Financial Fraud Protection

Always choose to predict, discover, and alert proactively before your assets are compromised or the final objective of the insider is achieved. HanSight focuses on proactive detection of lateral movement inside the organization, rather than reactive response and remedy after the damage occurs.


While new business models and products like online credit card application, direct banking service, and online loans have expanded the scope of business and made financial institutions more competitive, they have also introduced more opportunities for fraud than ever before.

Worse still, fraudsters continue to innovate hacking methods. They defraud or steal users’ online account credentials by sending phishing links through pseudo base stations, or using Trojans, other hacking techniques, or social engineering attacks. This has resulted in frequent online fraud activity, including fraudulent transactions, in recent years, causing significant losses to financial institutions and their customers.

Diversified fraudulent means

Ineffective legacy rule-based detection

Insufficient information for defense



Alerting Based on Threat Intelligence

Raise alerts or directly block the outliers that with high confidence, indicate fraud attacks. By leveraging cyber threat and financial data in a preventive measure, its possible to shut down fraud at your perimeters.


Business Fraud Analytics and Detection

Powered by machine learning, user behavior analytics, and other AI technologies, fraud teams can monitor business processes in real time, rapidly identify and pinpoint various anomalies such as abnormal logins, data-hit attacks, credential stuffing attacks, and more.


Response and Provenance Tracking

Take appropriate steps to alert on fraud, block malicious behavior based on the real-time analytics and detection results, and audit and track the provenance of fraud incidents when necessary.

Early Alerting Based on Threat Intelligence

Put together high-confidence threat intelligence information, for example, abnormal IP address, mobile phone, or geo-location, retrieved from HanSight’s cyber threat intelligence to block or quarantine suspicious behavior as necessary.

Combine the lists of defaulters, blacklists, and user data from the financial intelligence of banks or third-party institutions to initiate early warning.

Real-Time Business Fraud Analytics and Detection

Abnormal login analytics

Learn a user’s historical login and transaction data to train a multi-faceted account profile involving quantity, relationship, sequence, and more behavioral baselines.

Apply machine learning-based user behavior analytics algorithms and pre-defined rules to identify logins that differ significantly from a user’s behavioral baseline.

Database-hit attack detection

Use the unsupervised machine learning algorithm for cluster analysis to scan for database-hit incidents by setting the original IP address as the cluster center to quantify multiple facets.

The unsupervised machine learning for clustering analysis can effectively analyze and detect previously unknown threats regardless of changes in the database-hit attack technique.

Credential stuffing attack detection

Learn a user’s historical login and transaction data to train a multi-faceted account profile involving quantity, relationship, sequence and more behavioral baselines, and apply machine learning-based user behavior analytics algorithms to identify activities that deviate significantly from a user’s behavioral baseline.

Combine the database transactions attack history of an associated account, regular device fingerprints of the account, operations after login, and other facets to confirm credential stuffing attacks.。

Proactive Response and Provenance Tracking

Raise alerts on high-risk accounts and block malicious attacks based on the real-time fraud analytics and detection results.

Leverage big data technology to store all traffic data as required by the customer and perform auditing, provenance tracking, and forensics on fraud incidents from the massive data.

Applicable Industry

  • Finance

Supported System

  • E-bank system
  • Insurance policy system
  • Trading system

Application Scenario

  • Abnormal login analytics
  • Database-hit attack detection
  • Credential stuffing attack detection

Data Source

  • Application access logs
  • E-bank transaction logs
  • Basic information database

Compliance and Best Practice

  • China’s Cybersecurity Law
  • Classified Cybersecurity Protection Regulations 2.0
  • Critical Information Infrastructure Protection Regulations

Customer Benefits

Early alerting on business risks

Improvement to brand image

Effective prevention of business losses

Compliance with regulatory provisions

Application Cases

E-bank database-hit attack detection

Detected multiple user account hacking and database-hit attacks for a commercial bank, protecting the high-value user accounts from being stolen and keeping users away from frauds.

Bank account anomaly detection

Identified a number of user account logins with anomalous location, time, or status for a joint-stock bank to raise alerts and prevent potential business risks.

Core system user behavior anomaly detection.

Discovered extensive insider threats including account breaches, compliance violations, and malicious insurance policy queries for a large Chinese insurance company.