F5 WebSafe – F5 MobileSafe


Safer online banking for customers
No inconvenience for online and mobile customers
Added security for mobile banking


Protecting against phishing attacks
Vulnerability to malware
Extend business to new channels to meet evolving customer needs

Like all financial institutions, the Cypriot Bank is a prime target for cybercriminals, who use an increasingly sophisticated array of phishing techniques and malware to try to paralyse banking activities and defraud account holders. To shield its customers from such attacks, Bank selected F5 WebSafe and F5 MobileSafe through their trusted partner Pylones Hellas.

Business Challenges

During the past years the Bank suffered a significant phishing attacks, the first in its history.  Calls to the bank’s customer contact centre soon spiked, as concerned individuals rushed to report the scam, but it still took the organisation’s fraud prevention team over 60 hours to shut the attack down. After all these incidents, the ability to identify phishing attempts immediately became a top priority for the business.

Bank form one of Cyprus largest banking groups, with 90+ branches throughout Cyprus.  As well as phishing attacks, the organisation was also concerned about its vulnerability to malware.  It therefore started to look for solutions that would help it redouble its protection for customers.

At the time, Bank was working to extend its business to new channels in order to meet the needs of its customers.  It therefore required a solution that was, in the future, capable of increasing the security of mobile banking and protecting customers, regardless of what device they used to access their online accounts.

Bank ideally wanted to find a solution that didn’t need to be installed on customers’ own devices, as this would increase complexity for customers – and potentially also increase costs for the business.  “Your customer may need technical support, and all of a sudden, it becomes your responsibility,” says IS Operation & Program Office Director of the Bank.


After conducting a careful and extensive evaluation of several competitive products, Bank selected F5 WebSafe and F5 MobileSafe, two solutions of F5 Networks which provided from Pylones Hellas the sole gold unity partner of F5 in Greece and Cyprus.  The bank deployed F5 WebSafe first and is now planning the roll out of F5 MobileSafe as part of a broader new mobile banking strategy.

F5 WebSafe provides a ring of defense between customers’ devices and the bank’s core online banking applications.  The solution helps the bank to detect and mitigate malware and phishing attacks, as well as a myriad of other threats including web injection, credential grabbing, man-in-the-browser, session-hijacking and man-in-the-middle attacks, by identifying any changes to the HTML or the injection of malicious script into the genuine site.  To protect customers’ financial transactions, the solution also identifies and prevents automated payments and money transfers initiated by malware or a bot.

Similarly, F5 MobileSafe employs a range of techniques to distinguish transactions by genuine users from those initiated automatically by malware.  It identifies devices that have been jailbroken and encrypts information at the application layer in order to detect malware and protect customers from all mobile threats including SMS grabbing, zero-days and keylogging.  The solution also allows for the rapid detection of suspected fraud via social networks.


Bank is now far better able to defend its business against phishing and malware attacks.  Its customers can enjoy all of the convenience of Internet banking, safe in the knowledge that their online transactions are secure.

Safer online banking for customers

As soon as malware or phishing is detected, Bank is immediately notified via SMS and email and given critical information about the attack. It can then take appropriate and immediate action to protect its online banking customers. Whereas it took the business 60 hours to halt a phishing incident in the past, it can now block threats in minutes using F5 WebSafe.

“Malware and phishing are my two concerns, and F5 WebSafe has been very effective in helping us detect and respond more effectively to these attacks,” says IS Operation & Program Office Director. “Once we receive an alert about a potential phishing threat on our website, we can quickly switch traffic to another server to avoid an attack.”

No inconvenience for online and mobile customers

Many of the competitive products that Bank evaluated required customers to download security software to their devices, and this was precisely what the bank was trying to avoid. In contrast, neither F5 WebSafe nor F5 MobileSafe requires the installation of software on end user devices. Consequently, Bank was able to deploy F5 WebSafe easily, in just a matter of days, without any disruption to its customers. What is more, the bank doesn’t have the cost of having to support users with technical issues.

“Most customers choose to bank online or from their mobile device because it’s easier and more convenient,” says IS Operation & Program Office Director. “So in making a decision on what fraud prevention solution to select, I wanted to ensure it required our customers to be involved as little as possible.”

With F5 MobileSafe Bank gives the ability to detect if a mobile device has been jail broken, and it also can match the devices ID against behavioral information to spot suspicious behavior. “Defending against web fraud is a difficult discipline because customers are often unaware that anything untoward is happening,” says IS Operation & Program Office Director. “MobileSafe should give us the ability to ensure greater integrity of sensitive customer data to protect both them and the Bank.”