Overview
Cyber Fraud Protection Platfrom
Banks, crypto, telco, and merchants collaborating to stop cross-platform fraud without sharing PII.
Cyber Fraud Protection Platfrom

Product video
Secure Payment Tokenization and Collaborative Fraud Defense
The Cyber Fraud Intelligence Platform (CFIP) Connector is a high-security, headless containerized application designed to run on AWS Fargate. It acts as a secure gateway for your payment data, stripping sensitive PII (PANs) and replacing them with anonymized tokens before they ever touch your general storage - enabling real-time collaborative fraud prevention across financial institutions.
Why CFIP Over Other Privacy-Preserving Approaches:
Unlike Multi-Party Computation or Homomorphic Encryption, CFIP's patented Distributed Tokenization operates at sub-100ms latency and high TPS, keeping pace with real-time payment applications. Tokens are consistent across all network members, enabling cross-institutional detection without any single party accessing raw data. The solution is vendor-agnostic - banks do not need to replace their existing risk platform. CFIP acts as an added intelligence layer on top of existing systems, increasing efficacy and reducing false positives.
Proven Real-World Impact:
Deployed in a national financial network connecting 46 institutions, CFIP delivered measurable results within months:
- 5x intelligence surge - fraud reports grew from 815 to 4,073 monthly in just 6 months
- 300+ mule accounts blocked daily through real-time cross-institutional detection
- $10-15M in fraud prevented yearly with only 5% network adoption
- Sub-100ms response time enabling instant transaction decisions
Key Features
PCI Scope Reduction: Deploys into a dedicated VPC to isolate cardholder data from your main environment, significantly reducing your PCI audit surface.
Headless Architecture: Fully automated via API and Queue integration with no GUI management required. Integrates with existing risk engines, case management, and transaction monitoring tools.
Zero Ingress Security: Designed to run with "Deny All Inbound" security groups and no interactive access (no SSH/SSM) for a zero-trust, audit-ready environment.
Collaborative Intelligence: Safely exchange risk signals with other financial institutions using patented Distributed Tokenization - validated as GDPR-compliant by Bureau Veritas. Raw PII never leaves your environment.
Data-Agnostic Processing: Tokenize PANs, IBANs, phone numbers, email addresses, device IDs, and IP addresses. Adapt to new fraud schemes without changing core infrastructure.
Use-Case Scenario
A bank processing millions of daily authorizations deploys the CFIP Connector on AWS Fargate. When the bank's internal risk engine flags a suspicious transaction, the Connector tokenizes the associated identifiers (PAN, Account number, phone number) within the bank's own firewall. These tokens are shared across the network in real time. If multiple institutions have flagged the same tokenized identity - revealing coordinated mule account activity or synthetic identity fraud - the platform returns enriched risk signals within 100 milliseconds. The bank's risk engine then blocks the transaction before funds transfer, stopping APP fraud, investment scams, and bust-out schemes during the warm-up phase rather than after losses occur.
Who Is This For?
Banks, payment providers, telecom operators, e-commerce platforms, crypto services, regulators, and industry associations seeking collaborative fraud defense.
Deployment
This product is delivered as a Docker Container. For a secure, PCI-aligned deployment, use the official CloudFormation Template (linked in the usage instructions) to provision the required Fargate Cluster, KMS Keys, and Private VPCs. Institutions can be up and running within weeks of deployment.
For a guided architecture walkthrough, sandbox pilot, or to discuss deployment tailored to your transaction volume, reach out to your regional Group-IB representative or visit the contacts page.
Technical Resources
Download the architecture guide covering tokenization flow, network topology, data-flow diagrams showing where PII is stripped, integration patterns (API/Queue), and the GDPR validation methodology from Bureau Veritas. Share this with your security and infrastructure teams during evaluation.
About Group-IB
Founded in 2003, Group-IB brings over 20 years of experience fighting financial crime. An official partner of INTERPOL, Europol, and FS-ISAC, Group-IB's technologies have saved clients over $1 billion USD by preventing fraud and mitigating cyber threats. Recognized as Overall Leader in the 2025 KuppingerCole Leadership Compass for Fraud Reduction Intelligence Platforms.
Highlights
- Collaborative Fraud Intelligence With Consistent Tokenization: Enables participating institutions to securely exchange risk signals using patented Distributed Tokenization validated as GDPR-compliant by Bureau Veritas. Tokens are consistent across all network members, enabling cross-institutional detection without exposing raw data. In a national deployment connecting 46 institutions, this network blocks 300+ mule accounts daily.
- Sub-100ms Real-Time Performance on Zero-Ingress Architecture: Unlike Multi-Party Computation or Homomorphic Encryption, CFIP operates at sub-100ms latency and high TPS to keep pace with real-time payment applications. Features strict "deny-all" inbound design with no interactive access (no SSH/SSM), ensuring a zero-trust, audit-ready environment. Deploys into a dedicated VPC on AWS Fargate to isolate cardholder data and significantly reduce PCI audit scope.
- Vendor-Agnostic Drop-In Integration: Banks do not need to replace their existing risk platform. CFIP connects to existing risk engines, case management, and transaction monitoring tools via API and Queue integration, acting as an added intelligence layer that increases efficacy and reduces false positives. Data-agnostic design tokenizes PANs, IBANs, phone numbers, device IDs, and more. Institutions can be operational within weeks.
Details
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Features and programs
Financing for AWS Marketplace purchases
Pricing
Dimension | Description | Cost/unit |
|---|---|---|
Completed Risk Analysis | A billable unit is counted when the Connector sucessfully receives a response | $1.00 |
Vendor refund policy
No refunds are provided for this product. All sales are final and subject to the specific terms and conditions outlined in your accepted Private Offer
Custom pricing options
How can we make this page better?
Legal
Vendor terms and conditions
Content disclaimer
Delivery details
Guided deploy v0.21 - wizard-first, 3 modes + HA (arm64 on ECS)
- Amazon ECS
Container image
Containers are lightweight, portable execution environments that wrap server application software in a filesystem that includes everything it needs to run. Container applications run on supported container runtimes and orchestration services, such as Amazon Elastic Container Service (Amazon ECS) or Amazon Elastic Kubernetes Service (Amazon EKS). Both eliminate the need for you to install and operate your own container orchestration software by managing and scheduling containers on a scalable cluster of virtual machines.
Version release notes
v0.21 - listing clarity only. No functional change: same v0.20 CloudFormation templates and same 0.18-arm64 image. Renamed the deployment template entries so the guided wizard reads as the clear starting point ('START HERE') and the three direct CloudFormation launch links read as an advanced group ('Advanced direct launch - ...').
Additional details
Usage instructions
Deploy the Group-IB CFIP connector into your own AWS account via an interactive wizard.
- Open 'CFIP Deploy Wizard - START HERE' under Deployment resources and choose your network mode (new VPC + new subnets / existing VPC + new subnets / existing VPC + existing subnets). The wizard sends you to a pre-filled CloudFormation form that shows only the fields for that mode. Advanced users can instead click an 'Advanced direct launch' link and pick VPC/subnets/AZs from the console dropdowns.
- The stack mints the connector's signing key INSIDE your account (KMS-wrapped, never leaves it), creates the config bucket, and derives your connector id cff-<account-id>-<suffix>. Only a config bucket name is required. Set InstanceCount (1-10) for high availability - all replicas share one identity and one registration. Acknowledge CAPABILITY_IAM.
- On CREATE_COMPLETE the connector is healthy behind an internal NLB. Real /report and /query return 500 until Group-IB registers your connector - this is expected. Send the stack's OnboardingHandoff output (public signing certificate + fingerprint + NAT egress IP) to Group-IB through your Group-IB contact.
- Retrieve the inbound API key from AWS Secrets Manager (ApiKeySecretArn output); give it only to your anti-fraud callers.
PILOT ENDPOINT: this version defaults the coordinator to the Group-IB preprod/UAT endpoint for pilot onboarding. TLS on the load balancer is optional (set CertArn); without it the listener is plain TCP 8080 inside your VPC. IAM: the stack creates task/execution/instance roles scoped to ECR pull, config-bucket read, KMS decrypt of the generated key, Secrets Manager read, and Marketplace metering.
Resources
Vendor resources
Support
Vendor support
Support Channels
Customers who deploy the Group-IB Cyber Fraud Intelligence Platform receive 24/7/365 access to dedicated technical and analytical support teams across all regions.
Regional Support Contacts:
- APAC: fraud@apac.group-ib.com | +65 3159 4398
- EU and NA: fraud@eu.group-ib.com | +31 20 890 55 59
- MEA: fraud@mea.group-ib.com | +971 4 540 6400
- LATAM: fraud@amer.group-ib.com | +56 2 275 473 79
Support Portal: https://www.group-ib.com/contacts/
What Is Covered
Our support includes assistance with initial setup, CloudFormation template deployment, Fargate cluster configuration, KMS key provisioning, VPC networking, API integration, and ongoing configuration optimization. Buyers can contact our experts via the secure support portal, email, or phone for real-time assistance, threat analysis, and guidance on mitigating fraudulent activity detected by the platform.
Deployment Guidance
The CFIP Connector is delivered as a Docker Container. For a secure, PCI-aligned deployment, use the official CloudFormation Template to provision the required Fargate Cluster, KMS Keys, and Private VPCs. Prerequisites include an active AWS account with permissions for ECS/Fargate, KMS, VPC, and IAM role creation. Institutions typically achieve operational status within weeks of initiating deployment.
Refunds and Billing
For questions about billing, usage metering, or refund requests, contact your regional support team via email or phone. Our team will respond and work to resolve your inquiry promptly.
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.