Account takeover is when a fraudster gains control of an account that belongs to a genuine customer. Phishing, spyware and malware can all be used to commit account takeover attacks. However, for many merchants credential stuffing is the most common tactic used. Credential stuffing is the automated process of using stolen username and password combinations in order to gain access to customer accounts.
Fraudsters can monetize the attack in a number of ways, from making unauthorised transactions with a saved card or stolen card details to selling accounts and personal details to others.
Read MoreThis page explains the account takeover integration process.
Our dedicated guides will help you to integrate with Ravelin seamlessly. Ravelin team will help you through the integration from start to finish. We will work with you to understand how your platform and Ravelin can best work together to stop account takeover, optimize conversion and support growth.
During the initial sales meetings, we will:
A dedicated project manager and integration engineer will be assigned to support you and will organise a kick off meeting with you. We will discuss technical details of the project, target outcomes and any time constraints you may have.
Read MoreTo request an account takeover recommendation when a customer attempts to log in,
send a request to our Login endpoint
using the Login Checkpoint.
To use the Login Checkpoint add score=login as a query parameter to the URL.
The login object should contain details about the login attempt.
An example request is shown below:
POST https://api.ravelin.com/v3/login?score=login HTTP/1.1
Authorization: token ...
Content-Type: application/json
{
"timestamp": 1512828988826,
"login": {
"username": "jsmith123@example.com",
"customerId": "abc-123-XYZ",
"success": true,
"authenticationMechanism": {
"password": {
"success": true,
"passwordHashed": "ef92b778bafe771e89245b89ecbc08a44a4e166c06659911881f383d4473e94f"
}
},
"app": {
"name": "Our App Lite",
"platform": "web",
"domain": "us.brand.com"
}
},
"device": {
"deviceId": "65fc5ac0-2ba3-4a3b-aa5e-f5a77b845260",
"ipAddress": "81.152.92.84",
"language": "en-US",
"model": "Pixel XL",
"os": "android",
"type": "phone",
"manufacturer": "google"
},
"location": {
"latitude": 51.503252,
"longitude": -0.127899
}
}An example response is shown below:
Read MoreThis page explains how to tell us an account has been resecured after an account takeover.
In cases where an account is reclaimed by the legitimate owner you need to notify us that the account has been secured. Secured means that the password has been reset and any tokens have been revoked, ensuring that attackers no longer have access to the account.
Reclaiming an account after it has been resecured is important, otherwise we may block the legitimate owner from accessing the account.
Read MoreBreached credentials are used by fraudsters when committing credential stuffing attacks. Attackers get credential combinations (usernames and passwords) from data breaches. Fraudsters can then automatically try all these combinations against your login page to see if there are any matches.
Unfortunately, because a lot of people use the same password across multiple services there may be matches and fraudsters can gain access the accounts.
You can read more about how fraudsters use breached credentials in our Ravelin Insights Guide.
Read MoreAs with all software, it’s important to get it working, and then keep it working. Ravelin has multiple features to aid you in testing your integration.
You should ensure that you are listening to the action that Ravelin returns, and handling it appropriately.
Set the login.username field to an email address using one of the following three email domains to force a specific action from the Login endpoint.
| Email Domain | Action |
|---|---|
| @qa-force-ato-allow.com | ALLOW |
| @qa-force-ato-review.com | REVIEW |
| @qa-force-ato-prevent.com | PREVENT |
These values will only work in your sandbox account.
Read MoreWas this page helpful?