Global Bank Shores Up Customer Data, Stops ATO Attacks

Overview

A major global bank, serving millions of customers worldwide and boasting over $1 trillion in total assets, plays a vital role in driving the global economy. With tens of billions of digital interactions annually, they operate in a competitive landscape where fintechs and traditional rivals invest heavily in online services. They also face challenges battling sophisticated cyberattacks such as account takeover (ATO) and new account fraud. Working with Arkose Labs, they were able to ensure a digital experience that is seamless for customers, is safe and secure, and complies with federal banking requirements aimed at protecting customer data.

The Business Problem

The bank faced significant and persistent threats from cybercriminals, particularly those targeting user accounts through account takeover attacks and those creating fake accounts to conduct loan application fraud. These attacks, often driven by sophisticated bot networks, posed a considerable risk to the bank’s operations and customer trust. Despite relying on traditional methods like text-based CAPTCHAs for authentication, the bank’s legacy solution proved ineffective in deterring these automated attacks, exacerbating the problem and causing customer friction.

With fraudsters leveraging stolen credentials and personal information from the dark web to launch large-scale credential stuffing attacks and create fake identities for new account fraud, the bank recognized the need for a robust, user-centric automated bot detection and mitigation solution. It was imperative to implement measures that could effectively combat these advanced threats, ensure an intuitive digital experience for legitimate users, and meet banking privacy and security regulations.

The Arkose Labs Solution

Arkose Labs provides businesses with lasting automated bot prevention and account security by undermining the financial incentive behind cybercrime, thus dissuading bad actors from launching attacks in the first place. The Arkose Bot Manager platform combines real-time intelligence, rich analytics, and advanced machine learning algorithms to accurately identify and mitigate bot-driven threats in real-time, all backed by the 24/7/365 Arkose Cyber Threat Intelligence Research (ACTIR) unit and Security Operations Center (SOC) monitoring and threat management service.

Rather than outright blocking traffic and negatively impacting the customer experience, the Arkose Labs approach is to use precision targeting, which is reserved purely for high-risk traffic and allows the vast majority of good users to pass through unchallenged. When suspicious sessions are detected, custom enforcement Arkose MatchKey challenges are context-based challenges that thwart both automated and human-driven account takeover attempts. These step-up challenges progressively diminish the profitability of attacks while adapting to evolving attack patterns.

In addition, Arkose Labs puts a strong emphasis on compliance and is at the forefront of the cybersecurity sector, demonstrating a proven compliance track record with heavily regulated companies. Arkose Labs has extensive certifications in Information Security, Cybersecurity, and Privacy Management, with an emphasis on Personally Identifiable Information (PII) on public cloud platforms. Having earned and maintained ISO/IEC 27001, ISO/IEC 27002 and, ISO/IEC 27018 extensions, and ISO/IEC 27701, Type II SOC 1 & ISAE 3402, Type II SOC 2, Arkose Labs is able to provide the certifications necessary for compliance with today’s federal banking requirements aimed at protecting customer data.