Account Security

Balancing Abobe’s Account Security with Seamless User Experience Begins with Transparent Detection Provided by Arkose Labs

August 23, 20226 min Read

Arkose Labs shares more than 70 data attributes, which not only makes risk decisioning transparent but also helps create a more trustworthy and explainable risk score. With actionable risk intelligence and additional context businesses can apply optimum friction selectively to improve catch rates. Is your vendor providing you with the right intel?

Access to a digital service requires consumers to either sign-up or sign-in to their existing digital accounts. With more and more consumers taking the digital route, bad actors are following suit and trying to exploit these touchpoints. As a result, almost all digital businesses are facing challenges at sign-up and sign-in flows.

To acquire new customers, several businesses offer incentives such as sign-up bonus, free server space, limited period access to premium services, and so forth, which are equally attractive to attackers. These bad actors create numerous fake accounts not only to amass the bonuses but also to abuse other users and spoil the overall digital experience.

Similarly, attackers resort to account takeover attacks to gain unauthorized access to genuine user accounts. User accounts that have been in existence for long or have valuable assets are especially lucrative as they are less likely to raise suspicion and hold greater monetization potential.

Here's a snippet of the Customer Interview Arkose recently did with Adobe:

Listen to the full Customer Interview with Adobe here.

Identify risky users to protect sign-up and sign-in flows

Every business wants to offer a great sign-up and sign-in experience to their consumers. However, not all users are genuine. Therefore, businesses need to protect the sign-up and sign-in touch points with adequate security measures. While protecting the sign-up flow is about stopping bad actors from getting into the system, sign-in security is about keeping an individual account safe. To be able to protect these entry points, businesses must be able to identify risky users – bots and malicious humans – from legitimate consumers.

Although businesses are making significant investments to secure their websites from bad actors, the scourge of new account fraud and account takeover attacks is on an upswing. Our research reveals that during the first quarter of this year, one in every four new accounts was fake and 4% of all sign-in attempts were credential stuffing attacks.

Outdated solutions defeat attack prevention efforts

Balancing account security with seamless user experience is a tight-rope walk for digital businesses. Part of the problem is that many businesses are still stuck with outdated CAPTCHA challenges, which end up allowing bad actors in and frustrating good users by introducing unnecessary friction. While attackers continue to sharpen their attack techniques by leveraging the latest technologies, CAPTCHA continues to languish in its outdated technology.

In a threat landscape where bad actors can train computer models to automatically solve CAPTCHA challenges or outsource the activity to human click-farms, it requires enormous efforts to evaluate if the incoming user is indeed who they claim to be and then enforcing optimal friction to stop bad actors without disrupting genuine users.

Arkose Labs helped Adobe reduce new account fraud by 90%

There are several vendors on the market offering security solutions. However, many vendors still follow the black-box approach to risk scoring, which severely limits their abilities to evaluate the traffic in the gray zone – where signals from both attackers and users are unclear. What sets Arkose Labs apart is our ability to offer tailor-made solutions that enable businesses to tackle the specific and unique problems they are facing. For instance, Adobe, a global business that needs no introduction, was facing a deluge of new account fraud for its value-added services. Using Arkose Labs’ solution, Adobe was able to tell bots and malicious humans from legitimate users with great accuracy. Our proprietary puzzles enabled the company to evaluate even those borderline cases where it was not sure from a risk perspective whether the user was good or bad.

The data speaks for itself. There was a 90% reduction in fraudulent account signups. Further, compared to the solution used earlier, Adobe registered a significant drop of 80% in the number of users who encountered any friction at all. With the prior approach, about 10% of the company’s users had to solve a CAPTCHA puzzle, which dropped to about 2% with Arkose Labs’ solution. The remaining 98% were able to sail through the sign-up flow with no friction at all and having a delightful experience creating an account. Another significant success factor was that not a single genuine user complained of the puzzle being too difficult to solve!

Arkose Labs helped Adobe bar malicious users from creating an account to get in the front door, while maintaining a delightful digital experience for genuine users.

Transparent detection is key to attack deterrence

Arkose Labs is on a mission to create an online environment where all consumers are protected from malicious activity. We are continuously pushing the envelope to deliver world-class protection to our customers. We help them face the growing challenge of industrialized attacks attacks with a robust set of bot detection technologies and unique capabilities in terms of our proprietary enforcement challenges. For instance, our challenges are accessible to a wide range of consumers with varied levels of abilities. We introduced the industry-first $1M credential stuffing warranty and have introduced the industry-first $1M credential stuffing warranty.

Transparency is at the core of our smart detection engine, which helps shape risk decisioning. We share more than 70 data attributes which help contextualize all the decision-making. This actionable risk intelligence and additional context enables businesses to be selective and apply optimum friction just when it is needed. Further, since the data Arkose Labs shares with its customers is from runtime sessions, it eliminates the need to aggregate data from disparate sources, which not only simplifies the whole process but also saves money.

Our managed services model ensures that our partners get the full protection and are able to stand up to evolving threats. Using multi-faceted machine learning and 24/7 analysis from our Security Operations Center (SOC) to classify risks in real-time, we help decimate large-scale, persistent attacks, while alleviating the burden on internal app security teams who can focus on core business activities.

Get the maximum value from your vendor

For a business to extract maximum values from its vendor services, it is essential to figure out what data the vendor shares, how this data should be used to inform decision-making, and improve user experience. There should be a mechanism where the results can be fed back to help refine and enhance the detection process.

With a continuous feedback loop between its risk engine and challenge-response authentication mechanism, Arkose Labs offers a smart fraud prevention solution that provides the level of protection businesses need to face evolving threats with confidence.

To see how Arkose Labs helped Adobe improve user sign-up experience while enhancing account protection, listen to this interview now.