User growth is typically a key indicator for any digital project, marketing, and key for a company’s overall financial growth and sustainability. However, not all user registrations on a site are created equal. Some might come with evil intentions, putting other users, the underlying system infrastructure, and last but not least your brand’s reputation and business at risk.
Spam, phishing attacks, promo and bonus program abuse: a company’s brand value can be severely damaged when fraudsters succeed in creating fraudulent accounts on your brand’s digital properties. Fraudulent accounts might be created using identities that are fake and have been generated with malicious intent in the first place. But also stolen identities, say from a data breach or hacked social media accounts, can and are being used to infiltrate other sites.
In 2016, the Identity Theft Resource Center logged more than 1,000 breaches in the US alone, a 40% increase over the previous year, exposing everything from social security numbers to user account log-in names, phone numbers and passwords for literally billions of accounts.
Attacks using stolen or fake identities can often be automated and launched with relatively low effort and on a large scale. A study by the Ponemon Institute found that companies estimated they have an average of approximately 19 million registered users in their database and an average 10 percent are not authentic.
Apart from the threat these fraudulent accounts impose on your end customers and IT systems, they have another negative side effect: they add dead weight to your customer data. This in return negatively impacts the efficiency of your marketing automation and BI stack, distorts data-driven campaigns, and drives up customer acquisition costs (CAC). These accounts don’t represent real prospects or consumers. While they might be active accounts, their behavior is not that of a real consumer, and any behavioral data they deliver back to your systems—be it email opening rates, asset downloads, or signups for loyalty programs—is tainting the statistics you use for your KPIs.
Why is it so hard to keep the fraudsters out? Fraudulent accounts technically don’t differ from those of bona fide users. Often even their actions are legitimate from a technical, software point of view. A digital property might allow its users to send each other messages, and technically a phishing or spam message might technically not be any different from a legitimate message: on the software level, both are electronic documents that contain characters, hyperlinks and maybe images. That makes it very difficult to distinguish them on the software system level.
What differentiates fraudulent accounts from legitimate ones is typically their behavior over a longer period of time.
This is where Janrain Fraud Score, an add-on to Janrain Identity Cloud, comes in. At the time a user registers an account using a certain identity, Janrain will deliver a reputation score number for that identity in real-time, which can be used by your application’s business logic to decide how to handle this account.
This score is based on past behavior and takes phone number intelligence, AI-based traffic pattern analysis, and data from global information services into account. A higher score indicates a higher threat level, and means that fraudulent behavior has been observed from this identity in the past.
This score allows Janrain clients to make policy decisions about how to treat such identities during account registration, sign-in, or completion of high-value transactions.
Scores can be obtained at the time of registration, log-in, or at any later stage; for example when a purchase is being triggered after registration. Accounts can then be blocked from access, partial restrictions might be applied, or additional authentication and identification might be requested.
Janrain Fraud Score is triggered at registration (or any time after an account is active) and delivers the risk score in real-time. This happens in the background and without compromising the ease of use and convenience your customers expect on your digital properties.
No matter what digital experiences you provide, Janrain Fraud Score is available for traditional web sites and applications as well as for mobile devices and Internet of Things (IoT) devices.
If you would like to learn more about how you can protect your users from fraud, we are here to help. Contact us for more information about the Janrain Fraud Score.