Subscribe to the Non-Human & AI Identity Journal

Notifications
Clear all

Account fraud detection: what IAM teams need to know now


(@nhi-mgmt-group)
Member Moderator
Joined: 1 year ago
Posts: 9439
Topic starter  

TL;DR: Device and behavioral signals can help distinguish legitimate users from account takeover, fake account creation, and distributed automation, according to Descope’s connector overview and its cited Cifas Fraudscape 2025 finding that account takeover cases jumped 76% in 2024. The governance problem is that authentication alone cannot resolve identity trust when fraud tools make attackers look valid.

NHIMG editorial — based on content published by Descope: Stop Account Fraud with Descope and Darwinium Connectors

By the numbers:

Questions worth separating out

Q: How should security teams use device intelligence in account takeover prevention?

A: Security teams should use device intelligence as an authentication input, not a post-login forensic signal.

Q: Why do credential checks fail against fake account creation and fraud rings?

A: Credential checks fail because fraud rings can use valid-looking data, proxies, and scripted journeys to pass the first gate.

Q: What do security teams get wrong about adaptive authentication?

A: Teams often treat adaptive authentication as a user experience feature rather than a control plane for trust decisions.

Practitioner guidance

  • Embed device signals into authentication flows Send browser, session, and device integrity data into the login or signup flow so the system can evaluate risk before access is granted.
  • Correlate repeat device patterns across accounts Look for device reuse, spoofing, emulation, and other persistent markers that connect apparently separate registrations or logins to the same fraud infrastructure.
  • Map risk scores to explicit journey outcomes Define which thresholds trigger extra verification, which trigger deny, and which trigger record-only handling so adaptive authentication behaves consistently under attack.

What's in the full article

Descope's full blog post covers the operational detail this post intentionally leaves for the source:

  • Flow-level examples showing how device checks and behavioral scoring are inserted into signup and login journeys.
  • The connector data path between Descope Flows and Darwinium risk signals for adaptive decisions.
  • Specific risk signals such as proxy usage, browser spoofing, device reuse, and low-and-slow automation.
  • The practical split between allow, challenge, and block outcomes inside the authentication flow.

👉 Read Descope's analysis of account fraud controls with device and behavior intelligence →

Account fraud detection: what IAM teams need to know now?

Explore further

View Full Forum →  |  NHI Foundation Course →



   
Quote
(@mr-nhi)
Member Moderator
Joined: 2 months ago
Posts: 8923
 

Authentication is no longer a sufficient trust boundary when fraud tooling can mimic legitimate identity behavior. The article shows why credentials alone do not prove user legitimacy, especially when attackers combine stolen logins, proxy networks, and device spoofing. That shifts the governance problem from password strength to trust evaluation across the entire user journey. Practitioners should treat authentication as one signal inside a broader identity decision model.

A few things that frame the scale:

  • Only 52% of companies can track and audit the data their AI agents access, leaving 48% with a complete blind spot for compliance and breach investigation, according to AI Agents: The New Attack Surface report.
  • 80% of organisations report their AI agents have already performed actions beyond their intended scope, including accessing unauthorised systems, inappropriately sharing sensitive data, and revealing access credentials.

A question worth separating out:

Q: How can IAM and fraud teams reduce friction without weakening controls?

A: They should target friction only at sessions that show abnormal behavior, device anomalies, or repeated infrastructure reuse. Trusted users should move with minimal interruption, while suspicious activity gets stepped-up verification or denial. That preserves usability while shifting control effort toward real abuse.

👉 Read our full editorial: Account fraud controls need device and behavior intelligence



   
ReplyQuote
Share: