What is ARDID?

Ardid is an advanced tool that provides a comprehensive approach to detecting and preventing fraud in financial transfers.

Through a sophisticated system of rules, artificial intelligence, and behavioral analysis, Ardid ensures that each transfer is monitored and accurately evaluated to protect the financial integrity of its users. The platform not only facilitates the identification of suspicious activities but also offers tools to manage and simulate rules, providing administrators with complete control over transaction security.

How to prevent fraud from session hijacking or Account Takeover (ATO)?

An Account Takeover (ATO) attack typically occurs when a user's password is stolen or guessed, often through brute force or other means. In such cases, a key factor is the use of a non-usual device for the client.

Another scenario could involve the theft of the client's mobile phone, with attempts made to operate using the same device. In these situations, preventing fraud hinges on monitoring the client's application usage behavior, as well as the recipients and amounts of transfers or payments made, ensuring transactions are not sent to unfamiliar accounts.

In ARDID, you can establish:

- Standard rules for handling failed logins, successful logins, and payment attempts. - Standard rules for device changes and transfer/payment attempts. - Machine learning and AI rules related to transaction amounts and recipient regularity. - Behavioral rules for login and transfer/payment actions.

In all cases, ARDID can be configured to reject transactions, request 2FA, or block the account.

What happens if ARDID blocks a payment or transaction, but it turns out to be legitimate?

If ARDID rejects a transaction or payment that is later validated as legitimate, an operator can access ARDID's transfer or payment module, locate the transaction, mark it as trustworthy, and generate an exception specifying its duration.

This allows the client to proceed with the payment or transfer while notifying ARDID of its misjudgment, prompting the AI engine to simulate as many rule scenarios as necessary and propose new rules to optimize current ones and minimize errors.

How can I determine if the rules I'm applying will be effective?

Before deploying a rule into production, it is advisable to simulate its application or modification.

Simulation involves specifying the rules and weights for each variable, selecting a date range for simulation, and setting the execution time. After simulation, notifications are received, and results can be reviewed in ARDID, showing responses to each transfer or payment under the simulated rules.

The dashboard displays changes in type I and type II errors, ensuring they align with desired outcomes. If the rule meets requirements, it can be activated; otherwise, adjustments or removal can be made.

How to stop session hijacking or account takeover attacks?

For clients facing account takeover attempts, ARDID employs its AI engine to detect and block suspicious activity.

Configuring burst rules in the AI module, particularly for failed logins, aids in identifying repeated failed login attempts for a single or multiple clients. Data from these connections is added to corresponding blacklists, automating feedback for reputational rules to prevent fraud.

What if ARDID's burst AI rule identifies a suspicious destination account and blocks it?

If the burst AI rule identifies multiple transfers to the same suspicious account, ARDID adds the account to its blacklist, preventing future transactions.

However, if the account is legitimate, such as a charity fundraising account, an analyst can access the account blacklist module, mark it as whitelisted, and prevent ARDID from triggering alerts or blocking transfers to that account.

How can I monitor ARDID response times?

In both transfer and payment modules, a Response Time column shows ARDID's processing time for each request.

Real-time analysis and optimized processes ensure minimal operational overhead, maintaining responsive performance essential for operational integrity.

What's the difference between a behavioral rule and a machine learning rule?

A behavioral rule analyzes how a person uses an application, establishing usage patterns that, when matched with transaction patterns, indicate user authenticity.

Behavioral actions are fully configurable per application; each entity can define multiple actions across various applications. ARDID provides an SDK for integrating application-specific actions, collecting data via APIs for behavioral analysis and pattern comparison. Outliers prompt immediate alerts via email or Telegram, logging events in ARDID for session theft detection.

In contrast, machine learning rules assess transaction regularity, evaluating:

- Destination account - Geolocation - Weekdays - Hours - Days and hours - Device - IP - Amount - Cumulative amounts - Cycle-based cumulative amounts - Amount and destination account

Machine learning rules differentiate between habitual and atypical transactions, optimizing fraud detection while behavioral rules affirm user identity.

Is ARDID a secure application?

ARDID adheres to comprehensive security standards typical of banking and financial applications:

- 2FA for user login - Session timeout for inactivity - Encryption of sensitive information - User profiles for action and data segregation - Customizable entity-specific user profiles - Auditing of all system actions - Rule creation and activation control - User deactivation for inactivity - Authenticated APIs

Periodic security tests detect vulnerabilities before each release, ensuring continuous application security.

What's the difference between a traditional blacklist and a reputational rule?

A traditional blacklist instantly rejects flagged elements, evaluating each aspect individually (e.g., geolocation, device). Conversely, a reputational rule considers all elements collectively, assessing the overall risk of fraud.

For instance, a client logging in from an unusual location during a business trip triggers suspicion. However, if the device matches their usual pattern, ARDID may authorize the transaction, demonstrating the rule's contextual decision-making.

What if a client falls victim to phishing and their account is compromised?

Phishing, pharming, or whaling schemes exploit client accounts for unauthorized transactions.

ARDID detects abnormal account activity, blocking transactions and even suspending accounts. For example, a correct password entry from an unusual device, IP, or geolocation raises alerts. If transactions redirect funds to unfamiliar recipients, ARDID assesses the transaction's legitimacy.

ARDID safeguards against fraudulent activity, recognizing usage pattern discrepancies to protect client funds and maintain institutional integrity.