All Products
Search
Document Center

Web Application Firewall:Fraud detection

Last Updated:May 14, 2024

Web Application Firewall (WAF) has a built-in mobile phone number reputation library to help prevent threats, such as spam user registration and marketing fraud. WAF compares mobile phone numbers or the MD5 hash values of phone numbers with the reputation library. If specific requests match suspicious behavior tags, WAF requires slider CAPTCHA verification, blocks the requests, records the requests, or adds tags to the requests.

Prerequisites

  • Web services are added to WAF on the Website Configuration page. For more information, see Website configuration overview.

  • Bot management for website protection or app protection is enabled and the fraud detection feature is enabled.

Billing

  • If you configure rules and traffic hits the rules, you are charged based on the number of hits. You are charged USD 0.007 per hit.

  • If you enable the fraud detection feature but do not configure rules, you are not charged fees. If you configure rules but no traffic hits the rules, you are not charged fees.

Note

Fees for the fraud detection feature are included in the bills of WAF. Bills are generated on a daily basis.

Configure fraud detection

In the Create Scenario-specific Protection Template - Bot Management panel, you can configure the fraud detection feature in the Configure Protection Rules step. For more information, see Create an anti-crawler rule for websites and Create an anti-crawler rule for apps.

image

Configuration

  • Account retrieval: If the GET method is used and the request parameter is username=158***&password=***, select Query Parameters from the Location drop-down list and enter username in the Parameter Name field. This way, WAF can retrieve information about mobile phone numbers.

  • Risk tags and levels

    Risk tag

    Description

    Suspicious sock puppet account

    A sock puppet poses as a third-party account independent of the main account operator. By default, the risk level is high.

    Fraud risk

    Mobile phone numbers that are involved in fraud are detected. By default, the risk level is high.

    Spam user registration

    Mobile phone numbers that are suspected of using illegal tools to create accounts for marketing activities are detected. By default, the risk level is high.

    Marketing fraud

    Mobile phone numbers that are suspected of using illegal tools in marketing activities, such as creating multiple accounts at the same time to obtain coupons, are detected. By default, the risk level is high.

    Auto-purchase bot

    Mobile phone numbers that are suspected of using illegal tools in flash sales, such as ticket grabbing, are detected. By default, the risk level is high.

    The risk level can be high, medium-high, and medium. You can specify a risk level based on your business requirements.

  • Actions

    Action

    Description

    Monitor

    Records requests that match the rules in logs without blocking the requests.

    Block

    Blocks requests that match the rules and returns a block page to the client that initiated the requests.

    Slider CAPTCHA verification

    Requires slider CAPTCHA verification. Requests are allowed only after the client passes the verification. After the client passes the verification, WAF sends acw_sc_v3 cookie and slider CAPTCHA verification is not required in the next 30 minutes.

    Strict slider CAPTCHA verification

    Requires slider CAPTCHA verification every time a request matches the rules.

    Add tag

    Adds tags to requests that match the rules by using custom headers and forwards the requests to the origin server. Users can use the backend risk control system to handle the requests.