Explore how Dynamics 365 Fraud Protection prevents account compromise


Fraud and abuse in the digital world can come in many forms. Account access by someone who uses excessive forceful attempts (brute-force) to try to "force" their way into your private account(s) is an old, less sophisticated attack method used by fraudsters.

In today’s digital world, fraudsters use more sophisticated technology - such as deceptive email messages or copycat URL addresses - to trick internet users into revealing personal or confidential information (phishing).

Both forms of attacks can lead to accounts being fraudulently accessed by someone who is not authorized or given permission to use the account (account compromise).

Internet users who decide to commit fraud and abuse against a business may also:

  • Create fake accounts to obtain free or promotional benefits as a new user.
  • Create an account a year or two in advance, leave it in good standing by not using the account, and then randomly use to commit fraud (sleeper accounts).
  • Negatively impact legitimate customers by forcing a less smooth sign-up experience.

These actions can lead to financial and nonfinancial losses.

Microsoft Dynamics 365 Fraud Protection provides merchants the capability to assess whether attempts to create new accounts and or to log in on a merchant’s system are fraudulent. Risk assessment in Fraud Protection can be used by the customer to block or challenge suspicious attempts to create new fake accounts or to compromise existing accounts.

Account protection includes APIs for real-time risk assessment, rule, and list experience. This allows you to optimize risk strategy as per your business needs, and use a scorecard to monitor fraud protection effectiveness and trends in your ecosystem.

Account protection provides risk assessment notably on two types of account lifecycle events:

  • Account creation
  • Account log-in

Each account lifecycle event type has multiple layers of defense:

Efficient bot detection: Merchants can encounter automated attempts to create fake accounts or to compromise existing accounts using a list of compromised credentials or through brute force. As the first line of defense, Fraud Protection’s advanced, adaptive AI enables dynamic and robust bot detection by quickly providing the merchant with a score that maps to the probability that a bot is initiating the event. Merchants can use the score with the rules they’ve configured to block automated fraudulent account creation and log-in attempts or to add extra verification on suspicious attempts.

Real-time reinforced assessment: As the next line of defense, Fraud Protection uses AI models to generate risk assessment scores for account creation and account log-in events. Merchants can use this score - together with the rules they’ve configured to approve, challenge, reject, or review these account creation and account log-in attempts - based on custom business needs.