Posted On: Jun 13, 2023

AWS WAF Fraud Control announces Account Creation Fraud Prevention, a managed protection for AWS WAF that is designed to prevent creation of fake or fraudulent accounts. Fraudsters use fake accounts to initiate activities, such as abusing promotional and sign-up bonuses, impersonating legitimate users, and carrying out phishing attacks. These activities can lead to several direct or indirect costs such as damaged customer relationships, reputational loss, and exposure to financial fraud. Account Creation Fraud Prevention protects your account sign-up or registration pages by allowing you to continuously monitor requests for anomalous digital activity and automatically block suspicious requests based on request identifiers and behavioral analysis. 

AWS WAF Fraud Control previously released Account Takeover Prevention that protects sign-in pages against credential stuffing and brute force attacks. With Account Creation Fraud Prevention and Account Takeover managed protections available today, AWS WAF provides you with a comprehensive solution for account fraud protection at-scale. You can deploy AWS WAF Fraud Control at the network edge to protect Amazon CloudFront, Application Load Balancer, and other supported integrations. Support for AWS Cognito user pools is currently not available. AWS WAF Fraud Control is available in 22 regions at launch. 

Starting June 14 2023, we are excited to announce usage based tiered pricing for AWS WAF Fraud Control. You will also get bot mitigation rule actions; Challenge and Captcha, at no additional cost with all Fraud Control tiers. For more information on pricing, please see our pricing page.

06/29/2023 - This post initially stated “reduced pricing” in the title, and has been updated for better clarity. AWS WAF announced the introduction of new usage-based pricing tiers, which helps customers reduce their costs for AWS WAF Fraud Control.