Defeating Online Fraud and Abuse: Continuous Intelligence in Action
Published: July 22, 2019
The recent Thoughtworks Live event uncovered realities of the way technology is reshaping industries and customer expectations at an unprecedented rate - presenting both challenges and opportunities for businesses in the process. In this modern digital landscape, new and highly sophisticated online security issues are becoming more frequent and widespread reaching epidemic proportions.
I had the pleasure of speaking at Thoughtworks Live about how Arkose Labs applies Continuous Intelligence to help protect some of the world's largest web properties. Arkose Labs is a leading online fraud and abuse prevention organisation, solving multimillion-dollar online fraud problems for major global businesses across multiple industries, including online marketplaces, travel, banking, social media, ticketing and online gaming.
We apply Continuous Intelligence for our clients in order to analyse who accesses their services and what their intentions are in accessing those services. While this process can involve human beings intervening to improve a system or machine learning models acting to retrain themselves and to make predictions, the true value in Continuous Intelligence is in the interaction between humans and machine learning each playing to their strengths.
Automation is fuelling the scale and impact of online fraud, which can have serious security and financial repercussions for any business with an online presence. We believe combating the growing online fraud epidemic requires a solution rooted in prevention, stopping abusive attacks at the point of entry without disrupting user experience.
So - what do we do and how do we do it?
We focus on using a bilateral approach that combines our global telemetry with a patent-pending enforcement challenge to generate large volumes of data on users.
Our global telemetry recognises users across their entire network – who they are and where they’re coming from which qualifies their risk profile and reputational integrity.
Unrecognised suspicious users go through an enforcement challenge to authenticate their identity and validate the telemetry. Our enforcement challenge draws upon millions of security images, orchestrated in real-time from three-dimensional models, to present interactive visual subjects that are generated uniquely to that user. This forces attackers to invest in expensive and significant resources in order to bypass the challenge at scale - rendering attacks uneconomical.
This bilateral approach trains the Arkose Labs telemetry against serving enforcement to legitimate human users — which means no false positives, and zero friction to users. Most importantly, it removes the economic window necessary to commercialise fraud from growing threats such as Brute Force, Sweatshop, and Single Request Attacks.
Single Request Attacks are specifically relevant, as they facilitate the most advanced automated abuse seen today. Each request is commonly made by a headless browser, executes JavaScript like a legitimate human user, and presents a dynamic client/network fingerprint to conceal the origin. This systematic approach is able to decouple tell tales and obscure critical security breaches. While it bypasses all other bot mitigation products, Arkose Labs’ patent-pending solution successfully stops them.
I had the pleasure of speaking at Thoughtworks Live about how Arkose Labs applies Continuous Intelligence to help protect some of the world's largest web properties. Arkose Labs is a leading online fraud and abuse prevention organisation, solving multimillion-dollar online fraud problems for major global businesses across multiple industries, including online marketplaces, travel, banking, social media, ticketing and online gaming.
We apply Continuous Intelligence for our clients in order to analyse who accesses their services and what their intentions are in accessing those services. While this process can involve human beings intervening to improve a system or machine learning models acting to retrain themselves and to make predictions, the true value in Continuous Intelligence is in the interaction between humans and machine learning each playing to their strengths.
Increasingly, today’s digital environment is giving way to new and highly sophisticated security threats - and automated attacks are prevalent.
Automation is fuelling the scale and impact of online fraud, which can have serious security and financial repercussions for any business with an online presence. We believe combating the growing online fraud epidemic requires a solution rooted in prevention, stopping abusive attacks at the point of entry without disrupting user experience.
So - what do we do and how do we do it?
We focus on using a bilateral approach that combines our global telemetry with a patent-pending enforcement challenge to generate large volumes of data on users.
This data is analysed and acted on in real time, allowing unprecedented insights into attacker identification and classification, allowing us to deploy appropriate responses and countermeasures.
Our global telemetry recognises users across their entire network – who they are and where they’re coming from which qualifies their risk profile and reputational integrity.
Unrecognised suspicious users go through an enforcement challenge to authenticate their identity and validate the telemetry. Our enforcement challenge draws upon millions of security images, orchestrated in real-time from three-dimensional models, to present interactive visual subjects that are generated uniquely to that user. This forces attackers to invest in expensive and significant resources in order to bypass the challenge at scale - rendering attacks uneconomical.
This bilateral approach trains the Arkose Labs telemetry against serving enforcement to legitimate human users — which means no false positives, and zero friction to users. Most importantly, it removes the economic window necessary to commercialise fraud from growing threats such as Brute Force, Sweatshop, and Single Request Attacks.
Single Request Attacks are specifically relevant, as they facilitate the most advanced automated abuse seen today. Each request is commonly made by a headless browser, executes JavaScript like a legitimate human user, and presents a dynamic client/network fingerprint to conceal the origin. This systematic approach is able to decouple tell tales and obscure critical security breaches. While it bypasses all other bot mitigation products, Arkose Labs’ patent-pending solution successfully stops them.
Disclaimer: The statements and opinions expressed in this article are those of the author(s) and do not necessarily reflect the positions of Thoughtworks.