ATO and Account Sharing
American Digital Goods Company with a large commercial website and with offices around the world. A rights management company for digital media that operates as a subscription model for access to their goods.
Enterprise – Digital Goods
This rights management company for digital media operates a subscription model for access to media downloads. One pricing format is to charge for downloads on a per user, per month model. Frequently users were sharing accounts which causes two problems:
Account Takeover: Client had a major problem with account takeovers (ATO) that were being accomplished using automation. The attacks consisted of initially verifying that accounts were valid, and then using automated tools that used stolen credentials to take over vulnerable accounts. Users knowingly share account login credentials to allow others to purchase images on their behalf; exposing this customer to a high risk of both first and third party fraud, with limited investigative ability and high chargeback exposure and revenue erosion.
Account Sharing: One user has a specific allowance of images and media to download; when users share accounts, business revenue streams are eroded.
Mass Attack: In 2015, the client became victim to a mass login-attack. Fraudsters attempted to gain access user accounts. The sophisticated attack against over 500,000 unique user accounts was sustained over 1.5 days. Fraudsters attempted to hide their intent by:
o Routing traffic via 68 different countries
o Using 940 IP addresses
o Issuing only 1.25 login attempts per account (average)
o Scaling aggressively to cause fail-over of basic fraud measures.
NuDetect was selected because rather than relying wholly on traditional, manually-specified user identifiers such as IP addresses or mobile phone identifiers, NuDetect constantly re-calculates which data points are statistically significant for accurately identifying a user – automatically – using machine learning technology.
Further than recognizing just the user, NuDetect makes use of its machine learning capabilities to look across every one of their users – calculating clusters of behavior from fraudulent and legitimate users.
Working with their fraud department, we determined that behavioral analysis of the login pages would deliver both account hijacking and account sharing protection.
NuDetect’s behavioral intelligence store enabled them to significantly reduce the likelihood of account takeover and account sharing. The solution gave them a scalable and trustworthy solution to discern between legitimate user from illegitimate users based on the user behavior and biometric data.
Results / Benefits
This customer is continuously alerted in real time to account sharing and password re-use (where login attempts would previously be successful), which upon implementation, NuDetect was able to accurately detect account-sharing activities, which was estimated around an account sharing loss of $125K.
They also saw, in the mass attack scenario above: prevention from a mass login-attack from fraudsters attempting to gain access to their accounts using stolen usernames, emails and passwords from previous breaches.
Instant, 700% scaling during a sustained login attack
Real-time protection and risk scoring of over 500,000 unique user accounts over 1.5 days
+99% accuracy in account hijacking detection, despite fraudsters using 940 IP addresses across 68 countries
I have been consistently impressed by NuDetect’s ability to recognize fraud, along with its accuracy of decisions resulting in low false positive rates. My experience with NuData Security has bolstered my confidence in behavioral intelligence and its ability to accurately assess good and bad behavior.