INDUSTRY

API Protection for Online Dating Services

Online dating apps have revolutionized the dating world. Dating apps have become the primary way that people meet other people. In 2022, the size of online dating market has grown to just over $8 billion, with over 300 million people signing up on online dating apps across the world.
Dating apps now have become a prime target for hackers. This is because dating apps collect a rich set of personal information of their users to build a personal profile that includes sensitive personal information used to build a profile such as personal photos, credit, home address, and user location to show potential matches. This type of rich information and the online dating apps that store them has become an extremely attractive target for cybercriminals. The frequency and sophistication of API attacks continue to increase driven by the rapid adoption of APIs used in mobile applications. This has expanded the attack surface for online dating apps, making them a very attractive target.
As a result, dating apps can be vulnerable to constant attacks that seek to exploit API vulnerabilities and abuse business logic within these apps that can lead to the exfiltration of sensitive data. Moreover, sophisticated romance scams have evolved with the rise of online dating, where attackers have looked to scam unsuspecting users and commit fraud. Using automation, attackers commit account takeover and fake account creation to build trust and then defraud users for monetary gain that can affect the reputation of the dating app.

By the Numbers

$547M

more than triple the 2017 total. Monetary losses jumped sixfold over the same period, to $547 million.
Source

56K

Romance scam complaints received in 2021 by The Federal Trade Commission (FTC), more than 3x 2017 total.
Source

$12K

The average loss incurred by a victim of a successful romance scam.
Source

The API Protection Challenge for Online Dating Services

Online dating apps are an attractive target for hackers and cybercriminals seeking sensitive data of users or attempting financial fraud. But there is hope. Security teams can enable a robust API protection solution that addresses common obstacles faced by online dating apps. Attacks on your APIs can introduce a range of risks and they impact the entire business – not just the security team. Business impact examples include:

Infrastructure

Whether it’s an automated shopping bot attack on a perfectly coded API, or a volumetric attack against an API coded without resource or rate limiting (OWASP API#4), the impact on infrastructure teams can cause costs to skyrocket. Worse yet, the web site and mobile app can become non-responsive, resulting in (real) user dissatisfaction.

Security

Security is impacted by efforts to slow or stop API attacks, often struggling to separate real transactions from fake, or worse yet, blindsided by an unprotected shadow API.

Fraud Teams

Attackers often used bots to automatically create fake accounts that are then used by attackers to commit financial fraud, scamming legitimate users of their savings. This can affect the online dating sites brand image as safe place to meet new people.

Marketing, Sales, eCommerce

Depending on the type of attack, these departments can be presented with inflated or misleading statistics on the number and type of users that access your dating site that can result in poor decisions being made on product decisions, revenue projections and marketing campaigns.

Customer Satisfaction, PR, Brand

With the understanding that 57% of consumers spend more on brands to which they are loyal, which can generate a 12%-18% incremental revenue growth per year, retailers are singularly focused on customer retention. A bad experience due to a slow or unavailable website, or desired item can drive them elsewhere, resulting in a 5x increase in costs of acquiring a new customer.

Limitations of Traditional Cloud-native Defenses

Today’s security teams simply lack the visibility and defense capabilities they need to protect the ever-growing risk from APIs and other application connections. Many believe that compliance with PCI or SOC 2 and a “shift-left, DevOps” approach is sufficient to protect their APIs. The problem with these strategies is that they don’t have a way to “know the unknown”, meaning they aren’t able to look for all APIs and API vulnerabilities without knowing where to look. Even if all APIs are discovered and “known”, attackers can still leverage seemingly legitimate transactions in an attempt to steal data, or commit fraud. Traditional approaches that use WAFs or API gateways depend on easily evadable detection, lack the real-time ability to discern good from bad API activity and are reliant on static, least common denominator protection spread across multiple technology components.

The Journey to Unified API Protection

Cequence Security believes in taking a holistic approach to defending against API-related data risk with a market-defining Unified API Protection solution that goes beyond API security approaches that may focus solely on one aspect of the API protection journey. Achieving true peace of mind for comprehensive API attack protection means traveling through six distinct steps associated with the Unified API Protection solution:
API Protection Lifecycle - API Security
Outside-in discovery: Viewing an organization’s API attack surface from a threat actor perspective to know the unknown.
Inside-out inventory: Performing a comprehensive API inventory, including all existing APIs and connections.
Compliance monitoring: Keeping APIs in compliance with specifications, standards and regulations such as the OpenAPI Specification and ensuring ongoing API governance.
Threat detection: Continuously scanning for threats, including subtle business logic abuses and malicious activity that has not yet been observed.
Threat prevention: Employing countermeasures such as alerts, real-time blocking and even deception, without the need for added third-party data security tools.
Ongoing API testing: Integrating API protection into development, which shifts API security left within the organization, so risky code doesn’t go live.
Unified API Protection is different from fragmented or incomplete API protection offerings because it’s a methodology designed to account for multiple types of risk, across every phase of the API protection lifecycle.

Why Cequence?

With the Cequence Unified API Protection solution, customers can continue to reap the competitive and business advantages of ubiquitous API connectivity. The Cequence solution results in attack futility, failure, and fatigue for even the most relentless of attackers. It significantly improves visibility and protection while reducing cost, minimizing fraud, business abuse, data losses and non-compliance.

Get an Attacker’s View
into Your Organization

Get an attacker’s view of your API attack surface now. Free, no obligation API assessment Arrow icon