New Solution Addresses the โPost-Login Wasteland;โ Fills Gap in Web App Fraud Protection Market by Detecting and Preventing Account Takeover and Fake Account Creation
PerimeterX, the leading provider of solutions that detect and stop the abuse of identity and account information on the web, announced the release of PerimeterX Account Defender. Available immediately, Account Defender is a cloud-native online fraud detection solution that detects and prevents cybercriminals from taking over existing customer accounts, creating new accounts using fake identities and abusing existing accounts. The solution benefits any organization that seeks to protect their customersโ accounts and identities from fraudulent use on their websites and web apps.
Traditional online security, validation and fraud detection efforts have been focused at two points: login and transaction completion such as transferring money, cashing out credits, accessing gated or subscription content, or checking out. Once a user logs in, their activity is usually unchecked until they transact. This gives a criminal user with valid credentials free rein to take fraudulent actions, including transferring funds, emptying accounts of stored credits or loyalty points, downloading and reselling content, and changing passwords or addresses and disabling multi-factor authentication (MFA).
โBy failing to proactively address these threats and only focusing on flagging transaction fraud, businesses are always one step behind.โ explains Ido Safruti, Co-founder and CTO of PerimeterX. โWithout behavioral signal monitoring to evaluate fraudulent actions post-login, businesses are not able to answer two questions: โAre you who you say you are?โ and โAre you doing what you should be doing?โ This presents a gap in web application fraud protection โ what PerimeterX calls the โpost-login wasteland.โโ
Account Defender addresses this market gap by continuously evaluating usersโ post-login activity. Using behavioral analysis, the solution monitors users throughout their journey to generate an evolving risk score based on profile, statistical comparisons and new behavior. Account Defender identifies new account abuse and accounts that have been taken over, and enforces security policies that stop malicious activity. Unlike other card fraud or login-only solutions, Account Defender moves beyond โauthorize or declineโ controls to enable interventions that work with an organizationโs business flow. This improves customer lifetime value by giving your customers confidence that their identity and account information is kept safe on your site.
According to theย 2022 Data Breach Investigations Report (DBIR) by Verizon, โ[An] attacker ecosystem exists both before and after the breach, and it plays into and feeds off of the incident.โ Account Defender is a crucial component in addressing theย web attack lifecycle, which describes the integrated and cyclical nature of cybercrime involving the theft, validation and fraudulent use of identity and account information. One kind of attack fuels another, hitting consumers everywhere along their digital journey. For example, a data breach on Site A gives attackers access to the passwords used in a credential stuffing attack on Site B, which in turn, drives ATO and account abuse. This was the sequence of events experienced in a recent high-profile attack onย General Motors, who believes that compromised credentials used in the attack came from other sites, but were successfully used on their site to fraudulently redeem reward points.
By securing post-login activities, Account Defender helps businesses decrease online fraud, avoid financial losses from ATO and fake account creation, and reduce operational costs for IT and IAM tools. Account Defender reduces customer complaints and support calls by decreasing fraud on your website and web app, and decreases transaction clearing fees by ensuring criminals are stopped before they take a fraudulent action. Early customers of Account Defender have already had success preventing ATO attacks and theft of stored account credits.
โOther solutions surround this problem but do not solve it,โ adds Safruti. โBusinesses are adding friction to existing controls such as MFA, know your customer (KYC) and identity and access management (IAM) login solutions, but are not actually stopping ATO or fake account creation. Flagging suspicious logins is no longer enough to stop account abuse. Account Defender stands apart by moving beyond the usual authentication checks to flag suspicious post-login behavior and provide relevant mitigation.โ
Latest Security News: NightDragon, Orange Cyberdefense Partner to Bring Emerging Cybersecurity Innovation
[To share your insights with us, please write toย sghosh@martechseries.com]
