US-based fraud prevention company Arkose Labs has launched a new suite of CAPTCHA challenges to improve the customer experience while protecting against fraud.
As fraudsters have increasingly creative ways for carrying out illicit activities, CISOs have a need for a set of solutions that is diverse to be able to detect and stop them. Having this knowledge at its basis, Arkose Labs developed the CAPTCHA challenges suite – Arkose MatchKey, as CAPTCHAs continue to prove their effectiveness, particularly when combined with an in-depth defence approach of the likes of Arkose Detect.
Arkose Labs representatives have stated in the company’s press release that traditional CAPTCHAs are frustrating for consumers and fraudsters have found ways for getting around them. Furthermore, the attacks are being scaled to take advantage of fluctuating economic conditions, resulting in a considerable increase when it comes to account takeovers, credential stuffing, and fake account registrations. Due to this this, there is a high marketplace demand for a new approach to CAPTCHAs, something that Arkose Labs is looking to tackle by having launched their solution.
The Arkose MatchKey challenges are quick and easy for good users, however they are designed to present thousands of variations to adversaries, thus increasing the time, effort, and expense to be invested when solving them as, when the ROI is negligible, fraudsters move onto targets that are less protected.
Cybersecurity, traditional CAPTCHAs and further Arkose MatchKey capabilities
- Traditional CAPTCHAs are built to have the same level of friction presented to all site visitors, irrespective of whether they are a malicious bot, human fraud farm, or a good user;
- When it comes to defeating traditional CAPTCHAs, attackers are highly proficient, making use of off-the-shelf ML techniques that are easily trained on CAPTCHAS’ generic photos and images;
- In the traditional CAPTCHAs, accessibility, cross platform, and device responsiveness, as well as usability are merely thought of, thus making them harder to be universally implemented across all regions and channels.
Arkose MatchKey was designed as an intuitive challenge-response solution that blocks attackers from accessing network systems by having strategic friction applied based on challenges that appear through constant repetition. Unlike traditional CAPTCHAs, Arkose MatchKey helps optimise the user experience through means of a gamifies user interaction model that requires the matching of a key image to the correct answer based on supplied instructions. The Arkose MatchKey challenges can be translated into 109 languages, with enterprises having a guaranteed universal solution that is sensitive to cultural differences.
Furthermore, the challenges are WCAG 2.1 compliant, which makes them fully customisable to support all accessibility-related standards and are also designed to align with the brand guidelines of enterprises. In addition, it helps strengthen companies’ defence against attackers, as machine learning algorithms are reliant on data and images that must be hand-labelled by adversaries. Arkose MatchKey’s strongest challenges can result in a half-million individual images that would need to be hand-labelled by an attacker, which takes over 25,000 human hours, as per the press release.
Company officials have advised that a multitude of bot management solutions can tune only the detection rules. In comparison, the Arkose Labs automated systems in addition to their 24/7/365 SOC and threat research teams continuously tune the configuration and images of Arkose MatchKey challenges in addition to the detection rule tuning, looking to eliminate attackers in their entirety.