Sift Science Introduces Account Takeover Prevention


March 03, 2017

Sift Science launched Account Takeover Prevention, which automatically detects and blocks illegitimate login attempts from bad actors -- without getting in the way of your good users. It's the most proactive way to protect your valuable user base, your brand, and your bottom line from account takeovers.

More data breaches = more Account Takeover

The threat landscape is changing. As we move more of our lives online, fraudsters are also flocking to account takeover (ATO), which allow them to access richer information and cause more damage -- all while operating under the guise of a legitimate, trusted user.

ATO is the downstream effect of a worrying rise in massive data breaches and phishing attacks. Criminals have easy access to billions of credentials, which they systematically test on sites and apps until they find a match. The result? 48% of online businesses saw a rise in ATO attempts last year. Faced with this growing threat, you have to ask yourself: are you doing enough to prevent your users' accounts from being hacked?

The bottom line? ATO attacks are inevitable. Data breaches happen. Credentials get exposed. But with the right tools and defenses, you can protect your users and secure their confidence by keeping their accounts safe from hackers.

ATO Prevention uses machine learning and behavioral analysis to detect fraudulent logins. With a simple integration, we'll be able to ingest and analyze your users' behavior, and then compare that behavior against itself, as well as patterns of good and bad users across our network.

Then, each time someone logs in, we'll return an ATO risk score in real time, so you can instantly identify risky users and dynamically alter the login experience. To calculate a score, our technology looks at a range of potential ATO signals, such as user browsing patterns, network and IP data, location history, and device information. We also leverage years of data we've already collected across our vast customer network of more than 6000 sites and apps.

Once you're in the console, it's easy to review the signals that makes a particular user risky -- like location, IP address, device, etc. This makes it easy to resolve problems before they affect your good users.

Like all Sift Science products, it's easy to automate how you manage logins, and set up dynamic fraud logic based on a user's level of risk. For example, you may build in an extra authentication step (like a code sent via SMS) for certain users.

For more information, please visit