Bot Protection

Preventing Account Takeover Attacks with PerimeterX and Okta

by
Preventing ATO

Digital Business and Customer Identity

Businesses everywhere are striving to create a better omnichannel experience for their customers. Central to this is personalization and customer identity — knowing your customers both online and offline. While in the offline world there are means of physical identity verification, in the online world this can get a little more complicated. Biometric ID systems like FaceID are gaining ground, but online identity is still largely driven by username and password combinations.That makes it difficult to truly verify that the person on the other end is really who they claim to be. And cybercriminals take advantage of this to launch account takeover (ATO) attacks and commit fraud. If your business has a login page on the Internet, you’re a target. So how do you stay ahead of these threats?

Customer Identity and Access Management (CIAM) platforms such as Okta simplify identity management for online businesses by providing a rich set of capabilities such as adaptive multi-factor authentication, user management and lifecycle management. Application developers benefit by offloading the task of managing customer identity to a purpose-built platform that incorporates the latest advances and best practices. This helps reduce user friction, cultivate trust and scale apps seamlessly. Adoption of CIAM platforms is on the rise and Okta further cemented its leadership in this space with the acquisition of Auth0. All of this ensures true best-of-breed options for web application owners.

15 Billion Stolen Credentials

Although technology continues to evolve, consumer behavior has not changed much over the years. People reuse passwords across sites, and despite the spread of cybersecurity awareness, the top 10 passwords list hasn’t changed much in the past five years. In 2020 the most common password was still “123456.” In addition, it is estimated that there are about 15 billion stolen credentials available for sale on the dark web, a 300% increase from 2018. It is no surprise that credential stuffing and account takeover attacks are up 72% year over year.

These automated attacks are carried out by the large number of botnets out there that quickly roll through a set of compromised credentials until they find a combination that works. Once granted access to an account, bots can successfully take it over by changing passwords, disabling additional security features and then carrying out fraudulent transactions. Another common problem with bots is fake account creation. Once created, the account is used to impersonate people online in order to perform fraudulent transactions. This not only drives up the cost of doing business online but also exposes your business to compliance penalties and erodes customer trust.

I Am Not A Robot

As the web application owner, you need to strike the right balance between a smooth, frictionless user experience and ensuring the security of your user accounts. It is unthinkable for an e-commerce retailer, for example, to force their customers to use 2-factor authentication. They will turn away and shop with a competitor. Other techniques like CAPTCHAs introduce friction and lead to cart abandonment. At the same time, CAPTCHA-solving bots get better and faster at solving these than your customers. Solutions like reCAPTCHA have done an excellent job of democratizing access to this technology but they are not a complete solution either.

Instead of making your customers jump through hoops to prove they are human, behavior-based bot management solutions like PerimeterX Bot Defender shift the burden of proof onto the software. By combining intelligent fingerprinting, behavioral signals and predictive analysis, Bot Defender detects bots with over 99.99% accuracy without impacting application performance or degrading user experience. This detection can not only stop bots from attacking your applications, but also benefit the entire app ecosystem by enriching site visitor data, empowering you to make better data-driven decisions for your apps and your business.

Fight Fraud with Bot Management + CIAM

Bot management is a powerful complement to CIAM solutions. By enriching visitor data with risk information assessed both before and after login, CIAM solutions can make better policy decisions for the application and help maintain your security posture. We are excited about Okta’s Risk Ecosystem API announcement at Oktane 21 and happy to be an early integration partner. Bot Defender now integrates with the Okta Risk Ecosystem API to help stop automated attacks on websites. With this integration, Okta can consume rich risk data in realtime from Bot Defender and prevent credential stuffing and account takeover attacks.

This integration gives our customers multiple deployment options when integrating bot management with Okta Customer Identity solutions. By combining best-of-breed CIAM and bot management solutions, businesses can stop automated bot attacks without impacting customer experience, enforce enhanced security policies and reduce fraud.

To learn more about this integration and the recent announcement, stop by and see us at Oktane 21, or contact us for a demo.

PerimeterX is Named as a Leader in Bot Manangement by Forrester

Download Report
© PerimeterX, Inc. All rights reserved.