Every fraud tool defends the payment.
We defend the customer.
Fraud controls fire when the money is already leaving the account. Straja stops the scam one step earlier, on the customer's own device, before they ever authorise the payment.
As mandatory reimbursement for authorised-push-payment (APP) fraud moves into EU law, the cost of each scam falls on the bank, regardless of whether it could have stopped the payment.
Scams are rising. AI is making it worse.
AI makes convincing fake sites, emails and voice calls cheap and instant. The attack no longer targets your systems, it targets your customer's judgement, in the seconds before they tap "confirm".
Rise in gen-AI-assisted scams in the last 12 months.
Estimated annual cost of the global scam epidemic, and growing fast.
Of breaches exploit the human element, not a technical flaw.
Everyone defends the payment.
Nobody defends the customer.
A fake site, email, SMS or QR reaches the customer.
They believe the scammer, alone, and in a hurry.
They approve it themselves, so every check sees a legitimate transfer.
Only now do fraud controls fire, after the funds have left.
The reimbursement falls on you.
The customer requests reimbursement; the bank pays. But the refund is only part of it, every claim also burns investigation, contact-centre and compliance time.
Lost per customer, every year, to authorised-push-payment fraud, a recurring cost across the whole book that new reimbursement rules place on the bank.
The refund is the part you see. The work behind every claim costs far more, and Straja removes a third of all of it, before a case ever starts.
- The refund itselfvisible58%Money paid back to the victim, the only visible cost.
- Staff investigation14%Case review, evidence, decisioning.
- Contact-centre handling11%Distressed customers, repeat calls.
- Legal & compliance9%Regulatory returns, audit trails.
- Recovery attempts8%Chasing funds that already moved.
~35% reduction is an internal estimate based on industry benchmark deployments, to be validated in pilot. Cost-composition shares (the ≈1.7× all-in multiplier) are illustrative.
Where this is already law.
Since October 2024, UK banks must reimburse victims of authorised-push-payment scams. It is the clearest preview of where EU regulation, PSD3, is heading from 2026.
£450M is lost to APP scams each year across ~50M UK account holders; £267.1M was reimbursed last year alone.
One engine. Thousands of sensors. Zero blind spot.
Straja lives where the scam happens, on the customer's device, as a browser extension and app. Every protected customer is a sensor: what one device sees, the whole network learns instantly. Shared signals are de-identified scam patterns and URLs, never personal, account or balance data.
Outperforming traditional protection engines.
Blocklists only catch scams that are already known. Straja reasons about a page the way an analyst would, so it catches brand-new campaigns on first sight.
Internal benchmark on 500 confirmed scam domains that were novel or unlisted at test time, blocklists score low because the domains were unseen. False-positive rate measured separately on legitimate traffic.
Scam detection at a 4% false-positive rate, concentrated in genuine gray-area content.
Apps globally that scan QR codes safely, a fast-growing scam channel banks can't see.
Checks run in real-world use, a live Chrome extension and 9,000+ mobile installs. Proven in the wild, built to scale with you.
Real savings now. Optional upside later.
The UK loses about £450M to APP scams a year across ~50M account holders, roughly £9 each, which we model at ~€9 EU-wide. Straja targets a ~35% cut to that exposure, before the payment is ever authorised. Move the slider to size it for your book.
We don't ask you to take ~35% on faith, a pilot measures it against your own baseline before you scale. Loss-reduction and premium-adoption rates here are illustrative until validated on your data.
Built to clear a bank's review.
Straja runs on the customer's device and never touches your core systems. It analyses what a customer chooses to check, never their accounts, balances or transactions.
Runs as a customer-device extension and app, zero connection to your core banking systems or payment rails.
Straja sees the sites, links, emails and QR codes a customer checks, never their accounts, balances or transactions.
Data is processed and stored in the EU and built to GDPR from the ground up. A DPA is available on request.
Network intelligence is scam patterns and URLs, not personal or account data, so coverage improves without exposing customers.
Protection is opt-in per customer; scan history is theirs to view and clear at any time.
Data-flow diagrams, sub-processor list and our certification roadmap are available to your security team under NDA.
EU-hosted · GDPR-aligned · DPA and security documentation available on request.
Prove the savings. Then scale.
A focused pilot on your highest-risk segment, measured against your own baseline. Provisioned by code, no internal development, live in days.
- 01Step 01Measure the baseline
Establish current APP losses and agree the target metric for liability reduction.
- 02Step 02Secure the segment
Select a group of high-risk customers where protection has the greatest impact.
- 03Step 03Provision the segment
The bank issues activation codes; customers activate the Straja app and extension themselves. No core-system integration, live in days.
- Step 04Validate the ROI
Measure payout savings against baseline, then decide to scale with confidence.
Regulation and risk are moving together.
EU payment-services reform extends bank liability for impersonation ("spoofing") fraud across the single market, expected from 2026.
Mandatory reimbursement is already live in the UK and moving into EU law, a fixed, recurring cost on the sector.
Bank fraud-prevention spend is forecast to nearly double by 2026 (Juniper Research).
Romania-born and operating across the EU, EU-hosted and GDPR-aligned, ready for European banks today.
Questions banks ask.
How Straja deploys, what it touches, and how the savings are proven.
Defend the customer.
Cut the liability.
Pick a high-risk segment, measure the baseline, and let the savings make the case. Live in days, with no IT build.