The position of bot management products deployed within the customer environment allows for the ability to shun or block traffic before it ever reaches the OFD platform. As such, this represents a significant advancement transforming existing product capabilities to block fraud that may otherwise be difficult to detect.
Gartner Emerging Tech Impact Radar: Online Fraud Detection and Prevention
In today’s threat landscape, the battle against online fraud requires a multi-faceted approach that transcends the capabilities of most individual online fraud detection (OFD) platform vendors. As a result, strategic partnerships and alliances have become crucial.
In the 2023 “Emerging Tech Impact Radar: Online Fraud Detection and Prevention” report, Gartner® recommends that product leaders responsible for OFD solutions should seek strategic partnerships and alliances with leading bot management vendors to create holistic offerings for customers. And here at DataDome, we couldn’t agree more.
As the report highlights, fraud prevention solutions are now regularly integrating cybersecurity capabilities. And as a cybersecurity specialist, DataDome provides a range of technologies which OFD platform vendors can leverage to bolster their fraud detection capabilities and enhance their clients’ protection against a wide array of online threats.
Let’s take a closer look at four of the emerging technologies identified in the Gartner report. We believe that these technologies can all enable OFD platform vendors to harness DataDome’s tools and expertise as a complement to their core offerings.
Bot Management
Gartner considers that bot management belongs in the “Now (0 to 1 Year)” range, meaning that this technology is very close to early majority adoption in the OFD market and already used by many organizations today.
Gartner expects that OFD platforms will increasingly begin offering bot management as part of their technology stacks to combine intelligence signals and risk scoring from the two platforms. However, due to the technical infrastructure differences between OFD platforms and bot management, this is more likely to occur through strategic partnerships rather than organic growth.
Product leaders responsible for OFD solutions should integrate with bot management products to leverage real-time intelligence of ongoing attacks that happen upstream as a point-in-time risk signal that should be considered when scoring transactions.
Gartner Emerging Tech Impact Radar: Online Fraud Detection and Prevention
At DataDome, we are convinced that bot management is central to online fraud prevention. A growing number of customers are implementing DataDome for this exact purpose, protecting their businesses from threats such as account fraud, carding fraud, and gift card fraud.
Gartner recommends that OFD product leaders leverage analytics from prelogin, postlogin and throughout the user journey from bot management platforms to develop behavioral analytics profiles and models, which can be used in risk decisioning.
Behavioral Analytics
Gartner defines behavioral analytics as “session-tracking capabilities that monitor user interactions with the protected service to build trust models for distinguishing fraudsters, trusted users, and bots based on their interactions.”
Gartner believes that behavioral analytics will provide vendors with opportunities to improve detection for many common fraud detection use cases. True implementation of this capability requires continuous monitoring and inspection throughout the user journey and is already featured in many bot mitigation products, but this technology is estimated to be only at approximately 40% early majority adoption within the OFD market.
Product leaders responsible for OFD solutions should apply AI analysis capabilities to historical analytics in which to build machine learning models capable of real-time risk scoring in order to identify deviations from expected normal user behavior.
Gartner Emerging Tech Impact Radar: Online Fraud Detection and Prevention
Behavioral analytics tools typically use a combination of supervised and unsupervised machine learning to classify good versus risky user journeys, then apply real-time risk scoring while providing corresponding reason codes. This is exactly what DataDome does, by collecting a wide range of behavioral signals both server-side and client-side.
On the server side, we analyze how the user is browsing a website or mobile app. The behavior can be analyzed as a time series, using unsupervised machine learning (ML) to detect outliers in the number of requests over time. We can also conduct more advanced graph-based detection to analyze the transition between different URLs.
On the client side, behavioral signals are collected in the browser using JavaScript, or in a mobile application via an SDK. Such signals often come from events linked to user interaction with the website or app, and include touch events, typing speed, mouse movements, clicks, and sensor signals (such as those from an accelerometer).
All these behavioral signals are fed to our machine learning models in order to detect, in real time, whether or not the user’s interactions with the website or app is consistent with human behavior.
Behavioral Biometrics
As per Gartner, behavioral biometrics refers to passive technology which assesses how a user is interacting with their device in order to discern patterns indicative of trust or risk, in contrast to behavioral analytics which focuses on how the user interacts with a service. Behavioral biometrics technology is typically integrated client side (JavaScript, Mobile SDK, among others) to gather behavioral signals including typing cadence, mouse movements, swipes, taps, and device orientation.
Product leaders responsible for OFD solutions should prioritize use cases where behavioral biometrics adds substantial value and uplift for customers; this commonly includes new account origination, bot detection and login use cases.
Gartner Emerging Tech Impact Radar: Online Fraud Detection and Prevention
DataDome’s detection models leverage a host of such signals. In fact, we strongly advocate for collecting client-side signals in addition to server-side and reputational signals, as we find that they significantly improve accuracy in detecting frameworks designed to bypass bot protection systems.
It is well known that client-side signals can be spoofed or manipulated by attackers. One popular technique is to override JS native objects to avoid detection, using libraries such as Puppeteer extra stealth.
To address these limits, DataDome uses a combination of methods including code obfuscation, collecting raw signals on the client side, and frequently updating the client-side signals.
Invisible CAPTCHA
The fourth and last emerging technology we are addressing here is Invisible CAPTCHA. In the Gartner report, Invisible CAPTCHA is described as “a form of challenge served to end-user devices in an attempt to discern if the user is a bot or human without any user interaction”.
The “invisible” aspect is important because striking the right balance between security and user experience is crucial for e-commerce companies. Fraud prevention tools with a high rate of false positives (when legitimate users are incorrectly flagged as bots or suspicious entities) can negatively impact conversion rates, revenue, and customer satisfaction.
Product leaders responsible for OFD solutions should integrate with bot management platforms to dynamically trigger repeated injection of invisible challenges based on behavioral analytics signals.
Gartner Emerging Tech Impact Radar: Online Fraud Detection and Prevention
While DataDome already boasts a very low false positive rate (below 0.01%), we are always striving to improve. We are therefore soon launching a new feature called Device Check, which has already shown impressive results for many of our beta customers.
Device Check is a verification process that runs on the end user’s device, without the need for any user interaction. It can be loaded by web browsers and mobile applications, completely preserving end users’ privacy. Its purpose is to spot any type of automation frameworks, spoofed environments, or programmatic access to the interfaces.
In simple terms, Device Check acts like a CAPTCHA, without prompting any visible or interactive challenge to the end user. The verification takes place in 2 seconds, after which:
- If the requester is a legitimate human user, the requested content is loaded automatically.
- If the request comes from a bot, it is blocked or additionally challenged.
Recommendations & Conclusions
To avoid sacrificing revenue for security, online businesses need robust strategies that leverage advanced technologies to strike the right balance between security measures and a seamless user experience. An effective fraud prevention strategy is one that empowers businesses to safeguard their platforms while ensuring a frictionless journey for legitimate customers.
DataDome welcomes the opportunity to join forces with online fraud detection platforms in order to secure your business & customers. To summarize what we bring to the table:
- Our detection performance: we leverage client-side signals and optimize our models with signals collected on user devices.
- Our mitigation performance: we can block fraud before it even reaches the login endpoint.
- Our end-to-end monitoring of user journeys: unlike OFD platforms that only have a point-in-time detection and mitigation model, we can monitor our customers’ traffic from homepage to checkout.
- Our capacity to profile user behavior: by linking users’ logged-in ID with all the signals we have been processing, we can assign a digital fingerprint to all the users of our customers and identify when they deviate from their usual behavior.
Access the full report for more comprehensive insights into why DataDome has been recognized as a Sample Vendor for Bot Management and Behavioral Analytics in the report: Emerging Tech Impact Radar: Online Fraud Detection and Prevention.
Gartner Disclaimer
Gartner, Emerging Tech Impact Radar: Online Fraud Detection and Prevention, Dan Ayoub, 23 June 2023
GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.
Gartner does not endorse any vendor, product or service depicted in its research publications and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s Research & Advisory organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
*** This is a Security Bloggers Network syndicated blog from DataDome authored by Andrew Hendry, Senior Director of Product Marketing. Read the original post at: https://datadome.co/bot-management-protection/gartner-report-online-fraud-prevention/