Arkose Labs releases Arkose MatchKey, a new suite of CAPTCHA challenges that improves both defensibility against attackers and usability for consumers.
Fraudsters are getting creative, and CISOs need a diverse set of solutions to be able to detect and stop them. This reality was the underlying driver for the innovation behind Arkose MatchKey. CAPTCHAs continue to prove effective especially when combined with a defense-in-depth approach like the one offered by Arkose Detect.
Arkose Labs CTO Ashish Jain said, “Consumers find traditional CAPTCHAs frustrating and fraudsters have found ways to get around them. Add on to that fraudsters are scaling their attacks to take advantage of fluctuating economic conditions and you get a massive increase in account takeovers, automated credential stuffing, and fake account registrations. As a result, marketplace demand for a completely new approach to CAPTCHAs is at an all-time high. It’s exciting to be the first to answer the market’s needs.”
The same Arkose MatchKey challenges that are quick and easy for good users are designed to present adversaries with thousands of variations, raising the time, effort, and expense they must invest in solving them. When the ROI is negligible, adversaries move on to less protected targets.
Global enterprises today expect cybersecurity strategies to protect systems, as well as ensure consumer trust and influence profitable growth. But they haven’t been able to achieve that consistently by using traditional CAPTCHAs for these three reasons:
- Traditional CAPTCHAs are built to present the same level of friction to all site visitors, whether the visitor is a malicious bot, human fraud farm, or a good user.
- Attackers are exceptionally proficient at defeating traditional CAPTCHAs using off-the-shelf ML techniques that are easily trained on the generic photos and images used by these CAPTCHAs.
- Accessibility, cross platform and device responsiveness, and usability are barely an afterthought in the traditional CAPTCHAs, making them hard to implement universally across all regions and channels.
In comparison, Arkose MatchKey is an intuitive challenge-response solution that thwarts attackers from accessing companies’ network systems by applying strategic friction based on challenges that evolve through constant iteration. Already, early adopter reaction has been extremely positive. After deploying Arkose MatchKey, an identity product leader at a Fortune 100 company said, “Arkose Labs has fixed CAPTCHA [issues],” and attributed an 80% increase in good-user throughput to these innovations.
“Traditional CAPTCHAs’ human solvability-to-maintaining security ratio has been way out of kilter for far too long, which is why we embarked on an 18-month journey to innovate a new solution,” said Jain. “Arkose MatchKey adds more arrows into CISOs’ quivers. Now, they can have strong defensibility against attackers while improving consumer usability.”
Unlike traditional CAPTCHAs, Arkose MatchKey optimizes the user experience through a distinct gamified user interaction model that requires matching of a key image to the correct answer based on the instructions supplied. Arkose MatchKey challenges can be translated into 109 languages, which means enterprises are guaranteed a universal solution sensitive to cultural differences. The challenges are WCAG 2.1 compliant, making them fully customizable to support the most stringent accessibility standards, and are created to align with enterprises’ brand guidelines.
It also amps enterprises’ defensibility against adversaries. Machine learning algorithms rely on data and images that attackers must hand-label. Arkose MatchKey’s strongest challenges have the potential to result in a half-million individual images that an attacker would need to hand-label, taking more than 25,000 human hours.
“Many bot management solutions are only able to tune the detection rules,” said Himanshu Bari, vice president, product management, Arkose Labs. “Unlike other vendors, our automated systems plus our 24/7/365 SOC and threat research teams continuously tune Arkose MatchKey challenges’ configuration and images on top of the detection rule tuning to make the attackers go away for good.”
“Enterprises need to review their cybersecurity strategies now to ensure they have state-of-the-art tools in place that strengthen the online experiences they’re creating for consumers,” Jain concluded.