Voice of the Industry

Dropbox protects millions of user accounts using the Arkose Labs platform

Monday 15 March 2021 08:40 CET | Editor: Alex Guzu | Voice of the industry

Arkose Labs discusses the solution implemented for Dropbox to prevent bad actors from gaining access to users’ accounts

At a glance

Company: Dropbox
Business problem:
  • Targeted by account takeover attacks;

  • Sign-up process abused for account enumeration;

  • User experience disrupted by existing step-up authentication.


The Arkose Labs platform provided unified risk decisioning to differentiate between good users, bots, and fraudsters. This solution was deployed alongside targeted step-up authentication to eliminate automated attacks and sap fraudsters’ time and resources.


  • Greater resilience to account takeover attacks;

  • Intervention rates for customers slashed by 70%;

  • Stopped abuse of new account registrations.


Over 600 million registered users across 180 countries – both individuals and businesses – rely on Dropbox to share, store, and collaborate. With Dropbox accounts being used as a trusted repository for critical data and files, protecting the integrity of these accounts is a key priority. The size and success of the company, however, made it a top target for fraudsters looking to abuse the sign-up process and hack into the accounts of genuine users.

Business problem

Dropbox needed a solution that could act as its first line of defense against fraudsters attempting to perform account takeover and abuse the signup process for account enumeration.

Its legacy spam and abuse technology solution provided too much friction for customers, causing disruption to the user experience while at the same time not effectively stopping fraud attacks. Although more robust, out-of-band measures were also in place to prevent fraud, these as well were disrupting the login process for good users.

Dropbox needed a fresh approach to protecting users’ accounts and turned to Arkose Labs for help. It needed to strike an optimal balance between seamless user experience, while stamping out fraud and abuse.

The Arkose Labs solution

Arkose Labs provided Dropbox with powerful protection on its website, while enhancing the user experience for both new and returning customers. The Arkose Labs Fraud and Abuse Prevention platform provided an intelligent mix of risk decisioning and step-up authentication to accurately identify malicious traffic.

The risk engine, Arkose Detect, analysed real-time signals and behaviour patterns to inform Arkose Enforce, a step-up authentication mechanism, on whether a challenge was required. Depending on the risk profile, the solution adapted the nature and complexity of the challenge presented to the user.

This combination provided targeted and informed friction, which was resilient to evolving attack patterns and deterred fraudsters from targeting Dropbox in the long-term. The enforcement challenges used the latest innovations in machine vision to ensure resilience to being solved en masse through automation, thus diminishing the profitability of attacks and undermining fraudsters’ incentive.

Instead of presenting challenges to a significant proportion of customer traffic, Arkose Labs presented them only to a small group of good users. Simple, visual puzzles were easy for true customers to complete and prove their legitimacy, when necessary. This reduced reliance on out-of-band authentication, which was a burden for legitimate customers.

'Arkose Labs has proved to be a long-term deterrent to fraudsters attacking our website, allowing us to stamp out account takeover attacks and keep our customers protected.' – Priya Bonthu, Engineering Leader, Dropbox

Key features of the Arkose Labs Fraud and Abuse Prevention platform:

  • Dynamic risk engine: Triage traffic using real-time analysis and behavioural patterns to uncover the underlying intent of the user;

  • Intelligent friction: Target high-risk traffic with enforcement challenges, which accurately distinguish between authentic users, malicious humans, and bots;

  • Interactive challenges: Unique enforcement challenges are designed and tested using the latest machine vision technology to ensure resilience to solvers and automated attacks;

  • Bespoke and brand-integrated: Inline authentication using Dropbox brand elements to provide a seamless user experience for good customers.

Demonstrated results

The combination of risk profiling and targeted authentication challenges deters bad actors from attacking Dropbox, as they must now expend more time and resources to attack at scale. This makes attacks economically non-viable and provides Dropbox with long-term protection against fraud.

A 70% drop in intervention rates for customers logging into their accounts has resulted in improved good throughput. This has reduced the burden on in-house teams as well as the operational costs of dealing with customer service tickets.

'Our first line of defense against organised fraud is the Arkose Labs solution. We are delighted by the customisation options and the high levels of service and attention we receive from the Arkose Labs team.' – Priya Bonthu, Engineering Leader, Dropbox

About Arkose Labs

Arkose Labs bankrupts the business model of fraud. Its patented platform combines Arkose Detect, a sophisticated risk engine, with Arkose Enforce, which uses targeted step-up challenges to wear fraudsters down and diminish their ROI. The world’s largest brands trust Arkose Labs to protect their customer journey while delivering unrivalled user experiences. Arkose Labs is based in San Francisco, California, with offices in Brisbane, Australia. For more information, visit www.arkoselabs.com.

Free Headlines in your E-mail

Every day we send out a free e-mail with the most important headlines of the last 24 hours.

Subscribe now

Keywords: Arkose Labs, Dropbox, account takeover, fraud detection, fraud prevention
Categories: Fraud & Financial Crime
Countries: World
This article is part of category

Fraud & Financial Crime