Case Study

Dating Site Swipes Left on SMS Toll Fraud and Account Takeover with Arkose Labs

Key Results

$250K: Approximate amount saved each month in fraudulent SMS charges Significantly reduced the second-largest operational cost Fortified defenses against account takeover attacks (ATOs)

Overview

As the company’s second-highest operational expense, SMS charges were draining a global dating site’s financial resources at an alarming rate, with losses amounting to $250,000 per month from SMS toll fraud. Compounding this strain, the company was besieged by account takeover fraud, a prevalent threat in an industry notorious for being targets of malicious actors involved in sex and labor trafficking recruitment.

By implementing Arkose Labs’ bot detection and mitigation technology, the company not only achieved substantial cost savings but also fortified its defenses against account takeover attempts, safeguarding its customers and redefining its approach to combating online attacks.

The Business Problem

SMS toll fraud presents a growing and serious risk to businesses, incurring losses close to $39 billion in 2023, as reported by the Communications Fraud Control Association. Arkose Labs findings highlight the critical nature of this threat, showing a sharp rise in attacks, with a 386% increase in SMS toll fraud in the first half of 2023. Frequently, businesses do not recognize this issue until they observe signs such as higher rates of online account registration abandonment.

To enhance platform security, the company implemented SMS-based one-time passwords (OTPs) for new user account verification. But attackers exploited this security protocol through a scam known as SMS toll fraud. They obtained costly SMS services through cooperating carriers and then registered fake accounts that triggered OTPs to premium-rate numbers. The attackers and the colluding telcos split the proceeds, while the company received a massive bill as part of the fraudulent account registration process.

Furthermore, ensuring a strong customer experience is pivotal for customer retention. But the company faced frequent account takeovers (ATOs), including credential stuffing, on its login process. Fraudsters utilized bots to gain access to customer data, adversely affecting user experience and tarnishing the company’s brand. ATOs on dating sites are of particular concern due to their potential link to human trafficking, an issue the FBI has long warned about in the context of dating apps.

The Solution

The dating site began by implementing the Arkose Bot Manager solution on the login flow to perform targeted strikes against ATOs. Arkose Bot Manager uses advanced behavioral analytics to detect telltales of fraudulent activity, which enabled the platform to target suspicious traffic with a state-of-the-art series of challenges. These challenges are easy for legitimate users but incredibly difficult to solve with automation. Attackers were faced with a greater effort to complete each registration, and this disincentivized them from creating fake accounts.

Because of the success fighting account takeovers, the company then turned to tackling the problem of SMS toll fraud. Working with Arkose Labs is part of the dating platform’s long-term strategy to tier challenges based on risk, where close to 100% of SMS traffic in high-risk areas is challenged while users in medium- and low-risk countries have a more frictionless experience. By incorporating Arkose Bot Manager into registration stages protected by OTPs, alongside insights drawn from previous attacks within the Arkose Labs Global Intelligence Network and personalized indicators, the company is able to successfully detect and counteract SMS toll fraud threats.

Demonstrated Results

By adopting Arkose Labs’ advanced bot detection and mitigation technology, the company significantly reduced its second-highest operational expense. This implementation led to an annual savings of approximately $3 million by effectively eliminating fraudulent SMS charges.

The solution not only thwarted fraudulent sign-ups but also eradicated ongoing attacks targeting OTP verifications. Additionally, the enhanced security measures successfully mitigated account takeover attempts, safeguarding user data and further strengthening the company’s defenses against online threats.

Book a Meeting

Meet with a fraud and account security expert

Request a customized demo to learn more.