Identity Fraud Protection
ReachFive’s Identity Fraud Protection (IFP) module analyzes events to determine if a particular IP is exhibiting suspicious behaviour. In particular, the Identity Fraud Protection module consumes login and signup attempts where it determines if the IP is suspicious or not. If the Identity Fraud Protection module determines that the IP is suspicious, the IP is flagged and siloed into a separate database where its access is immediately blocked.
If automatic suspension is enabled on your ReachFive Console and the IFP module detects that malicious IPs have successfully accessed an account, the account is automatically suspended.
|
Administrators can view and manually suspend user accounts that have been compromised by these suspicious IPs directly from the ReachFive Console. You can also whitelist the IPs you may want to bypass the attack protection policy. |
Suspicious signup requests
In some cases, you might have bots attempting to perform bulk signup requests on your site. This happens sometimes in an attempt to purchase items rapidly or overwhelm your system. Luckily, we’ve got you covered here.
Our Identity Fraud Protection detects suspicious IPs and assigns a signup_compromised user event type for any signup attempt from a blocked IP. The profile is automatically suspended and all tokens are invalidated including access and refresh tokens. Any subsequent requests from the flagged IP will fail.
View compromised profiles
To use the Identity Fraud Protection module, you must have it enabled on your ReachFive Console by a ReachFive administrator.
| If the feature is not activated on your account and you’re interested in using it, please contact your ReachFive Professional Service or CSM contact. |
Prerequisites
-
You must have access to the ReachFive Console.
-
You must have a CRM, Manager, or Administrator role.
-
You must have the IP Blocking feature enabled.
-
You must have the Compromised profiles feature enabled.
Instructions
-
Log in to your ReachFive Console.
-
Go to Analytics.
-
Select Compromised profiles.
- The Compromised profiles section
-
-
lists all compromised profiles by ReachFive ID, Identifier (like email or mobile), their Suspension status, the Attacking IP, and when the suspicious behaviour was detected.
-
allows you to search by ReachFive ID and/or Identifier.
-
perform actions such as "uncompromise" or suspend the user profile.
-
Suspend compromised profiles
To use the Identity Fraud Protection module, you must have it enabled on your ReachFive Console by a ReachFive administrator.
| If the feature is not activated on your account and you’re interested in using it, please contact your ReachFive Professional Service or CSM contact. |
Prerequisites
-
You must have access to the ReachFive Console.
-
You must have a CRM, Manager, or Administrator role.
-
You must have the IP Blocking feature enabled.
-
You must have the Compromised profiles feature enabled.
Uncompromise a profile
You can uncompromise[1] a user profile directly from the ReachFive Console.
| If the feature is not activated on your account and you’re interested in using it, please contact your ReachFive Professional Service or CSM contact. |
Prerequisites
-
You must have access to the ReachFive Console.
-
You must have a CRM, Manager, or Administrator role.
-
You must have the IP Blocking feature enabled.
-
You must have the Compromised profiles feature enabled.
Enable Automatic suspension with IFP
You can enable the IFP module the right to automatically suspend accounts associated with a malicious IP.
| If the feature is not activated on your account and you’re interested in using it, please contact your ReachFive Professional Service or CSM contact. |
Prerequisites
-
You must have access to the ReachFive Console.
-
You must have a CRM, Manager, or Administrator role.
-
You must have the IP Blocking feature enabled.
-
You must have the Compromised profiles feature enabled.
Whitelist IPs
You can whitelist certain IP addresses with the IFP module directly from the ReachFive Console.
| Whitelisted IP addresses will bypass the attack protection policy. Proceed with caution. |
Prerequisites
-
You must have access to the ReachFive Console.
-
You must have a CRM, Manager, or Administrator role.
-
You must have the IP Blocking feature enabled.
-
You must have the Compromised profiles feature enabled.
Attack protection bypass header
To whitelist IPs that are dynamically generated or managed in a pool, you can add an Attack protection bypass header directly in the ReachFive Console. Those attempting to log in with the header will bypass the attack protection policy.
| The header should only be used from the backend for security purposes. |
| Whitelisted IP addresses will bypass the attack protection policy. Proceed with caution. |
Prerequisites
-
You must have access to the ReachFive Console.
-
You must have a CRM, Manager, or Administrator role.
Enable True Client IP key
If you want your backend requests to be protected thanks to our IFP module, you must enable the option from your ReachFive Console. The True Client IP Key is the key enabled and generated automatically in the ReachFive Console.
Any request coming from a backend that has True-Client-IP in the header must contain a True-Client-IP-Key header along with it.
This True-Client-IP-Key in the header must match the True Client IP Key you enabled and generated in the ReachFive Console.
The True-Client-IP header must contain the IP of the end user.
This IP will be present in the user events generated by the request.
| Requests that do not contain the matching secret are not accepted. |
To enable the option:
-
Go to .
-
Toggle Attack protection policy to on .
-
Under True client IP key, click Generate.
-
In the dialog, confirm you want to Generate a new secret header.
-
-
Under True client IP key, you can now view and copy the key.
API operations
Use the Management API to:
-
GET compromised users : retrieves a list of compromised users.
-
POST suspend users : suspends users.