AWS WAF Fraud Control

Why AWS WAF Fraud Control?

Fraud Control helps protect your login and sign-up pages against attacks such as credential stuffing, credential cracking and fake account creation attacks. With Fraud Control, you get 10k requests free per month.

Benefits of AWS WAF Fraud Control

Fraud Control is enabled by adding an AWS managed rule group to a Web Access Control List, making it easy to add bot protection for your applications that use Amazon CloudFront, Application Load Balancer, Amazon API Gateway, AWS AppSync, AWS AppRunner or AWS Verified Access. There is no additional infrastructure, DNS changes, or TLS certificate management needed.
Fraud Control analyzes requests to your login pages by continuously monitoring login requests for malicious attacks such as credential stuffing or credential cracking. Credential stuffing is when a bad actor is using stolen credentials for unauthorized access. Credential cracking involves using multiple username/password combinations to gain access to someone else’s account.
Fraud Control analyzes requests to your sign-up or registration pages by continuously monitoring requests for anomalous digital activity such as automated account creations using bots. It then automatically blocks suspicious requests based on request identifiers and behavioral analysis.

Use cases

Block fraud at the network edge

Fraud Control can block unwanted fraudulent traffic at the network edge when you use AWS WAF with Amazon CloudFront or other integrations. Fraud Control helps you minimize the impact of fraud on your application's performance and can reduce operational and infrastructure costs. Bot Control also increases the accuracy of your web analytics by removing bot traffic that can skew website and conversion metrics.

Easy to use fraud mitigation for multiple use-cases

Fraud Control is available for two use cases – Account Takeover and Account creation fraud prevention. Account Takeover managed rule consists of rules that prevent uauthorized login attempts. Account creation fraud prevention managed rule consists of rules that look at various elemnts of your sign-up request such as headers, reputation lists and behavioral analysis to prevent creation of fraudulent or fake accounts.