It’s About Time: Why Memcyco Raised $37M, and Why Now

Digital fraud hasn’t stood still. Attackers have adopted automation, refined tooling, and improved coordination across phishing, impersonation, and account takeover (ATO). In that sense, fraud has become smarter in how it’s delivered and scaled.

But this form of sophistication isn’t primarily about more complex technical breaches, and it doesn’t explain why losses continue to rise even as enterprises deploy increasingly advanced security controls.

The more consequential shift is temporal, and it’s reshaping where fraud actually succeeds. Industry data supports this shift. Statista’s 2025 phishing report, the use of valid credentials now rivals software exploitation as a primary initial access vector globally, accounting for roughly a third of observed incidents. In other words, many of today’s most damaging attacks don’t break systems, they pass through them, succeeding because defenses engage too late, often after trust has already been transferred.

This mismatch between how attacks unfold and when defenses engage has created a growing digital trust gap that’s widening, causing near-irreparable financial and reputational damage to scam-targeted businesses. Memcyco’s Series A was raised to close that gap.

The Assumption Modern Defenses Still Make: ATO Attacks Are Discrete Events

Most enterprise security architectures still assume that meaningful risk begins at well-defined boundaries: the login page, the transaction, the endpoint, the network. That assumption is increasingly misaligned with how attacks actually unfold. These controls remain essential, but they assume that meaningful risk begins once a user reaches an authenticated or transactional state.

Impersonation-driven fraud exposes the limits of that assumption.

From Point Controls to Fragmented Visibility

Social engineering deception has always preceded authentication. What’s changed is scale, fidelity, and operational impact. Modern impersonation campaigns now replicate legitimate journeys with enough precision and volume that large numbers of users are manipulated before they ever reach a protected environment.

From Isolated Incidents to Coordinated Operations

What often appears to defenders as a series of isolated incidents is, in practice, a coordinated operation. The reality is that phishing, impersonation, credential harvesting and account takeover are now connected steps in a continuously optimized flow. Each stage feeds the next, allowing attackers to adapt, test, and scale with industrial efficiency.

From the enterprise’s perspective, these interactions don’t simply happen “before login.” They happen outside the points where visibility, attribution, and control traditionally exist. As a result, organizations often discover impersonation attacks only after downstream signals appear, such as customer complaints, credential reuse, or transaction anomalies.

This isn’t a failure of individual tools. It’s a structural visibility gap rooted in when defenses are designed to engage.

Why Faster Still Isn’t Early Enough

The industry response has largely focused on speed: faster takedowns, faster alerts, faster investigations. That focus is understandable, but insufficient.

But speed applied at the wrong point in the lifecycle doesn’t change outcomes.

Speed Applied After Exposure

Takedowns are inherently reactive. Even when executed efficiently, they occur after malicious assets have gone live and users have already been exposed. Transaction monitoring activates even later, once intent has formed and irreversible actions may already be underway. Authentication controls engage at the boundary of access, not at the moment when deception begins.

The core issue isn’t response speed. It’s engagement timing.

What has been missing is the ability to observe and intervene during the narrow window when users are being deceived, before credentials are harvested and access is abused.

The Control Point That Didn’t Exist Before

Until recently, this type of early intervention wasn’t practical at scale. Enterprises lacked reliable ways to see real users interacting with impersonation assets in real time, without relying on scanning, external discovery, or attacker mistakes.

Closing this gap required a different approach, one capable of operating during live interactions between users and scam touchpoints, correlating exposure to individual users and devices, and enabling action before damage occurred.

This shift represents a broader change in how digital trust must be protected, and where responsibility for that trust now sits. Trust is no longer established solely at login or transaction checkpoints in practice. It is formed earlier in the user journey, and increasingly exploited there as well.

Why the Market Moved Now: and Why a Memcyco Customer Invested

Memcyco raised a $37 million Series A round, bringing total funding to $47 million, to scale this approach globally.

The significance of the round lies less in the amount raised than in what it reflects about market readiness. Participation from financial institutions and strategic investors points to a shared recognition that existing defenses engage too late in the attack lifecycle.

In several cases, that conviction was formed through deployment rather than diligence. National Bank of Canada, through its venture arm NAventures, moved from customer to investor after operating Memcyco’s platform in production. As NAventures stated when announcing the investment, the team experienced how Memcyco enhanced protection, delivered clear and reliable insight, and prevented issues before they arose.

That progression, from operational validation to balance-sheet conviction, helps explain why this round happened when it did. These organizations operate under mounting regulatory scrutiny, reimbursement pressure, and reputational risk tied to impersonation-driven fraud. They aren’t looking for incremental improvements, but for controls that engage earlier, without introducing friction for legitimate users.

Customer performance in live environments reinforced that demand. Memcyco’s platform scaled across large user populations, prevented millions of account takeover attempts, and mapped hundreds of millions of device identities, all without requiring end-user installation or disrupting legitimate journeys.

The funding followed that validation, rather than preceding it.

The Direction of Travel: Shifting Left, to Protect the Moments that Matter

Impersonation and scam-driven fraud are no longer edge cases. They now sit at the center of modern fraud risk. They have become a primary delivery mechanism for account compromise and financial loss.

As a result, enterprises are being pushed to rethink where protection must engage and what “prevention” actually means. Regulatory frameworks increasingly emphasize earlier intervention. Customers increasingly expect protection before harm occurs, not reimbursement after the fact.

This environment favors not just real-time solutions, but real-time solutions that operate when it matters – during the attack window itself, when user meets deception, while outcomes are still reversible – solutions that integrate into existing security stacks without adding friction or operational burden. That’s the holy grain enterprises have been looking for, and it’s no longer theory.

The Non-Negotiables: Building on a Firm Foundation

While the funding supports expansion into new markets and deeper coverage across fraud scenarios, the constraints that shaped Memcyco’s approach remain.

Protection must engage before damage occurs. Visibility must be actionable at the individual level. And defenses must operate without forcing users to change how they behave.

These aren’t aspirational goals. They are practical requirements dictated by how modern impersonation attacks unfold. The Series A doesn’t mark the end of that shift. It marks the point at which the market has begun to act on it.

Book a product tour, and discover why National Bank of Canada went form ‘Memcyco customer’ to ‘Memcyco investor.

Eran Tsur

Chief Marketing Officer