Protecting User Accounts Against Cyberattackers

Fraud Detection & Account Security for Improved Security on the Web


What is Fraud Detection & Account Security?

Fraud detection covers a range of measures that are used to prevent unauthorised persons gaining access to user accounts under false pretences. Fraud detection can be deployed at various points in a process or in a technical system and offers the following advantages:

  • Account takeover protection (ATO – Account Takeover): Protect accounts against access by non-legitimised users. 
  • Protect access apps on your customers’ smartphones against malware attacks by guaranteeing the integrity of the MFA authentication.
  • Protect sensitive transactions such as bank payments against attacks such as session hijacking by identifying attackers with the help of behavioural biometrics and denying them access.
  • Implement risk-based authentication and make it difficult for attackers to pretend to be legitimate users. This type of authentication can identify attackers based on characteristics such as geolocation, IP addresses, the devices used and behavioural biometrics.

How Does Fraud Detection & Account Security With Nevis Work?

With Nevis, you can determine based on user signals and credentials whether a fraudster is trying to access another user’s account. Information gathered and analysed includes location, device information and the current time, but also typical user quirks such as typing behaviour and the dynamics of keystrokes, touching and mouse movements.

These dynamic aspects of a user identity can be compared with previous interactions in order to evaluate the risk. The effectiveness of the components is based on the fact that the correlation of multiple attributes such as behavioural biometrics, geolocation or device information creates a definitive digital user footprints. The analysis begins on the login page and continues until the session is ended.

Risk-Based Authentication

blue-plus blue-minus

Risk-based authentication checks the authentication process based on a risk assessment:

  • If your risk assessment is low, you can log on without multi-factor authentication (MFA), for example.
  • If your risk assessment is medium, you will be asked to use MFA to ensure that you are authorised to access to user account.
  • If the risk assessment is too high, the system may block the user and will send you a notification asking you to confirm that you did in fact attempt to access the system.

The risk score is calculated based on different signals such as geolocation, device, fingerprint or behavioural biometrics.

Customers can define their own rules for calculating the risk assessment based on their requirements.

What Is the Difference to Adaptive Authentication?

There is no official definition to distinguish between risk-based and adaptive authentication.

In the case of risk-based authentication, a risk number is always used to specify how authentication is to proceed.

With adaptive authentication, a risk number or a fixed rule determines the number and type of authentication steps required.

Here at Nevis, we refer to adaptive authentication as our streamlined system that is based on configurable rules. Risk-based authentication uses more complex risk calculation methods.

Enhancing adaptive authentication with geo-velocity

Geo-Velocity as an enhancement of adaptive authentication refers to using geolocation information to optimise the accuracy of adaptive authentication.

Geo-Velocity minimises the risk of fraud by integrating an additional security feature by monitoring the user's location. Not only is the current location considered, but also the user's speed of movement to detect unusual activity. For example, if a user moves from one region to another within a few minutes, this may indicate that an unauthorised person is trying to access the system.

Protection Against Account Takeovers

blue-plus blue-minus
What is an Account Takeover (ATO)?

An account takeover is an identity attack during which an unauthorised person uses a range of attack methods such as phishing, credential stuffing and session hijacking to gain control over a legitimate account. The fraudster then uses this account to make unauthorised transactions.

Account takeover protection includes the measures initiated to prevent an account takeover.

Credential Stuffing: Credential stuffing is a type of cyberattack where unauthorised persons attempt to use stolen credentials to log into another unrelated service. Since many users reuse the same password and the same username or the same email address to log into their user accounts, credential stuffing often leads to success for cybercriminals.

Phishing: phishing is a form of social engineering in which an attacker sends a fraudulent message to persuade a person to reveal confidential information. The attacker then uses this information to gain access to the user account.

Session hijacking: this is where an attacker compromises a legitimate user session by stealing or predicting a valid session identifier to gain unauthorised access. The session can be compromised in different ways, for example, by man-in-the-middle attacks or client-side attacks such as trojans or malware.

How To Prevent Account Takeovers With Nevis
  • Multi-factor authentication (MFA) can lower the risk considerably. Analyses by Microsoft have shown that MFA can prevent 99.9 % of credential stuffing attacks.
  • Risk-based authentication is another method that can be used to trigger additional security procedures such as SMS-TAN or MFA queries depending on the available knowledge about user behaviour, location and known devices. You can enhance convenience for legitimate users if you only request MFA for authentications with an elevated level of risk.
  • The use of passwordless or anti-phishing authentication options (FIDO2) helps reduce the likelihood of phishing or credential stuffing attacks.
  • As a centre of expertise for authentication, Nevis can significantly reduce the risk of many web attacks, for instance, using session hijacking, CSRF, cross-site scripting (XSS) or interrupted session controls.

Fraud in Payment Transactions

blue-plus blue-minus

Payment fraud is the term used to describes all types of false or illegal transactions carried out by cybercriminals. The perpetrator steals money, personal property, interest payments or sensitive information from the victim via the internet.

Nevis offers a variety of strong defences against fraudulent or unauthorised transactions:

  • Multi-factor authentication (including passwordless authentication) makes it more difficult for a cybercriminal to masquerade as another user and to authenticate themself in that user’s name.
  • Adaptive authentication uses additional signals such as geolocation, IP address or device information to make a user account a harder target.
  • Transaction confirmation using our mobile authentication function. The use of a secondary method to confirm every transaction is a mandatory provision of the PSD-2 regulation, for example.
  • One of the most sophisticated functions that Nevis offers in this area is the use of behavioural biometrics to check customer interactions after the first authentication. Information about typing behaviour is collected and compared with typical user typing behaviour in order to detect attackers who have taken over a user session. Depending on the risk assessment, Nevis can:
    • make the authentication requirements stricter and request an additional authentication factor (MFA)
    • send an email notification to the user to inform them of a suspicious login attempt
    • send risk assessments and information to a system for detecting payment fraud The system for detecting payment fraud uses other parameters such as the payment target, payment history, etc. to decide whether it to accept the risk or stop the payment.

Protection for Mobile Phones

blue-plus blue-minus

To protect users, the integrity of their mobile phones must also be secured. It is also essential to detect if this integrity has been breached. Our mobile SDK and our apps are protected against reverse engineering, manipulation, API exploits and other attacks that could endanger your users. Protection is also guaranteed by mobile authentication procedures and transaction signing.

  • Mobile app hardening makes it difficult for cybercriminals to carry out an attack. Additional levels of defence are used to protect the passwordless authentication method.
  • Code obfuscation makes it difficult for an attacker to understand the code. The entire mobile SDK is obfuscated in such a way that the code is incomprehensible to a hacker who attempts to attack the authentication of your application.
  • Anti-tampering is an important active measure that protects mobile apps. Anti-tampering mechanisms include integrity checks, the detection of debugging tools and instrumentation frameworks that are attempting to change the app runtime. The Nevis SDK immediately terminates every operation if it detects tampering.
  • Root protection (Android) and jailbreak protection (iOS) warn the application if the device security is at risk, and prevent the mobile app from starting under these conditions. Rooting or jailbreaking describes the process used to gain full administrator rights on a mobile device, which allows security restrictions in the operating systems to be bypassed.
  • Nevis works with Digital.AI (formerly Arxan) and uses its proprietary security functions to protect apps against reverse engineering, tampering, API exploits and other attacks that could endanger your company and your customers.

Do You Have Questions About Customer Identity and Access Management?

We’re here to help – with personal consultations, reliable support and smart solutions. We would be happy to show you the advantages of the Identity Suite from Nevis in detail.

Contact Us!

Advantages of Fraud Detection & Account Security

  • Protect client assets and sensitive information from unauthorised access, theft or exploitation.
  • Detecting and preventing fraudulent transactions or activities in real time to reduce financial loss and reputational damage.
  • Maintain customer confidence by providing secure and reliable transactions and services.
  • Comply with regulations and industry standards to protect customer data and prevent money laundering.
  • Improving the overall security posture of the business and minimising the risk of cyber-attacks.

Overall, the main objective is to ensure the security of customers' assets and information while providing a safe and convenient user experience.


Are you aware of the potential damage of credential stuffing?

Get comprehensive details on this topic in our free white paper.

Download White Paper