Account Takeovers and Synthetic Accounts: Why A Single Session Isn’t Enough to Combat Fraud
As with all things related to cybersecurity and fraud, the race between adversaries and defenders to develop more effective attacks and more robust defenses continues in the realm of bots, automation and user account abuse. Traditional bot detection techniques that introduce or examine session-specific signals such as user agent analysis, traffic volume thresholds and visual CAPTCHAs were effective for a time, but recent increases in both account takeovers via credential stuffing and in synthetic account creation present challenges for defenders. This session describes the current state of bot defense, briefly defines the techniques and risks associated with account takeovers and synthetic accounts, and proposes a longitudinal approach to detecting account abuse and associated fraud.
See Also: Cybersecurity Struggles: The Midmarket's Complex Battle