www.versafe-login.com

Versafe TotALL™ Online Fraud Protection Suite

Protect ALL online users.

From ALL malware, threat types.

On ALL devices.

ALL transparently to the user.

SOLUTION BRIEF

S O L U T I O N B R I E F | V E R S A F E T O TA L L O N L I N E F R A U D P R O T E C T I O N S U I T E [ 2 ]

In 2012, we witnessed an unprecedented growth in malware, zero-

days, and phishing worldwide. Beyond just the sheer volume, the

methods cyber criminals used to launch and host their malicious

content has made it more challenging for security and fraud

professionals to detect attacks targeting their organization, and

to comprehensively protect their entire user base in real-time.

The Versafe TotALL Online Fraud Protection Suite protects organizations and their end

users from the full range of malware and online threats, on all devices, without any

impact to the user experience. Leveraging advanced encryption, malware detection,

and behavioral analysis capabilities, Versafe works independently from or with existing

anti-fraud solutions, dramatically reducing clients’ fraud losses and providing critical

intelligence into the evolving threat landscape.

Clientless solution uniquely enabling malware detection and protection of your entire user base.

Advanced protection from all online threat types: zero-days, MITB, web injection, session hijacking, keylogging, automated transactions, MITM, phishing, social network fraud, malicious apps, and more.

Web and mobile device support, each channel able to be deployed in a matter of days.

Real-time alerts and reporting via the 24x7 Security Operations Center & Malware Analysis Team.

Versafe offers protection

against the entire spectrum of

online threat types, across all

device types, without requiring

users to download software or

register their device.

The TotALL™ Online Fraud Protection Suite

MMobileSSafe™WWeeWW bSafe™

ApplicationBanking

WebSafe™

Malware detectionMalware protectionTransactionprotectionAdvance phishing

detection

Layer 1 endpoint & Layer 2 navigation protection

End UserEnd User

Zero-days

Phishing

MitB

Targeted malware

Mobile

malware

MitM

SMS

grabbers

MobileSafe™

Jailbroken device

detection

Malware detection

Malware protection

Transaction

protection

WebSafe: Clientless protection of all users.

With more than 27 million unique malware variants developed in 2012 alone, WebSafe

helps organizations identify and protect against all web-based malware and other

threat types.

Deployed using either an SDK directly on the web application – or via one of our

integrated technology partners, such as f5 Networks – WebSafe can be deployed in

just days, without any impact on the end user.

– Malware Detection. WebSafe applies advanced techniques to detect both targeted

and generic malware – including web injection, credential grabbing, MITB, session-

hijacking, password stealers, and more – by identifying any changes to the HTML or

injection of malicious script into the genuine site. Honeypots are used to lure and

detect generic malware. WebSafe is also capable of detecting MITM access attempts

from a compromised network connection by performing checks on the SSL certificate,

domain and other components.

– Malware Protection. Advanced encryption at the application

level provides protection of all information transferred from the

user to the organization, thus rendering any data intercepted by

an attacker worthless. A one-time public key is generated by

the web server for each user session. When the encrypted

information is received by the web server, it is decrypted using

the server-side private key.

– Transaction Protection. WebSafe is able to identify and

prevent automated payments and money transfers initiated

by malware or a bot. Assessing a variety of device-specific

and behavioral variables – including device ID, mouse and

click patterns, sequencing of and timing between actions,

and many more – transactions by genuine users are

distinguished from those initiated by malware. Additionally, by

looking for malicious JavaScript functions and by performing

iFrame checks, automated transactions are further able to be

detected and mitigated.

– Advance phishing detection. WebSafe includes several protective layers to identify

phishing attempts through detection of website copying to extensive scans that include

more than ten different search characteristics. WebSafe can even detect phishing

attacks prior to being launched – at the point of sites being copied by attackers and

loaded to spoofed domains. WebSafe utilizes hidden code implemented on the

organization’s web site and programmed to alert the organization when the site has

been copied and when the copy has been loaded to a spoofed domain. WebSafe is

able to track critical details about the attack including IP address, drop zones, and

stolen credentials which are reported back to the organization.

WebSafe applies advanced

identification techniques to

detect malware, such as

changes in HTML code or

injection of malicious script.

S O L U T I O N B R I E F | V E R S A F E T O TA L L O N L I N E F R A U D P R O T E C T I O N S U I T E [ 3 ]

ApplicationBanking

Malwaredetection

Malwareprotection

Transactionprotection

End UserEnd User

WebSafe™

Advance phishing

detection

Cyberthreat

intelligence

Phishing,

malicious

site takedown

For more information, please email sales@versafe-login.com, or visit www.versafe-login.com

MobileSafe: Protection from all mobile malware threats

Versafe MobileSafe is offered as an SDK that can be easily integrated into any native

mobile application. With the ability to encrypt information at the application layer,

MobileSafe offers protection against advanced threats targeting the mobile user.

– Jailbroken Device Detection. By identifying devices that have been jailbroken,

the risk score for being potentially infected with malware is adjusted accordingly.

– Malware Detection. Some of the most common financial malware – including Zeus,

SpyEye and Citadel – have targeted mobile users with SMS-grabbing capabilities that

intercept out-of-band communications between the organization and the user. A

proprietary safety scoring method assesses a number of parameters on the device

such as checking the validity of SSL certificates and HTTPS connections, running

processes, and installed applications.

– Malware Protection. Encryption at the application layer –

using a public key generated on the fly by the web server on

the client side – and virtual keypads which can be

customized for mobile banking apps ensures that any

information intercepted by malware will be encrypted and

rendered useless to an attacker.

Versafe Security Operations Center: 24x7x365 Global Threat Protection

Versafe provides a managed security operations center to help

clients minimize risk against the latest cyber-attacks around the

clock. Responsible for discovering several noted attacks – such

as Eurograbber and a variety of zero-days – the Versafe Security

Operations Center works closely with security organizations and

law enforcement in several countries.

Clients can view and monitor the status of all threats targeting

their organization and users in real-time – from identification to

intelligence to remediation – through a central dashboard, as

well as real-time alerts via email or SMS.

ApplicationBanking

Malwareprotection

Malwaredetection

Jailbrokendevice

detection

End UserEnd User

MobileSafe™

Transaction

protection

Social

network

fraud

Fraudulent

apps

Versafe MobileSafe offers

protection against mobile

threats and SMS grabbing

through advanced encryption

at the application layer, and

can be easily integrated into

any native mobile app.

Responsible for discovering several noted attacks –

such as Eurograbber and a variety of zero-days – the

Versafe SOC works closely with security organizations

and law enforcement in several countries.