Financial Services Firm Reduces Threat Protection Response Time From 3 Hours to 30 seconds

February 24, 2023 | by Muzaffer Pasha

API Protection in Finance

A large global investment firm operates globally with over $7 trillion dollars in assets. It offers a wide variety of financial products to over 30 million retail investors that rely on this firm to manage their investment and retirement accounts. Their clients expect easy, secure, and uninterrupted access.

Key API Application That Powered Customer Access

The investment firm utilized a highly scalable enterprise grade API application to provide access to their 30 million retail investors. Due to their large asset size, they had become an attractive target for cybercriminals to initiate rolling account takeover (ATO) attacks that aimed to gain unauthorized access to customer accounts and their financial portfolios. Once compromised, it allowed cybercriminals to exfiltrate money out of retail accounts for illegal financial gain.

More Than Just an Attractive Target

For the firm, detecting ATO attacks had become a mission critical function whose responsibility was held within the fraud team. Every successful fraud attack on the investment firm’s online retail accounts would erode customer confidence, increase customer attrition, and damage brand image.

To prevent fraudulent transactions, the fraud team relied on identifying suspicious logins on their application programming interface (API) endpoints. Their existing solution, a post-forensic tool would only provide a raw dump of transactions for the day, and it would take a fraud analyst several hours to analyze all the data for malicious activity.

This was time-consuming and exhausting work that placed enormous pressure on the fraud team. These attacks had even gained the attention of the senior executive team, placing pressure on the security team to deploy a security solution that could detect ATO attacks faster before they could potentially compromise their retail investors.

Setting Serious Security Goals

The security team had devised a set of requirements that were used to help choose a security solution that could faster detect malicious activity to user accounts. They were looking for a security solution that could help achieve the following:

  • Faster Fraud Detection: Enable faster fraud detection reducing the amount of time required to detect fraud attacks.
  • Minimize Manual Analysis: Implement an automated solution that could minimize the manual work that fraud analysts were doing every day, that was taking up to 3 hours a day.
  • Move to Proactive Security: Security team wanted to move away from constantly being in a reactive security mode to a more proactive security mode.

Cequence Blocks Fraudulent Activity Through API Protection

The security team had chosen Cequence from a select set of API security vendors to reduce the time to detect fraudulent login activity on their API application. Working together, Cequence worked with the security team to configure and deploy API Spartan, a component of Cequence Unified Protection (UAP) in front of their mission critical API application. The results were immediate.

After implementing Cequence UAP, they were able to achieve the following:

  • Faster Fraud Detection: Cequence was able to reduce fraud analysis time, shaving off hours of analysis time each day.
  • Automated Analysis: By implementing Cequence, they eliminated hours a day of manual analysis that allowed them to focus on a narrow set of high probability fraud transactions.
  • Powerful Security Policy: Cequence offered a powerful security policy language that allowed them to create custom security policies that could pinpoint targeted attacks.
  • Easy Deployment: Unlike other fraud detection solutions, Cequence required no mobile SDK or JavaScript instrumentation to work since the required security intelligence was directly built into CQAI.


For the investment firm, deploying Cequence UAP enabled the fraud team to respond faster to ATO attacks, reducing threat detection time from 3 hours to 30 seconds a day. The fraud analysts were now more productive, responding to ATO attacks much sooner rather than spending hours each day sifting through thousands of transactions to determine which logins were malicious. They were now able to constantly monitor the login activity to their API application, ensuring that only legitimate retail investors had access to their own online retail accounts, surfacing malicious ATO attempts almost immediately to the fraud team.

Learn more about how Cequence helped this investment firm achieve API protection.

Free API Security Assessment of Your API Attack Surface

Get an Attacker’s View into Your Organization

Muzaffer Pasha


Muzaffer Pasha

Senior Product Marketing Manager

Additional Resources