Announcing Cloudflare Account Abuse Protection: prevent fraudulent attacks from bots and humans
Blocking bots isn’t enough anymore. Cloudflare’s new fraud prevention capabilities — now available in Early Access — help stop account abuse before it starts.
Cloudflare, a leading provider of security and performance solutions, has announced a new suite of fraud prevention capabilities designed to combat account abuse before it starts. As the threat landscape continues to evolve, the company has expanded its efforts to protect website owners from both automated and human-driven abuse.
In recent years, Cloudflare has focused on empowering customers to defend their applications against automated attacks. However, the rise of hybrid automated-and-human abuse has created a complex security challenge. For instance, a single account accessed from multiple geographic locations within a short period raises questions about authenticity rather than automation. To address this, Cloudflare is introducing a range of tools to help website owners identify and mitigate suspicious activity, regardless of whether it originates from bots or humans.
During Cloudflare's 2024 Birthday Week, the company gifted leaked credentials detection to all customers, including those on a Free plan. Since then, account takeover detection IDs have been added to the bot management solution, enabling customers to identify bots attacking login pages. Now, Cloudflare is combining these features with new capabilities to enhance fraud prevention.
One of the new tools is disposable email checking and email risk assessment. These features allow website owners to enforce security preferences for users who sign up with throwaway email addresses, a common tactic used in fake account creation and promotion abuse. Additionally, the system evaluates email addresses based on patterns and infrastructure to identify risky emails, further enhancing the ability to detect suspicious activity.
Another significant addition is Hashed User IDs, per-domain identifiers generated by cryptographically hashing usernames. These identifiers provide customers with better insight into suspicious account activity while maintaining end user privacy. By analyzing these hashed IDs, website owners can identify potential fraudulent traffic and take appropriate action.
Cloudflare's new Account Abuse Protection is available in Early Access, with Bot Management Enterprise customers able to use these features at no additional cost until the general availability of Cloudflare Fraud Prevention later this year. This initiative underscores the company's commitment to staying ahead of evolving threats and providing robust security solutions to its customers.
As the threat landscape continues to change, Cloudflare's new fraud prevention capabilities represent a significant step forward in combating account abuse. By addressing both automated and human-driven attacks, the company is helping website owners protect their platforms from a wide range of security risks. With the introduction of disposable email checks, email risk assessments, and Hashed User IDs, Cloudflare is providing the tools necessary to identify and mitigate suspicious activity, ensuring a safer and more secure online environment for all.
