F5 announced multiple security offerings to bridge security and fraud team operations that help customers block automated and human-driven malicious activity, shield valuable user details, and stop fraud.
New solutions extend F5’s Shape Security portfolio of SaaS and managed services to protect customers, applications, and APIs against account takeover (ATO) while delivering better digital experiences at every touchpoint.
Today, any organisation issuing or accepting digital payments is an ATO target. Once an account is compromised, a fraudster may drain funds, purchase goods or services, or access payment information on other sites – alienating customers and eroding revenue. ATO often starts with credential stuffing, where previously compromised user credentials (such as username/password pairs) and personally identifiable information (PII) are continuously tried in an automated fashion until achieving a successful login.
Another common way cybercriminals pursue ATO is through client-side attacks, which take ownership of legitimate websites by installing digital skimming tools to steal login credentials, payment card details, and other PII.
F5’s complementary solutions now offer the industry’s most comprehensive account takeover protection on a single platform. Leading security and fraud prevention techniques eliminate automated and human attacks across numerous threat vectors. Organisations can better defend against bots targeting their web properties and third-party providers with Aggregator Management, recognise legitimate users throughout the customer journey with Authentication Intelligence and rapidly gain insight into client-side digital skimming attacks with Client-Side Defence.
Coupled with the rapid removal of post-login fraud via Account Protection, F5 Shape provides an end-to-end approach that assesses intent, streamlines digital experiences, and halts ATO attempts otherwise leading to fraud, lost revenue, and reduced customer loyalty.
Disrupting cybercrime economics by neutralising account takeover
Organisations routinely face a combination of sophisticated manual and bot-driven attacks that are constantly retooled to deploy new evasive ATO techniques. For example, cybercriminals often use multiple methods, pivoting from bots to targeted manual fraud that may leverage human-staffed “click farms” trained to bypass anti-automation solutions. Security and fraud teams typically deploy an arsenal of siloed tools in response, adding operational complexity and partial remedies consumers find frustrating (such as MFA).
To overcome evolving tactics, F5 Shape elegantly combines application security, bot management, and fraud prevention with human experts and real-time machine learning analysis of network, behavioural, and malicious activity to protect the entire user experience. Beyond just an organisation’s applications, Aggregator Management can also detect anomalies and limit access privileges tied to the exponential growth of APIs for FinTech use cases such as open banking.
Building trust and optimising user experience with seamless authentication
Loyal customers who frequently visit a website using the same devices to buy their favourite products or pay their bills are typically subject to the same login and authentication steps as new customers. This includes time-wasting steps in selecting images such as stoplights or crosswalks in a series of CAPTCHA challenges (sophisticated bots can overcome anyway).
With F5 Shape’s Authentication Intelligence, organisations can now dramatically simplify return visits for trusted customers by eliminating unnecessary checkpoints and maximising customer engagement while minimising abandoned carts and similar dead ends. Enhancing overall protections against criminals and bots attempting ATO, F5 Shape’s real-time verification blocks malicious requests and automated attacks without disrupting login, checkout, or session extensions, further prioritising the user experience.
Strengthening defences over larger fraud attack surfaces
Security and fraud protection have become increasingly intertwined in the current threat landscape. At the same time, industries are continuously extending their services with applications, APIs, and tools touching multiple organisations (such as a retail site that connects to supply chain monitoring or financial account information). This creates a scenario where valuable details can be compromised by a third party or even a web browser, resulting in a much larger attack surface for threats such as ATO.
Like credit card skimming in the physical world, cybercriminals have developed attacks to take ownership of legitimate websites and install digital skimming to steal credit card numbers, social security numbers, names, addresses, and other PII. With advanced solutions like Client-Side Defence, organisations can confidently offer users richer app experiences without giving up essential protections and visibility.
“Faster payments and rising digital activity expand the surface for sophisticated fraud and cyberattacks,” said Julie Conroy, Head of Risk Insights & Advisory at Aite-Novarica. “Firms increasingly recognize that these attacks, and the resulting financial losses, cannot be addressed in a siloed manner. However, many still struggle with various organisational and technological blocks to collaborate effectively between security and fraud teams. F5 can help address these challenges through innovations in data analytics, automation, and machine learning, enabling collaboration across security and fraud teams to help disrupt financial crime, enhance operational efficiency, and uplift the customer experience.”
“F5 Shape comprehensively mitigates the impact of nefarious human and automated traffic to stop account takeover and any number of derivative threats,” said Saurabh Bajaj, VP of Product Management, F5 Shape. “Offering solutions on a single platform encourages collaboration while freeing up fraud and SecOps teams to focus on other priorities and apply insights to improve performance. With the ability to proactively surface anomalies and suspicious account behaviour, F5 eliminates cybercrime in various ways at each stage of the customer’s digital journey, providing the industry with true end-to-end security, authentication, and fraud solution.”