I had the pleasure of speaking at ThoughtWorks Live about how Arkose Labs applies Continuous Intelligence to help protect some of the world's largest web properties. Arkose Labs is a leading online fraud and abuse prevention organisation, solving multimillion-dollar online fraud problems for major global businesses across multiple industries, including online marketplaces, travel, banking, social media, ticketing and online gaming.
We apply Continuous Intelligence for our clients in order to analyse who accesses their services and what their intentions are in accessing those services. While this process can involve human beings intervening to improve a system or machine learning models acting to retrain themselves and to make predictions, the true value in Continuous Intelligence is in the interaction between humans and machine learning each playing to their strengths.
Automation is fuelling the scale and impact of online fraud, which can have serious security and financial repercussions for any business with an online presence. We believe combating the growing online fraud epidemic requires a solution rooted in prevention, stopping abusive attacks at the point of entry without disrupting user experience.
So - what do we do and how do we do it?
We focus on using a bilateral approach that combines our global telemetry with a patent-pending enforcement challenge to generate large volumes of data on users.
Our global telemetry recognises users across their entire network – who they are and where they’re coming from which qualifies their risk profile and reputational integrity.
Unrecognised suspicious users go through an enforcement challenge to authenticate their identity and validate the telemetry. Our enforcement challenge draws upon millions of security images, orchestrated in real-time from three-dimensional models, to present interactive visual subjects that are generated uniquely to that user. This forces attackers to invest in expensive and significant resources in order to bypass the challenge at scale - rendering attacks uneconomical.
This bilateral approach trains the Arkose Labs telemetry against serving enforcement to legitimate human users — which means no false positives, and zero friction to users. Most importantly, it removes the economic window necessary to commercialise fraud from growing threats such as Brute Force, Sweatshop, and Single Request Attacks.