Book IndexHideShow
Back to topic

Account Takeover Protection

Configure Mitigation Rules

Configure Mitigation Rules

Mitigation rules assign actions, such as Block or Captcha challenge, to account takeover attempts for varying levels of risk.

By default, the Account Takeover Protection mitigation strategy provides the appropriate level of protection for most customer scenarios.

If you find that the default strategy is not sufficiently addressing your needs, you can configure custom settings, manually assigning a mitigation action to each attack probability.

Then you can run a simulation to assess the impact of your protection strategy and view the results.

Open the configuration page

To view or configure the mitigation strategy for your site:

On the Account Takeover Protection dashboard, click Configure mitigation.

Evaluate the default protection strategy

The default Account Takeover Protection mitigation strategy blocks all malicious account takeover attempts with a high risk probability.

Hover over the HIGH link on the screen to view statistics on high-risk traffic to your site.

Configure a custom protection strategy

  1. Click the Custom Protection Strategy toggle button to display the custom settings.

  2. Configure your mitigation strategy and simulate the impact:
    1. Assign a mitigation action to each attack probability. For more details on attack probability, see Account Takeover Protection.

      ActionDescription
      BlockBlocks the login request and does not allow the user to log in.
      CaptchaThe user is presented with a captcha challenge before being allowed to log in.
      NoneNo action is taken.
    2. Click Simulate to see how your configuration applies to recent account takeover attempts. For example, you may see that based on your current strategy, an excessively high percentage of your customers will get a CAPTCHA challenge, leading you to reconsider your settings.

  3. Apply the configuration:

    When you are satisfied with your strategy, click Apply Configuration to activate the rules for your site.

See also:

 

Join the Discussion