Conversation
dev-love
approved these changes
Mar 20, 2026
Contributor
dev-love
left a comment
dev-love
left a comment
There was a problem hiding this comment.
Thank you for creating these use case drafts. I think this is a great starting point for the expansion of our Developer Hub.
|
|
||
| You could for example have a policy where you require MFA for requests that have a high risk score, but allow requests with a low risk score to proceed without additional verification. | ||
|
|
||
| Alternatively you can store information about the user's previous browsing sessions, and if a request comes in that deviates significantly from the user's normal behavior (e.g. a login attempt from a new device or location), you can require additional verification for that request. |
Contributor
There was a problem hiding this comment.
That sounds interesting. Perhaps this anomaly detection approach deserves its own sub-section and/or an additional short explanation.
| </p> | ||
|
|
||
| ## Passive monitoring for account takeover | ||
| Even if you don't want to implement risk-based authentication, you can still use Risk Intelligence for passive monitoring of account takeover attempts. By logging signals associated with critical user interactions, you can analyze patterns of behavior and identify potential security threats. For example, you might notice a spike in high-risk scores from a particular network, geographic region or device type, which could indicate a coordinated attack. You can feed this data into your SIEM (Security Information Event Management) system to correlate it with other security events. |
Contributor
There was a problem hiding this comment.
Data integration into SIEM systems has already been specifically requested by our first enterprise customers. So it’s an exciting opportunity to write a tutorial in the future and link to it from here.
|
|
||
| Friendly Captcha can help protect against payment fraud in two ways: | ||
| 1. The Friendly Captcha widget can be integrated into your payment forms to add an additional layer of security. When a user interacts with the form, Friendly Captcha assesses the visitor and gathers signals from their browsing session. If it detects suspicious activity that is indicative of a bot, it will require the user's device to solve a computationally expensive challenge. This makes it more difficult and costly for attackers to carry out automated attacks on your payment forms, while still allowing legitimate users to access your services without friction. | ||
| 2. You can use our [Risk Intelligence](https://developer.friendlycaptcha.com/docs/v2/risk-intelligence/) product to feed our risk scores and signals into your existing fraud detection systems. This can help you identify potentially fraudulent transactions and take additional actions against them, such as flagging them for review or requiring additional verification for those transactions. |
Contributor
There was a problem hiding this comment.
In a future version, we could expand on this or add a tutorial.
|
|
||
| Spam is a common problem for websites and apps that allow user-generated content or have a public-facing form. Spammers can use automated bots to flood your site with unwanted content, which can degrade the user experience, damage your reputation, and even lead to security issues. | ||
|
|
||
| Friendly Captcha helps protect your site from spam by adding a layer of security that can distinguish between legitimate users and malicious (automated) actors. This makes it more difficult and costly for spammers to abuse your site, while allowing legitimate users to access your services without friction. |
Contributor
There was a problem hiding this comment.
Does it make sense here to rather highlight our computational challenge/PoW approach?
Co-authored-by: dev-love <dev-love@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Adds a page describing the following (and how Friendly Captcha can help):