People looking to try out Netflix and watch Squid Games may be shocked to find a price of $4 per month on offers online, way below the standard $13.99 per month list price. Unfortunately, those offers are probably too good to be true — and are likely two-week trial offers harvested en masse and packaged by fraudsters in violation of the terms of service.

Consumer brands and publishers of web applications today face a problem with rapidly growing fraud attempts like this. These are not attempts to break into accounts or steal identities, nor are they explicit attempts to steal merchandise at checkout. Rather, these types of fraud abuse the business logic of legitimate promotional efforts, or they steal credits or points that have monetary value but are not themselves saleable merchandise or services. Dozens of major brands, including Dunkin’ and Netflix, have all suffered or are suffering big attacks. The attacks range from coupon fraud and free trial fraud to gift card theft to loyalty points abuse. This is the post-login wasteland, and it is largely unaddressed by existing fraud solutions.

What is the post-login wasteland, and why does it matter?

Most online fraud prevention solutions focus on two transactional activities. The first is the login to a storefront or website. Common methods to secure access include different CAPTCHA challenges, multifactor authentication and verification questions. Behavioral analysis of login attempts deploy numerous data points to protect against fraudulent users and automated attacks.

The second area of tight scrutiny is the checkout or payment, which is when a user actually tries to pay for something (i.e., products or services). Fraud detection solutions look at payment types or credentials and payment patterns to determine whether the buyer and the payment are legitimate. This bias (Read more...)