Account Takeover and Financial Fraud

An example of an API-based attack against a financial services mobile application is shown in the image below. Bad actors decompiled the mobile application to (1) discover the account login APIs. An automated attack was then executed against the login API (2) and if successful the bad actors attempted to commit financial fraud by transferring funds (3) across the Open Funds Transfer (OFX) API.

Account Takeover and Financial Fraud

Image 2: Bad actors use mobile APIs as a means of automating account takeovers and if successful, committing fraud or theft.

Preventing ATOs: Key CQ botDefense Differentiators

  • ML-based analytics engine delivers complete application visibility: CQ botDefense is based on CQAI, an ML-based analytics engine that operates out-of-band to automatically discover all your web, mobile and API-based account login endpoints, building an intuitive site map that can be used for visibility and policy-based protection. Alternative solutions that use JavaScript instrumentation and mobile SDK are prone to inject application deployment delays with extended QA/validation processes, security gaps between mobile app variants, and user dissatisfaction with slow page load times.
  • Open, extensible platform with customizable responses including deception: Using more than 150 customizable automation indicators, CQAI determines the malicious or benign intent of each account login transaction. Customizable mitigation policies provide multiple response options including block, rate limit, geo fence, or deception. Using deception allows you to send a custom response to the attacker, effectively putting guardrails around their activities. Alternatively, the REST API can be used to export CQAI findings to external systems for archiving, additional analysis or an alternative response.
  • New login endpoints protected automatically: As different tams create and deploy new account login applications, they are automatically discovered and protected by CQ botDefense. The result is security that is baked into the application development and deployment workflow.
  • Consistent protection for exposed APIs, web and mobile applications: CQ botDefense protects exposed your web, mobile and API-based account login endpoints from automated attacks with a single, consistent security policy, resulting in an opportunity to consolidate application security functions into a single platform.
  • Deployable anywhere: A container-based software architecture allows CQ botDefense to be deployed in your data center, the cloud or as a SaaS offering, allowing you to choose the architecture that best fits your ATO prevention needs.

Additional ATO Prevention Resources

CQ botDefense API Security Solution Brief

CQ botDefense 5 Minute Demo

Customer Case Study: Stopping ATO and Romance Fraud