dynamically to threats without lengthy IT cycles, making fraud prevention faster, more scalable, and more cost-effective.