Client: Commercial bank with 3M+ mobile banking users
Scope: Anti-fraud / online transaction security (web + mobile app)
Integration: Mobile application (library) + REST API for risk scoring delivery
Result: Full protection coverage against remote desktop attacks across web and mobile channels
The bank was already using Remote Desktop Detection in the web channel, where a clear risk signal supported real-time anti-fraud decisions. The scoring indicated the exact moment of session takeover, and alerts included the applications used during the attack, reducing false positives. As a result, the solution improved detection precision and significantly reduced fraud and related losses.
Initially, there were no plans to extend the solution to the mobile application. The bank relied on its own anti-fraud mechanisms in mobile, and any additional implementation required justification in terms of cost, risk, and release cycle impact.
Operational practice showed, however, that remote desktop takeovers often occurred not at login, but during the session – while executing transactions, breaking deposits, or during loan processes. This exposed a gap in the mobile channel: existing mechanisms detected anomalies mainly at login, with no visibility into post-login activity. As a result, fraud executed during active sessions could go undetected. With more than 3 million active mobile banking users (and a growing base), the mobile channel became operationally as critical as web.
Additionally, maintaining mobile protection consumed a disproportionate amount of time – teams were more often focused on updates, analyzing new attack scenarios, and patching gaps than on improving detection, which reduced operational efficiency in the mobile channel.
In the mobile application, Remote Desktop Detection for Mobile was introduced as an additional source of risk events and scoring, ensuring visibility into remote access attacks not only at login but throughout the entire session. This provided a level of signal confidence comparable to the web channel. Integration required adding a lightweight library and invoking a single function, with no architectural changes and without replacing the bank’s existing fraud prevention system.
The solution combines active and passive detection techniques supported by AI/ML, giving the bank a clear, high-confidence signal-not only that remote desktop tools are present, but also when control is actually taken over during a live session.
Crucially, the protection is effective from day one. It does not require weeks of behavioural “training” or a calibration phase, which means it works equally well for brand-new customers and infrequent users and can feed existing real-time response rules immediately after integration. Implementation risk was also kept low. Built with privacy-by-design principles (without behavioural analytics), it typically avoids the need for additional customer consents or lengthy compliance discussions, while introducing no user-facing friction and raising no concerns about app performance or the mobile release cycle.
After deployment, the bank obtained a mobile risk scoring quality equivalent to web, which directly enabled more effective mitigation of remote access scams and account takeover (ATO) executed during in-app sessions. The signal became clear and unambiguous, eliminating the need for manual reviews in these scenarios and enabling faster, more consistent decision-making.
The bank also unified response policies across channels – the same risk scenarios were handled identically in web and mobile – and aligned protection standards across Android and iOS. Operationally, teams regained time: less effort was required for ongoing mobile protection maintenance, and fewer ambiguous cases required investigation.
