Fraud Prevention at the Edge: A New Solution to the Unsolved Problem of Complex, AI-Driven Fraud

The Impossible Dream: Blocking Complex Fraud

Almost everything we read about fraud highlights how quickly it is evolving, how it is being bolstered by AI tooling, and how it adapts faster than the solutions that are designed to block it.

Online fraud prevention is a never-ending exercise of whack-a-mole. Businesses improve defenses, fraudsters target a new vulnerability, with a new MO, unrestricted by processes, regulations or customers.

They are equipped to build more complex attacks that evade detection. They know how security and fraud prevention solutions work. They know the pages that are protected and the ones that aren’t. They are always looking for vulnerabilities in business processes and customer accounts. And when they need to broaden their attack surface, they target the customer themselves, socially engineering them to divulge sensitive information or make a payment under false pretences.

The same themes come up time and time again. How do we respond to this threat faster? How can we adapt as we encounter the threat rather than retrospectively? How do we identify changes in behavior even when the customer can’t?

Innovation in account security and fraud prevention is mandatory. Legacy solutions are not working, and they are failing to adapt to the full spectrum of attacks.

A New Frontier of Fraud Prevention at the Edge

The perimeter edge offers a new innovation in preventing complex fraud and can best be appreciated by understanding what’s gone before.

The first generation of fraud prevention tools solved a point-in-time problem. Fraudsters are attacking my login page to takeover user accounts, they are signing up for new accounts with stolen credentials, they are making fraudulent payments with stolen credit card details. Fraud solutionswere typically engineered to assess risk at this high-risk page, and make a decision based on that context.

The challenge was, over time fraudsters became wise to these profiling techniques, and chose to attack a new target, including:

• An exposed API endpoint after a new payment flow had been added to a website.
• Business logic – bypassing traditional fraud rules to abuse new customer rewards or loyalty bonuses en masse.
• The password reset function or change of details page – a new opportunity to takeover a user account.
• The customer themselves – socially engineering them to make a scam payment or divulge sensitive credentials.

Point-in-time solutions were becoming less effective, and fraudsters more adept at pivoting attacks to new vulnerabilities, with ease, speed and efficiency.

Fraud prevention at the edge represents a break from this legacy approach, and a genuine innovation in the way fraud solutions work.

Integrating with your Content Delivery Network (CDN) via a piece of technology called edge workers, offers a way to profile every touchpoint in the customer journey without the heavy lift of profiling every webpage. Benefits include:

• One integration that covers every touchpoint. New touchpoints/journeys can be configured from within the Darwinium portal, rather than needing IT and engineering resource to update the code on a webpage.
• Response times to new attack MOs can be minutes, not months. Imagine your fraud analyst seeing a huge spike in automated traffic targeting an API endpoint and your business being able to configure protection instantly
• Complex fraud, that can’t be solved with legacy “point-in-time” analysis, has a new enemy: fraud detection at the edge plugs all the gaps of point-in-time solutions leaving no exposed vulnerabilities, and delivering a new level of customer-journey-level behavioral insights to separate trusted from risky.

Let’s look at this third critical point in more detail…

The New Fraud MOs Bypassing Existing Solutions

New fraud MOs rely on attacking existing solutions in place by:

Complex AI-Driven Bots

• Bypassing existing bot solutions, for example:
  • Deploying low-and-slow attacks to appear more “human-like” and less “bot-like”, using AI tools to adjust rates.
  • Using human fraud farms.
  • Deploying CAPTCHA solvers.
• In each case, these new bot behaviors can bypass “front-door” deterrents and enter the customer account flow.

Scams and Social Engineering

• Bypassing fraud controls by socially engineering the customer themselves to divulge sensitive credentials or make phony payments.
  • In this case, the scam is executed via a fully authenticated login session, by the legitimate customer. The fraudster can guide or coerce the customer through the payment either via remote access, a live phone call, or text message prompts.

API and Business Logic Abuse

API abuse and business logic abuse can be used by fraudsters to:

• Abuse loyalty and rewards bonuses reserved for new or loyal customers.
  • E.g. bots can be used to sign up for new accounts that offer a new customer / player bonus.
• Bypass traditional customer journey sequences for financial gain: for example to make mass reservations for tickets or services, or to bypass two-factor authentication.
• Validate information for free: The endpoint might provide validation or confirmation of something, such as card verification details in a checkout flow.
• Harness PII data: Endpoints may unwittingly be leaking PII data, for example on an authentication page, even on failed logins.
  • A traditional API-based fraud solution would not see this behavior, and it would not be economical to use on failed logins.
• Direct exploitation: SMS pumping fraud attacks typically target an OTP function or similar step-up authentication. 
  • An API-based fraud solution would typically not be deployed on intermediate steps of an account origination journey, such as during the step-up call.
• Gain session access control: manipulate URLs, session tokens, cookies, or hidden fields to mask identity or gain advanced privileges.

The Edge: Complex Fraud’s New Worst Enemy

Here’s how an edge deployment can help solve these complex challenges:

Detecting Complex Bot Attacks

• Bots that bypass rate control measures can be identified via subtle machine-like behaviors across the entire user journey, even if they bypass account sign-up or login pages.
  • Identify unusual velocities, credential stuffing and proxies/emulators.
  • Separate AI bots from aggregators by understanding traffic intent across the user journey.
• Harness intelligence from upstream behaviors to make more informed decisions downstream, for example at checkout and payment interactions.
• Provide feedback from bot behaviors downstream to inform better risk decisions upstream, such as at login.

Detecting Scams and Social Engineering

• Pinpoint changes in customer behavior or payment patterns indicative of social engineering or coercion across a payment session, even when it is the legitimate user interacting.
• Identify instances of remote access, even if this is deployed after an account registration or login.
• Identify behaviors indicative of a live call in progress, via continuous behavioral biometrics intelligence.

Detecting API and Business Logic Abuse

• Detect anomalies in new and existing API behavior against a broader business context, separating intended operations from nefarious intent.
• Leverage full behavioral profiling on every API request to generate features and signals which detect normal and anomalous API behavior at each step of a digital journey. These could include:
  • API Request Behavior: e.g. what is the normal volume of requests from a particular IP address, the breakdown of request volume across different API endpoints, packet size / interval time between packets and the digital identity of the API request – e.g. device profile, geolocation data, IP address.
  • API Content / Body: e.g. ordering of the request fields, data check of the attribute values, content abuse assessment.
• These signals can also be accrued across the entire journey, flagging malicious or anomalous intent in real time.
• Detect scenarios where an API is being called correctly and in the correct sequence but shows anomalies between the entities and relationships being used in the API sequence, for example between the location of a card issuing bank and the purchase.

Fraud Prevention at the Edge: A Breakthrough Solution for Complex AI-Driven Fraud

Fraud is evolving faster than traditional prevention solutions can keep up, leveraging AI and exploiting vulnerabilities across business processes and customer interactions.

Legacy “point-in-time” tools fail to address the dynamic and sophisticated methods employed by modern fraudsters, including API endpoint abuse, social engineering, and low-and-slow bot attacks. Fraud prevention at the edge offers a revolutionary approach by integrating with content delivery networks (CDNs) to monitor and protect every touchpoint of the customer journey in real time.

This approach enables businesses to respond to emerging threats in minutes rather than months, provides continuous behavioral insights, and eliminates gaps left by outdated solutions. By leveraging edge-based detection, organizations can effectively combat complex fraud and protect their customers and systems from evolving attack methods.