OWASP Automated Threats

Use by an intermediary application that collects together multiple accounts and interacts on their behalf.

What is Account Aggregation?

Compilation of credentials and information from multiple application accounts into another system. This aggregation application may be used by a single user to merge information from multiple applications, or alternatively to merge information of many users of a single application. Commonly used for aggregating social media accounts, email accounts and financial accounts in order to obtain a consolidated overview, to provide integrated reporting and analysis, and to simplify usage and consumption by the user and/or their professional advisors. May include making changes to account properties and interacting with the aggregated application’s functionality.

For other forms of data harvesting, including the distribution of content, see OAT-011 Scraping. For hastening progress, see OAT-006 Expediting instead.

Account Aggregation is also known by terms such as aggregator, brokering, client aggregator, cloud services brokerage, data aggregation and financial account aggregator.


The symptoms of Account Aggregation

  • 1
    Lack of end user engagement with the service provider
  • 2
    Account information access behavior patterns (e.g. geolocation, time zones) that do not match the user profile
  • 3
    Elevated activity peaks
  • 4
    Account credentials identified elsewhere


Sectors targeted by Account Aggregation

  • Financial
  • Government
  • Social Networking


Can InfiSecure prevent Account Aggregation?

InfiSecure’s bot protection service can put an end to all automated account aggregation techniques using advanced bot fingerprinting technology.