Gain the Benefit of Data Aggregators without the Risk
Mitigate the potential security and fraud risks posed by aggregators, while harnessing the power of open banking to innovate and drive revenue growth.
Manage Aggregator Traffic
Aggregators provide value-added services that improve the overall customer experience for financial institutions (FIs). However, aggregators can use valid credentials to scrape compliant data and bad actors can use aggregators as a vector for account takeover. FIs need a way to manage aggregator traffic and mitigate risk.
Challenges
Consumers enjoy the simplified user experiences and value-added services provided by financial service aggregators. However, aggregators pose risks to FIs and their customers.
Lack of visibility into aggregator traffic
Parsing aggregator traffic is difficult; most FIs are blind to aggregator usage among their customer base.
Account Takeover
Bad actors can exploit aggregators and use them as a vector for account takeover (ATO).
Data protection compliance
Aggregators can exploit their privileged levels of access to scrape sensitive customer data.
Unexpected traffic spikes
Websites and APIs are vulnerable to runaway scripts or abusive aggregators that overload infrastructure.
Why Distributed Cloud Aggregator Management?
Increased visibility
Establish a baseline to understand all traffic and label traffic as human, automated, or aggregator.
Attack prevention
Block attacks from malicious actors posing as legitimate aggregators and prevent credential stuffing.
Access policy enforcement
Ensure aggregators can only access data via authorized channels and under pre-defined limits.
Platform Overview
Securely enable customers to utilize financial aggregators while managing risk
Distributed Cloud Aggregator Management is a managed service that enables organizations to leverage the benefits of aggregators without the risk. Combining intelligence from a global network of known aggregators from the world’s top financial services firms and the power of our rules-assisted machine learning engine, high performance AI, and team of data scientists, we continually monitor aggregator traffic and take corrective actions to ensure aggregators adhere to agreed-upon usage policies.
Authentication visibility
Labels all login attempts as human, automated, or aggregator.
Credential stuffing protection
Detects when attackers are credential stuffing through an aggregator.
Least privilege access
Enforces adherence to access policies required by aggregator.
Anomaly detection
Alerts FIs and aggregators when attacker frameworks have been detected.
Distributed Cloud Aggregator Management Use Cases
Give your customers full access to their data—anywhere, anytime, and through the apps they choose—while also protecting against credential stuffing and ATO risks.
Aggregator Detection
Telemetry models behavior, determines intent, maintains profiles.
Contract Enforcement
Enforce volume and data access limits and report on violations.
Aggregator Identifiers
IPs, ASNs, headers, user agents, user cohort and device mapping.
Mitigation
Universal policy management, plus AI and human intelligence.
Aggregator Reporting
Detailed aggregator traffic analysis and dashboarding.
Ways to Deploy
XC (formerly F5 DCS) Aggregator Management is a cloud-managed service that leverages and extends the capabilities of Distributed Cloud Bot Defense to manage the unique security and fraud risks posed by aggregators, while enabling consumers to experience the value aggregators provide. XC (formerly F5 DCS) Aggregator Management can be deployed on-premises, in a managed cloud, or in the F5 cloud.
On-premises
Deploy as a part of our Enterprise Defense solution as reverse proxy in your datacenter.
Managed cloud
Deploy as part of our Enterprise Defense solution as a reverse proxy in a managed public cloud environment.
F5 Cloud
Deploy as part of our Enterprise Defense solution as a reverse proxy in our cloud.