Tell us a little bit about your journey throughout the years. How did SHIELD originate?
SHIELD was founded in 2008 when modern fraud prevention was still in its infancy. When I was a teenager, I ran a cross-border e-commerce business. I noticed that my website kept being targeted by online fraudsters, so I decided to do something about it and built a system that could detect and stop them. This was of course just the beginning – many years of research of development later and we find ourselves where we are today.
What technology do you use to detect risky user behavior?
SHIELD uses unsupervised machine learning on combinations and permutations of device and network data to identify patterns and anomalies linked to risky device attributes. In addition, our Enterprise AI technology crunches unlimited unlabeled user and activity data fields to detect known and unknown complex fraud use cases.
Enhancing all this is our Global Intelligence Network – a continuously updated library of every threat pattern we’ve ever seen. What this means is that our customers are able to benefit from our extensive library of fraud threats from across the globe.
Last but not least is our fantastic technology SHIELD Sentinel. It continuously profiles risk throughout the entire user session and is the only technology on the market that does this. The reason it’s so useful is that fraudsters will try to avoid detection by turning on a fraud tool after they’ve opened their target app. This is because the vast majority of fraud prevention solutions only check for fraud when an app is opened. With SHIELD Sentinel, we continuously profile for risky behavior for the entire duration of the app, which means we are able to detect the exact moment any fraudulent activity is conducted.
Why should more mobile app developers be concerned with fraud protection solutions?
Fraud prevention solutions are typically web-based because fraudsters have traditionally attacked websites. In the past decade mobile usage has exploded, accelerated especially by the pandemic, but what many people aren’t aware of is that mobile app fraud has risen too. While there is some overlap with the web environment, there are many tools and techniques used for fraud that are unique to mobiles. Mobile phones have started to house the most sensitive of data, ranging from e-wallets containing credit card information to super apps consisting of loyalty programs and payment methods.
Did you notice any new cybersecurity threats arise as a result of the pandemic?
Generally speaking, the pandemic saw a drastic change in the way users completed daily tasks such as ordering groceries and hailing rides. Since more people went online during the pandemic, all types of fraud skyrocketed. To go into specifics, we saw a lot of fraud taking place on e-commerce platforms. For example, return fraud. COVID-19 pushed a lot of merchants to adopt flexible return policies along with the introduction of contactless deliveries, making it more difficult for them to track successful deliveries and genuine returns.
While most types of fraud did increase during the pandemic, we also saw some types of threats diminish. For example, cross-border fraud, frequent flier program fraud, and abuse. With a substantial decline in travel, these were no longer attractive avenues for fraudsters to exploit. That being said, this may not be the case for 2022 as travel restarts.
When talking about online fraud, account takeover is probably one of the most common types of attack. Can you tell us more about how it is carried out?
An account takeover (ATO) happens when a fraudster gains unauthorized access to someone else’s account, typically to steal funds or personal information. It often acts as a launchpad for a myriad of fraudulent activities.
A typical ATO fraud attack consists of three steps. First, a fraudster will obtain stolen account credentials, usually through data breaches or phishing scams. They then test these credentials using techniques such as brute force attacks and credential stuffing, which often involve the use of bots. Once these credentials have been validated, the fraudster will proceed to take over the account and conduct malicious activity such as making fraudulent purchases and draining accounts. A fraudster may also choose to resell the account credentials on the dark web.
Since many users reuse the same login credentials across different platforms, fraudsters will also begin to log in to as many platforms as possible to raid them. They may even change passwords across platforms so genuine users are locked out of their own accounts.
What other fraud methods do you think are prominent nowadays?
Fraudsters are getting sneakier. We’ve noticed they often try to avoid being detected by turning on their malicious tools only after they've successfully bypassed any fraud prevention measures. Since most fraud prevention solutions only check for risky activity at specific points of the user journey such as login and payment, fraudsters can easily conduct fraudulent activity during other points of the user session. This is why we’ve developed SHIELD Sentinel – to catch these bad actors red-handed at any point of the user’s journey. Whether it’s at account creation or using loyalty points, this unique piece of technology creates trust and safety at every step of the user journey.
How can an average internet user tell if an account is malicious or has been taken over by someone else?
Each industry will have its own tell-tale signs so it’s best we split this into two parts.
Most malicious accounts (fake accounts) will be targeted at the business, not the user, as they are often used to abuse incentives, steal promotions, and so on. This means regular users won’t usually see them. They are also often well-disguised, as more can be stolen by a fake account that looks real rather than an obviously fake one. Think of credit lending – a bank is more likely to lend money to someone they think is real. However, there are times when a user can definitely tell when an account is fake. For a social media account, it could be someone sending spam or even hate messages – we’ve all had friend requests from people who we know aren’t real. In the gaming industry, a fake account is less likely to interact with other users and may perform repetitive tasks over and over again.
Accounts that have been taken over by someone else are also not easy to spot unless they directly interact with you. Things to look for are if the person asks you something out of character such as to borrow money or to click on a suspicious-looking link.
In your opinion, which types of organizations are attractive targets for fraudsters and should implement proper security measures as soon as possible?
Organizations that are expanding into new geographies and organizations that are growing fast are a goldmine for fraudsters. As they grow, the attack surface increases. In periods of rapid growth, it’s easy to prioritize expansion over security, and that’s when fraudsters hit. An organization may grow so quickly that there isn’t enough time for fraud prevention methods to keep up with the rapid pace of growth.
A common example would be to launch a referral code incentive when entering a new market. Fraudsters may create several fake accounts to abuse these incentives, which is why it is essential these types of organizations implement proper security measures.
And finally, what’s next for SHIELD?
We are continuing to go global! We will be opening up many more offices this year, including ones in the US, UK, and India. We are also expanding our product offerings to be able to cover even more types of fraud – exciting times ahead.