F5 Safeguards Digital Experiences with Comprehensive Account Takeover Protection

Organizations can now prevent sophisticated threats, strengthen customer trust, and improve IT collaboration with combined app security, bot management, and anti-fraud capabilities

SEATTLE – F5 (NASDAQ: FFIV) announced multiple security offerings to bridge security and fraud team operations that help customers block automated and human-driven malicious activity, shield valuable user details, and stop fraud. New solutions extend F5’s Shape Security portfolio of SaaS and managed services to protect customers, applications, and APIs against account takeover (ATO) while delivering better digital experiences at every touchpoint.

Today, any organization issuing or accepting digital payments is an ATO target. Once an account is compromised, a fraudster may drain funds, purchase goods or services, or access payment information to use on other sites—alienating customers and eroding revenue. ATO often starts with credential stuffing, where previously compromised user credentials (such as username/password pairs) and personally identifiable information (PII) are continuously tried in an automated fashion until achieving a successful login. Another common way cybercriminals pursue ATO is through client-side attacks which take ownership of legitimate websites by installing digital skimming tools to steal login credentials, payment card details, and other PII.

F5’s complementary solutions now offer the industry’s most comprehensive account takeover protection on a single platform. Leading security and fraud prevention techniques eliminate automated and human attacks across numerous threat vectors. Organizations can better defend against bots targeting their web properties and those of third-party providers with Aggregator Management, recognize legitimate users throughout the customer journey with Authentication Intelligence, and rapidly gain insight into client-side digital skimming attacks with Client-Side Defense. Coupled with the rapid removal of post-login fraud via Account Protection, F5 Shape provides an end-to-end approach that assesses intent, streamlines digital experiences, and halts ATO attempts otherwise leading to fraud, lost revenue, and reduced customer loyalty.

Disrupting Cybercrime Economics by Neutralizing Account Takeover

Organizations routinely face a combination of sophisticated manual and bot-driven attacks that are constantly retooled to deploy new evasive ATO techniques. As an example, cybercriminals will often use multiple methods, pivoting from bots to targeted manual fraud that may leverage human-staffed “click farms” trained to bypass anti-automation solutions. Security and fraud teams typically deploy an arsenal of siloed tools in response, adding operational complexity and partial remedies consumers find frustrating (such as MFA). To overcome evolving tactics, F5 Shape elegantly combines application security, bot management, and fraud prevention with human experts and real-time machine learning analysis of network, behavioral, and malicious activity to protect the entire user experience. Beyond just an organization’s applications, Aggregator Management can also detect anomalies and limit access privileges tied to the exponential growth of APIs for FinTech use cases such as open banking.

Building Trust and Optimizing User Experience with Seamless Authentication

Loyal customers who frequently visit a website using the same set of devices to buy their favorite products or pay their bills are typically subject to the same login and authentication steps as new customers. This includes time-wasting steps in selecting images such as stoplights or crosswalks in a series of CAPTCHA challenges (which sophisticated bots can overcome anyway). With F5 Shape’s Authentication Intelligence, organizations can now dramatically simplify return visits for trusted customers by eliminating unnecessary checkpoints, maximizing customer engagement while minimizing abandoned carts and similar dead ends. Enhancing overall protections against criminals and bots attempting ATO, F5 Shape’s real-time verification blocks malicious requests and automated attacks without disrupting login, checkout, or session extensions, further prioritizing the user experience.

Strengthening Defenses over Larger Fraud Attack Surfaces

Security and fraud protection have become increasingly intertwined in the current threat landscape. At the same time, industries are continuously extending their services with applications, APIs, and tools touching multiple organizations (such as a retail site that connects to supply chain monitoring or financial account information). This creates a scenario where valuable details can be compromised by a third party or even a web browser, resulting in a much larger attack surface for threats such as ATO. Like credit card skimming in the physical world, cybercriminals have developed attacks to take ownership of legitimate websites and install digital skimming to steal credit card numbers, social security numbers, names, addresses, and other PII. With advanced solutions like Client-Side Defense, organizations can confidently offer users richer app experiences without giving up essential protections and visibility.

“Faster payments and rising digital activity expand the surface for sophisticated fraud and cyberattacks,” said Julie Conroy, Head of Risk Insights & Advisory at Aite-Novarica. “Firms are increasingly recognizing that these attacks, and the resulting financial losses, cannot be addressed in a siloed manner. However, many still struggle with various organizational and technological blocks in achieving effective collaboration between security and fraud teams. F5 can help address these challenges through innovations in data analytics, automation, and machine learning, enabling collaboration across security and fraud teams to help disrupt financial crime, enhance operational efficiency, and uplift the customer experience.”

“F5 Shape comprehensively mitigates the impact of nefarious human and automated traffic to stop account takeover and any number of derivative threats,” said Saurabh Bajaj, VP of Product Management, F5 Shape. “Offering solutions on a single platform encourages collaboration while freeing up fraud and SecOps teams to focus on other priorities and apply insights to improve performance. With the ability to proactively surface anomalies and suspicious account behavior, F5 eliminates cybercrime in a variety of ways at each stage of the customer’s digital journey, providing the industry with a true end-to-end security, authentication, and fraud solution.”

Please visit our website for further detail on F5’s Shape Security portfolio, and contact F5 Sales for additional product and service availability information.

Additional Resources

• Get a Free ATO Application Threat Assessment
• Online Fraud Prevention – Solution Details
• Prevent Account Takeover – Solution Guide
• Financial Crime Convergence: Think Collaboration, Not Consolidation – Aite Group Report
• Staying Ahead of Cybercriminals by Aligning Security and Fraud – Blog Post

About F5

F5 (NASDAQ: FFIV) is a multi-cloud application security and delivery company that enables our customers—which include the world’s largest enterprises, financial institutions, service providers, and governments—to bring extraordinary digital experiences to life. For more information, go to f5.com. You can also follow @F5 on Twitter or visit us on LinkedIn and Facebook for more information about F5, its partners, and technologies.

F5 is a trademark, service mark, or tradename of F5, Inc., in the U.S. and other countries. All other product and company names herein may be trademarks of their respective owners.

# # #

This press release may contain forward looking statements relating to future events or future financial performance that involve risks and uncertainties. Such statements can be identified by terminology such as "may," "will," "should," "expects," "plans," "anticipates," "believes," "estimates," "predicts," "potential," or "continue," or the negative of such terms or comparable terms. These statements are only predictions and actual results could differ materially from those anticipated in these statements based upon a number of factors including those identified in the company's filings with the SEC.