Alfagift is the e-commerce and rewards app of Alfamart, Indonesia’s convenience store with over 17,000 stores spread across Indonesia. Alfagift offers its customers a wide variety of services, including rewards points for shopping with Alfamart, special and seasonal gifts, an Alfamart store locator, as well as online shopping and same-day delivery services from Alfamart stores.
• 99.9% of malicious devices and users identified
• High amounts of app cloners and emulators detected and blocked
• Immediate results provided a complete picture of risk on the platform
From online shopping and same-day delivery to rewards points and gifting initiatives, the Alfagift app offers its users a wide variety of services and benefits. But multifaceted apps such as Alfagift are also prime targets for fraudsters, as there are more services to exploit and more places to hide. A forward-thinking department, the Alfagift security team was looking for a risk intelligence solution that could help them detect devices exhibiting risky behaviors before they succeeded in carrying out fraud, so that they could provide a safe online experience for their good users and continue fostering trust.
The Alfagift team was particularly concerned with promotion abuse. As part of its service offering, the Alfagift app offers a variety of promotion-related benefits, one of which is the Alfagift reward points, commonly referred to as A-Points. During promotional periods, users can get a higher number of A-Points than usual, which can be spent on a range of gifts such as shopping credits and tablets. The points can also be redeemed for sweepstake coupons, which offer larger prize bonuses for lucky winners.
The Alfagift team was concerned that fraudsters might try to exploit these promotions by entering multiple fake accounts into the sweepstakes and increase their chances of winning certain rewards. Immediately after Alfagift integrated SHIELD’s SDK to their mobile environment, the SHIELD Risk Indicators flagged a particularly high number of app cloners and emulators on the Alfagift ecosystem. App cloners enable the same app to be installed multiple times on the same phone, while an emulator supercharges this by enabling scripting and high-velocity attacks. Together, these tools can be used to create fake accounts.
Chandra Hermawan, IT Director at Alfagift commented, “SHIELD showed us malicious tools and techniques we never even knew existed. On top of that, their real-time risk intelligence meant that we were able to take the offending devices and accounts offline before they could do any damage.”
When conducting their own internal investigations to determine whether fraudsters had been creating fake accounts, the Alfagift team leveraged the SHIELD ID, a unique device identifier that detects multiple users on the same device and vice versa.
Chandra added, “The SHIELD ID is a fantastic risk intelligence tool. It empowers us to block any bad users that create multiple Alfagift accounts to create fake profiles or attempt account takeover.
By partnering with SHIELD, Alfagift now has an added layer of security. This empowers them to focus on two priorities. The first is to provide a safe online environment for its good users so that Alfagift can continue fostering mutual trust with them. The second is to continue growing the app, both in terms of the features and services it offers but also in terms of expansion into new regions and territories