Connect with us

Hi, what are you looking for?



Microsoft, PayPal Invest in Anti-Fraud Startup Arkose Labs

Arkose Labs Raises $22 Million in Series B Funding

Arkose Labs Raises $22 Million in Series B Funding

San Francisco, Calif-based Arkose Labs has raised $22 million in a Series B funding round led by the Microsoft venture fund, M12. Existing investors PayPal and USVP participated, bringing the total raised so far to $36.5 million. Arkose Labs provides a fraud detection and prevention platform.

The firm was founded in Brisbane, Australia by Kevin Gosschalk (CEO) and Matthew Ford (VP of product and science) in 2015. When it launched commercially in 2017, it moved its headquarters to San Francisco. The system is designed to protect any consumer action from abuse and fraud, such as account takeover, fake account abuse, scraping, spam, gift card abuse and other activities.

Gosschalk has previous expertise in interactive machine vision technology, while Ford has experience in video gaming technology. The two brought their experience together to develop a new and unique approach to authenticating attempted online transactions — a solution that in their own terminology is designed to bankrupt the fraudsters. 

The Arkose Labs platform comprises two components: Arkose Detect and Arkose Enforce. Arkose Detect learns behavioral patterns across devices and networks. It triages traffic and uses a risk score to determine between genuine users and fraudsters. If confident that the user is valid, the user is authenticated.

However, if there is any doubt, traffic is passed to the Arkose Enforce application. Users are now presented with a visual puzzle that must be solved. If satisfactorily solved, the user will be authenticated. But if not successful, the user (now considered to be a fraudster, either in person or a bot) is not simply blocked. Further visual puzzles are presented to engage the attacker’s resources in a useless cycle of effort. The intent, said Arkose in a statement, is “to bankrupt the business of online fraud and abuse… by making cybercriminals expend massive effort to conduct their attacks, which eliminates the ROI and profitability of fraud.” The purpose, added Gosschalk, is “to eliminate fraud, rather than contain it.”

This process reverses the accepted belief in authentication — it increases rather than decreases user friction, but only for suspected fraudsters. Using the founders’ background in interactive visuals and gaming, the additional authentication possibly required for genuine transactions can be treated as a bit of fun by real people, but is impossible to solve by automated means. The overall result is to decrease user friction for genuine transactions but increase it for fraudsters, while maintaining a very high level of accuracy in its determinations.

The new funding is expected to be used for further product development, new hires and expansion into the EMEA market. Arkose Labs expects to build partner-led market strategies for Latin America and the Asia-Pacific region. It achieved a 400% revenue growth while doubling its customer base in 2019. Those customers include Microsoft itself, GitHub, Electronic Arts,, Singapore Airlines, Roblox and Twilio among many Fortune 50 companies.

Advertisement. Scroll to continue reading.

“Microsoft is committed to providing a safe experience to our customers,” said Alex Weinert, director of identity security at Microsoft. “Arkose Labs’ technology is an important component of our multi-pronged approach to minimize fraud without negatively impacting legitimate customers.”

Related: Fraud Prevention Firm Sift Science Raises $53 Million 

Related: Mobile Payment Fraud on the Rise 

Related: eCommerce Fraud Prevention Firm Riskified Raises $165 Million 

Related: Fighting Fraud With Threat Intelligence: Debunking Common Misconceptions

Written By

Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.

Click to comment


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.


SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.


People on the Move

Professional services company Slalom has appointed Christopher Burger as its first CISO.

Allied Universal announced that Deanna Steele has joined the company as CIO for North America.

Former DoD CISO Jack Wilmer has been named CEO of defensive and offensive cyber solutions provider SIXGEN.

More People On The Move

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybersecurity Funding

SecurityWeek investigates how political/economic conditions will affect venture capital funding for cybersecurity firms during 2023.


Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.