Growth & Marketing
October 25, 2020
March 18, 2021
Growth & Marketing
October 25, 2020
March 18, 2021
A signup form is a strategic marketing move: an important part of the sales process that creates a custom database with important demographic data about the users, helping to understand their interests and behavior.
Faced by multiple industries, account creation fraud has been producing significant losses and reputational damage to brands for years that, according to a study run by BioCatch, amount to $2.1 billion in the USA just in 2020.
This term refers to any customer account created with fraudulent information, a practice that is becoming increasingly difficult to detect as attack techniques rapidly evolve.
Actually, there are a large number and variety of cases, from individuals trying to abuse sales promotions and discount coupons, to highly distributed and sophisticated attacks that use fake or stolen identities, making them difficult to effectively detect and stop.
These massive and organized attacks are usually an automated bot activity, which means that actually the accounts do not belong to real users. They are also used to generate spam and fake news, influence the results of reviews and voting processes, abuse offers and discounts, commit financial fraud, and other malicious and often criminal activities.
Actually, one of the challenges for many businesses is that getting more and more users is a sign of growth, and the rising number of registrations is not usually investigated too rigorously.
Many account management systems still simply use email and password to verify their users’ identity, a method that was not designed with today’s hacking possibilities in mind.
Thousands of people also use the same password to access different sites and services (even after a known security breach), the majority of them are not strong enough either, and many of them use the same password for all their online accounts.
In an ideal world, filtering new account requests via email verification would be a relatively secure and easy way to stop illegitimate requests. But considering that the reuse of the password in other accounts is quite common, it may not be enough in some cases.
As it is quite easy to get around password protection and email verification, the solution needs to be just a change in how users are verified.
Nowadays, there is a difficult balance between security and UX, between letting users easily create an account and stopping fake attempts to do so, but there are two types of approaches when looking for a solution.
A growing number of companies are offering services that can detect suspicious activity on new accounts, by analyzing background data from the user, such as the number of account requests from similar IPs, or flagging examples of potentially malicious activity.
IBM’s Trusteer was one of the first of these tools, and is still one of the most popular, but there are already many user authentication systems (Auth0, Okta and Firebase, for example), data enrichment services (like Clearbit) and even some specific ones (such as BioCatch and IPQS) that offer this option.
This type of services analyze users' digital behavior to distinguish between genuine and fake users in order to detect fraud and identity theft. By profiling interests, timings and interactions, they identify patterns and establish rules for "good" and "bad" behavior from statistics.
As user behavior analysis improves, new ways of verifying user identities emerge leveraging the security advantages of cloud storage and the huge amounts of data that now can be stored and linked to user accounts. These new systems are usually organized into three categories:
If you are thinking of improving the user authentication system of your service, but you still haven't found the right formula, we really have good news for you.
Thanks to our flow editor you can create, iterate and run complex user authentication flows that can include, among many other features:
Arengu is a software tool that allows you to create forms with complex flows that are compatible with any tech stack. Thanks to a JS SDK and a set of flexible native actions you will be able to save a lot of development time when it comes to finding the user verification flow that best suits your business needs and setting up common integrations.
Do you want to try it free? Sign up or schedule a demo with our team. And if you prefer to explore it yourself, take a look at the quick start and our guides and tutorials.