Aflac, the brand known for its quacking duck and supplemental health insurance, is a winner of the 2024 CSO Award for its “Quackcess Granted” passkey authentication initiative using Transmit...
Fight Fraud Across the Full Identity Lifecycle with Transmit Security and Microsoft
by Ravit Aviv
In an increasingly digital world, securing identities has never been more critical.
The 2023 Digital Defense Report by Microsoft highlights the alarming frequency and sophistication of identity attacks, underscoring the need for robust security solutions. The report reveals the following findings:
Microsoft detected and blocked over 3 million identity attacks and account takeover (ATO) attempts every day
The volume of password attacks increased more than tenfold in 2023, rising from 3 billion per month to over 30 billion, averaging 4,000 password attacks per second.
Cybercriminals rely heavily on one-time passcode (OTP) bots that mimic human behavior.
Every day they saw roughly 6,000 MFA fatigue (aka MFA bombing) attempts, in which fraudsters try to trick victims into accidentally approving sign-in requests by sending them MFA or passwordless prompts.
The number of token replay attacks has doubled in comparison to the previous year, with an average of 11 detections per 100,000 active users.
This scenario highlights the critical need for businesses to implement a layered defense with more than just strong MFA methods, passkeys and passwordless authentication. These elements are essential (in a variety of forms). But when fraudsters log in with the correct username, password and OTP, you need to be able to examine their behavior, devices and other telemetry in real time to determine if it’s truly your customer, a bad actor or a bot.
Why you need more than strong authentication
In addition to logging in with stolen credentials, fraudsters are able to bypass the login entirely. They’ve long proven capable of taking over active user sessions via cookie hijacking, for example. And now with generative AI (GenAI), they’re innovating more advanced tactics faster than ever.
Whether fraudsters simply buy credentials to take over accounts or employ advanced tools like human-imitating bots and GenAI, businesses now require more sophisticated, state-of-the art defenses that are seamlessly integrated. Anything less won’t keep pace with the evolving tactics and will leave significant gaps in security.
As we’re faced with bots that can perform actions such as simulating clicking and mousing patterns, it’s difficult to distinguish between legitimate users and malicious bots. Even advanced prevention tactics like behavioral analytics can be fooled. Ultimately these OTP bots perform ATO fraud by tricking users into providing authentication codes sent via SMS, authentication apps or email.
Cybercriminals can also bypass multi-factor authentication (MFA) by obtaining OTPs through clever social engineering tactics and the use of deep fakes, so easily made with GenAI tools. With a few prompts, GenAI can devise new ways to circumvent established security controls, which allows fraudsters to stay ahead of pre-established rules and fraud detection methods.
Phishing techniques have also become increasingly sophisticated, deceiving even experienced users. With GenAI image creation and translation tools, attackers can create highly convincing fake websites and emails to trick users into sharing their credentials, and traditional email filters are often not enough.
What can be done to prevent attacks beyond the login?
All of these attacks, coupled with MFA fatigue, highlight the limitations of relying solely on MFA and the need for more adaptive, AI-driven security measures.
Tom Burt, Microsoft’s Corporate VP of Customer Security and Trust, explains, “Artificial Intelligence will be a critical component of successful defense. In the coming years, innovation in AI-powered cyber defense will help reverse the current rising tide of cyberattacks.”
AI-driven fraud detection that’s unified in one solution can leverage context-aware intelligence to spot the most subtle anomalies and correlate that data with other risk and trust signals throughout the customer’s identity journey. Smarter protection is essential to accurately discern if it’s fraud or simply a change in the customer’s typical behavior.
Mitigating fraud in real time requires the ability to unify risk signals into actionable recommendations that can be used to drive automated decisions on how to handle individual requests with identity-security mechanisms to challenge or block suspicious activity immediately.
Expanding our partnership with Azure AD B2C to deliver all of the above
Transmit Security is ahead of the curve, leveraging the power of AI and machine learning (ML) to improve identity security and fraud prevention, delivering the speed, agility and responsiveness to stop today’s advanced threats in real time.
It’s one of the many reasons Microsoft and Transmit Security are building on a successful partnership, expanding our joint offering so that customers can now build on Microsoft Azure Active Directory B2C by adding Transmit Security Detection and Response.
Access to Transmit Security through the Azure Marketplace improves cost-efficiency by providing leading-edge fraud prevention and identity security using your committed cloud budgets, which streamlines procurement, accelerates time to market and simplifies vendor management and billing.
How Transmit Security & Azure AD B2C fortify fraud prevention
Transmit Security Detection and Response is designed to tackle the sophisticated threats modern fraudsters deploy, addressing both detection and response seamlessly within a unified, AI-driven solution that leverages context-aware intelligence to assess risk and trust throughout the full customer identity lifecycle.
Seamlesslyintegrated into Microsoft Azure AD B2C, Transmit Security’s fraud prevention service detects highly deceptive ATO fraud and removes friction from the trusted customer’s path in real time. End-to-end fraud protection throughout the identity lifecycle includes:
Multi-method detection: A state-of-the-art risk engine examines hundreds of telemetry streams to ensure the most accurate results — based on advanced behavioral biometrics, device fingerprinting, bot detection, application and network evaluation, authentication analysis, transaction signing and other detections, which passively run in the background at all times.
Risk telemetry consolidation with ML and AI: Detection and Response continually analyzes the full context of all that’s happening by collecting and correlating telemetry across the identity lifecycle. ML and AI evaluate data in light of known or suspected fraud patterns, bot behavior and the customer’s typical behavior, devices and IP addresses as well as the use case and application flows. All anomalies, even subtle deviations, are weighed as part of a holistic, contextual analysis.
Real-time response & feedback loops: ML and AI automatically detect zero-day threats by analyzing a broader range of signals, greatly improving the ability to identify new attack patterns. In parallel, Transmit Security case conclusions and threat researchers continually improve AI models based on cumulative insights and post-detection analytics.
Transparent explanations: Unlike other solutions, which may generate black boxes of complex, unreadable data, Transmit Security offers full transparency with detailed fraud telemetry, allowing users to see the complete basis for each recommendation. With a single, robust service, there’s no need to cross-correlate data from multi-vendor solutions and standardize risk scores.
Proactive phishing protection: Phishing origin detection spots anomalies by analyzing the URL and looking for those subtle variations, like misspellings or hyphens. Detection and Response also uses IP reputation services, behavioral biometrics and device fingerprinting to determine instantly if the domain is a spoof.
Built-in AI-powered security: Embedded anomaly detection, mobile app and API security, anti-tampering measures and trend analyses shield the identity infrastructure against attack.
Automated workflows: Streamlines case management, time-intensive and cross-functional tasks to expedite risk response and resolution. Transmit Security also improves data analytics with GenAI and automatically creates new rules based on case conclusions, labeling, threat intelligence and machine learning.
Resilienceand scale: Enterprise-class architecture is built to scale and ensure uptime for hundreds of millions of customers. With active-active multi-cloud global presence, Transmit Security services run simultaneously in multiple CSPs (cloud service providers) to meet the business continuity demands of the world’s most popular brands.
The end result: better outcomes. Detection and Response evaluates each user action in real time, providing clear recommendations — Trust, Allow, Challenge or Deny — based on comprehensive data analysis. Transmit Security delivers highly accurate risk recommendations, reducing false positives and false negatives by 90% when tested against other solutions.
Accuracy means you can confidently automate fraud protection, invoking step-ups to mitigate risk and remove friction for trusted customers. You’ll dramatically reduce fraud while improving customer engagement and boosting revenue.
Strengthen authentication with phishing-resistant credentials
Organizations can also fortify Microsoft Azure Active Directory B2C with Transmit Security passwordless MFA or passkeys with an added security layer, available in the Azure Marketplace. By authenticating customers based on their true identities, using a fingerprint or facial biometric, you’ll improve security and the customer experience.
Read our other blog in the Microsoft Tech Community to explore how to replace passwords with phishing-resistant credentials. Or view the step-by-step guide on how to configure Transmit Security passwordless MFA with Azure AD B2C. It’s easy to set up secure and smooth passwordless experiences across all channels and devices.
The advantages of partnership
The integration of Transmit Security and Azure AD B2C offers a comprehensive, adaptable and effective solution for combating fraud throughout the entire customer identity lifecycle, ensuring businesses can stay ahead of evolving threats.
“Microsoft is thrilled to have Transmit Security as a Solutions Partner for Security,” said Yvonne Muench, Senior Director - Marketplace & ISV Journey at Microsoft. “Transmit Security is committed to helping Microsoft customers leverage the benefits of passwordless authentication via Microsoft Azure Active Directory B2C. Having an experienced and trusted security partner like Transmit Security building on and augmenting native Azure capabilities really helps support and drive the vision of a passwordless future.”
This collaboration fosters a trusted environment for customers and paves the way for a more secure digital future. If you want to leverage the benefits of this unparalleled partnership for fraud prevention, check out the detailed integration guide and learn how easy it is to add a multi-method, holistic detection and response solution to your application. You can also reach out to our experts to request a demo.