The financial sector might see the worst of it, but no business with an online presence is immune to the threat of malicious bots. In fact, more than one-fifth of today’s web traffic comes from malicious bots —and they’re growing in prevalence and sophistication.
Bots are automated computer programs built to complete specific online tasks, such as filling out a form. But even though they are automated, they’re getting better and better at mimicking real human behavior. Bots are instrumental in the credential stuffing attacks through which much account takeover fraud is accomplished. They’re used to test CVV codes and expiration dates to find information for exploiting stolen credit card numbers. And they’re creeping across the Dark Web, looking for stolen credentials they can re-use or financial data they can exploit.
How can you build robust defenses against these slippery and nefarious attacks? How can your business help ensure that its would-be customers are honest, upright and perhaps most important of all, human?
It all comes down to knowing your customers more deeply.
To get the information you need a consistent, scalable way, you must find:
- the right mix of data, analytics and technologies
- apply them in ways that don’t disrupt the experiences of your real human customers
When you do so, you’ll be able to identify the Maximum Viable PersonSM. That's a customer profile based on expansive data, intelligent analytics and real-time decisioning. As a result, you'll see human-like behavior, solid address (and email address) history and normal device usage patterns, among many other attributes.
Leverage Deep Data and Advanced Analytics to Detect the Fakers
Synthetic identities might look good on paper. Criminals carefully nurture positive credit histories, periodically checking their credit rating and paying off balances promptly. A check of these applicants’ credit scores isn’t likely to be very revealing. But when you build deeper data sets into the picture, anomalies are likely to show up. What if accounts are being opened by more than a dozen people with the same address—all with unverified social security numbers? This suspicious activity could be spotted instantly by a platform that provides a collective view of activities taking place across organizations.
Or what if an elderly credit applicant for an auto loan has never held an account with a utility company and has less than a year’s credit history? The earlier in the process you can flag these kinds of suspect transactions, the fewer risks you are likely to incur. With a machine learning-based platform that can detect correlations across large data sets, you can watch for patterns of identity discrepancies, suspicious behaviors, or repeated attempts at the same fraudulent activities -- and you can do so at speed.
Fight the Bots with Advanced Authentication Processes
Another element that’s key to protecting your business is improved authentication procedures. As consumers conduct an increasing number of online financial transactions, it's never been more important to know their true identity.
Legacy single-factor strategies like passwords are no longer adequate for today’s threats. Alternatively, dynamic multi-factor authentication (MFA) asks customers a spontaneously generated question based on extensive data sets (e.g., What color Ford did you drive when you lived in Oregon in 2004?). Or use risk- or context-based authentication procedures to waterfall the most relevant and effective authentication method for any particular transaction. For example, you can use passive device recognition measures for low-risk situations or one-time passcode matching or document verification for more complex situations.
Monitor ‘Em to Protect ‘Em
We all know the true damage is done after all the credential-stuffing and password-cracking is complete. Criminals will attempt to log in and get to work on the serious business of cleaning out the account. But post-authentication monitoring can stop their dirty deeds.
With an advanced analytic platform, you can detect anomalies in things like:
- dollar amounts
- locations or entities receiving transfers
- frequency of activity
If detected, the platform can issue alerts. In high risk situations, you can request the user re-authenticate with a stepped-up method like facial recognition of a “selfie” or digital documentation verification. Real customers initiating legitimate activities will likely appreciate these requests and feel more protected.
Taken together, deeper customer profile data, advanced analytic platforms, improved authentication processes, and post-authentication monitoring procedures can give you an advantage in the war against automated crime. With these defenses in place, you can feel more secure in the knowledge that your best customer is, in fact, carbon-based.
Learn more about how combining deep data with advanced analytics can help you design better identity verification and authentication procedures. Download our Discover Your Maximum Viable Person eBook.
Distil Networks, "2019 Bad Bot Report" https://www.imperva.com/resources/resource-library/reports/bad-bot-report-2019-the-bot-arms-race-continues-report-ty?lang=EN&asset_id=2447