Javascript Interactive Challenge. Non-interactive challenge. In the VCL version, it will trigger.
Not properly authenticating the form ports
Google reCaptcha Fraud - $408,800 per year if assessed on EVERY transaction. $40/1000 calls
Google reCaptcha (regular) - Up to 1M free per month, then $1/1000 calls. If called on payment submit, we would be within the free-tier limit.
Fingerprint JS - $60k per year
You would have a visitor ID. User is creating a new account, but an account already exists.
They are trying to look different
Now, every other action you can go back to what they've done
$.30 per lookup - 1000 lookups per day = $109,500/yr
IP Geo Info - $.10 per lookup
Email Lookup Service - $.10 per lookup
Phone Lookup Service - $.10 per lookup
What is available in Fastly? Rate limiting?
In snwflake's Fastly logs, look for suspicious behavior.
Track a single person across multiple logins and sessions
Track if behavior is fishy
Stop attackers from viewing more pages or more frequently than a human would
Stop attackers from creating an account
Stop attackers from submitting a credit card for assessment
Stop attackers from successfully checking out
How many IPs are in a session during a session? We should look at that.
We can follow people when they're not logged.
Anonymous visitor tracking, personalization, marketing tracking. For fraud use-case, there are carve-outs for abuse and payment fraud.
Javascript Interactive Challenge. Non-interactive challenge. In the VCL version, it will trigger. Not properly authenticating the form ports
Google reCaptcha Fraud - $408,800 per year if assessed on EVERY transaction. $40/1000 calls
Google reCaptcha (regular) - Up to 1M free per month, then $1/1000 calls. If called on payment submit, we would be within the free-tier limit.
Fingerprint JS - $60k per year
$.30 per lookup - 1000 lookups per day = $109,500/yr IP Geo Info - $.10 per lookup Email Lookup Service - $.10 per lookup Phone Lookup Service - $.10 per lookup
What is available in Fastly? Rate limiting? In snwflake's Fastly logs, look for suspicious behavior.
Track a single person across multiple logins and sessions Track if behavior is fishy
Stop attackers from viewing more pages or more frequently than a human would Stop attackers from creating an account Stop attackers from submitting a credit card for assessment Stop attackers from successfully checking out
How many IPs are in a session during a session? We should look at that. We can follow people when they're not logged. Anonymous visitor tracking, personalization, marketing tracking. For fraud use-case, there are carve-outs for abuse and payment fraud.