Cyber Security

The protection of internet-connected systems, including hardware, software and data, from cyberattacks

F5 Safeguards Digital Experiences with Comprehensive Account Takeover Protection

F5 (NASDAQ: FFIV) has announced multiple security offerings to bridge security and fraud team operations that help customers block automated and human-driven malicious activity, shield valuable user details, and stop fraud.

The new solutions extend F5’s Shape Security portfolio of SaaS and managed services to protect customers, applications, and APIs against account takeover (ATO) while delivering better digital experiences at every touchpoint.

Today, any organisation issuing or accepting digital payments is an ATO target. Once an account is compromised, a fraudster may drain funds, purchase goods or services, or access payment information to use on other sites—alienating customers and eroding revenue.

F5’s complementary solutions now offer the industry’s most comprehensive account takeover protection on a single platform.

Leading security and fraud prevention techniques eliminate automated and human attacks across numerous threat vectors. Organisations can better defend against bots targeting their web properties and those of third-party providers with Aggregator Management, recognise legitimate users throughout the customer journey with Authentication Intelligence, and rapidly gain insight into client-side digital skimming attacks with Client-Side Defense. Coupled with the rapid removal of post-login fraud via Account Protection, F5 Shape provides an end-to-end approach that assesses intent, streamlines digital experiences, and halts ATO attempts otherwise leading to fraud, lost revenue, and reduced customer loyalty.

“F5 Shape comprehensively mitigates the impact of nefarious human and automated traffic to stop account takeover and any number of derivative threats,” said Saurabh Bajaj, VP of Product Management, F5 Shape. “Offering solutions on a single platform encourages collaboration while freeing up fraud and SecOps teams to focus on other priorities and apply insights to improve performance. With the ability to proactively surface anomalies and suspicious account behaviour, F5 eliminates cybercrime in a variety of ways at each stage of the customer’s digital journey, providing the industry with a true end-to-end security, authentication, and fraud solution.”

ATO often starts with credential stuffing, where previously compromised user credentials (such as username/password pairs) and personally identifiable information (PII) are continuously tried in an automated fashion until achieving a successful login. Another common way cybercriminals pursue ATO is through client-side attacks which take ownership of legitimate websites by installing digital skimming tools to steal login credentials, payment card details, and other PII.

 

Disrupting Cybercrime Economics by Neutralising Account Takeover

Organisations routinely face a combination of sophisticated manual and bot-driven attacks that are constantly retooled to deploy new evasive ATO techniques. To overcome evolving tactics, F5 Shape elegantly combines application security, bot management, and fraud prevention with human experts and real-time machine learning analysis of network, behavioural, and malicious activity to protect the entire user experience. Beyond just an organisation’s applications, Aggregator Management can also detect anomalies and limit access privileges tied to the exponential growth of APIs for FinTech use cases such as open banking.

 

Building Trust and Optimising User Experience with Seamless Authentication

Loyal customers who frequently visit a website using the same set of devices to buy their favorite products or pay their bills are typically subject to the same login and authentication steps as new customers. This includes time-wasting steps in selecting images such as stoplights or crosswalks in a series of CAPTCHA challenges (which sophisticated bots can overcome anyway). With F5 Shape’s Authentication Intelligence, organisations can now dramatically simplify return visits for trusted customers by eliminating unnecessary checkpoints, maximising customer engagement while minimising abandoned carts and similar dead ends. Enhancing overall protections against criminals and bots attempting ATO, F5 Shape’s real-time verification blocks malicious requests and automated attacks without disrupting login, checkout, or session extensions, further prioritising the user experience.

 

Strengthening Defenses over Larger Fraud Attack Surfaces

Like credit card skimming in the physical world, cybercriminals have developed attacks to take ownership of legitimate websites and install digital skimming to steal credit card numbers, social security numbers, names, addresses, and other PII. With advanced solutions like Client-Side Defense, organisations can confidently offer users richer app experiences without giving up essential protections and visibility.

“Faster payments and rising digital activity expand the surface for sophisticated fraud and cyberattacks,” said Julie Conroy, Head of Risk Insights & Advisory at Aite-Novarica. “Firms are increasingly recognising that these attacks, and the resulting financial losses, cannot be addressed in a siloed manner. However, many still struggle with various organisational and technological blocks in achieving effective collaboration between security and fraud teams. F5 can help address these challenges through innovations in data analytics, automation, and machine learning, enabling collaboration across security and fraud teams to help disrupt financial crime, enhance operational efficiency, and uplift the customer experience.”