ATO Protect thwarts Generative AI attacks by confirming the real-world identity of your account holder, a capability not delivered in legacy account takeover solutions
SCOTTSDALE, Ariz., January 29, 2024 — With a staggering 427% increase in account takeover attacks (ATO) in Q1 2023, compared to all of 2022*, organizations are encountering ever more complex attack vectors and experiencing greater ATO fraud loss than ever before. Generative AI (GenAI) opens a new world of potential attacks and increases the need for companies to securely verify their customer requests without creating barriers to access. Current account takeover and identity verification solutions are not designed to address these expanding attack vectors.
Trusona, whose mission is to know who is really on the other end of a digital transaction, today announced the launch of ATO Protect to securely recover user accounts, eliminate credential risk, and to guard against GenAI attacks. Businesses holding data attractive to fraudsters are facing increased fraud risk, with limited tools to prevent ATO.
“Generative AI is the next frontier of fraud, which we have seen in our client engagements evolving from simple phishing to much more sophisticated attacks on the account recovery process,” said Ori Eisen, Trusona’s founder and CEO. “ID spoofing, deep fakes that simulate voices, documents, and selfies, creation of synthetic identities, and other creative attacks are exploiting the weaknesses in current systems. Beyond username/password attacks, there is a greater need to prevent ATO at every point in the customer journey.”
ATO Protect secures accounts, identifies risk, and provides tools for step up verification to recover accounts, locking out fraudsters and shutting down ATO risk. Security teams have been focused on preventing account access at the point of login, exploring phishing resistant credentials like passkeys, and strengthening password requirements. While these are critical to addressing one fraud vector, the account recovery process is often disconnected from the security deployed at account creation. Given the large majority of account recovery activity is genuine, ATO Protect provides a low friction verification step with increased ATO fraud checks that eases the recovery experience.
For customers interested in implementing phishing resistant credentials to further combat account takeover, the Trusona Authentication Cloud offers passkey solutions that can be deployed in a matter of weeks. Passkeys are inherently more secure than username and passwords, with automated account recovery provided by the platform provider. ATO Protect can be layered on with passkey to improve the security of your account recovery and further verify your customer’s identity in the future.
The ability to deploy increasingly complex identity verification depending on the level of risk the transaction or event presents sets ATO Protect apart from current solutions. For example, account recovery for an ecommerce brand presents a barrier to revenue and ATO is likely a low risk to the business. Whereas a bank being asked to conduct a significant transaction after a change of address or account details would want a higher level of assurance before approving. Similarly, for loan applications, such as a home equity line of credit (HELOC), which require only publicly available data, securely verifying the identity of the applicant greatly reduces fraud.
ATO Protect offers a number of features that layer into your existing risk decision matrix to provide standalone verification when suspicious activity attached to a new device, compromised email addresses or phone numbers, or document fraud, is detected. This enables your team to activate increasingly more secure identity checks prior to authorizing a high-risk event. Today, this is most relevant for Financial Services, Fintech, iGaming, and Healthcare businesses as they experience a high degree of ATO attacks.
Trusona offers ATO Protect as a modular solution that works alongside your existing fraud protection services. It can be deployed to protect higher risk transactions and events as a standalone service requiring zero integration. Get started today with a no-integration proof of concept engagement, allowing enterprises to leapfrog current systems to achieve immediate benefits while building direct integration. ATO Protect delivers a better way to address GenAI attacks.
Trusona, pioneering leader of passwordless MFA, seeks to secure the identity behind every digital interaction to prevent fraudsters from succeeding in account takeover (ATO). Increasingly complex attack vectors, including Generative AI, target not only login but account recovery, are compromising customer security, and leading to measures that negatively impact customer experience. Trusona seeks to reduce business losses connected to ATO fraud by providing zero-integration identity verification to secure high-risk transactions. Trusona also provides phishing resistant credential solutions that can be deployed in a matter of weeks to further secure account onboarding and login. Organizations in financial services, iGaming, Fintech, healthcare, higher education, media and more, trust Trusona for omni-channel authentication across digital assets. Trusona is funded by Kleiner Perkins, M12 (Microsoft Ventures), Akamai, Georgian Partners, Seven Peaks Ventures and 2M. For more information, please visit www.trusona.com.