Stop Bots & Bad Actors with the 5 Elements of Threat Protection

Oct 5, 2023

4-minute read

Sr. Product and Solutions Marketing Manager

Identity Security

Tools for Preventing Account Takeover and New Account Fraud

With billions of users interacting online every day, identity threats have become the new battleground in the high-stakes world of internet fraud. In response to increasingly sophisticated and brazen attacks, identity solution providers like Ping are integrating threat protection tools to block account takeover (ATO) and new account fraud (NAF).

From e-commerce sites to online banking, ATO and NAF by cybercriminals are very real threats to individuals and businesses alike. According to Forbes, ATO and NAF scams allow bad actors “to cash in without needing to steal a credit card before using it; they just take over a customer account ... It’s the digital equivalent of a gold mine.”

With criminals employing aggressive tactics like password spraying and credential stuffing, it's more important than ever to strengthen your security posture with threat protection. Ping Identity has identified 5 key elements of threat protection that are used to stop ATO and NAF:

Smart detection
Dynamic policies
Risk insights
Seamless integration
Centralized management

Following these foundational principles, threat detection technology such as PingOne Protect helps businesses create safe and seamless user experiences across their digital properties.

1. Smart Detection

Smart detection is the first element of threat protection. According to the SC Media website, ATO alone cost consumers an “estimated $11.4 billion in 2021.” These figures represent “roughly one-quarter of all identity fraud losses” occurring that year. In order to better protect users against such staggering losses, threat detection needs to be a pre-emptive measure.

Smart detection follows the Zero Trust philosophy. With platforms such as PingOne Protect, detection occurs in real-time through self-learning algorithms that evaluate user activity before, during, and after login.

Smart detection combines multiple internal and external risk factors to provide a single access point for calculating and retrieving user risk scores. In turn, these risk scores drive mitigation and access policies when a user interacts with your digital property again in the future.

Common smart detection techniques include:

Event intelligence
Device profiling
Location intelligence
Bot mitigation
Blocklists
Behavioral metrics
Device security posture

By constantly monitoring your IT environment for threats, smart detection stops bad actors before they are able to take over or create new user accounts.

2. Dynamic Policies

Dynamic policies are the next foundational element used to block ATO and NAF within the threat protection umbrella. Policies are based on self-learning risk predictors. Dynamic policies also use predictors that leverage consortium data lists in conjunction with important session data related to user, behavior, network, and device. With these elements in play, it’s possible to protect against unknown threats without sacrificing user convenience.

Tools like PingOne Protect adjust the amount of friction in a user’s login flow by weighing a number of predictors related to the detection techniques listed above. This dynamic approach is key to protecting your users while also providing enjoyable digital experiences.

Some examples of dynamic policies and their associated user journey options/mitigations offered via PingOne Protect and the PingOne Cloud Platform include:

Low-Risk Score / No Friction Options

Add a “remember me” section
Use a privacy acknowledgment
Send a “welcome back” email

Medium-Risk Score / Mild Authentication Mitigation

Send a magic link
Provide a QR code
Require a password reset

High-Risk Score / Immediate, Abrasive Mitigation

Kill a user’s session
Step up MFA measures
Require ID proofing

By allowing you to pivot quickly, dynamic policies and predictors are key to protecting against new ATO and NAF threats as they arise.

3. Risk and Fraud Insights

Visibility into risk and fraud has long been a critical part of many important industries, including insurance, healthcare, and finance. Today, risk and fraud insights are used for much more than forensics. They are pivotal to an organization's evolving security posture, especially related to ATO and NAF.

The best threat protection requires actively reviewing and examining risk events and insights. After that, it’s about adjusting and tweaking risk policies and thresholds based on these real-world experiences and gleaned insights is necessary. In the most basic sense, risk and fraud insights are all about reducing false positives with precision tuning. That way, you can keep up with unknown threats and ensure that your user ecosystem remains healthy at all times.

Insights are provided through:

Data Logs: These records include details on administrative actions related to risk policies and predictors as well as individual session and user activities, events, and risk scores.
Dashboards: Tools such as these are used by administrators to deep dive and fine-tune risk policies to improve user experience and step up security where needed.
Forensic Evidence: This is all the data that organizations utilize in unfortunate cases of ATO and NAF. Cybersecurity teams gather evidence about what happened and assess the extent of the damage.

Risk insights give operations teams a tangible means for adjusting their security posture to better protect against future threats.

4. Seamless Integration

Organizations cannot adequately protect against ATO and NAF if their cybersecurity solutions don’t integrate. According to Cyber Defense Magazine, “With the rise of cloud computing and SaaS applications, organizations are now using multiple security solutions from different vendors, each with its own data format, APIs, and integration models. In 2019, the average business had 75 security tools [just] in its environment.”

With so many cybersecurity tools at play today, it's essential that every risk and fraud platform integrates well and works as designed. For example, the PingOne Cloud Platform and PingOne Protect integrate with any third-party data feed or vendor and allow for custom predictors, so that you can utilize all your risk and fraud investments and have a centralized view of risk.

By integrating all of your risk and fraud investments into one hub, you can gain full visibility into risk and even aggregate risk scores. You can also create overrides to ensure maximum threat protection and a better user experience.

All things considered, seamless integration is essential for protecting user data in the era of aggressive ATO and NAF attacks.

5. Centralized Management

Finally, managing your threat protection ecosystem from one centralized platform is critical. Cloud-deployed threat protection solutions like PingOne Protect and the PingOne Cloud Platform not only integrate with other services but also give ultimate visibility and control over user experiences in your network.

Centralized management allows you to integrate detection services with mitigation and response while also automating administrative tasks to reduce the risk of error. Identity orchestration is a key capability that enables quick time-to-market for new fraud and threat detection technologies and their corresponding mitigation measures and user journey options.

With centralized management of user journeys and workflow automation, you can keep up with the evolving threat landscape and protect users with the latest tools like ID proofing and passwordless authentication.

Keep Users Safe and Provide Seamless Experiences with PingOne Protect

It seems no matter where you turn, both individuals and organizations alike are under constant threat from cyberattacks. Luckily, with Ping Identity, threat protection does not require you to sacrifice exceptional user experiences in order to safeguard people’s data.

PingOne Cloud Platform and PingOne Protect offer a wide variety of end-user flows and options–well beyond just MFA. With PingOne Protect, you are able to: