BlackIceHQ – detecting account takeover from login sequences

blackicehq.com · alexmocki · 4 days ago · view on HN · research
quality 7/10 · good
0 net
Tags
account-takeover login-sequences
BlackIce — Explainable Fraud Intelligence Fraud Intelligence Platform Fraud is a sequence. Treat it like one. BlackIce detects impossible travel, credential stuffing, and token abuse in milliseconds—before damage occurs. Other systems ask: 'Did something bad happen?' BlackIce asks: 'How is this attacker thinking — and where do they strike next?' See Live Demo Request Access ✓ DETERMINISTIC DECISIONS ✓ REPLAY-BASED AUDITING ✓ IMPOSSIBLE TRAVEL DETECTION ✓ TOKEN REUSE ANALYSIS ✓ ADVERSARIAL SIMULATION ✓ FULLY EXPLAINABLE SCORING ✓ FASTAPI + DOCKER READY ✓ OPENAPI SCHEMA ✓ DETERMINISTIC DECISIONS ✓ REPLAY-BASED AUDITING ✓ IMPOSSIBLE TRAVEL DETECTION ✓ TOKEN REUSE ANALYSIS ✓ ADVERSARIAL SIMULATION ✓ FULLY EXPLAINABLE SCORING ✓ FASTAPI + DOCKER READY ✓ OPENAPI SCHEMA Problem Fraud is evolving. Detection tools can’t keep up. Modern fraudsters bypass rule engines, rotate IPs, and reuse tokens. Legacy systems mark it as normal traffic. 🕳️ Black Box Decisions You get a risk score. No explanation. When a regulator asks why you blocked a transaction — you can't answer. 📸 Event-Level Blindness Attackers spread activity across time windows. Single-event detection misses 80% of sophisticated ATO attacks. 🔁 No Audit Trail Can you replay exactly what triggered a block 6 months ago? If not, you fail PSD2, SOC2, and internal audits. 🎯 Static Rules Lose Sophisticated attackers learn your thresholds. They stay just below. Your rules don't evolve. They do. How It Works Detection that thinks like a defender 01 Ingest Events Send authentication events via API or JSONL file. Tokens, IPs, devices, geography, timestamps. 02 Replay Narratives BlackIce reconstructs attacker sequences — correlating behavior across identities, not just sessions. 03 Explainable Decision Every BLOCK, STEP_UP, or ALLOW comes with reason codes, evidence, and a risk score you can audit. 04 Enforce & Adapt Connect to your enforcement layer. Run simulations before deploying rule changes. No surprises. Live Demo Run Detection Now Pick an attack scenario. BlackIce explains exactly why it triggered—and what evidence was used. blackice — detection engine v0.1 — interactive demo Select Attack Scenario ✈️ Impossible Travel 🔑 Token Reuse Across Devices 💥 Credential Stuffing Burst 🕵️ Stealth Attacker ▶ Run Simulator Detection Output ⚡ Select a scenario and run detection Why BlackIce Built for teams who need to explain themselves When your regulator, your board, or your customer asks "why was this blocked?" — you have an answer. 🧠 Deterministic Engine No ML black boxes. Every decision follows explicit, auditable rules. Same input always produces same output. 🎬 Replay-Based Auditing Every detection is replayable. Travel back to any decision, 6 months later, and reconstruct the exact evidence chain. 🛡️ Adversarial Simulation Test your rules against adaptive attackers before deploying. Know your blind spots before the attacker finds them. 🔍 Trust Memory Per User BlackIce builds a behavioral baseline per identity. Anomalies detected relative to that user's history. 🚦 Audit Gate (Strict Mode) Fail the pipeline if normalization would silently change a decision. Compliance teams love this. ⚡ Deploy in Hours FastAPI + Docker. OpenAPI schema. REST endpoints. Integrate with your stack in hours, not months. Comparison How BlackIce compares Capability BlackIce Rule Engines ML Platforms Explainable decisions ✓ Always ⚡ Partial ✗ Rarely Replayable audit trail ✓ Built-in ✗ No ✗ No Sequence-aware detection ✓ Core feature ✗ Event-only ⚡ Varies Adversarial simulation ✓ Built-in ✗ No ✗ No Deploy without data scientists ✓ Yes ✓ Yes ✗ Requires ML team PSD2 / SOC2 audit readiness ✓ Yes ⚡ Partial ✗ Difficult Pricing Stop fraud before it costs you. $32B lost to fraud every year. Detect account takeovers, credential stuffing, and fraud rings in real time — fully explainable, no black box. ⬡ EARLY ACCESS · FREE BETA 3 spots left 30 days free or 10,000 events — whichever comes first PROTECTS AGAINST: ✓ Account takeover (ATO) ✓ Credential stuffing ✓ Impossible travel attacks ✓ Anonymous proxy abuse ✓ Fraud rings Get API Access → After trial: $0.002/event · No monthly minimum · Cancel anytime <50ms P99 latency 100% explainable WHAT YOU GET: → Full REST API access → Explainable decisions — no black box → Direct line to founders → PSD2 & SOC2-ready audit trail API-first Real-time Docker ready Built for fintech AFTER BETA — TRANSPARENT USAGE PRICING PAY AS YOU GO $0.002 / event No minimum · Cancel anytime 10k events → $20/mo 100k events → $200/mo 500k events → $1,000/mo COMMITTED VOLUME · 50% OFF $0.001 / event 500k+ events/mo 500k events → $500/mo 1M events → $1,000/mo 5M events → $5,000/mo Need custom contract, SLA, or on-premise? Talk to us → Ready to see it on your data? We work with a small number of early partners. Tell us where you're seeing fraud — and we'll show you what BlackIce finds. Request Access No pitch decks. No sales calls unless you want one. Just a real conversation. × Get Early Access Tell us a bit about yourself. We'll be in touch within 24 hours. First Name * Last Name * Work Email * Job Title * Select role CTO / CIO Head of Risk / Fraud Head of Security Software Engineer Product Manager Founder / CEO Other Company Size * Select size 1–10 11–50 51–200 201–1000 1000+ Company Name * Industry Select industry Fintech / Payments Banking E-commerce Aviation / Transport Telecom Healthcare Other Where are you seeing fraud? (optional) Request Access → ✅ You're on the list. We'll be in touch at your email within 24 hours. In the meantime — explore the live demo below. See Live Demo →
← Back to stories