Top Regional Bank Stops Account Takeover Attacks and Improves Performance During Peak Traffic Periods

As more customers switched to online banking, this top regional bank saw digital fraud attempts skyrocket. The bank discovered that its traditional cyberdefense tools—including web application firewalls (WAFs) and multi-factor authentication (MFA)—could not keep up with the flood of automated bot attacks.

Almost 70% of login requests on the bank’s website came from malicious bots. The bots cycled through username/password combinations to try to break into user accounts. Although MFA reduced the likelihood of account breaches, bad bots regularly reached failed login attempt limits. This resulted in customers getting locked out of their accounts and flooding the bank’s help desk with calls.

• Improved efficiency: Utilizing the bank’s existing WAF to detect automated bot attacks required continuous tuning and configuration changes that were laborious and time consuming. In spite of this additional effort, a large number of malicious requests were reaching login pages anyway. Account Takeover Defense enabled a behavior-based machine-learning approach with little human intervention.

• Unparalleled accuracy: Account Takeover Defense leverages a combination of behavioral analysis, predictive methods and intelligent fingerprinting to accurately differentiate between malicious bots and legitimate users. The solution was much more effective than the bank’s WAF in effectively blocking unwanted traffic.

• Did not require infrastructure changes: Account Takeover Defense integrated seamlessly with the bank’s WAF, MFA tool, and edge infrastructure. This allowed the business to avoid spending time, money and hassle on replacement and reconfiguration.