This research explores the potential of clickstream data containing logs of users’ navigation through a web application as an alternative defense to detecting account takeover activity for digital banking platforms. Concurrently, alternative defense mechanisms such as network source profiling and device fingerprinting lose effectiveness as privacy-protecting technologies reduce the observable variability between legitimate and fraudulent user sessions. While multi-factor authentication remains a crucial preventative measure to protect against credential stuffing, the availability of credential data sets with contact information and the correlation with demographic data can allow threat actors to overcome it through interactive social engineering. Credential stuffing attacks are increasing in frequency, allowing threat actors to use data breaches from one source to perpetuate another. By measuring a user’s increasing familiarity with a web application over time, outliers in use may indicate account takeover fraud.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |