Account Protection Service

Stop fraud,
not customers.

Accurately detect and adapt to risk and trust to prevent account fraud in real time.

Account Protection - Account Protection

Ensure only legitimate customers open, access, change, recover, and transact with their accounts

Account Protection continuously runs risk and trust assessments — powered by multi-method detection — to accurately identify bots, fraud tools and suspicious activity based on current and past device, network and behavioral data for each user.

Trigger real-time action in moments of risk throughout your user journeys
— what Gartner calls continuous adaptive trust.

Account Protection - diamond dots 3
Account Protection - diamond dots

Account fraud is booming

Innovations in fraud automation and dark web forums have dramatically lowered the skill threshold to execute a wide range of account attacks. Novice fraudsters from around the world are mounting more attacks of all kinds with growing sophistication. For example, they are seizing control of devices and sessions after user authentication.

Account Protection - Citi logo

“Security is like water. If the attackers see something in front of them that’s going to stop them, they are going to flow around it … If you’re not continuously assessing those things together, you won’t see an attack coming in here.”

Matt Nunn, Citigroup’s Director and Global Head of IAM Engineering

Broad threat coverage

To stay ahead of the growing volume and sophistication of attacks, you need accurate detection and action designed for a growing array of attack methods and tools.


Methods & tool examples

Account Protection - Bots


  • Credential stuffing bots
  • Password spraying bots
Account Protection - Phishing


  • Reverse proxy phishing (EvilProxy)
  • Traditional phishing
    • Email
    • Smishing
    • Vishing
Account Protection - Social engineering

Social engineering

  • Call center scams
  • Friendly fraud
  • OTP intercepts
Account Protection - Device spoofing

Device spoofing

  • Mobile device emulators
  • Virtual machines
  • Device farms
Account Protection - Device takeover

Device takeover

  • Remote access tools (RATs)
  • SIM Swap/SIM-jacking
  • Malware (Xposed, Magisk…)
Account Protection - Session takeover

Session takeover

  • Session hijacking
  • Cookie hijacking
  • Clickjacking

Account Opening Fraud

Methods & tool examples

Account Protection - Registration bots

Registration bots

  • Synthetic identities
  • Stolen identities
Account Protection - Human powered


  • Device/click farms

Real-time assessment of multiple risk and trust indicators

Blind spots in the risk signals you detect make it easy to over-react or under-react to the ones you can see. Account Protection provides out-of-the-box analysis of multiple risk and trust signals to accurately detect a broad range of evolving attack methods and tools. Here are some examples of detection methods and risk/trust indicators:

Account Protection - Device fingerprinting icon

Device fingerprinting
& analysis

  • Device match/mismatch for this user
  • Malware signature detected
  • Mobile emulator / device spoofing
  • Suspicious device configuration
  • Virtual machine
  • Remote access tool detected
  • Session hijack detected/cookie reuse
  • Browser language setting change
Account Protection - gain view icon

Behavioral biometric analysis

  • Bot behavior pattern detected
  • High velocity input
  • Text injection detected
  • Keystroke match/mismatch for this user
Account Protection - Account change analysis icon

Account change analysis

  • High velocity of account changes
  • Short interval from new device to transaction
  • 2FA disabled
Account Protection - Application sessions icon

Application sessions

  • Atypical time of use for this user
  • Atypical page journey for this user
  • Atypical actions for this user
Account Protection - risk detection icon

Network analysis

  • Impossible travel
  • Familiar/unfamiliar location for this user
  • Attack framework detected (EvilProxy, OpenBullet)
  • Tor, incognito browsing
  • Anonymizer proxy
  • VPN detected
  • Abnormal links
Account Protection - Passwordless options icon

Authentication analysis &
ID verification

  • Bot behavior: speed/number of attempts
  • Unusual fail/abandons
  • ID verification mismatch
  • Weak authentication/challenge method
Account Protection - Global intelligence icon

Global intelligence

  • Fraudulent device reputation
  • Fraudulent IP reputation
  • Fraudulent data center reputation
  • Blocked IP, country
  • Your block/deny feeds

Managed detection and assessment of risk and trust

The end-to-end Risk, Trust & Action model takes in telemetry and outputs recommended actions, all in real time. The model integrates risk detection, trust modeling and assessment of risk and trust indicators together to generate dependably accurate action triggers.

Account Protection - worldwide image

Applied threat
research & intelligence

Threat researchers use a global view of account attacks, data and emerging trends across apps, companies, industries and geographies.

Your holistic Risk, Trust and Action model is continuously and transparently updated for automatic improvements in accuracy and coverage to meet evolving fraud methods and tools.

Account Protection - learning image

Machine learning

Data scientists combine machine learning, heuristics and statistical analysis to continuously improve accuracy of Trust, Risk and Action engines and holistic model.

360° context correlation

Account Protection automatically correlates multiple dimensions of context for each user: guest or registered, new or returning, customer or fraudster, human or bot.

Account Protection - Transmit detection
Account Protection - 360 Context Correlation graphic 1
Account Protection - 360 Context Correlation graphic legend.

Adapt in real time,
any time

Continuous risk and trust assessments provide visibility and trigger actions in response to API calls made by your applications, making it easy to adapt to risk and trust throughout your user journey.

Account Protection - Real Time Recommended Actions
Account Protection - Anna AP Monitor 1

Gain value quickly

Within minutes of adding a data collector, you’ll start seeing risk and trust indicators and automated recommended actions (Trust, Allow, Challenge or Deny). Data collectors – snippet of code as little as 4 lines – can be quickly added to your web application.

Use orchestration to invoke authenticators

Orchestration allows you to bring together fraud signals, decisions and mitigation controls like various types of authenticators and identity verification technologies. Transmit Security offers the leading Identity Orchestration service for adaptive authentication and account opening.

Here, you can decide which signals to use, how to correlate them, which actions to take, when and how. You can make changes fast and react to any attack.

Account Protection - What Is Identity Orchestration
Account Protection - FIDO Passkey Icon Black 1

Out-of-the-box support for passkeys

During the onboarding process or after, you can use simple APIs to register your customers for passwordless authentication using passkeys. This allows your customers to use fingerprint and face recognition technologies, supported by the device to log into your services the next time they visit any of your applications and channels.

Transmit Security’s Account Protection service automatically detects passkey logins and adjusts risk and trust accordingly. Once registered, customers can easily switch between devices such as their mobile phone or laptop and enjoy a secure and friction-free experience.