Fraud Analytics Use Cases
Keyri’s fraud prevention suite can be used to counteract a myriad of common and novel attack surfaces. Operating under an impenetrable castle model, Keyri focuses on preventing attackers from accessing user services in the first place with transaction monitoring being further leveraged in unique cases. By stopping bad actors at the front gate, Keyri is able to prevent fraud activity without negatively impacting real users’ experience.
A list of common attack vectors addressed by Keyri can be found below, but it is first helpful to cover certain attack vectors that Keyri is uniquely positioned to prevent:
-
Avoid fraudulent multiple account creation: Stop users from creating multiple accounts to exploit your app for nefarious purposes such as signup bonus abuse or free trial abuse. During your registration flow, detect in the background even in an unauthenticated state, whether the user has used an account for your service in the past regardless of what credentials they are using to register the new account. While the user goes through your registration flow, you can call methods in the Keyri mobile SDK (on mobile) or our Javascript fingerprinting agent, and if they return an account or list of accounts that have been used on that device before, you can suggest or force the user to log into one of those existing accounts, even if they used a different email address or phone number to attempt registering the new account.
-
Permaban bad actors: While you can easily ban individual bad actor accounts by changing their account profiles or access rights, those same individuals can simply create new accounts and sockpuppets. Keyri fingerprinting utilities can help you ensure that, for this group of users, creating a new account is more difficult than simply providing new credentials, such as a different email address, phone number, or a fresh re-installation of your app. Regardless of what new credentials or account identifiers these bad actors input while registering a new account, Keyri utilities will inform you that they have already created at least one account before.
-
Avoid accidental multiple account creation: Using the same existing-account-detection functionality outlined above, you can suggest or force the user to log into one of their existing accounts, even if they used a different email address or phone number to attempt registering the new account.
Common Attack Vectors Addressed through Fraud Analytics
| Attack Type | Description |
|---|---|
| Account Selling | Scammers purchase accounts from real users and leverage these accounts for nefarious activity. |
| API Abuse | Attackers can use automated scripts to abuse certain API functionality or limit service activity. |
| Application Code Tampering | Attackers will alter a mobile application's source code with malicious intent and repackage it to resemble the original. This attack can be used to steal sensitive credentials and account information. |
| Bot Attacks | Bots can replicate human behavior to create fraudulent accounts, or perform other malicious activity on applications. |
| Brute Force Cracking | Attackers apply guess and check algorithms to decipher previously stolen password hashes or systematically guess users login credentials. |
| Credential Compromise | Attackers successfully gain access to a user's account credentials to login. |
| Credential Sharing | Willful credential sharing by an individual with an unauthorized individual. |
| Credential Stuffing | Bots attempt large-scale logins to verify lists of usernames and passwords from a breach of a service into another service's authentication prompt. This attack exploits the fact that people reuse passwords across different services. |
| Jailbroken / Rooted Device | These devices are susceptible to malware and viruses due to weakened built-in security features of the devices. These devices have compromised Keystores which put credentials at risk. Numerous digital fraud cases on jailbroken and rooted devices have been noted by banking institutions. |
| Malicious Application Layover | Overlay attacks use malicious applications to display content over another legitimate application to copy keystrokes and gain access sensitive credentials. These are generally more prevalent on Android devices. |
| Malware | Attackers use malware, such as keyloggers, spyware, and trojans, to gain unauthorized access to a user’s account. This malware is typically installed on users' devices and captures sensitive login credentials or active session tokens. |
| Man-in-the -Middle | Attackers position themselves in between the user and the system so that they can intercept and alter data traveling between them. |
| Online Banking Fraud | Scammers with compromised user credentials access banking applications to execute fraudulent payments and withdrawals. |
| Phishing | Scammers send emails or other messages disguised as legitimate communication from a trusted company. These often contain links to fake websites set up to capture login credentials from users. |
| Session Hijacking | Attackers exploit a user's web session control mechanism to gain access to a session token, and thus access to an application. |
| SIM Swapping | Scammers impersonate the user to convince their mobile service provider to transfer the phone number to a new SIM card controlled by the attacker, which allows them to intercept SMS OTP codes and access the user's account. |
| Social Engineering | Scammers pose as customer service representatives to deceive and trick users into divulging sensitive information or grant unauthorized access to their accounts. |