New Solution Addresses the “Post-Login Wasteland;” Fills Gap in Web App Fraud Protection Market by Detecting and Preventing Account Takeover and Fake Account Creation
SAN MATEO, Calif., June 23, 2022 — PerimeterX, the leading provider of solutions that detect and stop the abuse of identity and account information on the web, today announced the release of PerimeterX Account Defender. Available immediately, Account Defender is a cloud-native online fraud detection solution that detects and prevents cybercriminals from taking over existing customer accounts, creating new accounts using fake identities and abusing existing accounts. The solution benefits any organization that seeks to protect their customers’ accounts and identities from fraudulent use on their websites and web apps.
Traditional online security, validation and fraud detection efforts have been focused at two points: login and transaction completion such as transferring money, cashing out credits, accessing gated or subscription content, or checking out. Once a user logs in, their activity is usually unchecked until they transact. This gives a criminal user with valid credentials free rein to take fraudulent actions, including transferring funds, emptying accounts of stored credits or loyalty points, downloading and reselling content, and changing passwords or addresses and disabling multi-factor authentication (MFA).
“By failing to proactively address these threats and only focusing on flagging transaction fraud, businesses are always one step behind.” explains Ido Safruti, Co-founder and CTO of PerimeterX. “Without behavioral signal monitoring to evaluate fraudulent actions post-login, businesses are not able to answer two questions: ‘Are you who you say you are?’ and ‘Are you doing what you should be doing?’ This presents a gap in web application fraud protection — what PerimeterX calls the ‘post-login wasteland.’”
Account Defender addresses this market gap by continuously evaluating users’ post-login activity. Using behavioral analysis, the solution monitors users throughout their journey to generate an evolving risk score based on profile, statistical comparisons and new behavior. Account Defender identifies new account abuse and accounts that have been taken over, and enforces security policies that stop malicious activity. Unlike other card fraud or login-only solutions, Account Defender moves beyond “authorize or decline” controls to enable interventions that work with an organization’s business flow. This improves customer lifetime value by giving your customers confidence that their identity and account information is kept safe on your site.
According to the 2022 Data Breach Investigations Report (DBIR) by Verizon, “[An] attacker ecosystem exists both before and after the breach, and it plays into and feeds off of the incident.” Account Defender is a crucial component in addressing the web attack lifecycle, which describes the integrated and cyclical nature of cybercrime involving the theft, validation and fraudulent use of identity and account information. One kind of attack fuels another, hitting consumers everywhere along their digital journey. For example, a data breach on Site A gives attackers access to the passwords used in a credential stuffing attack on Site B, which in turn, drives ATO and account abuse. This was the sequence of events experienced in a recent high-profile attack on General Motors, who believes that compromised credentials used in the attack came from other sites, but were successfully used on their site to fraudulently redeem reward points.
By securing post-login activities, Account Defender helps businesses decrease online fraud, avoid financial losses from ATO and fake account creation, and reduce operational costs for IT and IAM tools. Account Defender reduces customer complaints and support calls by decreasing fraud on your website and web app, and decreases transaction clearing fees by ensuring criminals are stopped before they take a fraudulent action. Early customers of Account Defender have already had success preventing ATO attacks and theft of stored account credits.
“Other solutions surround this problem but do not solve it,” adds Safruti. “Businesses are adding friction to existing controls such as MFA, know your customer (KYC) and identity and access management (IAM) login solutions, but are not actually stopping ATO or fake account creation. Flagging suspicious logins is no longer enough to stop account abuse. Account Defender stands apart by moving beyond the usual authentication checks to flag suspicious post-login behavior and provide relevant mitigation.”
PerimeterX is the leading provider of solutions that detect and stop the abuse of identity and account information on the web. Its cloud-native solutions detect risks to your web applications and proactively manage them, freeing you to focus on growth and innovation. The world’s largest and most reputable websites and mobile applications count on PerimeterX to safeguard their consumers’ digital experience while disrupting the lifecycle of web attacks. PerimeterX is headquartered in San Mateo, California, and at www.perimeterx.com.