A major travel booking platform
The client is one of the world’s largest online platforms for booking travel accommodations. The company connects travelers with hotels, B&B’s, and other lodging options in more than 80 countries around the world. As one of the largest travel platforms in the world, it sees a high amount of digital traffic on a daily basis.
The platform is highly popular due to its great customer experience. One aspect of that is a robust loyalty points reward program. Consumers flock to the site to book travel and lodging in order to take advantage of rewards programs.
This also, however, caught the eye of fraudsters. The platform was dealing with a large amount of account takeover attacks, as fraudsters used bots to commit credential stuffing at scale in order to compromise user accounts. Once they got in, they would look to steal any accrued loyalty points that the user had attained. They can then use these points to buy hotel rooms, airfare, car rentals, and cruises for personal use, but more often they do it to then resell on a third-party platform.
In the highly competitive travel space, loyalty point programs are a key differentiator for businesses. Consumers often choose which platform they will do businesses with based on the strengths of the loyalty and rewards programs. If these programs are compromised, it inhibits the business’s ability to attract and retain new customers.
These attacks were also severely hindering the experience for good users and resulting in a high amount of complaints being made to call centers, and well as damage to their brand reputation.
The company sought Arkose Labs after its previous fraud prevention vendor failed to effectively stop these attacks. The Arkose Labs platform was deployed on all login flows to monitor traffic and stop malicious actors
Arkose Labs monitors all traffic for known signals of abuse, using behavioral fingerprints, velocity, and rate monitoring, and a proprietary user IP database. The solution embeds an Arkose Labs token into the web application or mobile SDK, and each request dynamically verifies that the token has passed from the client to the server.
Known malicious bot traffic is served with a dynamic enforcement challenge; these are 3D visual puzzles generated in real-time. They are designed against the grain of machine vision technology, meaning they cannot be solved by bots. The platform can also detect and stop organized human fraud attacks.
A 24/7 SOC is also on hand to work with each customer and respond to a spike in attacks if needed.
After using the Arkose Labs platform, the company saw nearly all of the ATO attacks stopped almost immediately. Furthermore, this was done with no impact on good user sign-in flow, and the customer experience was drastically improved. Calls to contact centers were also drastically reduced, leading to operational efficiencies
The Arkose Labs solution collects and analyzes digital intelligence, including data from the originating devices, networks, and locations to gain insights into user intent.
Once combined with behavioral analytics, these insights help determine the underlying intent of the user, and the associated risk level is ascribed.
Suspicious traffic is presented with step-up enforcement challenges. These are 3D images presented in real-time and are designed specifically to foil machine vision technology. The challenges are continually being updated and new ones are regularly created.
Good users are never blocked, which eliminates the false positives that hinder customer experience and drain revenue.
Arkose Lab technology achieves unparalleled accuracy without compromising data protection compliance.
New customers will see results within days, not weeks or months
Meet with a fraud and account security expert