Bot Defense SaaS 30-Day Free Trial
Start preventing fraud caused by account takeovers and API business logic abuse now!
The retail industry is commonly targeted by bad actors who use stolen credentials and automated bots to launch high volume account take over attacks that result in financial losses through theft and fraud, as well as damage to the brand. The ‘2018 Cost of Retail Fraud’ report published by LexisNexis states that every $1.00 lost to fraud results in an expense of $2.94, a 24% year-over-year increase. Identity theft and synthetic identities (account take overs) represented a whopping 39% of the fraud costs.
Stopping attackers and their malicious intent is every security practitioners’ goal. But there are times when we need to grant unfettered access to network resources for day-to-day operations. Better known as whitelisting, I have seen scenarios where an over-zealous whitelist granted from-anywhere to-anywhere access to a database. Security best practices dictate that this level of permissiveness should raise an eyebrow or two.