Verification Station
What API events can Sift trigger friction off?
ALL API events
This is a computer program that operates as an agent for a user to simulate a human activity or is used to automate certain tasks
What is a BOT
ATO identifies born-bad accounts.
CAP (lie)
ATO identifies high risk logins on trusted, born good accounts.
Account abuse or payment abuse can help identify born bad accounts and is often sold in conjunction with ATO.
What % of users use the same password on multiple accounts?
65%
What is the difference between MAU and number of successful logins?
MAU: Monthly Active Users
Successful Login: The total count of successful logins........
What types of friction does Sift have built in today
Email 2FA, Email Security Notifications
KEYLESS (coming soon)
SMS 2FA (coming soon)
This bot attack type is a hacking method that uses trial and error to crack passwords, login credentials, and encryption keys
What is a Brute Force Attack
Sift bills on successful and failed logins.
Cap (lie).
The billable event for Sift ATO is Successful Login.
Failed login attempts are ingested into the Sift model and are reflected in the Sift ATO score when a successful login occurs.
What are some friction friendly industries?
Fintech, Banking, Crypto
What are two examples of a non-financial impact due to ATO?
Brand Reputation, Spam/Scam, Page Scraping, Access to PII, Login Credential verification, Account Aging, Gamification, etc.
This type of friction is passive and can improve self reporting while building trust with customers
What is Security Notifications
Does a person flying in the middle seat get both armrests?
ABSOLUTELY! If you think otherwise, you deserved to sit in the last row by the bathroom.
Can Sift identify if a device is plugged into a charger?
SLAP (Truth)
Sift analyzes if a device is plugged-in and at what charge level. Often times, click farms are used to attack websites and apps. It is less likely a mobile device is plugged in and at 100% charge, where it is more normal for a laptop to be plugged in or at 100% charge.
What team is typically responsible for account login protection?
Security
What team(s) are typically involved in account remediation following an ATO?
Engineering
Customer Support
Fraud
Is it pronounced "GIF" or "JIF"
Officially the internet says "JIF," but ill never say "JJJJIF." "GIF" for life.
This is a type of social engineering attack often used to steal user data, including login credentials and credit card numbers. It occurs when an attacker, masquerading as a trusted entity, dupes a victim into opening an email, instant message, or text message
What is Phishing
The Sift ATO Score synchronously rescores on downstream API events.
Cap (Lie)
The Sift ATO Score persists from the $login event and can be uses at any API event. ATO synchronous score is shipping later this year.
Where can you find stollen credentials for sale?
Bonus: How much does a single login sell for?
Darkweb
Individual identities, called 'fullz' on the black market, vary in price from $1 to about $450 (converted from bitcoin) and are valued based on factors like quality, robustness, reliability, and the seller's reputation - not unlike Ebay.
What color is "The Dress"? Blue and black? Gold and white?
Blue & Black
Passwordless Authentication Engine Leveraging Facial Biometrics
What is Keyless
This bot attack type is an automated injection of stolen username and password pairs into website login forms, in order to fraudulently gain access to user accounts
What is Credential Stuffing Attack
Most companies have a good understanding of how much ATO they are experiencing.
CAP (Lie)
Most companies are only aware of the ATO that is reported. A vast majority of ATO goes unreported, as a fraudsters motivation may be to validate credentials to resell on dark web, may be to age an account, to steal data or other non financial activities.
Is a hot dog considered a sandwich?
The U.S. Department of Agriculture (USDA) describes a sandwich as “a meat or poultry filling between two slices of bread, a bun, or a biscuit.” By that definition, sure, a hot dog is a sandwich.
or is it a taco?...
What events must be part of a MVI (most valuable integration) for an ATO customer?
$create_account, $login (success/failure), $security_notification, $decisions, JS/SDK
BONUS: $create_order, $update_account, and all other api events in user journey