Arkose Product

Pick-a-Tile: A Shot in the Arm to Challenge-Response Authentication

September 16, 20205 min Read

The evolution of automated attacks and advancements in machine vision technology have rendered most audio-visual and challenge-response authentication methods redundant. At Arkose Labs, we have strengthened our globally trusted challenge-response mechanism with the introduction of the Pick-a-Tile format. This will further augment our capability to protect global businesses from evolving fraud tactics while keeping customer interests at the forefront

Malicious automated attacks are believed to constitute almost a quarter of the web traffic. They continue to build their presence in the digital world and are evolving to mimic human behavior with a fairly high degree of accuracy. Combine this with easy availability of cheap, human sweatshops and you have vast amounts of malicious web traffic to abuse businesses.

Fraudsters are maneuvering their resources to attack the target businesses strategically. Depending on the defense posture of the target business, fraudsters tailor their attacks and use the resources—automation, sweatshops, and a combination of both—to maximize returns with the lowest possible investments. Further, the current fraud landscape—with easy access to commoditized tools, criminal toolkits, and crime-as-a-service—supplies a lucrative vocation for 'aspiring' fraudsters. As a result, digital businesses have become vulnerable to incessant fraud attempts and online abuse of their “crown jewel” assets like never before.

Legacy solutions promote the cat-and-mouse game

To protect their digital assets and consumers from online abuse, businesses are using myriad solutions including challenge-response authentication methods such as CAPTCHAs. However, these disparate solutions have led to complex tech stacks, which impede effective and real-time decisioning, thereby hampering their fraud prevention efforts.


Recommended Blog: How Machines Are Set to Conquer Legacy CAPTCHAs


Further, fraudsters have studied the defense mechanisms of the businesses and are using this knowledge to exploit the loopholes and gain unauthorized access into the business ecosystems. Not only are businesses continuing to bear fraud losses as a cost of doing business, but they are also engaged in a constant cat-and-mouse game with the fraudsters due to the legacy fraud approaches.

Tailor-made 3D enforcement challenge verification

Arkose Labs follows a zero tolerance to fraud approach, which empowers businesses to eliminate fraud losses, preserve user trust, and fight evolving fraud tactics with confidence. At the core of this fight against fraud are our globally-trusted, custom enforcement challenges that are rendered in real-time, according to the risk profile of the user. These challenges become progressively complex with the risk profile of a user.

Challenge-Response Authentication

We have an arsenal of tailor-made 3D enforcement challenges—of varying degrees of complexity—that helps us protect businesses from even the most advanced and persistent fraudsters.

Pick-a-Tile format for greater compatibility, accessibility, and security

To further strengthen our armory of challenge-response authentication mechanisms, we have designed a new format of enforcement challenges, called Pick-a-Tile. This WCAG-certified format allows us to develop enforcement challenges that are compatible with a wider range of devices and allow for better accessibility for motor-impaired users. The game types under this format use a grid of six image tiles of which a user must select the correct answer for the given instructions. The challenges in this game format use sharp, cute images that are pleasing to the human eye and free from the ambiguous interpretations that complicate photograph-based challenges. This is a deliberate effort on our part to ensure good users continue to enjoy a frictionless user experience with greater speed and fluidity.

Challenge-Response Authentication

The new challenges under the Pick-a-Tile format are fairly simple for authentic human users to solve. However, when automated solvers using off-the-shelf image recognition software attempt to solve these challenges at scale, they fail. This is because, let alone identifying the correct answer, these automated solvers cannot even correctly identify the images. 

When malicious humans try to solve these challenges, they are issued challenges deliberately designed to take a long time to solve. As a result, they end up wasting time, lose profit, get frustrated, and eventually move on to easier targets not protected by Arkose Labs.


Recommended Blog: Are You Still Allowing Bots to Bypass CAPTCHA?


Keep fraudsters off-base with rapid changes to the challenges

The Pick-a-Tile format enables us to sharpen our enforcement challenge verification by rapidly developing and changing many kinds of puzzles. To explain it in simple terms, our systems change to a different puzzle quickly in the rare event when a fraudster appears to successfully automate solving a puzzle. This quick switch-over allows us to keep the attackers off-base, as they realize they can't possibly automate an incoming flood of challenges without significantly increasing their investments.

That said, we make puzzles that are tremendously hard for the attackers to automate. They are tested against the most sophisticated machine vision technology, then modified to become resilient against the automated solvers.

The latest addition of the Pick-a-Tile format for enforcement challenges is a shot in the arm to the Arkose Labs Platform as it empowers businesses to fight advanced persistent threats with greater confidence and alacrity while keeping the interests of authentic customers at the forefront. To learn more about the Pick-a-Tile format, please contact us here.