Fraud Intelligence Platform

Fraud is a sequence.
Treat it like one.

BlackIce detects impossible travel, credential stuffing, and token abuse in milliseconds—before damage occurs.

Other systems ask: 'Did something bad happen?' BlackIce asks: 'How is this attacker thinking — and where do they strike next?'
See Live Demo Request Access
DETERMINISTIC DECISIONS REPLAY-BASED AUDITING IMPOSSIBLE TRAVEL DETECTION TOKEN REUSE ANALYSIS ADVERSARIAL SIMULATION FULLY EXPLAINABLE SCORING FASTAPI + DOCKER READY OPENAPI SCHEMA DETERMINISTIC DECISIONS REPLAY-BASED AUDITING IMPOSSIBLE TRAVEL DETECTION TOKEN REUSE ANALYSIS ADVERSARIAL SIMULATION FULLY EXPLAINABLE SCORING FASTAPI + DOCKER READY OPENAPI SCHEMA
Problem

Fraud is evolving. Detection tools can’t keep up.

Modern fraudsters bypass rule engines, rotate IPs, and reuse tokens. Legacy systems mark it as normal traffic.

🕳️

Black Box Decisions

You get a risk score. No explanation. When a regulator asks why you blocked a transaction — you can't answer.

📸

Event-Level Blindness

Attackers spread activity across time windows. Single-event detection misses 80% of sophisticated ATO attacks.

🔁

No Audit Trail

Can you replay exactly what triggered a block 6 months ago? If not, you fail PSD2, SOC2, and internal audits.

🎯

Static Rules Lose

Sophisticated attackers learn your thresholds. They stay just below. Your rules don't evolve. They do.

How It Works

Detection that thinks like a defender

01

Ingest Events

Send authentication events via API or JSONL file. Tokens, IPs, devices, geography, timestamps.

02

Replay Narratives

BlackIce reconstructs attacker sequences — correlating behavior across identities, not just sessions.

03

Explainable Decision

Every BLOCK, STEP_UP, or ALLOW comes with reason codes, evidence, and a risk score you can audit.

04

Enforce & Adapt

Connect to your enforcement layer. Run simulations before deploying rule changes. No surprises.

Live Demo

Run Detection Now

Pick an attack scenario. BlackIce explains exactly why it triggered—and what evidence was used.

blackice — detection engine v0.1 — interactive demo

Select Attack Scenario

Detection Output

Select a scenario and run detection
Why BlackIce

Built for teams who need to explain themselves

When your regulator, your board, or your customer asks "why was this blocked?" — you have an answer.

🧠

Deterministic Engine

No ML black boxes. Every decision follows explicit, auditable rules. Same input always produces same output.

🎬

Replay-Based Auditing

Every detection is replayable. Travel back to any decision, 6 months later, and reconstruct the exact evidence chain.

🛡️

Adversarial Simulation

Test your rules against adaptive attackers before deploying. Know your blind spots before the attacker finds them.

🔍

Trust Memory Per User

BlackIce builds a behavioral baseline per identity. Anomalies detected relative to that user's history.

🚦

Audit Gate (Strict Mode)

Fail the pipeline if normalization would silently change a decision. Compliance teams love this.

Deploy in Hours

FastAPI + Docker. OpenAPI schema. REST endpoints. Integrate with your stack in hours, not months.

Comparison

How BlackIce compares

Capability BlackIce Rule Engines ML Platforms
Explainable decisions✓ Always⚡ Partial✗ Rarely
Replayable audit trail✓ Built-in✗ No✗ No
Sequence-aware detection✓ Core feature✗ Event-only⚡ Varies
Adversarial simulation✓ Built-in✗ No✗ No
Deploy without data scientists✓ Yes✓ Yes✗ Requires ML team
PSD2 / SOC2 audit readiness✓ Yes⚡ Partial✗ Difficult

Ready to see it on your data?

We work with a small number of early partners. Tell us where you're seeing fraud — and we'll show you what BlackIce finds.

No pitch decks. No sales calls unless you want one. Just a real conversation.