Listing Thumbnail

    Group-IB Cyber Fraud Intelligence - Distributed Tokenization

     Info
    Sold by: Group-IB 
    Deployed on AWS
    GDPR-validated, PCI-compliant collaborative fraud prevention platform using patented Distributed Tokenization for sub-100ms cross-institutional risk signal sharing without exposing PII.

    Overview

    Play video

    Secure Payment Tokenization and Collaborative Fraud Defense

    The Cyber Fraud Intelligence Platform (CFIP) Connector is a high-security, headless containerized application designed to run on AWS Fargate. It acts as a secure gateway for your payment data, stripping sensitive PII (PANs) and replacing them with anonymized tokens before they ever touch your general storage - enabling real-time collaborative fraud prevention across financial institutions.

    Why CFIP Over Other Privacy-Preserving Approaches:

    Unlike Multi-Party Computation or Homomorphic Encryption, CFIP's patented Distributed Tokenization operates at sub-100ms latency and high TPS, keeping pace with real-time payment applications. Tokens are consistent across all network members, enabling cross-institutional detection without any single party accessing raw data. The solution is vendor-agnostic - banks do not need to replace their existing risk platform. CFIP acts as an added intelligence layer on top of existing systems, increasing efficacy and reducing false positives.

    Proven Real-World Impact:

    Deployed in a national financial network connecting 46 institutions, CFIP delivered measurable results within months:

    • 5x intelligence surge - fraud reports grew from 815 to 4,073 monthly in just 6 months
    • 300+ mule accounts blocked daily through real-time cross-institutional detection
    • $10-15M in fraud prevented yearly with only 5% network adoption
    • Sub-100ms response time enabling instant transaction decisions

    Key Features

    PCI Scope Reduction: Deploys into a dedicated VPC to isolate cardholder data from your main environment, significantly reducing your PCI audit surface.

    Headless Architecture: Fully automated via API and Queue integration with no GUI management required. Integrates with existing risk engines, case management, and transaction monitoring tools.

    Zero Ingress Security: Designed to run with "Deny All Inbound" security groups and no interactive access (no SSH/SSM) for a zero-trust, audit-ready environment.

    Collaborative Intelligence: Safely exchange risk signals with other financial institutions using patented Distributed Tokenization - validated as GDPR-compliant by Bureau Veritas. Raw PII never leaves your environment.

    Data-Agnostic Processing: Tokenize PANs, IBANs, phone numbers, email addresses, device IDs, and IP addresses. Adapt to new fraud schemes without changing core infrastructure.

    Use-Case Scenario

    A bank processing millions of daily authorizations deploys the CFIP Connector on AWS Fargate. When the bank's internal risk engine flags a suspicious transaction, the Connector tokenizes the associated identifiers (PAN, Account number, phone number) within the bank's own firewall. These tokens are shared across the network in real time. If multiple institutions have flagged the same tokenized identity - revealing coordinated mule account activity or synthetic identity fraud - the platform returns enriched risk signals within 100 milliseconds. The bank's risk engine then blocks the transaction before funds transfer, stopping APP fraud, investment scams, and bust-out schemes during the warm-up phase rather than after losses occur.

    Who Is This For?

    Banks, payment providers, telecom operators, e-commerce platforms, crypto services, regulators, and industry associations seeking collaborative fraud defense.

    Deployment

    This product is delivered as a Docker Container. For a secure, PCI-aligned deployment, use the official CloudFormation Template (linked in the usage instructions) to provision the required Fargate Cluster, KMS Keys, and Private VPCs. Institutions can be up and running within weeks of deployment.

    For a guided architecture walkthrough, sandbox pilot, or to discuss deployment tailored to your transaction volume, reach out to your regional Group-IB representative or visit the contacts page.

    Technical Resources

    Download the architecture guide covering tokenization flow, network topology, data-flow diagrams showing where PII is stripped, integration patterns (API/Queue), and the GDPR validation methodology from Bureau Veritas. Share this with your security and infrastructure teams during evaluation.

    About Group-IB

    Founded in 2003, Group-IB brings over 20 years of experience fighting financial crime. An official partner of INTERPOL, Europol, and FS-ISAC, Group-IB's technologies have saved clients over $1 billion USD by preventing fraud and mitigating cyber threats. Recognized as Overall Leader in the 2025 KuppingerCole Leadership Compass for Fraud Reduction Intelligence Platforms.

    Highlights

    • Collaborative Fraud Intelligence With Consistent Tokenization: Enables participating institutions to securely exchange risk signals using patented Distributed Tokenization validated as GDPR-compliant by Bureau Veritas. Tokens are consistent across all network members, enabling cross-institutional detection without exposing raw data. In a national deployment connecting 46 institutions, this network blocks 300+ mule accounts daily.
    • Sub-100ms Real-Time Performance on Zero-Ingress Architecture: Unlike Multi-Party Computation or Homomorphic Encryption, CFIP operates at sub-100ms latency and high TPS to keep pace with real-time payment applications. Features strict "deny-all" inbound design with no interactive access (no SSH/SSM), ensuring a zero-trust, audit-ready environment. Deploys into a dedicated VPC on AWS Fargate to isolate cardholder data and significantly reduce PCI audit scope.
    • Vendor-Agnostic Drop-In Integration: Banks do not need to replace their existing risk platform. CFIP connects to existing risk engines, case management, and transaction monitoring tools via API and Queue integration, acting as an added intelligence layer that increases efficacy and reduces false positives. Data-agnostic design tokenizes PANs, IBANs, phone numbers, device IDs, and more. Institutions can be operational within weeks.

    Details

    Sold by

    Delivery method

    Supported services

    Delivery option

    Latest version

    Operating system
    Linux

    Deployed on AWS
    New

    Introducing multi-product solutions

    You can now purchase comprehensive solutions tailored to use cases and industries.

    Multi-product solutions

    Features and programs

    Financing for AWS Marketplace purchases

    AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
    Financing for AWS Marketplace purchases

    Pricing

    Group-IB Cyber Fraud Intelligence - Distributed Tokenization

     Info
    Pricing is based on actual usage, with charges varying according to how much you consume. Subscriptions have no end date and may be canceled any time.
    Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator  to estimate your infrastructure costs.

    Usage costs (1)

     Info
    Dimension
    Description
    Cost/unit
    Completed Risk Analysis
    A billable unit is counted when the Connector sucessfully receives a response
    $1.00

    Vendor refund policy

    No refunds are provided for this product. All sales are final and subject to the specific terms and conditions outlined in your accepted Private Offer

    Custom pricing options

    Request a private offer to receive a custom quote.

    How can we make this page better?

    Tell us how we can improve this page, or report an issue with this product.
    Tell us how we can improve this page, or report an issue with this product.

    Legal

    Vendor terms and conditions

    Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .

    Content disclaimer

    Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.

    Usage information

     Info

    Delivery details

    Guided deploy v0.21 - wizard-first, 3 modes + HA (arm64 on ECS)

    Supported services: Learn more 
    • Amazon ECS
    Container image

    Containers are lightweight, portable execution environments that wrap server application software in a filesystem that includes everything it needs to run. Container applications run on supported container runtimes and orchestration services, such as Amazon Elastic Container Service (Amazon ECS) or Amazon Elastic Kubernetes Service (Amazon EKS). Both eliminate the need for you to install and operate your own container orchestration software by managing and scheduling containers on a scalable cluster of virtual machines.

    Version release notes

    v0.21 - listing clarity only. No functional change: same v0.20 CloudFormation templates and same 0.18-arm64 image. Renamed the deployment template entries so the guided wizard reads as the clear starting point ('START HERE') and the three direct CloudFormation launch links read as an advanced group ('Advanced direct launch - ...').

    Additional details

    Usage instructions

    Deploy the Group-IB CFIP connector into your own AWS account via an interactive wizard.

    1. Open 'CFIP Deploy Wizard - START HERE' under Deployment resources and choose your network mode (new VPC + new subnets / existing VPC + new subnets / existing VPC + existing subnets). The wizard sends you to a pre-filled CloudFormation form that shows only the fields for that mode. Advanced users can instead click an 'Advanced direct launch' link and pick VPC/subnets/AZs from the console dropdowns.
    2. The stack mints the connector's signing key INSIDE your account (KMS-wrapped, never leaves it), creates the config bucket, and derives your connector id cff-<account-id>-<suffix>. Only a config bucket name is required. Set InstanceCount (1-10) for high availability - all replicas share one identity and one registration. Acknowledge CAPABILITY_IAM.
    3. On CREATE_COMPLETE the connector is healthy behind an internal NLB. Real /report and /query return 500 until Group-IB registers your connector - this is expected. Send the stack's OnboardingHandoff output (public signing certificate + fingerprint + NAT egress IP) to Group-IB through your Group-IB contact.
    4. Retrieve the inbound API key from AWS Secrets Manager (ApiKeySecretArn output); give it only to your anti-fraud callers.

    PILOT ENDPOINT: this version defaults the coordinator to the Group-IB preprod/UAT endpoint for pilot onboarding. TLS on the load balancer is optional (set CertArn); without it the listener is plain TCP 8080 inside your VPC. IAM: the stack creates task/execution/instance roles scoped to ECR pull, config-bucket read, KMS decrypt of the generated key, Secrets Manager read, and Marketplace metering.

    Resources

    Vendor resources

    Support

    Vendor support

    Support Channels

    Customers who deploy the Group-IB Cyber Fraud Intelligence Platform receive 24/7/365 access to dedicated technical and analytical support teams across all regions.

    Regional Support Contacts:

    Support Portal: https://www.group-ib.com/contacts/ 

    What Is Covered

    Our support includes assistance with initial setup, CloudFormation template deployment, Fargate cluster configuration, KMS key provisioning, VPC networking, API integration, and ongoing configuration optimization. Buyers can contact our experts via the secure support portal, email, or phone for real-time assistance, threat analysis, and guidance on mitigating fraudulent activity detected by the platform.

    Deployment Guidance

    The CFIP Connector is delivered as a Docker Container. For a secure, PCI-aligned deployment, use the official CloudFormation Template to provision the required Fargate Cluster, KMS Keys, and Private VPCs. Prerequisites include an active AWS account with permissions for ECS/Fargate, KMS, VPC, and IAM role creation. Institutions typically achieve operational status within weeks of initiating deployment.

    Refunds and Billing

    For questions about billing, usage metering, or refund requests, contact your regional support team via email or phone. Our team will respond and work to resolve your inquiry promptly.

    AWS infrastructure support

    AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.

    Similar products

    Customer reviews

    Ratings and reviews

     Info
    0 ratings
    5 star
    4 star
    3 star
    2 star
    1 star
    0%
    0%
    0%
    0%
    0%
    0 reviews
    No customer reviews yet
    Be the first to review this product . We've partnered with PeerSpot to gather customer feedback. You can share your experience by writing or recording a review, or scheduling a call with a PeerSpot analyst.