Fraud Prevention solutions
Protection against external fraud
Protection against fraud in Internet banking / mobile banking
Protection against fraud with cards (emission and acquiring)
Protection against fraud in loyalty programs
Protection against fraud in the credit process
Protection against internal fraud
Protection against employee fraud targeting clients
Protection against employee fraud targeting company
Detection of deviations in the implementation of business processes
Detection of Suspicious Transaction Indicators
Detection of suspicious transactions for AML
Monitoring financial transactions and clients in sanction lists
We offer
Functional and scalable solution
for fraud prevention: automatic identification of new fraud schemes takes from 1 to 5 days.
Preconfigured database of algorithms
for detecting fraudulent schemes
that adapts to the customer: more than 50 practical schemes that can actually be detected in banks, considering the specifics of activities in the Russian market.
Proven integration mechanisms
with ABS, credit workflow, Internet banking, processing.
Ability to detect anomalies
and deviations from "normal" operations using machine learning methods.
whAnalytics FMS for Processing
Enables the detection and blocking of card authorizations in emission and acquiring channels that exhibit signs of being performed without the client's consent.
For banks and processing centers that issue cards or provide internet and merchant acquiring services, it is important to promptly detect and prevent transactions conducted through compromised cards or resulting from fraud schemes involving social engineering. Another task is to control limits, considering the transaction channel, currency, time, country, and the channel through which the transaction is made.
Our solutions allow addressing these tasks through the analysis of all operations in real-time, controlling at the level of the client, account, card, merchant, or partner. We understand the specifics of Card Processing, help choose the optimal integration method to minimize adjustments on the customer's systems side, provide a ready set of fraud prevention scenarios, and support our clients throughout the entire process of implementation and operation of our solution with SLA.
  • 50

    Auto-detection of signs for 50 fraud schemes
  • 3

    Implementation into commercial operation takes no more than 2-3 months
  • 12

    Return on investment in less than 12 months
  • 5

    Reduction of investigation time by 5 times
Utilizing the experience of fraud prevention, audit, internal controls, security and cybersecurity departments, we develop and offer the whAnalytics FMS solution. This solution provides the ability to consolidate all significant information on all bank operations in one place, see the full picture of what is happening, and thereby solve fraud prevention tasks and gain confidence that banking operations occur in a regular mode, and the situation is manageable and controllable. In case fraud or error is detected, the solution prevent them at early stages and conduct a detailed investigation.
whAnalytics FMS enables the detection of signs of known fraud schemes, which are integrated into the product's analytical module during its implementation. It also identifies anomalies and deviations from standard operations.

According to our estimates, the losses from internal fraud incidents in an "average" bank, particularly those ranked from the middle to lower half of the top 100 credit organizations in Russia, can range from 30 million to 50 million rubles annually. During crisis periods, these losses typically increase.
10 Most Common Types of Internal Fraud
  • Unauthorized increase in credit card limits
  • Unauthorized expense transactions on client accounts and client debit / credit cards
  • Abuse during conversion operations for both individuals and legal entities
  • Signs of fictitious payroll projects (loans, money laundering)
  • Signs of violations and errors when collecting commission payments from a client for cash management and cashier operations
  • Money laundering schemes, including using Internet banking and debit / credit cards
  • Using official powers to manipulate client funds for personal purposes
  • Violations by employees in the credit process
  • Errors in the parameterization of bonus programs on plastic cards that lead to so-called "twisting" and losses
  • Unauthorized connection of Internet banking to a client’s account and emission of plastic cards without the client's awareness
whAnalytics FMS for Internal Fraud
Allows identifying both signs of the implementation of known fraud schemes and detecting anomalies and deviations from standard operations.
When interacting with existing and potential clients, we often encounter situations where internal fraud is detected with a significant delay. During this delay, misuse may go unnoticed or, upon client complaints, it may be discovered that strange operations have been performed with their funds without their consent.

The time lag between the occurrence of an incident and its detection can often span several months. However, in our practice, there have been cases where internal fraud was identified within 3-5 years later. This situation is typically due to the absence of tools in the bank that automate the detection and assessment of deviations from "normal behavior" patterns in employee operations.

Manual data processing, based on the personal expertise of specialists, does not provide the necessary efficiency on a large scale. The vast amount of financial and technological information needs to be analyzed to understand whether the bank's operations are normal or exhibit signs of violations. For this, storing and quickly processing significant amounts of information requires an industrial solution for working with big data.

Analytical mechanisms for searching and correlating data, detecting signs of fraud schemes, and identifying anomalies are integrated into whAnalytics FMS. This product uses powerful search capabilities to work with big data.
Using whAnalytics FMS, a bank can conduct a comprehensive analysis of all significant operations, ensuring that actions showing signs of internal fraud are identified at the earliest possible stage. Additionally, the results of using the obtained analytical data can be applied for a full-scale risk-oriented approach during inspections by control and audit departments.

Certainly, the completeness of identifying financial fraud signs in employee actions, occurring within their official powers, is possible by obtaining the maximum volume of data from various sources.

For example, in the Core banking system, there may not be stored information about operations related to account balance inquiries. But this information may be necessary to detect early signs of possible fraud preparation (such as client account monitoring, searching for the right client profiles, and the subsequent initiation of unauthorized transactions). In such cases, it is essential to use additional information sources, such as network traffic, log entries on servers, and even data from control and management systems in the bank's operational offices (using access control mechanisms, customer movement data, and video surveillance analysis).
10 Most Common Types of
Fraud in Internet Banking and Mobile Banking
Signs of client account compromise
Using bank accounts as transit accounts for bonus «twisting»
Attempts to register Internet banking for clients from blacklists
Signs of centralized control of Internet banking from a single device
Manipulation of clients with bonus programs (both proprietary and third-party)
Detection of affiliation of legal entities and individuals through transaction analysis, contact information, and Internet banking usage
Detection of operations uncharacteristic for the client
Signs of third-party usage of a client's debit / credit card
Attempts to bypass restriction and limit logic
Signs of so-called «droppers» based on the nature of transactions and operations in Internet banking and ATMs
Cross-channel analytics, comparing event chains from different client service channels
Deep integration with Internet banking to prevent fraudulent transactions
Visualization of geography, movement of funds, relationships between clients, and other aspects of Internet banking
Real-time operation, historical data analysis
whAnalytics FMS for Internet Banking
Enables comprehensive monitoring of operations in Internet banking and mobile banking, detecting and preventing fraudulent transactions.
Monitoring fraud in real-time systems, such as Internet banking and mobile banking, is a complex task. Fraud tactics are rapidly evolving, and today's schemes of unauthorized access often involve gaining control over funds through online access and management. These actions, although illegal, can appear legitimate.

In practice, fraudsters have learned to act just like legitimate users, making it difficult to distinguish fraudulent actions. Detection accuracy is further complicated by the fact that modern fraudsters use multichannel methods to implement schemes, combining online and offline actions, each of which in isolation appears legitimate, but in combination constitutes a sophisticated fraud scheme.

Reactive strategies are no longer effective. Financial organizations often learn about fraud only when the client reports their losses.
You can no longer try to stop fraud by introducing new rules for detecting suspicious activity after the fraudulent action has taken place, because this does not prevent any new fraud schemes.

With whAnalytics FMS, real-time control of operations in all channels can be carried out, comparing data and analyzing financial operations to match predetermined rules, allowing for the detection of anomalies and deviations in real time.

By integrating whAnalytics FMS into the bank’s infrastructure in such a way that fraudulent transactions are identified (compared to legitimate transactions within the bank's systems), it is possible to effectively prevent and timely detect fraud signs, ensuring the client’s funds remain safe.

10 Most Common
Additional AML Controls
Signs of transit operations in corporate clients' accounts
Detection of "looped" money laundering, including both internal and external bank transfers
Disbalance between credits and debits with/without VAT (including VAT split)
Detection of signs of affiliation among clients (legal entities, individual entrepreneurs, employees)
The size of taxes and other mandatory payments does not match the scale of the client's activities
Regular credits of large sums from third parties to individual entrepreneurs or individual accounts with subsequent withdrawal or transfer
Salary payments to clients and transfers of personal income tax and insurance contributions that do not correspond to the scale of activity in their industry
Significant increase in the share of cash withdrawn by clients (legal entities) from their accounts, compared to normal practices for legal entities or groups of legal entities in their segment
Signs of funds transfer to non-residents
Lack of or minimal payments for operating activities (rent, utility payments, office supplies, etc.)
Convenient parameterization of rules and their testing
Profiling client behavior and detecting anomalies
Using external reputation databases, sanctions lists, maintaining blacklists, whitelists, and grey lists
Contextual analysis of payment purposes and their automatic classification
whAnalytics FMS for Anti Money Laundering (AML)
Allows implementing additional control of client operations necessary to meet regulatory requirements (including 18-MR, 19-MR) and reduce reputational losses.
Strengthening regulatory requirements and introducing new criteria for additional control over client operations are happening in international markets. Previously, in most cases, it was sufficient to obtain information only from payment data at the Core banking level, but now, decisions require a broader approach.

The implementation of the "Know Your Customer" (KYC) policy is achieved by consolidating all available information about the client, their operations in different service channels, and analyzing both payment information and non-payment data. Employees of financial monitoring departments, security, and internal control services use and compare information from various banking systems to gain an accurate picture of the client’s operations.

With whAnalytics FMS, the bank gets a tool where all necessary controls are already automated, consolidation of all client activity data is carried out, and all analytics about the client are presented in a convenient and understandable form.

Using KYC tools, AML analysts can receive all client information in a few seconds, and in case of any suspicious pattern, delve into any historical period, compare client data with other clients or suppliers, and place the client/group of clients under additional monitoring.

With the emergence of new regulatory requirements, the bank will be ready to implement them quickly and with minimal costs, as whAnalytics FMS allows for the rapid integration of new data sources and flexible implementation of new rules and analytical algorithms.

whAnalytics FMS for SIEM
Allows solving tasks related to building effective processes for managing information security events, incidents and investigation processes.
The readiness of companies to promptly and accurately respond to events related to information security, and hence the ability of the business to continue its work, is one of the most important tasks. Solving such a task is achieved by implementing organizational and technical mechanisms, the most important of which is the SIEM system.

Software that collects, processes, and analyzes a huge amount of events occurring in the IT infrastructure of any large company and forms the basis for decision-making is today one of the main tools used by employees responsible for protecting the perimeter and internal infrastructure.

With whAnalytics FMS for SIEM, our customers have the opportunity to solve a wide range of tasks related to automating event processes and responding to critical events in the IT infrastructure, organizing the work of a round-the-clock team of specialists responsible for 24/7 monitoring, processing alerts, and fine-tuning the SIEM system.

Using our solution, you can promptly detect incidents and respond to them, conduct in-depth data analysis, develop new correlation rules, and connect new data sources, which is the basis for building a unified Security Operations Center (SOC).

About us
The company WhyHappen was founded by specialists-practitioners in the field of audit, information, and economic security.
Our company's employees have a proven track record of successfully implementing complex projects in major banks and insurance companies. Leveraging this experience and modern technologies, we now offer the whAnalytics FMS solution, which, as we believe, can help owners and managers of financial companies protect their business from fraudulent actions.
Despite the broad practical expertise of our specialists, we are a highly specialized company. Focusing our efforts on what we excel at—fraud prevention—enables us to provide our clients with professional and high-quality services. By leveraging cutting-edge technologies, our successful experience, and minimizing our own costs, our clients achieve results with significantly less time and financial resources than is typical for solving tasks of this nature.

We aim to help our clients achieve results through their work, reducing losses and providing them with the opportunity to grow their business and be financially stable.
Research is carried out with the grant support of the Skolkovo Foundation
WhyHappen Company
143026, Moscow, Skolkovo Territory, Bolshoy Boulevard, Building 42, Structure 1