It’s notoriously difficult to implement an account recovery process that prevents fraud without creating more friction for customers who are already locked out and frustrated. In a US consumer poll, 63% said they get locked out of 10 online accounts per month. While account recovery is painful for customers, it’s easy for attackers. After all, recovery flows bypass the initial login, and bad actors exploit this weakness.  Banks, retailers and other service providers lose business if the process is too difficult, but if it’s too easy, they suffer the cost in terms of account takeover (ATO ..read more

I’m sick of headlines about leaked data, leaving me to wonder if my username, password or private information is listed for sale on the dark web (of course it is!). But who’s truly at fault? While bad actors are the obvious culprits, the responsibility doesn’t solely lie with the service providers. Surprisingly, it often falls on their vendors, which is precisely why attackers have been targeting IAM vendors. Identity and access management (IAM) technology providers deliver the “keys to the kingdom,” and with that great power, comes great responsibility (Thank you Uncle Ben!  And yes, I ..read more

In a recent podcast that turned viral on TikTok, ChatGPT user Gage explained how he used the AI tool to generate hundreds of fake McDonald’s reviews, which he then submitted in feedback surveys to get free McDonald’s meal vouchers. Since it has been shared, many have taken advantage of the trick, sparking struggles for franchise branches to salvage their customer satisfaction scores.  Dissecting the viral TikTok trick “This is something anyone can do,” Gage explained in his podcast. “All you need for this is a receipt.”  Of course, the “this” that he referred to is a scam to acquir ..read more

In any account creation journey, the initial login process is a critical step for both the customer and the service provider. As the gateway to personal and financial data, it’s also the most popular entry target for cybercriminals, used in 49% of security breaches.  Although multi-factor authentication (MFA) reduces breaches and account takeover (ATO), customers get frustrated by extra layers of security like one-time passcodes (OTPs), and its effectiveness is challenged by sophisticated and effective hacking techniques. To address complexities and UX issues, companies piece together va ..read more

Account takeover (ATO) fraud increased 354% in 2023, a harsh reality that’s motivating companies to fortify their defenses. But to prevent fraud losses, many organizations resort to blunt security measures, like asking customers to authenticate again and again. In many cases, consumers must log in with multi-factor authentication (MFA) and later re-authenticate if they want to use a new device, call support, change account details, recover their account, perform large transactions or do anything that poses risk.  The problem with this approach is twofold: 1) it leaves security gaps — a v ..read more

In an era where fraudsters continually refine their tactics, businesses face an uphill battle in distinguishing between legitimate and fraudulent user requests. To fill the gaps in detection, companies often employ a variety of fraud detection solutions. However, managing multiple solutions from disparate vendors can be costly, unwieldy and hard to scale.  And while AI-based fraud detection enables better protection against emerging threats, not all AI-based anti-fraud solutions are built alike. This blog post will explain the benefits and challenges of AI-based anti-fraud detection and ..read more

Authorities in Asia are sounding the alarm in response to a 65.5% spike in scam cases in Singapore in the first half of 2023. Of particular concern, consumers are being lured to download malicious Android apps designed to steal user credentials and skim personal data, leading to account takeovers (ATO) and fraudulent transactions.  The increase in malicious mobile apps is not unique to Asia, however. Remote access trojans (RATs) and banking trojans are a growing problem around the globe. In 2022, security researchers discovered nearly 200,000 new mobile banking trojans — a two-fold incre ..read more

As the holiday season approaches, retailers gear up for the busiest shopping period of the year. According to OnlineDasher, global online holiday spending in 2023 is expected to go up by 4.5% from 2022, reaching a total of around $1.2 trillion. Not surprisingly, AI technology is set to be a significant driver, contributing to an estimated $194 billion in online holiday sales. However, this flurry of festive activity also prompts a surge in scams, targeting both consumers and retailers. Just earlier this month, Bricklink, a Lego marketplace that allows users to trade Legos, announced it had ex ..read more

In complex decision-making, a one-size-fits-all approach is rarely effective. And nowhere is this more evident than in the realm of digital security. Applications and users are unique and threat patterns are constantly evolving, requiring a keen understanding of why and how behavior varies across requests in order to determine how to handle each one.  While it’s becoming clear that a dynamic approach to security is needed to detect fraud in this changing landscape, API security solutions often fail to consider the same identity context when assessing risk signals — despite the increasing ..read more

Criminals engage in a variety of illicit activities, such as drug sales, illegal arms trade, and human trafficking, often reaping substantial profits. However, to capitalize on these gains, they need to integrate their earnings into legitimate financial systems. This is where the use of money mules comes into play. Detecting and mitigating the presence of mule accounts is imperative for businesses looking to safeguard their financial ecosystem. Understanding money mules: identifying red flags Money mules serve as intermediaries for criminal organizations, facilitating their access to legitim ..read more