Online accounts in applications and websites are an important part of many organizations’ business models. Which is why getting account security right is such a vital piece of the cybersecurity puzzle.
Determined cybercriminals use techniques such as credential stuffing, brute forcing, malware distribution, phishing and social engineering to bypass defenses including passwords, multi-factor authentication (MFA) and CAPTCHAs. When an account is compromised, they can commit fraud, such as draining funds and illicitly using cards on file.
Fraudsters also create fake accounts in order to extract value from organizations and abuse their services. Examples include exploiting promotional activities such as free trials, distributing malware or posting negative reviews to disparage competitors.
Traditional defenses typically focus on two areas: login and point of transaction. At login, security solutions attempt to stop fraudsters from gaining access to the account. At the point of transaction, these attempt to stop fraudulent transactions. Both of these approaches leave a significant blind spot for users’ activity post-login but pre-transaction. If an attacker is able to bypass defenses and gain access to the account, their actions within the account often remain unchecked.
Protect accounts post-login with HUMAN
HUMAN Account Defender neutralizes compromised and fake accounts by delivering continuous post-login monitoring and risk assessment. The solution looks at all activity taken in an account and assesses the individual actions, cross-referencing with multiple variables (e.g. is this a new device login? Is it a new geographical location?) to assign an evolving risk score to accounts.
Account Defender monitors all post-login activity taken in an account, catching suspicious and risky behavior that at-login solutions cannot see. It also enables earlier intervention than solutions that operate at the point of transaction because it detects malicious behavior earlier in the process.
When a risk threshold is passed, the solution automatically takes actions to protect the account and user, without the need for manual intervention. These actions are fully customizable and integrated with your organization’s workflow. Examples include forcing a password reset, triggering MFA, or flagging the account for review.
With the Account Defender dashboard, fraud, compliance, trust and safety and other teams can quickly ascertain what triggered an incident and see what action was taken to neutralize it. Sharing key information is easy with a selection of pre-built reports, as well as the ability to create custom reports tailored to your organization’s needs.
Learn more about Account Defender at humansecurity.com.