How New Nacha Rules Reshape the Fight Against APP Fraud
In the digital-oriented world, convenience often comes at a cost. While Automated Clearing House (ACH) payments offer a fast and easy way to transfer funds, they’ve also become a...
Our modern identity services are exposed through developer-friendly APIs, SDKs and Low-Code services to deliver the scale and performance required for any and all customer use cases.
Featured Blog Post:
In the digital-oriented world, convenience often comes at a cost. While Automated Clearing House (ACH) payments offer a fast and easy way to transfer funds, they’ve also become a...
by Roy Hirsch and Brooks Flanders
As we push the boundaries of the network edge closer to the users and locations where computing power is needed, service providers are able to minimize latency, reduce bandwidth consumption and optimize the performance of their applications. With faster, real-time data processing, edge computing is particularly beneficial in scenarios where quick decisioning is critical — making it ideal for fraud prevention.
Moreover, edge-based risk and trust detection is a great way to, “Keep your friends close and your enemies closer,” enabling you to observe user behavior and analyze their intentions at inception, before a malicious plot can unfold.
By deploying fraud prevention at the network edge, you can stop attacks sooner, minimizing the impact on your IT resources, costs, customers and their accounts.
In this article, we’ll explain how edge-based fraud prevention works and why it’s now an essential part of a multi-layered security strategy in the fight against today’s rapidly-evolving fraud.
Proactive fraud protection is more critical than ever as fraud costs reached nearly $500B in 2023. A contributing factor: half of all internet traffic is driven by bots. It’s essential to distinguish between good and bad automations as malicious bots carry out account takeovers (ATO), account opening (AO) fraud and other large scale attacks.
Fraudsters (and their bots) are supported by a thriving underground economy with massive data dumps of stolen identity information. Plus, new generative AI tools, like FraudGPT and WormGPT, help them probe for vulnerabilities and generate fraud at unprecedented volume and velocity.
By implementing identity security and fraud prevention at the network edge, you can stop attacks before they consume IT resources, reach your applications and wreak havoc. You’ll lower the cost of fraud prevention while improving security.
Attackers are increasingly targeting the network edge due to the sheer volume of data processing and transactions that occur at this crucial point. The potential for profit is attractive to fraudsters who are looking for opportunities presented by:
To mitigate risks on the front lines of the edge ecosystem, Content Delivery Networks (CDNs) are now offering basic bot protection, SSL/TLS encryption and web application firewalls (WAF). Positioned between the user’s browser and the web server, CDNs are in an ideal location to filter traffic streams and decide what’s legitimate and what’s not. But there are limitations:
Although CDNs process vast amounts of data, their ability to analyze risk and trust within the broader context of the full identity journey is limited — unless the WAF is integrated with a threat intelligence platform (TIP). Choosing the right TIP can significantly uplevel edge security to make it more dynamic, intelligent and proactive when defending against today’s ever-changing fraud.
Armed with multi-dimensional, correlated threat intelligence, the WAF can adapt security measures accordingly. For instance, a TIP might inform a CDN about a new phishing campaign or a new malware distribution method, prompting the WAF to adjust its configurations to detect and block such threats.
By integrating your CDN’s WAF with Transmit Security Detection and Response, you get a context-aware TIP built by cybersecurity experts. With the power of AI, edge-based fraud prevention becomes smart and adaptive, allowing or blocking traffic based on timely threat intelligence about emerging fraud tactics, techniques and procedures (TTP), indicators of compromise, active threat campaigns, new vulnerabilities, fraud rings, malicious behavior and trusted customer behavior.
Transmit Security’s Multi-Method Detection leverages hundreds of mechanisms, including
bot detection, advanced behavioral biometrics, privacy-age device fingerprinting and anomaly detection — to assess risk and trust at the edge and beyond. By analyzing a broader range of signals, behaviors and devices, it detects fraud with greater accuracy.
For instance, when using a public Wi-Fi network in a coffee shop or airport, many people will share the same IP address, which may have a history of both legitimate and malicious activity. Attackers take advantage of this to evade detection. This is why our Detection and Response Service (DRS) collects and analyzes large datasets of telemetry, including application flows, mousing patterns, typing speed, device ID and event intelligence that provides enriched context.
If an attack is detected by our AI and machine learning algorithms, DRS can automatically apply timely fine-grained WAF rules to block only the malicious traffic from that IP address. This eliminates the need for manual WAF updates and cross-team incident response. With granular access controls that distinguish between legitimate users and attackers, you’ll ensure a good customer experience (CX) while improving the overall security posture.
Advantages of deploying Transmit Security at the edge:
Reap the benefits of edge-based fraud prevention that’s able to analyze traffic and intercept fraud before it penetrates deeper into your networks. Request a meeting and explore how Detection and Response works within the Transmit Security Platform.
Roy Hirsch, a Product Manager for Fraud Prevention at Transmit Security, collaborates closely with customers, Research and Engineering teams to develop innovative solutions. With extensive experience in application security and monitoring startups, Roy specializes in system modeling and big data, crafting practical solutions that fuse cybersecurity and user experience. Roy’s background includes serving in the intelligence unit of IDF and holding a B.Sc in Computer Engineering and an MBA in Technology and Information Systems, providing him with a comprehensive skill set to address complex cybersecurity challenges.
In 2004, the same year the U.S. launched the National Cyber Alert System, Brooks launched her career with one the largest cybersecurity companies in the world. With a voracious curiosity and a determination to shed light on a shadowy underworld, she's been researching and writing about enterprise security ever since. Her interest in helping companies mitigate deceptive threats and solve complex security challenges still runs deep.