So, hi, I'm, I'm Matthew Brezinski. I'm a senior director of product management at Ping Identity, but I'm also a dad. I guess you could say I'm a proud dad 'cause this goes well beyond taking my phone out or my wallet because we've talked about so many wallets and showing you pictures of my kids. I put 'em up on the screen for everybody to see 'cause I'm a proud dad. Four and two. And the great thing is, is my son says I'm the best of daddy. Isn't that awesome? That's pretty amazing. Anybody here who's a parent knows those are the words you live for.
And I cherish this because I know five years from now maybe I don't know, he's gonna hate me. So, because he keeps saying I'm the best of daddy, that means I'm gonna do whatever it takes for him to keep saying that. As long as, as long as he can.
So what does that mean, daddy?
I want, well, daddy has to go get, because I wanna be the best at daddy. And just in case you guys are wondering, there's 201 days till Christmas, okay? 201 days. So it's never too soon to start thinking about what your kids want. And of course my kids want the absolute coolest toys out there. And to get those toys, the retailers wait till a certain point in time to put them on sale, okay? Usually because it's Christmas time. That is Black Friday, which somehow came from America all the way over to Europe. Don't understand.
But yes, black Friday. And so since I wanna be the best of steady, I end up in this, a crowd of people waiting to get into a start.
Now, who am I standing with in this crowd of people?
Well, I'm standing with people, but I'm standing with all different sorts of people. I'm standing with adults who want to get the same toy as my son.
Oh, they're the competition, right? I'm dealing with adults who are just there to get the best deal on their big screen tv, don't really care about them. But I'm also standing with, I'll just call 'em profiteers. Don't wanna call 'em malicious actors or bad actors. Let's just call 'em profiteers. And what they're trying to do is go in and buy that really cool toy and then hold onto it until the week before Christmas and then sell it for five x because you can't get it anywhere else. And I would still pay it because I still wanna be the best of daddy.
'cause I can't say, oh, I couldn't get you that. So this is who I'm standing in line with.
And so now we're waiting, waiting, waiting. The store opens. It's a stampede people, there's no queueing up, there's no line. It's a stampede. Even in the UK where they, where they're famous for standing in a queue. Now it's a stampede. Now the good thing is, is that I'm relatively fit. I'm six foot six, I'm relatively fit. I can use my physical attributes to make sure I get in because I, you know, I work out.
So I got, I got some advantages. I think I can use either my physical abilities or my mental acumen to find my way through. Some people might not be able to do that. But now I've made my way in. I'm in this sea of people and I look around and I find that toy that my son wants and I know I gotta get there. And so now the race is on.
That toy is all the way in the back. I start running, I run, I jump over perfectly good toys that so many other kids would love to have. But that's not the one that my son wants. My son wants that one. And there's only one left.
And I, with my six foot, six frame, reach up and jump grab that toy and I save Christmas, yay me. But that's how it used to be. That's how it used to be when we wanted to get the best toy, when we wanted to get the best thing for our kids or for whatever, or concert tickets or anything along those lines. Now it's online and that's what you guys are here to listen about. But how do you prevent the same type of, of activity and behavior online? And so what does it look like? So I'm gonna talk about a customer of ours.
Not gonna use their name, but just to let you know about, about this customer. They're a large worldwide retailer. They have both in store and an online presence. One of the things that they have that's really good for them is they have exclusive access to the latest trendy trend fashion stuff. Okay? So that's fantastic. The problem they have is since they have the exclusive access, you have malicious actors buying that, that material and selling it on the secondary market. And so they're getting a tarnished reputation, right? People don't feel like they can trust them anymore.
And so they say to us, we just need you to solve our problem. The problem is you need to stop fraud, but make it really easy for people to log in. Seems easy enough, right?
I mean, that's not, not two competing, competing things. Stop the fraud, stop the malicious actors.
But give everybody a a fantastic experience.
We go, yeah, yeah, we got you. No problem. So let's look at what we're dealing with. So their environment looks like this. This is their identity population. And you can think of this like that pen of people I was standing in front and standing in before the stores opened, right? This is the same thing. And in there they estimated that 60% of their identities were actually bots from malicious actors. 60%. And the worst part about that is, is they're paying for the privilege to store those identities that are causing all the reputational damage and tarnishing their their image.
So what happens when they have an exclusive item going up for sale? Well, what happens is humans just can't get in, get there in time, right? Like when I'm going into that stampede, I can use my size, my strength, my my mental ability does not matter. 'cause I cannot type faster than a bot. No one can especially, cannot type faster than a bot. Navigate to where that thing is. By the time I try to put it into my shopping cart, it's gone. And then to add insult to in injury, I close the website and it's already for sale on a secondary dairy website for three x.
So what happens?
So basically the customers are losing out and every customer is really upset at that retailer because they can't trust them to get what they want from 'em. So basically the only people that are able to buy this, these these items are fraudsters. Customers aren't happy. And the other thing is, is that the organization becomes disconnected from their customers. They don't know what they want, they don't know what they're buying because they can't track that because that transaction never happened. So how do we stop it? You add friction, right? That's easy. Who here likes captions?
It's just me.
It's just just me. Who likes to pick out streetlights when I'm bored? Okay.
Okay, so captions, right? It's a great idea. I honestly, when it comes to captions, I found out I was blind because of captions. Because you see that one up there, I could never understand, I could never get 'em right. And that was when somebody said, maybe you wanna go to the go to the eye doctor and get your eyes checked.
And oh, by the way, yeah, yeah, you need glasses. So, but captions that doesn't work because that doesn't make the experience easy. Think about, you really wanna get that item. It's a high stress situation and a cap comes up and you wear glasses and you don't know where your glasses are. So now you're running around your house trying to find your glasses to be able to type in the caption knowing that everybody else on the planet is typing in their cap and getting your item first. So that becomes a really high stress experience and it doesn't work.
So yeah, I guess we can't go to captions, right?
No captions. So what are you gonna do?
Well, let's bring in ai, because AI solves everything, right? ai, the magic tool solves everything.
I, well that was probably true about two and a half months ago, but if you've been to this conference, wallets are gonna solve everything so we'll, we'll we'll see. But, but AI is gonna solve everything. It's gonna detect the bots, it's gonna detect malicious activity, it's gonna detect credential stuffing, it's gonna do all these different things. That's great. And we can do all that in a way that we don't bother the real users. We let them in.
And when you bring in these types of AI enabled, you know, fraud detection systems, it's not about how much friction you can add, it's about how much friction you can reduce from your normal everyday users. You can stop them from having to do captions, you can stop them from having to do secondary authentication.
So that's great. It's a really great tool. If it's done right, customer says, this sounds amazing, let's do A POC. And we said, yeah, let's do A POC. Just give us an environment that looks like what you're dealing with.
They went, well, we don't really know what we're dealing with. Like we can't give you a test environment because we don't know exactly what type of bots they're using. We don't know this. We don't know. So one of the, one of our partners said, well, why don't we just like do a proof of value in your system? And they said, that's great, but what if it doesn't work? And we said, no, no, it's gonna work.
They said, but what if it doesn't work? And so you needed to add this flexible journey orchestration into the mix because it was impossible to recreate what they were experiencing because they didn't know it wasn't a set of requirements.
And as we all know, fraudsters and we've all talked about it, they're constantly evolving, constantly changing their techniques. The way they're gonna get attacked is gonna evolve. AI is gonna help fraudsters do new things.
So you need AI to resolve it, but you also need a flexible journey so that if you need new technology and you need to bring in new technology, you can easily add that in. And so they said, oh wow, that sounds great. So we can try this out. If it works, fantastic. If it doesn't, we can put something else in. And so we tried it out. And so what they decided to do was, if they detected a bot with the ai, they would send it to a recapture.
And if it failed to recapture three times. So hopefully if it was me, I had my glasses on and I typed it in by the third time, right?
But it failed the, the recapture three times they would delete the account because they also wanted to get rid of all the fake accounts they had in their, in their repository. Now I know we all said we don't like capture, but there is one cap I really do like. And if it was me, I probably would've done this. If it failed to recapture three times, I would've just sent it to infinite recapture and I would've kept that bot spinning for as long as possible and then deleted it. 'cause you know, if they're gonna attack me, I just wanna waste some of their computer cycles as well.
So this is what they said, they said, this is great, you know, we'll do this if it's a, if it's bots, we'll do this. If it's a suspicious IP or one of these other things, we'll send it to MFA, we'll send it to step up authentication. We'll do something to slow that person down to make it harder for them to authenticate. And then if it looks like a normal user, yeah, we'll let them get in and get there faster. They can actually get what they came to buy.
So, so the ultimate solution when it comes to combating fraud and delivering experiences, it's not just an AI fraud system, it's not just any fraud system out there. It's not just MFA. You have to combine that with an orchestration engine. You have to be able to change the user's path based on what you see. It's not good enough to just say, Hey, I see a problem. You gotta be able to do something about it. And you don't wanna do it after the fact because they've already bought the item and they've already put it up on eBay. I shouldn't have said eBay.
I was sitting next to the guy from eBay yesterday. But anyhow, so the ultimate solution is artificial intelligence combined with contextual orchestration. And so what happened, what did we come up with? First thing is they ma materially reduced the number of their items that ended up on the secondary market.
So that's, you know, that, that's pretty amazing.
They had a 35% reduction of the number of bots or a number of users in their identity directory. And that's, that's to date.
So that's, that's a pretty marked reduction in about a a nine month process. The great thing is, is that their brand reputation has picked back up. They're not losing customers. They have the trust of their buyers and their customers back again, which is something that they were struggling with because their customers didn't trust them to have what they needed when they needed it.
And then lastly, they're now seeing an increase in their e-commerce by 15% because they've made the process so much easier that they're getting more customers that are coming back even when it's not, you know, a limited event, limited edition, greatest new trend. So with that guys, thank you. That's all I have unless anybody has any questions.
Thank you, Matthew, we have time for maybe two or three questions. Anyone? Yep.
Okay, thank you.
Hi. So your detection can only be as good as the quality of the response. So what do you suggest when bot can pass capture, recapture is a great example, has plenty of Python script that just makes it click. What do you suggest for bots that can pass capture?
Yeah, so I, I think your question is spot on. Your, your detection is only as good as your response and that was one of the things that the customer said to us as well.
So, right, I get a bot that can pass recapture, that's an, that's an advancement. So I now I need to add another technology. And so my response to you is that you find the next technology that bots can't do. So whether that's MFA, whether that's something else, whether that's something that's yet to be invented and that's why you need that orchestration engine because that orchestration engine, it's not a hardwired thing that, that I found the bot and now I go straight to recapture, it's, I found a bot.
What do, what do I wanna do with it? Or what does the customer wanna do with it? And so having the ability to have your user journeys evolve and change as technology and as as technology changes, whether that's the bots that are attacking you or the technology that can defend against it is really, really important. But you know, everybody's talking about MFA, you can use MFA, you could use Fido, could use DCI wallets, you know, I mean just put in whatever you need to stop that butt.
Thank you for interesting
Presentation. Have you looked at monitoring the behavior after the login?
Because I mean a bot will never make typing mistakes and it will operate a lot faster and, and things like that. Has that been part of the picture?
So it's, since we work in the authentication space, most of our technology is enabled right now in that authentication journey. However, to your point, we are looking at extending that to allow that to be available post authentication. So if somebody got in, but then we can still see that it's going wrong, that it's looks wrong, at least we can market the next time they come back. Or we can send it, we can send it over to somebody else. But in this example, we were only in that authentication journey.
So
I think there's one question, question online and then we can jump to the next session. And the question is, silly question, but for this particular case study, who created those bots? Was it an organization or individual actors?
No. So this wasn't A-A-P-O-C, this was actually against the, the real actors. So that was, that was kind of the point of we couldn't recreate what they were facing because we didn't know what they were facing. So we just said here, just let us go play in, in what you're doing. And so I don't know who created the bots, be honest.
Okay, thank you Matthew. Thanks
Guys.
