Account Takeover
Take on Account Takeover
Reimagine fraud protection.
Fraudsters are stronger than ever, empowered by chatbots and other AI tools every day, and causing millions more in fraud losses each year due to account takeover (ATO).
In order to prevent ATO, you won’t win by working harder to protect secrets like usernames and passwords. You must remove these repositories entirely instead.
ThinOps Cypher replaces those secrets with relationships that can never be stolen, impersonated, or exploited.
Stop letting transactions go unverified.
Bidirectional trust with no middle man
Preventing fraudulent transactions requires verifying every transaction, on both sides. This is a simple concept, yet not feasible with legacy fraud prevention.
ThinOps Cypher creates one-to-one relationships that tie directly to services, allowing for both parties to bidirectionally verify their relationship on every transaction.
How it works
Each time a user enrolls to use ThinOps Cypher on a new system a new set of public/private keys is created for that specific system on the user’s mobile phone. This entanglement is then tested to ensure both sides verify their relationship at every transaction.
In a transaction, each side of that entanglement reaches out to the other to ensure each set of public/private keys are the correct ones.
By creating this bidirectional, one-to-one relationship, there are no secrets to phish (no usernames or passwords) and every transaction behind ThinOps Cypher is protected by single-use, cryptographically controlled identity proofs.
ATO Technique |
|
ThinOps Cypher
Credential stuffing/brute force
Stolen usernames and passwords allow fraudsters to impersonate others.
There are no stored passwords, and all logins/transactions are verified on both ends.
|
|
|
Malware/keyloggers
Susceptible to malware that can log passwords or intercept sessions.
|
|
|
|
User experience
Your users will finally stop wincing at the thought of logging in. Because ThinOps Cypher is built into your company’s app/service/site, with your branding, and is actually easy for end users.
Instant verification
No timed 6-digit codes. No text messages. No confusing external apps. No figuring out how passkeys work. Just scan, verify, and you’re good to go.
Cognitive keyboard with OneTiCK
A cognitive keyboard gives users an extra layer of security while only requiring them to remember a sequence of 5-7 items such as letters, words, or images. The cognitive keyboard challenge doesn’t require a long, complex password and prevents phishing, shoulder-surfing, and keyloggers.
Prevent fraud losses from account takeover.
Losses from account takeover (ATO) are rising by millions every year. Yet current fraud prevention tools are built on old models of centralized stores of secrets like usernames and passwords.
ThinOps Cypher prevents fraud from ATO by replacing those secrets with relationships that can never be stolen, impersonated, or exploited.
No bait? No phishing.
Take on Phishing.
Prevent fraud loss from phishing and social engineering.
Fraudsters steal secrets with phishing for a simple reason: it works.
As long as there are secrets to intercept, steal, and phish, fraudsters will intercept, steal, and phish them. The answer to this fraud problem isn’t higher walls, it’s connection.
The majority of fraud loss is a result of stolen credentials due to phishing and other social engineering tactics. These attacks have proven even more scalable with fraudsters using AI with tools like chatbots to create convincing phishing emails.
Fraudsters take advantage of centralized repositories of secrets and identifiers like emails, passwords, etc. in order to impersonate victims and commit fraud. So we decided to get rid of the repositories while making users’ lives easier in the process.
Decentralized and direct connections.
Right now fraud prevention is focused on protecting centralized repositories of secrets such as emails, usernames, passwords, etc. Even current “passwordless” solutions have central stores of identities that can be checked with passkeys or other identifiers that can be phished, intercepted, or manipulated, resulting in millions of dollars in fraud losses every year.
With ThinOps Cypher, these stores of secrets are replaced by direct entanglements from the user, their device, and their entanglement with the company/service.
That means that even if a user’s email has been compromised, fraudsters still can’t do anything without a device that has been directly entangled. This creates a decentralized environment where a fraudster would need not just a login, but a potential victim’s biometric (or cognitive challenge) performed only on an entangled device, which is also tied directly to the company.
This works in reverse, too. Each side of the entanglement (user and company) must agree they are seeing the expected user’s identifier, on the right device, with the right entanglement keys. These bidirectional, one-to-one connections not only remove phishing risk but also reduce any blast radius to a single transaction, on a single device, at a single point in time.
Compare ThinOps Cypher’s phishing protections
We hate phishing, too.
Tempting fraudsters with vaults of information is tempting fate. If you’re ready to lower your fraud losses and risk, we’re ready to help.