AWS WAF SDK Account Creation Fraud Prevention

Question

Hi I would like to know in more detail how this service works with a mobile native app using Android or iOS. Do you provide the endpoints to your sign up registration page and the fields on the form the same way as you would do for a website registration process? What impact does the AWS WAF SDK have on the user experience, and are the token challenges user facing or done behind the scenes?

Answer

AWS WAF's account creation fraud prevention (ACFP) feature has two core components: 
1) AWSManagedRulesACFPRuleSet that is a package of rules that inspects the HTTP GET requests to the account registration endpoint and HTTP POST web requests to the account sign-up endpoint. You must provide information about your account registration and creation pages when you add the AWSManagedRulesACFPRuleSet rule group to your web ACL.
2)  Javascript and mobile application integration SDKs that performs session level client verification and behavior aggregation.

Resources to aid you:
* [Mobile application integration SDK ](https://docs.aws.amazon.com/waf/latest/developerguide/waf-mobile-sdk.html)
* [Javascript integrations](https://docs.aws.amazon.com/waf/latest/developerguide/waf-javascript-api.html)
* [AWS WAF Fraud Control account creation fraud prevention ](https://docs.aws.amazon.com/waf/latest/developerguide/waf-acfp.html)

Answer

Hi I would like to know if there's any requirements to use the Mobile SDK. I've contacted the AWS Support Basic Plan and they informed me that I need to commit to  commit to a spend of $5k+/mo for 12+ month as a minimal cost to use the WAF SDK. Is that Correct?

AWS WAF SDK Account Creation Fraud Prevention

Relevant content