We’ve grown, Scamy.io is now StrajaNew products, a more mature platform, built to keep you safer than ever.

Straja for financial institutions

Every fraud tool defends the payment. We defend the customer.

Fraud controls fire when the money is already leaving the account. Straja stops the scam one step earlier, on the customer's own device, before they ever authorise the payment.

The case, at a glance
€0
lost per customer a year to APP fraud
0%
of scams caught before the click
~0%
fewer losses, before payment
PSD3
EU refund mandate · 2026

As mandatory reimbursement for authorised-push-payment (APP) fraud moves into EU law, the cost of each scam falls on the bank, regardless of whether it could have stopped the payment.

On-deviceno core integration
Daysto deploy, no IT build
EU-hostedGDPR-aligned, no banking data
Alongsideyour existing fraud controls
The problem

Scams are rising. AI is making it worse.

AI makes convincing fake sites, emails and voice calls cheap and instant. The attack no longer targets your systems, it targets your customer's judgement, in the seconds before they tap "confirm".

+0%

Rise in gen-AI-assisted scams in the last 12 months.

$0B

Estimated annual cost of the global scam epidemic, and growing fast.

~0%

Of breaches exploit the human element, not a technical flaw.

Deception channels:fake websitesphishing emailSMiShingvishing callsfake QR codes· Sources: FTC, Verizon DBIR, Sift
Anatomy of a scam

Everyone defends the payment.
Nobody defends the customer.

With Strajacaught at the source, the chain never completes
Step 1 · The bait
Deception lands

A fake site, email, SMS or QR reaches the customer.

Step 2 · The hook
Customer convinced

They believe the scammer, alone, and in a hurry.

Prevented
Step 3 · The act
Payment authorised

They approve it themselves, so every check sees a legitimate transfer.

Prevented
Step 4 · Too late
Money is gone

Only now do fraud controls fire, after the funds have left.

Prevented
Straja stops it here
Bank fraud controls fire here
Who pays the bill

The reimbursement falls on you.

The customer requests reimbursement; the bank pays. But the refund is only part of it, every claim also burns investigation, contact-centre and compliance time.

The cost of APP scams
~€0

Lost per customer, every year, to authorised-push-payment fraud, a recurring cost across the whole book that new reimbursement rules place on the bank.

~0%
cut by Straja, before a payment is authorised
The cost behind every claim

The refund is the part you see. The work behind every claim costs far more, and Straja removes a third of all of it, before a case ever starts.

≈1.7×Every €1 refunded costs about €1.70 all-in, the refund is only the part you see.
Visible · the refund
Hidden cost, the part nobody sees
~0
cases stopped, cost saved
Refund
  • The refund itselfvisible58%
    Money paid back to the victim, the only visible cost.
  • Staff investigation14%
    Case review, evidence, decisioning.
  • Contact-centre handling11%
    Distressed customers, repeat calls.
  • Legal & compliance9%
    Regulatory returns, audit trails.
  • Recovery attempts8%
    Chasing funds that already moved.

~35% reduction is an internal estimate based on industry benchmark deployments, to be validated in pilot. Cost-composition shares (the ≈1.7× all-in multiplier) are illustrative.

Spotlight · United Kingdom

Where this is already law.

Since October 2024, UK banks must reimburse victims of authorised-push-payment scams. It is the clearest preview of where EU regulation, PSD3, is heading from 2026.

£450M is lost to APP scams each year across ~50M UK account holders; £267.1M was reimbursed last year alone.

0 days
to refund a victim, by law
£0
maximum reimbursement per claim
50 / 50
liability split, sending & receiving banks
0%
of APP scams now reimbursed by banks
The solution

One engine. Thousands of sensors. Zero blind spot.

Straja lives where the scam happens, on the customer's device, as a browser extension and app. Every protected customer is a sensor: what one device sees, the whole network learns instantly. Shared signals are de-identified scam patterns and URLs, never personal, account or balance data.

protected device scam detected network notified & protectedin real time
Protects the moment of decision
A clear warning reaches the customer before they act, not after the money is gone.
Investigates like a human analyst
Beyond blocklists: intent, impersonation, content and OSINT, judged instantly.
Covers every channel
Websites, email, links and QR codes, one of only six apps globally that scan QR codes safely.
Proven in market

Outperforming traditional protection engines.

Blocklists only catch scams that are already known. Straja reasons about a page the way an analyst would, so it catches brand-new campaigns on first sight.

Malicious-site detection rate
higher is better
Google Safe Browsing3%
VirusTotal67%
ScamAdviser78%
Straja98%

Internal benchmark on 500 confirmed scam domains that were novel or unlisted at test time, blocklists score low because the domains were unseen. False-positive rate measured separately on legitimate traffic.

0% / 4% FP

Scam detection at a 4% false-positive rate, concentrated in genuine gray-area content.

1 of 6

Apps globally that scan QR codes safely, a fast-growing scam channel banks can't see.

0k+

Checks run in real-world use, a live Chrome extension and 9,000+ mobile installs. Proven in the wild, built to scale with you.

The numbers

Real savings now. Optional upside later.

The UK loses about £450M to APP scams a year across ~50M account holders, roughly £9 each, which we model at ~€9 EU-wide. Straja targets a ~35% cut to that exposure, before the payment is ever authorised. Move the slider to size it for your book.

2Maccounts
250k10M
APP loss exposure (€9 / customer)€18.0M
Loss reduction with Straja~35%
Annual liability saved
€6.3M
per year, a ~35% cut to your APP exposure, before a payment is authorised.
Optional additional upside
€1.8M/yr
Shared revenue if ~5% of customers take the €2.99/mo family plan, an assumption, not a commitment.
Worked example · 2M book
€6.3M saved + €1.8M optional upside

We don't ask you to take ~35% on faith, a pilot measures it against your own baseline before you scale. Loss-reduction and premium-adoption rates here are illustrative until validated on your data.

Security & data

Built to clear a bank's review.

Straja runs on the customer's device and never touches your core systems. It analyses what a customer chooses to check, never their accounts, balances or transactions.

No core integration

Runs as a customer-device extension and app, zero connection to your core banking systems or payment rails.

No access to banking data

Straja sees the sites, links, emails and QR codes a customer checks, never their accounts, balances or transactions.

EU-hosted, GDPR-aligned

Data is processed and stored in the EU and built to GDPR from the ground up. A DPA is available on request.

De-identified threat sharing

Network intelligence is scam patterns and URLs, not personal or account data, so coverage improves without exposing customers.

Customer-controlled

Protection is opt-in per customer; scan history is theirs to view and clear at any time.

Documentation on request

Data-flow diagrams, sub-processor list and our certification roadmap are available to your security team under NDA.

EU-hosted · GDPR-aligned · DPA and security documentation available on request.

Next step

Prove the savings. Then scale.

A focused pilot on your highest-risk segment, measured against your own baseline. Provisioned by code, no internal development, live in days.

  1. 01
    Step 01
    Measure the baseline

    Establish current APP losses and agree the target metric for liability reduction.

  2. 02
    Step 02
    Secure the segment

    Select a group of high-risk customers where protection has the greatest impact.

  3. 03
    Step 03
    Provision the segment

    The bank issues activation codes; customers activate the Straja app and extension themselves. No core-system integration, live in days.

  4. Step 04
    Validate the ROI

    Measure payout savings against baseline, then decide to scale with confidence.

Why now

Regulation and risk are moving together.

Regulation · EU
PSD3 / PSR

EU payment-services reform extends bank liability for impersonation ("spoofing") fraud across the single market, expected from 2026.

Liability · spreading
UK today, EU next

Mandatory reimbursement is already live in the UK and moving into EU law, a fixed, recurring cost on the sector.

Market · spend
$28B → $50B+

Bank fraud-prevention spend is forecast to nearly double by 2026 (Juniper Research).

Footprint · EU
Built in Europe

Romania-born and operating across the EU, EU-hosted and GDPR-aligned, ready for European banks today.

Questions banks ask.

How Straja deploys, what it touches, and how the savings are proven.

No. Straja runs on the customer's device as an extension and app, provisioned by code. There's no internal development and no change to your payment rails, which is why a pilot can be live in days.
We measure against your own baseline. The pilot fixes current APP losses for a defined segment, deploys protection, then compares payout savings over the period. The 35% figure is an internal benchmark estimate to be validated with your data.
Straja analyses the websites, links, emails and QR codes a customer chooses to check, not their accounts or balances. It is built EU-first and GDPR-aligned, with no access to your banking data.
Customers can upgrade to a €2.99/month premium plan to protect elderly parents and family accounts. That revenue is shared with the bank, at ~5% adoption on a 2M book, roughly €3.6M a year, on top of the liability savings.
No, it covers the gap they can't reach. Your controls defend the payment; Straja defends the customer one step earlier, at the moment of deception. The two are complementary.
Start a pilot

Defend the customer.
Cut the liability.

Pick a high-risk segment, measure the baseline, and let the savings make the case. Live in days, with no IT build.

[email protected] · EU-hosted · GDPR-aligned