July 2018
Intermediate to advanced
356 pages
9h 18m
English
Content preview from Hands-On Security in DevOps
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
Summary
In this chapter, we discussed some typical business fraud and abuse cases, including account cheating, online scalpers, non-genuine orders, and account takeovers. The major categories of business fraud risks are accounts, content, payments, and promotion.
We suggested some detection rules and typical frameworks for building your own business risk detection services. To identify normal and abnormal user behavior, we need to build a user profile. Aspects of profiling include IP profiling, device fingerprints, machine behaviors, accounts, and usage.
In addition to detection, we also explored some mitigation approaches, such as PCI compliance, the threshold, 2FA, CAPTCHA, GeoIP, and IP reputation. Last, but by no means least, the prioritized ...