By Tim Gasper | Posted on December 05, 2017
Not every user account is as it seems. The person sitting behind the screen may not be who they claim to be, and their intentions may not be entirely innocuous. User fraud is a much bigger problem than someone simply using another person's account. There are far-reaching ramifications, and blowback could fall upon the compromised brand.
As customer identity has grown complex in the digital age, protecting accounts and combating user fraud has become more difficult. Here’s an overview of how a customer identity and access management solution can be used to keep a watchful eye over your user environment and help prevent potential fraudulent activity and maintain brand standing in the eyes of consumers.
User fraud can be incredibly damaging, compromising the integrity of identity management systems and putting legitimate customers at risk. Bad actors may steal sensitive information, send spam to your customers or engage in phishing attacks, among other malicious activity.
User fraud affects a wide variety of industries, hurting businesses across the world. The more recognition a brand enjoys, the greater the likelihood that fraudsters will target their users and customers. For instance, Amazon regularly sees an uptick in fraudulent activity during its annual Amazon Prime Day promotion. According to ZDNet, the online giant experiences a 150-percent increase in fraud attempts on this one day alone. ZDNet calculated that, when accounting for all related costs, that increase in activity could translate into a 5-percent loss of revenue, or $100 million.
The cost of user fraud can be significant if left unchecked. According to a 2015 Javelin study, fraud costs victims as much as $2.8 billion each year. The adverse effects of user fraud aren't limited to individuals, either - brands stand to lose in both financial terms and brand equity. A recent Ponemon Institute report revealed that 60 percent of the total cost of fake user activity could be attributed to reputational damage.
Needless to say, user fraud is not something to take lightly, and companies should do whatever they can to curb this behavior on their own networks, applications and other assets. Both the brand and the consumer will be better for it.
The challenge companies face is that at first glance there isn't a clear-cut way to distinguish fraudulent accounts from legitimate ones. Parsing through user behavior and identifying compromised accounts requires a deeper level of insight and a sophisticated system to judge the threat level of suspicious activity.
That's where a solution like Janrain Fraud Score comes into play. This tool can leverage statistical analysis to identify aberrant user behavior that may indicate fraud. For instance, a sudden surge in login attempts by one account may raise flags that it has been compromised. The malicious actor may be using that hacked account to work their way into other networks with the intent of stealing sensitive information or spreading malware to other users.
Janrain Fraud Score reviews past user behavior and combines that information with AI-based traffic pattern analysis and available security data to assign a threat score to each account. Depending on the severity of that outcome, the system may recommend that a user is either allowed to access the network or denied entry. For medium-level threats, the Janrain Fraud Score tool may flag the user as suspicious and alert the security team to take a closer look at their activity or be used to trigger a security question or additional verification.
Another threat Janrain Fraud Score can help address is the risk posed by hacked Internet of Things devices. The IoT is the new frontier for cybercrime, giving data thieves fresh opportunities to crack defenses and work their way into company networks. Many companies have yet to fully account for IoT endpoints and remain at risk for breach.
Look no further than last year's massive distributed denial-of-service attack that wreaked havoc and temporarily affected the functionality of one of the world's largest internet service providers. The attack was in part attributed to IP-enabled security cameras, wifi-routers, and baby monitors that maintained their factory-setting login credentials, making it easy for cybercriminals to compromise those devices and leverage them as part of a larger botnet.
Proper identity management procedures can help defend against such incidents.
As part of the broader Janrain Identity Cloud, Janrain Fraud Score covers everything from traditional websites and applications to mobile platforms and IoT devices and represents a major asset for any organization that wants to put an end to fraudulent behavior. Protect the interests of both your company and your customers in one incredible package. Feel free to contact us to find out how you can make user fraud a thing of the past.
How to tell if your identity management is ready for the new data protection regulations…
We just released the latest member of the Janrain product family: Janrain Advanced Policy Manager…
Janrain Information Security Manager, Lisa Nicholson, shares her thoughts on why CSA Level 2 and…