F5 has announced multiple security offerings to bridge security and fraud team operations that help customers block automated and human-driven malicious activity, shield valuable user details, and stop fraud. New solutions extend F5’s Shape Security portfolio of SaaS and managed services to protect customers, applications, and APIs against account takeover (ATO) while delivering better digital experiences at every touchpoint.
Today, any organisation issuing or accepting digital payments is an ATO target. Once an account is compromised, a fraudster may drain funds, purchase goods or services, or access payment information to use on other sites—alienating customers and eroding revenue. ATO often starts with credential stuffing, where previously compromised user credentials (such as username/password pairs) and personally identifiable information (PII) are continuously tried in an automated fashion until achieving a successful login. Another common way cybercriminals pursue ATO is through client-side attacks which take ownership of legitimate websites by installing digital skimming tools to steal login credentials, payment card details, and other PII.
F5’s complementary solutions now offer the industry’s most comprehensive account takeover protection on a single platform. Leading security and fraud prevention techniques eliminate automated and human attacks across numerous threat vectors. Organisations can better defend against bots targeting their web properties and those of third-party providers with Aggregator Management, recognize legitimate users throughout the customer journey with Authentication Intelligence, and rapidly gain insight into client-side digital skimming attacks with Client-Side Defense. Coupled with the rapid removal of post-login fraud via Account Protection, F5 Shape provides an end-to-end approach that assesses intent, streamlines digital experiences, and halts ATO attempts otherwise leading to fraud, lost revenue, and reduced customer loyalty.
Organisations routinely face a combination of sophisticated manual and bot-driven attacks that are constantly retooled to deploy new evasive ATO techniques. As an example, cybercriminals will often use multiple methods, pivoting from bots to targeted manual fraud that may leverage human-staffed “click farms” trained to bypass anti-automation solutions. Security and fraud teams typically deploy an arsenal of siloed tools in response, adding operational complexity and partial remedies consumers find frustrating (such as MFA). To overcome evolving tactics, F5 Shape elegantly combines application security, bot management, and fraud prevention with human experts and real-time machine learning analysis of network, behavioral, and malicious activity to protect the entire user experience. Beyond just an organization’s applications, Aggregator Management can also detect anomalies and limit access privileges tied to the exponential growth of APIs for FinTech use cases such as open banking.
Loyal customers who frequently visit a website using the same set of devices to buy their favorite products or pay their bills are typically subject to the same login and authentication steps as new customers. This includes time-wasting steps in selecting images such as stoplights or crosswalks in a series of CAPTCHA challenges (which sophisticated bots can overcome anyway). With F5 Shape’s Authentication Intelligence, organizations can now dramatically simplify return visits for trusted customers by eliminating unnecessary checkpoints, maximizing customer engagement while minimizing abandoned carts and similar dead ends. Enhancing overall protections against criminals and bots attempting ATO, F5 Shape’s real-time verification blocks malicious requests and automated attacks without disrupting login, checkout, or session extensions, further prioritizing the user experience.
Security and fraud protection have become increasingly intertwined in the current threat landscape. At the same time, industries are continuously extending their services with applications, APIs, and tools touching multiple organizations (such as a retail site that connects to supply chain monitoring or financial account information). This creates a scenario where valuable details can be compromised by a third party or even a web browser, resulting in a much larger attack surface for threats such as ATO. Like credit card skimming in the physical world, cybercriminals have developed attacks to take ownership of legitimate websites and install digital skimming to steal credit card numbers, social security numbers, names, addresses, and other PII. With advanced solutions like Client-Side Defense, organizations can confidently offer users richer app experiences without giving up essential protections and visibility.
“F5 Shape comprehensively mitigates the impact of nefarious human and automated traffic to stop account takeover and any number of derivative threats,” said Saurabh Bajaj, VP of Product Management, F5 Shape.
“Offering solutions on a single platform encourages collaboration while freeing up fraud and SecOps teams to focus on other priorities and apply insights to improve performance. With the ability to proactively surface anomalies and suspicious account behavior, F5 eliminates cybercrime in a variety of ways at each stage of the customer’s digital journey, providing the industry with a true end-to-end security, authentication, and fraud solution.”
Discussion about this post