Session Protection

ASession Protection is used at the time of in account activity, such as when saving a new payment method, transferring loyalty points etc, in order to prevent malicious activity such as card testing, loyalty points theft, manipulation of verification methods and saved contact information (phone, email, etc.,).

There are a number of ways you can utilize the Account Profile protection offered by this API (Profile access). The Session Protection API can be used to enforce the following scenarios:

• Credit Card Testing: Preventing fraudsters from checking validity of stolen card details to by adding them to user accounts. Fraudsters leverage the merchant gateway's $0 auth to check whether the stolen card data is still valid.
• P2P & Loyalty Transferring: Protecting peer to peer transferring of fund and other monetary equivalents such as loyalty points between accounts across the ecosystem.
• Account / Profile Protections: Verifying users through account details change (email, phone, etc), ensuring security while minimizing friction.
• Account take over (ATO): To prevent incidents where fraudsters use stolen credentials to try and gain access user accounts, leading to data theft, fraud, and brand damage.
• Seller fraud: Protection ecosystem from fraudsters using seller ecosystem to commit fraud (See Seller Item Listing tab)