Account Takeover Prevention
Stop account takeover attacks by identifying patterns in API and web application traffic that indicate fraudsters are misusing stolen credentials.
Account Takeovers (ATO), or Credential Stuffing is the practice of gaining illegitimate access to user accounts in an automated manner using stolen user credentials, infrastructure such as a Bulletproof Proxy, and an attack management toolkit. Successful account takeovers result in validated credentials that are either resold or used for a secondary attack, such as romance scam, funds transfer or loyalty points theft.
In the case of Zoosk, a dating application, bad actors executed an ATO against the mobile app API. The stolen account was then used to establish a romantic relationship with another Zoosk user and, as the relationship blossomed, the bad actor requested money due to a sudden death or illness in the family. The unsuspecting user gave the money to the bad actor, who was never to be seen again. Prior to implementing Cequence, romance scams at Zoosk averaged $12,000 with each occurrence. Now they are virtually eliminated, resulting in increased user confidence and strengthened brand awareness.
An example of an API-based attack against a financial services mobile application is shown in the image below. Bad actors decompiled the mobile application to (1) discover the account login APIs. An automated attack was then executed against the login API (2) and if successful the bad actors attempted to commit financial fraud by transferring funds (3) across the Open Funds Transfer (OFX) API.
Using more than 150 customizable automation indicators, CQAI determines the malicious or benign intent of each application request. The REST API can be used to export CQAI findings to external systems for archiving, additional analysis or an alternative response.
Customizable mitigation policies provide multiple response options including block, rate limit, geo fence, or deception. Using deception allows you to send a custom response to the attacker, so you can box them in and stop the takeover.
As new public-facing applications are deployed, they are automatically discovered and protected by Bot Defense, effectively baking security into your application deployment workflow.
Agentless approach allows you to deploy consistent visibility and policy protection for your API and web-based applications.
A container-based software architecture allows Bot Defense to be deployed in your data center, the cloud or as a SaaS offering, so you can choose the architecture that best fits your needs.
CQAI and Bot Defense discover and stop account takeover attempts automatically – saving you incident response time while minimizing harm to your users and business.
Customizable automation indicators and responses enable you to fine tune and maximize attack prevention policies to eliminate fraud associated with ATOs.
Ensure information is where it needs to be when you need it. REST APIs and an open architecture enable integration with third party data sources and other IT infrastructure like your SIEM and SOC.