DatabaseCategoriesServicesCountriesArticlesNewsletterRequest listing
← Categories

Fraud & Security Companies in Europe

European fraud detection has become a real-time problem. Under the Instant Payments Regulation, money now settles in seconds across the EU, which collapses the window in which a suspicious transaction can be reviewed and stopped. A batch process that flags something the next morning is no longer a fraud control — it is a post-mortem.

The companies below sit in that window. They cover transaction monitoring, behavioural biometrics, device intelligence, identity fraud detection, chargeback protection and payment protection — the layer that decides, in the tens of milliseconds before a payment completes, whether it should.

What fraud detection software actually does

Fraud detection platforms score events in real time. A payment, a login, a signup, a password change — each one arrives with hundreds of signals attached: the device, the IP, the typing cadence, the time of day, the destination account, how this user has behaved for the past six months. The platform weighs those signals against learned patterns and returns a decision, usually inside 100 milliseconds, because a checkout cannot wait.

The hard part is not catching fraud. It is catching fraud without catching everyone else. A model tuned to block every suspicious payment will also block a large number of legitimate ones, and false positives cost real revenue and real customers. Most of the engineering in this category goes into that trade-off.

Why Europe is different

Three forces shape the European market specifically.

Instant payments compress the decision window. Once funds are irrevocable within seconds, prevention has to happen before authorisation rather than after settlement.

PSD2 and Strong Customer Authentication mandate multi-factor checks on most electronic payments, which pushed fraud away from stolen card details and toward manipulating the customer directly. That produced the rise of authorised push payment (APP) fraud, where the victim is socially engineered into authorising the transfer themselves. It is the hardest fraud type in the market, because from the system's perspective the payment is entirely legitimate — properly authenticated, properly authorised. Detecting it means detecting that a human is being coerced, which is why behavioural signals now matter as much as transactional ones.

AMLR, arriving in 2027, folds fraud and financial crime closer together. Firms increasingly want one platform covering fraud, AML and sanctions rather than three systems that don't talk to each other — which is why several vendors here now market themselves as financial crime platforms rather than fraud tools.

Subcategories
Transaction monitoring
Transaction monitoring systems observe financial transactions continuously, looking for patterns associated with money laundering, sanctions violations, and financial crime. Unlike real-time fraud detection (which focuses on preventing individual fraudulent transactions), transaction monitoring takes a longitudinal view — identifying suspicious patterns across a customer's transaction history over time. Banks and payment companies are legally required to monitor transactions and report suspicious activity to financial intelligence units.
Identity fraud detection
Identity fraud detection focuses specifically on the fraud typologies that exploit identity — synthetic identities (fabricated personas combining real and fake data), stolen identities (using another person's credentials), account takeover (gaining unauthorised access to a legitimate account), and first-party fraud (a real person misrepresenting themselves). Identity fraud detection uses document verification, biometric checks, device intelligence, behavioural signals, and cross-reference against fraud databases to catch these patterns at onboarding and throughout the customer lifecycle.
Cybersecurity tools
Cybersecurity tools for financial services protect institutions from digital attacks — data breaches, ransomware, phishing, DDoS attacks, and insider threats. DORA, the EU's Digital Operational Resilience Act fully in force from January 2025, requires financial entities to maintain comprehensive resilience programmes including cyber threat intelligence, penetration testing, and incident response capabilities. Financial services is the most targeted sector for cyberattacks globally, making cybersecurity tooling a critical operational investment.
Payment protection
Payment protection encompasses the tools and processes that secure individual payment transactions against fraud, chargebacks, and unauthorised use. This includes 3D Secure authentication for card payments, device fingerprinting, velocity checks, geolocation verification, and machine learning models that score individual transactions for risk. Payment protection is increasingly important as instant payments reduce the window available to detect and stop fraudulent transactions before funds leave an account.
Behavioral analytics
Behavioral analytics platforms analyse how users interact with digital interfaces — typing rhythm, mouse movement, navigation patterns, swipe speed, and subtle anomalies in normal behaviour — to detect fraud, account takeover, and social engineering scams. Behavioural biometrics is particularly powerful for detecting authorised push payment (APP) fraud, where a legitimate user has been manipulated into authorising a fraudulent transaction. The user's behaviour during the session can reveal coercion or distress even when credentials are technically valid.
How to choose

How to choose

Start with the fraud you actually have. Card-not-present fraud, account takeover, synthetic identity, APP scams and chargeback abuse are different problems with different solutions. A platform strong on e-commerce chargebacks is not automatically strong on mule account detection. Name your top two fraud types before you look at a single vendor.

Ask about false positives, not just detection rates. Any vendor can show you a high catch rate. The number that matters is how many good customers they block to get it, and what your team has to do with the alerts that result. A platform that flags 3% of transactions for manual review is quietly hiring you an ops team.

Check whether you need explainability. Regulators, and increasingly your own risk committee, will ask why a customer was declined. Some platforms return a score; others return the specific signals that drove it. If you are a regulated institution, assume you need the second kind.

Decide if fraud and AML should be one system. Convergence is the direction of travel, and running separate stacks means separate integrations, separate alerts and separate teams looking at the same customer. But a converged platform is a bigger commitment and a harder migration.

Match the vendor to your size. Enterprise-grade platforms built for tier-one banks bring procurement cycles and price tags to match. API-first vendors will have you live in a week. Neither is better; they are built for different companies.

Looking for a head-to-head comparison? Our guide to the best fraud detection APIs for fintech compares Feedzai, SEON, Featurespace, Sift and Sardine on pricing, integration and fit.

European Fraud & Security companies in our database

Hawk
Hawk🇩🇪
Est. 2019

Hawk brings machine learning firepower to financial crime detection, sitting at the intersection of compliance and computational intelligence. Rather than relying on static rule sets that miss novel fraud patterns, Hawk deploys adaptive algorithms that learn from transaction behavior in real time, catching what traditional systems let slip through the cracks. The platform ingests transaction data across multiple channels—payments, transfers, accounts—and surfaces suspicious activity before it becomes a problem. For banks and fintechs drowning in false positives from legacy systems, Hawk promises a different approach: smarter, faster, less noise. Its technology sits on the boundary between compliance necessity and operational efficiency, helping institutions detect actual threats rather than gaming alert thresholds. In an environment where financial crime is increasingly sophisticated and regulatory pressure unrelenting, Hawk positions itself as the thinking alternative to checkbox compliance, offering institutions a genuine competitive edge in the race to stay ahead of bad actors.

Evervault
Evervault🇮🇪
Est. 2020

Evervault is a European cryptography company that lets developers encrypt sensitive data in transit and at rest without rearchitecting their systems. Rather than forcing teams to build custom encryption pipelines or rely on legacy HSM infrastructure, Evervault provides APIs and SDKs that integrate directly into applications—turning what was once a compliance headache into a developer experience problem. The company operates at the infrastructure layer, sitting between your database and your users. It handles encryption orchestration, tokenization, and secure computation without requiring you to manage keys or understand the underlying cryptography. This means your data stays encrypted in your own cloud account, your keys stay with you, and third-party vendors never see plaintext information. In a European market where data residency and privacy regulations have teeth, Evervault solves a real problem: companies need to protect customer data but can't afford to rebuild their entire tech stack. The platform works with existing databases, APIs, and infrastructure, making compliance less of an engineering ordeal. Evervault positions itself as the encryption layer for modern applications—not a database replacement, not a VPN, but the plumbing that makes data protection feel native to your code. It's particularly relevant for fintech companies handling payment cards, personal identifiers, and healthcare records across distributed systems. The company is helping reshape how European companies think about security: not as an afterthought, but as architecture.

ComplyAdvantage
ComplyAdvantage🇬🇧
Est. 2014

Compliance has become the unglamorous backbone of fintech, and ComplyAdvantage is the infrastructure that makes it actually work. The London-based company builds AI-powered screening and monitoring systems that help banks, fintechs, and payment platforms stay ahead of regulatory demand without drowning in noise. Rather than bombarding clients with false positives, ComplyAdvantage's platform learns from transaction patterns and risk signals to flag what actually matters—sanctions evasion, money laundering, terrorist financing, and the shadier corners of global finance. It's compliance automation that doesn't feel like compliance automation. The company serves everyone from established banks tightening their KYC processes to crypto platforms that desperately need credibility with regulators. In a landscape where AML failures cost institutions hundreds of millions in fines, ComplyAdvantage occupies the unglamorous but essential role of making sure your compliance team can actually sleep. The platform has become foundational across Europe and beyond, trusted by institutions that can't afford to miss a single regulatory trick. In the broader fintech stack, ComplyAdvantage represents the maturation of compliance—from spreadsheet-driven checklist to intelligent, real-time risk machine.

Ravelin
Ravelin🇬🇧
Est. 2014

Ravelin is a fraud prevention and risk intelligence platform built for the modern payment landscape. Rather than relying on outdated blacklists and rule engines, the company uses behavioral analytics and machine learning to distinguish legitimate transactions from fraudulent ones in real time. The platform sits between merchants and payment processors, analyzing transaction patterns, user behavior, and contextual signals to catch fraud before it hits the books. Ravelin's approach acknowledges a fundamental tension in fintech: overly aggressive fraud screening kills conversions, while loose controls breed chargebacks. The company's API-first architecture means it integrates directly into checkout flows without requiring merchants to rebuild their payments infrastructure. What sets Ravelin apart is its focus on the nuance between fraud risk and business risk. Many competitors offer binary accept-or-decline decisions; Ravelin surfaces risk scores and behavioral indicators, letting merchants make informed decisions about which transactions to challenge, approve, or send to manual review. This flexibility matters especially for high-value or unusual transactions where false positives hurt revenue. Ravelin operates primarily in the B2B space, serving mid-market and enterprise merchants across e-commerce, travel, and fintech. The company competes in a crowded fraud detection market dominated by established players, but gains ground through superior machine learning models and a merchant-centric product philosophy. As payment volumes continue to surge across Europe and digital fraud becomes increasingly sophisticated, Ravelin's technology sits at a critical chokepoint in the transaction flow.

Callsign
Callsign🇬🇧
Est. 2012

Fraud prevention and digital identity verification have become the unglamorous but critical backbone of modern fintech. Callsign approaches this from an angle most security vendors miss: behavioral biometrics and real-time risk assessment that happen silently in the background, rather than tripping up legitimate users with friction-heavy verification steps. The London-based company combines device intelligence, behavioral patterns, and contextual analysis to spot fraudsters and authenticate users without making them jump through hoops. Where traditional identity verification often feels like airport security—exhausting and necessary—Callsign's approach is more like a doorman who knows your face. It's built for financial services, payments processors, and regulated platforms that need to balance security with user experience. The company works across account opening, transaction authentication, and ongoing monitoring, meaning it can catch both the obvious fraud attempts and the sophisticated ones that look almost legitimate. In a landscape crowded with point solutions, Callsign stands out by offering something closer to continuous, intelligent risk assessment than binary yes-or-no identity checks. For European fintechs growing fast and handling real money, this kind of frictionless security is no longer a nice-to-have—it's becoming the baseline expectation.

Feedzai
Feedzai🇵🇹
Est. 2010

Feedzai is a fraud detection and financial crime prevention platform that works behind the scenes for banks, payment processors, and fintech companies across Europe and beyond. The company uses machine learning to spot suspicious transactions in real time, flagging fraud before it costs institutions millions while keeping legitimate customers from being blocked unnecessarily. Unlike legacy fraud systems that rely on rigid rules and lag behind new attack patterns, Feedzai's approach adapts continuously, learning from emerging threats across its network of financial institutions. The platform handles everything from card fraud and money laundering to synthetic identity schemes and account takeover attempts. It's become a critical layer of defense for institutions managing enormous transaction volumes, where manual review is impossible and false positives destroy customer experience. In the European market, Feedzai competes alongside more traditional risk vendors but stands out through its speed and sophistication. Banks increasingly rely on AI-driven systems rather than rule-based gatekeepers, and Feedzai has positioned itself as the intelligent alternative that doesn't just block transactions—it understands behavior. The company serves everyone from global systemically important banks to smaller regional players, offering both real-time decisioning and historical analytics. Feedzai represents a broader shift in how financial institutions approach security: from reactive policing to predictive intelligence.

View all 19 Fraud & Security companies →

Frequently asked questions

What is a fraud detection API?
A fraud detection API scores an event — a payment, a login, a signup — in real time and returns a risk decision, usually within 100 milliseconds. Your system sends the transaction details, the API weighs hundreds of signals against learned fraud patterns, and you get back an approve, decline or review response before the payment completes.
What is the difference between a fraud detection API and a fraud detection platform?
In practice the terms are used interchangeably, but an API usually means an integration-first product you call from your own code, while a platform implies a fuller system with a case management console, analyst workflows and reporting. Larger institutions tend to need the platform; API-first fintechs often only need the endpoint.
How much does fraud detection software cost?
Pricing is almost always custom and typically scales with transaction volume, with enterprise contracts negotiated annually. API-first vendors are more likely to publish per-call or tiered pricing. The larger hidden cost is usually operational: a platform with a high false-positive rate generates alerts that someone has to review.
What is APP fraud and why is it so hard to detect?
Authorised push payment fraud is when a criminal manipulates the victim into sending the money themselves — impersonating a bank, a supplier or a government agency. It is difficult because the payment is technically legitimate: correctly authenticated, correctly authorised, and initiated by the real customer. Detecting it means spotting behavioural signs that someone is being coached or pressured, rather than anything wrong with the transaction itself.
Do European fintechs need fraud detection to be compliant?
There is no single rule requiring a specific vendor, but PSD2 requires transaction risk analysis, AML rules require transaction monitoring, and regulators expect firms to demonstrate that their controls work. In practice, a regulated European financial institution operating at any scale needs a fraud and monitoring system it can explain to a supervisor.