Announcing Cloudflare Account Abuse Protection: prevent fraudulent attacks from bots and humans
Blocking bots isn’t enough anymore. Cloudflare’s new fraud prevention capabilities — now available in Early Access — help stop account abuse before it starts.
Cloudflare, a leading provider of security and performance solutions, has announced a new suite of fraud prevention capabilities designed to combat account abuse before it occurs. These advanced tools, now available in Early Access, aim to address the evolving threat landscape where both automated and human-driven attacks are increasingly complex and challenging for website owners to manage.
In recent years, Cloudflare has focused on empowering its customers to protect their applications from automated attacks. However, the threat landscape has shifted, with the industrialization of hybrid automated-and-human abuse presenting a complex security challenge. For instance, a single account accessed from multiple geographically dispersed locations within a short timeframe raises questions about authenticity rather than automation. This necessitates a more nuanced approach to identifying and stopping abuse on websites, regardless of whether it originates from bots or humans.
To address this, Cloudflare has integrated several powerful new tools into its existing bot management solution. These include disposable email checks and email risk assessments, which help enforce security preferences for users who sign up with throwaway email addresses or whose emails are deemed risky based on patterns and infrastructure. Throwaway email addresses are commonly used for fake account creation and promotion abuse, making this a critical area for fraud prevention.
Another significant addition is Hashed User IDs, per-domain identifiers generated by cryptographically hashing usernames. These identifiers provide customers with better insight into suspicious account activity and enable them to mitigate potentially fraudulent traffic without compromising end user privacy. By focusing on identifying abusive behavior and risky identities among both human users and bots, Cloudflare's new capabilities go beyond traditional bot detection methods.
Account Abuse Protection is currently available in Early Access, with Bot Management Enterprise customers able to use these features at no additional cost until the general availability of Cloudflare Fraud Prevention later this year. This move follows Cloudflare's Birthday Week in 2024, during which the company gifted leaked credentials detection to all customers, including those on a Free plan. Since then, account takeover detection IDs have been added to the bot management solution to help identify bots attacking login pages.
As the threat landscape continues to evolve, Cloudflare's new fraud prevention capabilities represent a significant step forward in addressing the complex challenges posed by hybrid automated-and-human abuse. By providing website owners with the tools to stop abuse before it starts, Cloudflare is helping to safeguard applications and user trust in the face of increasingly sophisticated threats.
