Saturday, May 31, 2025

Security Boulevard Logo

Security Boulevard

The Home of the Security Bloggers Network

Community Chats Webinars Library
  • Home
    • Cybersecurity News
    • Features
    • Industry Spotlight
    • News Releases
  • Security Creators Network
    • Latest Posts
    • Syndicate Your Blog
    • Write for Security Boulevard
  • Webinars
    • Upcoming Webinars
    • Calendar View
    • On-Demand Webinars
  • Events
    • Upcoming Events
    • On-Demand Events
  • Sponsored Content
  • Chat
    • Security Boulevard Chat
    • Marketing InSecurity Podcast
    • Techstrong.tv Podcast
    • TechstrongTV - Twitch
  • Library
  • Related Sites
    • Techstrong Group
    • Cloud Native Now
    • DevOps.com
    • Security Boulevard
    • Techstrong Research
    • Techstrong TV
    • Techstrong.tv Podcast
    • Techstrong.tv - Twitch
    • Devops Chat
    • DevOps Dozen
    • DevOps TV
  • Media Kit
  • About
  • Sponsor

  • Analytics
  • AppSec
  • CISO
  • Cloud
  • DevOps
  • GRC
  • Identity
  • Incident Response
  • IoT / ICS
  • Threats / Breaches
  • More
    • Blockchain / Digital Currencies
    • Careers
    • Cyberlaw
    • Mobile
    • Social Engineering
  • Humor
Security Bloggers Network 

Home » Security Bloggers Network » Balancing Account Security with Seamless User Experience Begins with Transparent Detection

SBN

Balancing Account Security with Seamless User Experience Begins with Transparent Detection

by Richard Dufty on August 23, 2022

Arkose Labs shares more than 70 data attributes, which not only makes risk decisioning transparent but also helps create a more trustworthy and explainable risk score. With actionable risk intelligence and additional context businesses can apply optimum friction selectively to improve catch rates. Is your vendor providing you with the right intel?

Access to a digital service requires consumers to either sign-up or sign-in to their existing digital accounts. With more and more consumers taking the digital route, bad actors are following suit and trying to exploit these touchpoints. As a result, almost all digital businesses are facing challenges at sign-up and sign-in flows.

To acquire new customers, several businesses offer incentives such as sign-up bonus, free server space, limited period access to premium services, and so forth, which are equally attractive to attackers. These bad actors create numerous fake accounts not only to amass the bonuses but also to abuse other users and spoil the overall digital experience.

Techstrong Gang Youtube
AWS Hub

Similarly, attackers resort to account takeover attacks to gain unauthorized access to genuine user accounts. User accounts that have been in existence for long or have valuable assets are especially lucrative as they are less likely to raise suspicion and hold greater monetization potential.

Identify risky users to protect sign-up and sign-in flows

Every business wants to offer a great sign-up and sign-in experience to their consumers. However, not all users are genuine. Therefore, businesses need to protect the sign-up and sign-in touch points with adequate security measures. While protecting the sign-up flow is about stopping bad actors from getting into the system, sign-in security is about keeping an individual account safe. To be able to protect these entry points, businesses must be able to identify risky users – bots and malicious humans – from legitimate consumers.

Although businesses are making significant investments to secure their websites from bad actors, the scourge of new account fraud and account takeover attacks is on an upswing. Our research reveals that during the first quarter of this year, one in every four new accounts was fake and 4% of all sign-in attempts were credential stuffing attacks.

Outdated solutions defeat fraud prevention efforts

Balancing account security with seamless user experience is a tight-rope walk for digital businesses. Part of the problem is that many businesses are still stuck with outdated CAPTCHA challenges, which end up allowing bad actors in and frustrating good users by introducing unnecessary friction. While attackers continue to sharpen their attack techniques by leveraging the latest technologies, CAPTCHA continues to languish in its outdated technology.

In a threat landscape where bad actors can train computer models to automatically solve CAPTCHA challenges or outsource the activity to human click-farms, it requires enormous efforts to evaluate if the incoming user is indeed who they claim to be and then enforcing optimal friction to stop bad actors without disrupting genuine users.

Arkose Labs helped Adobe reduce new account fraud by 90%

There are several vendors on the market offering security solutions. However, many vendors still follow the black-box approach to risk scoring, which severely limits their abilities to evaluate the traffic in the gray zone – where signals from both attackers and users are unclear. What sets Arkose Labs apart is our ability to offer tailor-made solutions that enable businesses to tackle the specific and unique problems they are facing. For instance, Adobe, a global business that needs no introduction, was facing a deluge of new account fraud for its value-added services. Using Arkose Labs’ solution, Adobe was able to tell bots and malicious humans from legitimate users with great accuracy. Our proprietary puzzles enabled the company to evaluate even those borderline cases where it was not sure from a fraud or risk perspective whether the user was good or bad.

The data speaks for itself. There was a 90% reduction in fraudulent account signups. Further, compared to the solution used earlier, Adobe registered a significant drop of 80% in the number of users who encountered any friction at all. With the prior approach, about 10% of the company’s users had to solve a CAPTCHA puzzle, which dropped to about 2% with Arkose Labs’ solution. The remaining 98% were able to sail through the sign-up flow with no friction at all and having a delightful experience creating an account. Another significant success factor was that not a single genuine user complained of the puzzle being too difficult to solve!

Arkose Labs helped Adobe bar malicious users from creating an account to get in the front door, while maintaining a delightful digital experience for genuine users.

Transparent detection is key to fraud deterrence

Arkose Labs is on a mission to create an online environment where all consumers are protected from malicious activity. We are continuously pushing the envelope to deliver world-class protection to our customers. We help them face the growing challenge of industrialized fraud attacks with a robust set of bot detection technologies and unique capabilities in terms of our proprietary enforcement challenges. For instance, our challenges are accessible to a wide range of consumers with varied levels of abilities. We introduced the industry-first $1M credential stuffing warranty and have introduced Arkose Detect, a transparent detection solution.

Transparency is at the core of our smart detection engine, which helps shape risk decisioning. We share more than 70 data attributes which help contextualize all the decision-making. This actionable risk intelligence and additional context enables businesses to be selective and apply optimum friction just when it is needed. Further, since the data Arkose Labs shares with its customers is from runtime sessions, it eliminates the need to aggregate data from disparate sources, which not only simplifies the whole process but also saves money.

Our managed services model ensures that our partners get the full protection and are able to stand up to evolving threats. Using multi-faceted machine learning and 24/7 analysis from our Security Operations Center (SOC) to classify risks in real-time, we help decimate large-scale, persistent attacks, while alleviating the burden on internal anti-fraud teams who can focus on core business activities.

Get the maximum value from your vendor

For a business to extract maximum values from its vendor services, it is essential to figure out what data the vendor shares, how this data should be used to inform decision-making, and improve user experience. There should be a mechanism where the results can be fed back to help refine and enhance the detection process.

With a continuous feedback loop between its risk engine and challenge-response authentication mechanism, Arkose Labs offers a smart fraud prevention solution that provides the level of protection businesses need to face evolving threats with confidence.

To see how Arkose Labs helped Adobe improve user sign-up experience while enhancing account protection, listen to this podcast now.

*** This is a Security Bloggers Network syndicated blog from Arkose Labs authored by Richard Dufty. Read the original post at: https://www.arkoselabs.com/blog/balancing-account-security-with-seamless-user-experience-begins-with-transparent-detection/

August 23, 2022August 23, 2022 Richard Dufty account security
  • ← Imperva Data Security Fabric Wins 2022 SC Media Trust Award for Data Security
  • Zero-Trust: How SOC 2 Compliance Can Help →

Techstrong TV

Click full-screen to enable volume control
Watch latest episodes and shows

Security Field Day

Upcoming Webinars

How to Spot and Stop Security Risks From Unmanaged AI Tools
Software Supply Chain Security: Navigating NIST, CRA, and FDA Regulations

Podcast

Listen to all of our podcasts

Press Releases

GoPlus's Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

GoPlus’s Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

C2A Security’s EVSec Risk Management and Automation Platform Gains Traction in Automotive Industry as Companies Seek to Efficiently Meet Regulatory Requirements

C2A Security’s EVSec Risk Management and Automation Platform Gains Traction in Automotive Industry as Companies Seek to Efficiently Meet Regulatory Requirements

Zama Raises $73M in Series A Lead by Multicoin Capital and Protocol Labs to Commercialize Fully Homomorphic Encryption

Zama Raises $73M in Series A Lead by Multicoin Capital and Protocol Labs to Commercialize Fully Homomorphic Encryption

RSM US Deploys Stellar Cyber Open XDR Platform to Secure Clients

RSM US Deploys Stellar Cyber Open XDR Platform to Secure Clients

ThreatHunter.ai Halts Hundreds of Attacks in the past 48 hours: Combating Ransomware and Nation-State Cyber Threats Head-On

ThreatHunter.ai Halts Hundreds of Attacks in the past 48 hours: Combating Ransomware and Nation-State Cyber Threats Head-On

Subscribe to our Newsletters

ThreatLocker

Most Read on the Boulevard

RSA and Bitcoin at BIG Risk from Quantum Compute
Unsophisticated Actors, Poor Hygiene Prompt CI Alert for Oil & Gas 
Understanding the Importance of Incident Response Plans for Nonprofits
Victoria’s Secret Hit By ‘Security Incident’ After Attacks on UK Retailers
FTC Orders GoDaddy to Bolster its Security After Years of Attacks
Massive Data Breach Exposes 184 Million Login Credentials
Building a Secure LLM Gateway (and an MCP Server) with GitGuardian & AWS Lambda
Google Boosts LiteRT and Gemini Nano for On-Device AI Efficiency
Cisco Unveils JARVIS: AI Assistant Transforming Platform Engineering
Coinbase Hit with Lawsuit Over $400M Data Breach and Stock Loss

Industry Spotlight

USDA Worker, 5 Others Charged in Food Stamp Fraud Operation
Cyberlaw Cybersecurity Data Security Featured Governance, Risk & Compliance Identity & Access Industry Spotlight News Security Boulevard (Original) Social - Facebook Social - LinkedIn Social - X Spotlight 

USDA Worker, 5 Others Charged in Food Stamp Fraud Operation

May 30, 2025 Jeffrey Burt | Yesterday 0
Victoria’s Secret Hit By ‘Security Incident’ After Attacks on UK Retailers
Cloud Security Cybersecurity Data Security Featured Incident Response Industry Spotlight Malware Network Security News Security Boulevard (Original) Social - Facebook Social - LinkedIn Social - X Spotlight Threat Intelligence Threats & Breaches 

Victoria’s Secret Hit By ‘Security Incident’ After Attacks on UK Retailers

May 29, 2025 Jeffrey Burt | 1 day ago 0
Microsoft Opens Windows Update to 3rd-Party Apps
Application Security Cybersecurity Data Privacy Data Security DevOps Endpoint Featured Governance, Risk & Compliance Humor Incident Response Industry Spotlight Mobile Security Most Read This Week Network Security News Popular Post Security Awareness Security Boulevard (Original) Social - Facebook Social - LinkedIn Social - X Spotlight Threats & Breaches Vulnerabilities 

Microsoft Opens Windows Update to 3rd-Party Apps

May 29, 2025 Richi Jennings | 1 day ago 0

Top Stories

SentinelOne Outage Leaves Security Teams Hanging for Six Hours
Cloud Security Cybersecurity Data Security Featured Governance, Risk & Compliance Incident Response Network Security News Security Boulevard (Original) Social - Facebook Social - LinkedIn Social - X Spotlight Threat Intelligence 

SentinelOne Outage Leaves Security Teams Hanging for Six Hours

May 30, 2025 Jeffrey Burt | Yesterday 0
Zscaler Moves to Acquire Red Canary MDR Service
Cybersecurity Featured News Security Boulevard (Original) Social - Facebook Social - LinkedIn Social - X Spotlight 

Zscaler Moves to Acquire Red Canary MDR Service

May 30, 2025 Michael Vizard | Yesterday 0
FTC Orders GoDaddy to Bolster its Security After Years of Attacks
Application Security Cloud Security Cybersecurity Data Privacy Data Security Featured Governance, Risk & Compliance Network Security News Security Boulevard (Original) Social - Facebook Social - LinkedIn Social - X Spotlight Threat Intelligence Threats & Breaches 

FTC Orders GoDaddy to Bolster its Security After Years of Attacks

May 28, 2025 Jeffrey Burt | 2 days ago 0

Security Humor

Orange Open Sign on Window

Microsoft Opens Windows Update to 3rd-Party Apps

Download Free eBook

7 Must-Read eBooks for Security Professionals

Security Boulevard Logo White

DMCA

Join the Community

  • Add your blog to Security Creators Network
  • Write for Security Boulevard
  • Bloggers Meetup and Awards
  • Ask a Question
  • Email: [email protected]

Useful Links

  • About
  • Media Kit
  • Sponsor Info
  • Copyright
  • TOS
  • DMCA Compliance Statement
  • Privacy Policy

Related Sites

  • Techstrong Group
  • Cloud Native Now
  • DevOps.com
  • Digital CxO
  • Techstrong Research
  • Techstrong TV
  • Techstrong.tv Podcast
  • DevOps Chat
  • DevOps Dozen
  • DevOps TV
Powered by Techstrong Group
Copyright © 2025 Techstrong Group Inc. All rights reserved.
×

Security in AI

Step 1 of 7

14%
How would you best describe your organization's current stage of securing the use of generative AI in your applications?(Required)
Have you implemented, or are you planning to implement, zero trust security for the AI your organization uses or develops?(Required)
What are the three biggest challenges your organization faces when integrating generative AI into applications or workflows? (Select up to three)(Required)
How does your organization secure proprietary information used in AI training, tuning, or retrieval-augmented generation (RAG)? (Select all that apply)(Required)
Which of the following kinds of tools are you currently using to secure your organization’s use of generative AI? (select all that apply)(Required)
How valuable do you think it would it be to have a solution that classifies and quantifies risks associated with generative AI tools?(Required)
What are, or do you think would be, the most important reasons for implementing generative AI security measures? (Select up to three)(Required)

×