Satori Threat Intelligence Alert: Phish 'n' Ships scheme steals tens of millions from unsuspecting shoppers
Learn more
Case Study

Top E-Commerce Retailer Prevents Credential Stuffing with HUMAN

HUMAN_Case-Study_Top-E-Commerce-Retailer_Thumbnail

Company

This e-commerce retailer is one of the world’s largest sellers of photo, video, audio, and computer technology. Millions of audio and imaging professionals rely on its products to power their creative pursuits. 
Human-Case Study-Challenge
Human-Case Study-Exclamation Mark Icons@2x

Challenge

This large e-commerce retailer was bombarded with credential stuffing attacks that led to account takeovers (ATOs). Its bandwidth was saturated with malicious traffic, and successful attacks resulted in chargebacks and other fraud. This resulted in financial losses, customer churn and brand reputation damage.
Human-Case Study-Shield checkmark icon@2x

Solution

The retailer implemented HUMAN Account Protection to detect and mitigate malicious bots across its e-commerce website.
The solution solves for full-fledged ATO attacks in real-time, as well as stopping fraudsters using compromised credentials on websites and mobile app. 

Account Protection leverages an expansive, dynamic and up-to-date database of compromised credentials that HUMAN gathers from its unmatched visibility into the internet. The HUMAN platform verifies the humanity of more than 20 trillion interactions each week and sees 3 billion each day. This allows us to zero in on compromised credentials that are actively in use, rather than an outdated list of credentials stolen in past breaches.

RESULTS

Account Protection provides an early signal that cybercriminals are attempting to log in with stolen usernames and passwords. This enables the retailer to take mitigating actions ahead of ATO attacks, such as notifying users that their credentials have been breached and triggering a password reset. This yielded a number of results:

Human-Case Study-1@2x

Reduced Credential Stuffing Attacks by 90%

Following the deployment of Account Protection, the e-commerce retailer realized a more than 90% reduction in the volume of successful credential stuffing attacks, and the number of accounts at risk of ATO dropped from nearly 2.5 million per quarter to less than 2,500. This allowed the retailer’s security team to spend time on strategic tasks—rather than fraud investigations—and saved the company hundreds of thousands of dollars per month.
FIGURE 1
Human-Case Study-Reduced credential stuffing attacks
Figure 1 shows the volume of credential stuffing attack attempts before and after the implementation of the solution.
Human-Case Study-2@2x

Decreased Number of Accounts at Risk of ATO

In the first two weeks alone, HUMAN identified 3,988 login requests using compromised credentials. The solution blocked these login requests and prompted users to change their passwords. As passwords were reset, the stolen credentials were no longer usable and the number of accounts at risk of ATO dropped significantly. 
FIGURE 2
Human-Case Study-Decreased number of accounts
Figure 2 shows the reduction in accounts using compromised credentials over time.
Human-Case Study-3@2x

Deterred Future Attacks

Attackers sometimes conduct a dry run with manual attempts before launching a full-fledged attack. The graph below shows an example in which the solution flagged some of the manual logins (yellow line), acting as an early signal that a larger scale attack was coming (red line). These insights were used to fine-tune detections to lower thresholds and block attacks in their infancy. The early blocks led bot operators to abandon the attack.
FIGURE 3
Human-Case Study-Deterred future attacks
Human-Homepage-Human Logo

The HUMAN Visibility Advantage

Account Protection works because of HUMAN’s unparalleled visibility into what’s happening online. We leverage information gathered from every digital interaction we observe to build our credential database. By stopping the use of these stolen credentials up front, HUMAN prevents fraud before it happens. This decreases fraud claims, transaction fees and write-offs, protects brand reputation and instills trust in consumers that their accounts are safe on your site.

Connect with Us
to Learn More How HUMAN Can Mitigate ATO Attacks for You

Related Resources

Locations
  • New York City
  • Miami
  • Dallas
  • Washington DC
  • Tel Aviv
  • London
  • Victoria
© 2024 Human