Skip to content
VigilGuard Logo VigilGuard
Contact Us
EASM Platform VendorGuard ITRM Platform

Transaction Security

Transaction Security

Section titled “Transaction Security”

4 automated security scanners

Transaction Monitoring Systems

Section titled “Transaction Monitoring Systems”

Purpose: The Transaction Monitoring Systems Scanner is designed to assess the effectiveness of transaction monitoring systems by evaluating breach disclosure language, alert quality, and investigation tools. This tool helps identify potential weaknesses in how organizations detect, report, and respond to security incidents.

What It Detects:

  • Breach Mentions: Detects mentions of data breaches, security incidents, unauthorized access, and compromised systems using specific patterns such as “data breach”, “security incident”, “unauthorized access”, and “compromised”.
  • Tech Stack Disclosure: Identifies disclosures related to the technology stack used by the organization, which can indicate potential vulnerabilities or areas of focus in security monitoring. This includes patterns like “experience with AWS”, “proficiency in Terraform”, and “knowledge of Splunk”.
  • Certification Claims: Checks for claims of certifications such as SOC 2, ISO 27001, PCI DSS, and HIPAA compliance to assess the organization’s adherence to security standards.
  • Security Incident Coverage: Analyzes public sources like news articles and job boards for mentions of security incidents related to the organization, utilizing APIs for data gathering.
  • Code Repository Analysis: Searches GitHub repositories for code that may indicate vulnerabilities or misconfigurations in transaction monitoring systems using specific keywords and patterns within repository content.

Inputs Required:

  • domain (string): The primary domain to analyze, such as “acme.com”, which helps in searching the company’s site for incident disclosures.
  • company_name (string): The company name is used for statement searching and identifying relevant code patterns within GitHub repositories.

Business Impact: This scanner is crucial for organizations aiming to enhance their security posture by proactively detecting potential weaknesses in their transaction monitoring systems, which are essential for safeguarding sensitive data and maintaining operational resilience.

Risk Levels:

  • Critical: Conditions that directly lead to severe security breaches or significant financial loss.
  • High: Conditions that could significantly impact the organization’s operations or reputation, requiring immediate attention.
  • Medium: Conditions that may indicate vulnerabilities but do not pose an immediate threat, suggesting a need for improvement.
  • Low: Informative findings that provide insights into potential areas for optimization without critical security implications.
  • Info: General information about the organization’s technology stack and compliance status, which does not directly affect security risk levels.

If specific conditions for each risk level are not detailed in the README, they have been inferred based on the scanner’s purpose and impact.

Example Findings:

  • The scanner might flag a breach disclosure stating “We were notified of a significant data breach affecting customer information.”
  • A tech stack disclosure indicating lack of proficiency in using advanced security tools like Splunk could be flagged as it may indicate potential weaknesses in incident detection.

Wire Transfer Fraud

Section titled “Wire Transfer Fraud”

Purpose: The Wire Transfer Fraud Scanner is designed to detect and alert users about potential business email compromise (BEC) scams, SWIFT fraud, and mule accounts by analyzing publicly available information such as breach disclosures, LinkedIn profiles, GitHub repositories, news articles, job boards, and SEC filings.

What It Detects:

  • BEC Scam Indicators: The scanner identifies suspicious email patterns that suggest phishing attempts, urgent requests for wire transfers or financial transactions, and impersonation language targeting specific individuals within the organization.
  • SWIFT Fraud Patterns: It searches for mentions of SWIFT transactions and related anomalies, detects unusual financial activities or large sums being transferred, and flags references to unauthorized access to banking systems.
  • Mule Account Detection: The tool identifies profiles on LinkedIn that match common mule account characteristics, checks job postings or resumes indicating involvement in money laundering or financial crimes, and verifies suspicious transaction histories or unusual employment backgrounds.
  • Breach Mentions and Security Incidents: It looks for mentions of data breaches, security incidents, unauthorized access, or compromised systems, detecting patterns related to breach disclosures on company websites, news articles, and job boards.
  • Technical Stack Disclosure: The scanner identifies technology stack disclosures that may indicate vulnerabilities or misconfigurations, including mentions of cloud services (AWS, Azure, GCP), container orchestration tools (Kubernetes), configuration management tools (Terraform, Ansible, Docker), and monitoring solutions (Splunk, Datadog, Elastic).

Inputs Required:

  • domain (string): Primary domain to analyze (e.g., acme.com) - This is necessary for searching breach disclosures, LinkedIn profiles, GitHub repositories, news articles, and SEC filings related to the company’s activities.
  • company_name (string): Company name for statement searching (e.g., “Acme Corporation”) - Used in searches on LinkedIn, job boards, and potentially within company websites to identify relevant information about breaches, security incidents, or financial transactions.

Business Impact: This scanner is crucial for organizations looking to protect themselves against BEC scams, SWIFT fraud, and mule accounts that can lead to significant financial losses and reputational damage. It helps in identifying potential threats early on, allowing for proactive measures to be taken to mitigate risks.

Risk Levels:

  • Critical: The scanner flags conditions where unauthorized access has been detected in the company’s systems or there is a clear indication of a security incident that could lead to significant data breaches.
  • High: Conditions such as suspicious email patterns indicating phishing attempts and impersonation language targeting specific individuals are considered high risk, as they directly relate to BEC scams and potential fraud scenarios.
  • Medium: The detection of unusual financial activities or large sums being transferred can be considered medium risk, signaling the need for further investigation into potential fraudulent transactions.
  • Low: Informational findings such as mentions in SEC filings about potential risks related to financial transactions are considered low risk but still provide valuable insights that could influence security strategies and practices.
  • Info: Breach mentions on company websites or news articles provide informational value, helping users understand the current cybersecurity posture of the organization.

Example Findings:

  • The scanner might flag a suspicious email pattern indicating an attempt to impersonate a CEO for urgent financial requests that could be part of a BEC scam.
  • It might also detect unusual mentions in SEC filings about potential risks related to wire transfer activities, signaling a need for enhanced internal controls and external audits.

Real-time Fraud Prevention

Section titled “Real-time Fraud Prevention”

Purpose: The Real-time Fraud Prevention Scanner is designed to detect transaction velocity and behavioral anomalies in real-time, aiming to prevent fraudulent activities by analyzing transaction patterns and user behavior. It helps identify suspicious transactions that may indicate potential fraud.

What It Detects:

  • Transaction Velocity Anomalies: Unusually high volumes of transactions within a short period or rapid succession of transactions from the same account or IP address are flagged as anomalies.
  • Behavioral Anomalies: Transactions with unusual amounts, locations, or times that deviate significantly from historical data are detected and marked as suspicious.
  • Suspicious Account Activity: Accounts showing multiple failed login attempts or newly created accounts involved in high-value transactions are scrutinized for potential fraud.
  • Geolocation Discrepancies: Transactions whose geolocations do not align with the user’s known address or recent travel history are flagged for further investigation.
  • Device Fingerprinting Mismatches: Transactions made from devices that do not match the user’s typical devices are identified as anomalies, potentially indicating fraudulent activity.

Inputs Required:

  • domain (string): The primary domain to be analyzed, which helps in identifying and monitoring suspicious activities across the platform.
  • company_name (string): The company name is used for searching relevant breach disclosure statements, ensuring that potential security incidents are not overlooked.

Business Impact: This scanner plays a crucial role in maintaining the integrity of financial transactions by swiftly detecting anomalies that could indicate fraudulent activity. It helps organizations proactively respond to threats and protect their customers’ assets from harm.

Risk Levels:

  • Critical: Conditions such as sudden spikes in transaction volume or unusual geolocation shifts can lead to critical severity if they are indicative of unauthorized access, data breaches, or other severe security incidents.
  • High: Anomalies involving failed login attempts and newly created accounts involved in high-value transactions pose a significant risk and should be closely monitored for potential fraudulent activities.
  • Medium: Deviations from typical transaction patterns that do not necessarily indicate immediate fraud but warrant investigation to ensure the integrity of financial operations are considered medium severity risks.
  • Low: Informational findings such as minor geolocation discrepancies or device fingerprint mismatches, while still worth monitoring, generally pose a lower risk unless they escalate in frequency or volume.
  • Info: These include standard deviations from normal behavior that do not necessarily indicate any immediate threat but are monitored for future trends and potential issues.

Example Findings:

  1. A sudden increase in the number of transactions from an account typically used for low-value transactions to a high-value transaction, followed by multiple failed attempts to escalate the amount, could be indicative of attempted fraud.
  2. An IP address associated with numerous transactions that suddenly changes its geolocation to one far removed from usual locations, suggesting potential misuse or unauthorized access.

Money Laundering Detection

Section titled “Money Laundering Detection”

Purpose: The Money Laundering Detection Scanner is designed to identify potential money laundering activities by detecting layering, structuring, and the use of shell companies through publicly available data sources. This tool helps in uncovering suspicious financial transactions and corporate structures that may be indicative of illicit financial practices.

What It Detects:

  • Layering Patterns: Detection of multiple bank accounts or entities used to transfer funds in a way that obscures the source, including frequent small deposits and withdrawals from different accounts.
  • Structuring Patterns: Recognition of transactions designed to avoid reporting thresholds, often involving multiple smaller transactions instead of one large transaction, as well as pattern matching for repetitive transactions that align with known structuring tactics.
  • Shell Company Usage: Identification of companies with minimal operations or assets that are used as fronts for financial activities, particularly those registered in jurisdictions known for lax regulatory oversight.
  • Suspicious Financial Transactions: Analysis of transaction patterns that deviate from normal business practices, such as large cash transactions or unusual international transfers.
  • Corporate Structure Anomalies: Examination of corporate structures to identify complex ownership chains or entities with no apparent business purpose, including companies with minimal public information or those that do not match the stated business activities.

Inputs Required:

  • domain (string): Primary domain to analyze (e.g., acme.com)
  • company_name (string): Company name for statement searching (e.g., “Acme Corporation”)

Business Impact: This scanner is crucial for enhancing the security posture of financial institutions and regulatory bodies by identifying potential money laundering activities, which can help prevent illicit financial practices and maintain compliance with regulations.

Risk Levels:

  • Critical: Conditions that directly lead to significant financial loss or exposure to legal penalties, such as undetected layering patterns affecting high-value transactions.
  • High: Conditions that significantly increase the risk of money laundering, including structuring patterns involving multiple smaller transactions and shell company usage in critical jurisdictions.
  • Medium: Conditions that moderately increase the risk of money laundering, such as suspicious financial transactions not aligning with normal business practices.
  • Low: Conditions that minimally affect the risk of money laundering, typically informational findings about corporate structure anomalies requiring further investigation.
  • Info: Informational findings regarding minor deviations in transaction patterns or minimal public information about companies, which may require monitoring but do not pose immediate risks.

Example Findings:

  1. A company with multiple small deposits and withdrawals from different accounts, indicating potential layering for money laundering purposes.
  2. A shell company registered in a jurisdiction known for lax regulatory oversight, used as a means to obscure financial activities.