Fraud Prevention
Prevent Fake Account Creation with Smart Rate Limiting
Fake accounts (aka synthetic accounts or bot accounts) are used to wreak havoc on social media platforms, commit credit card fraud, launder money, abuse affiliate programs, and even disguise account takeover attacks. Add "smart rate limiting" based on behavioral, device, domain, and geolocation data to stop the bots without impacting good users.
Fraud Prevention
Prevent Fake Account Creation with Smart Rate Limiting
Fake accounts (aka synthetic accounts or bot accounts) are used to wreak havoc on social media platforms, commit credit card fraud, launder money, abuse affiliate programs, and even disguise account takeover attacks. Add "smart rate limiting" based on behavioral, device, domain, and geolocation data to stop the bots without impacting good users.
Fraud Prevention
Prevent Fake Account Creation with Smart Rate Limiting
Fake accounts (aka synthetic accounts or bot accounts) are used to wreak havoc on social media platforms, commit credit card fraud, launder money, abuse affiliate programs, and even disguise account takeover attacks. Add "smart rate limiting" based on behavioral, device, domain, and geolocation data to stop the bots without impacting good users.
Problem
IP Rate Limits are not enough
Any remotely-sophisticated abuser has multiple IP addresses at their disposal for running their scripts at scale.
Solution
Combine a suite of risk signals
Combine behavioral, device, domain, and geolocation signals to detect suspicious signups across IPs.
Result
Bad for the bots, good for customers
With smart rate limiting, the improved detection accuracy means less abuse and less friction on good signups.
Problem
IP Rate Limits are not enough
Any remotely-sophisticated abuser has multiple IP addresses at their disposal for running their scripts at scale.
Solution
Combine a suite of risk signals
Combine behavioral, device, domain, and geolocation signals to detect suspicious signups across IPs.
Result
Bad for the bots, good for customers
With smart rate limiting, the improved detection accuracy means less abuse and less friction on good signups.
Problem
IP Rate Limits are not enough
Any remotely-sophisticated abuser has multiple IP addresses at their disposal for running their scripts at scale.
Solution
Combine a suite of risk signals
Combine behavioral, device, domain, and geolocation signals to detect suspicious signups across IPs.
Result
Bad for the bots, good for customers
With smart rate limiting, the improved detection accuracy means less abuse and less friction on good signups.
Stop the bots with less friction using real-time risk signals.
Stop the bots with less friction using real-time risk signals.
In smart rate limiting, we adjust how much traffic we allow through, based on a comprehensive assessment of the IP's risk level. By implementing smart rate limiting, based on real-time risk signals, we achieve more precise targeting than a fixed rate limit.
As a result, smart rate limiting stops more bots and stops them sooner, while allowing more good signups through.
1. Call Sumatra at signup time
1. Call Sumatra at signup time
Using the SDK for your backend language (Node or Python), pass signup data to Sumatra and get back a thumbs up/down decision on whether to allow it.
Using the SDK for your backend language (Node or Python), pass signup data to Sumatra and get back a thumbs up/down decision on whether to allow it.
# server.py
import sumatra
sumatra.api_key = "7c096c2f-4023-4696-814e-a4c371517e8e"
features = sumatra.enrich(
"signup",
email="user@example.com",
ip="205.12.234.7",
name="Darrel Smith",
browser={"language": "en-US"},
)
if features["verdict"] == "Block":
... # block signup
else:
... # allow signup2. Create risk signals in low code
2. Create risk signals in low code
Sumatra provides a concise language, Scowl, for defining powerful, stateful features that are computed in real time. Here are a few examples of how you might identify risky signups:
Sumatra provides a concise language, Scowl, for defining powerful, stateful features that are computed in real time. Here are a few examples of how you might identify risky signups:
Did they supply a gibberish name?
Did they supply a gibberish name?
For example, "bsdfkjbasdf asdkjfhskjdhf" would get a high gibberish score.
For example, "bsdfkjbasdf asdkjfhskjdhf" would get a high gibberish score.
gibberish_score := GibberishNameScore(name)Is the email handle similar to the name?
Is the email handle similar to the name?
For example, "Bob Smith" and "bob.smith@mail.com" would have high similarity.
For example, "Bob Smith" and "bob.smith@mail.com" would have high similarity.
name_handle_similarity :=
StringSimilarity(Lower(name), Lower(RemoveNonAlpha(EmailHandle(email))))Is email domain in the disposable domain table?
Is email domain in the disposable domain table?
One of Sumatra's built-in Tables is a list of more than 100,000 known disposable email domains.
One of Sumatra's built-in Tables is a list of more than 100,000 known disposable email domains.
domain := EmailDomain(email)
disposable_domain := Lookup<disposable_domains>(by domain)Does the IP country match the browser locale?
Does the IP country match the browser locale?
Out-of-the-box, Sumatra can enrich events with the IP country. A US-based IP would match the "en-US" locale.
Out-of-the-box, Sumatra can enrich events with the IP country. A US-based IP would match the "en-US" locale.
ip_country := IPCountry(ip)
locale_country := language.Split("-")[-1]
ip_locale_country_match := ip_country = locale_countryHas traffic spiked for this email domain?
Has traffic spiked for this email domain?
Time-windowed aggregates, like these counts, are Sumatra's bread and butter. Scowl supports a large collection of aggregate functions.
Time-windowed aggregates, like these counts, are Sumatra's bread and butter. Scowl supports a large collection of aggregate functions.
count_by_domain_1w := Count(by domain last week)
count_by_domain_1h := Count(by domain last hour)
count_by_domain_ratio := count_by_domain_1h / Maximum(count_by_domain_1w, 1)Has traffic spiked in this geographical region?
Has traffic spiked in this geographical region?
Finally, this risk signal showcases several powerful features at once: IP geolocation, geo-hash encoding, and time-windowed aggregates.
Finally, this risk signal showcases several powerful features at once: IP geolocation, geo-hash encoding, and time-windowed aggregates.
ip_geo := IPLocate(ip)
geo_area := GeoHashEncode(ip_geo.lat, ip_geo.lng).Substr(0, 5)
count_by_geo_1w := Count(by geo_area last week)
count_by_geo_1h := Count(by geo_area last hour)
count_by_geo_ratio := count_by_geo_1h / Maximum(count_by_geo_1w, 1)3. Set rate limit based on risk level
3. Set rate limit based on risk level
Instead of treating all IPs the same, use Scowl to combine the risk from the computed signals and set a dynamic rate limit on each signup attempt. If the IP exceeds the rate limit, then block.
Instead of treating all IPs the same, use Scowl to combine the risk from the computed signals and set a dynamic rate limit on each signup attempt. If the IP exceeds the rate limit, then block.
-- rules.scowl
rate_limit := Case(
when score > 500 then 0
when score > 300 then 1
when score > 100 then 2
default 5
)
count_by_ip_12h := Count(by ip last 12 hours)
rule_smart_ip_rate_limit := Block when count_by_ip_12h > rate_limitOver time, this simple rule-based logic can become more sophisticated and incorporate machine learning models, trained on data sets replayed by Sumatra.
Once the initial integration is complete, the logic can be extended and enhanced by any data-savvy team member, with no additional engineering work required.
Over time, this simple rule-based logic can become more sophisticated and incorporate machine learning models, trained on data sets replayed by Sumatra.
Once the initial integration is complete, the logic can be extended and enhanced by any data-savvy team member, with no additional engineering work required.
More fraud recipes
More fraud recipes
To check out another recipe for reducing fraud and abuse with Sumatra, see: Supercharge Your Stripe Radar with ATO Risk Signals.
To check out another recipe for reducing fraud and abuse with Sumatra, see: Supercharge Your Stripe Radar with ATO Risk Signals.
Get started
Get AI without the gimmicks
Get started