How to Fight the Surge in Cybercriminals Bypassing Fraud Controls

With each passing year, cybercriminals become more sophisticated and skilled at bypassing the security countermeasures designed to stop them. As online commerce rises in popularity, cyberattacks against online businesses are occurring with greater frequency and severity.

It’s not like the industry isn’t fighting back. There are hundreds of fraud detection software companies in the U.S. alone. Which begs the question, why is online fraud still a huge problem? The answer is that the tools, resources, and techniques used by hackers continuously adapt and innovate to circumvent fraud prevention technologies. Here are some examples:

Bypassing MFA

Many online businesses have adopted multi-factor authentication (MFA) to verify the authenticity of users. As the number of companies using MFA has increased (it’s now about 25%), hackers have had to change their approach. The result – hackers now have a myriad of tools and methodologies to bypass MFA, including MFA fatigue attacks, SIM swapping, and social engineering.

Bypassing Bot Detection

To prevent attacks by bots, many companies have invested in bot mitigation solutions. Surprisingly, revenue loss from bot-driven account fraud and web scraping continues to skyrocket, despite companies spending more on bot mitigation solutions every year. The reason: innovative hackers on the Dark Web are creating and selling APIs that “solve” or bypass specific bot management technologies. In fact, for less than a few hundred dollars a month, attackers can purchase these “Solver” bots, making them well worth the hackers’ investment.  

Bypassing Biometric Authentication

Many companies believe that biometric authentication is hard to bypass because it uses features that are unique to each individual. However, there are numerous examples of hackers using clever techniques to bypass biometric authentication. These techniques include using fake/synthetic identities with generated biometrics; spoofing biometrics like fingerprints, facial features, or typing cadence; stealing biometrics from company databases; or recreating a person’s biometrics.

Whether it is bypassed MFA, Bot Detection, or Biometrics, it’s clear now that simply focusing on stronger and more frequent authentication methods isn’t enough. 

How Verosint Can Help

Verosint predicts the likelihood of fraud based on capturing and tracking data about each user, enriching that data with open source intelligence (OSINT), and analyzing relationships and patterns to determine risk. 

Our detection approach at Verosint is not fooled by fake accounts, synthetic accounts or bots and can be used to strengthen multi-factor authentication (MFA), biometric authentication, and bot mitigation solutions. Within milliseconds, Verosint identifies and assesses risk for each attempted login, and orchestrates workflows based on its Risk Decision Engine. 

Working in concert, Verosint and its partners can detect cybercriminals seeking to bypass account fraud controls and block their attempts to maliciously login to web applications. To see the technology in action, request a demo today!

‍