CDSA

As digital platforms continue to try adding new users to drive growth, stopping fake account fraud remains a top concern for their fraud and identity teams.

During the May 10 webinar “How Adobe Improved User Sign-up Experience While Enhancing Account Protections,” Sparky Toews, that firm’s principal product manager for Identity, said he was skeptical that any CAPTCHA solution available  could really stop bots without potentially harming the user registration experience.

Toews shared Adobe’s experience with account security and bot management company Arkose Labs that he said turned him from a CAPTCHA naysayer to a believer in the technology being able to actually differentiate between a bot, a fraudster and a good user.

In an interview with Richard Dufty, chief revenue officer at Arkose Labs, Toews explained how the right CAPTCHA strategy reduced fake account registrations by 90%, how Adobe’s approach led to 98% of users being able to sign up without any friction, and how Arkose’s data provided greater context for Adobe’s team to make faster decisions to pass or block users.

Thinking back to when Adobe turned to Arkose for help, Toews told viewers: “The biggest business problem we were trying to stop was fraudulent signups. We have a lot of very attractive services for attackers at Adobe.”

Adobe’s Behance is a “great site for artists to showcase and contribute their work,” while Adobe Sign is a “great way to send a document to somebody for a secure signature,” he noted.

“When used appropriately, these are great services that add a lot of value, but both of them offer an opportunity for an attacker to put an advertisement or an inappropriate message in and send it and hopefully use Adobe’s good reputation or Behance’s good reputation as a way to get in front of that user,” he said. “The biggest vector for this is account signups. Ideally, we want to stop these right at the front door. A big part of that is understanding how much friction you want to put in front of somebody who’s signing up.”

“There’s a lot of vendors out there who are really good at identifying risk,” he said, noting Adobe has used companies including Google. “There’s a ton of vendors in this space.”

But he said: “Arkose has actually helped us with a very specific and unique problem. I’m somewhat famous for decrying the death of the CAPTCHA for a long time…. We’ve seen a huge amount of advancement in machine learning and we’ve seen proof that, for any one CAPTCHA, an attacker can train up a computer model and eventually be more successful than a human at solving that particular puzzle.”

Despite that, he explained: “Where Arkose has really been able to differentiate is your sort of infinite grouping of CAPTCHAs, and your ability to generate new ones has actually sort of proved me wrong that CAPTCHAs are dead…. We’ve got data that shows it is successful at actually differentiating between a bot, a fraudster and a good user, and we’re able to use that puzzle to take that very minimal set of borderline cases where we’re not sure, from a fraud or a risk perspective, if they’re good or bad and give them that final sort of test” to prove it.

Data, he said, has shown that bad actors are “actually blocked by that technology and therefore stopped from creating an account –- stopped from even getting in the front door.”

Adobe went into a pilot program with the Arkose technology and “we saw some very dramatic benefits from the initial pilot,” he told viewers.