Anti-Fraud Use Case Analysis
Bank Credential Stuffing
Overview
Unknown to them, the website of one of North America’s top ten banks faced persistent credential stuffing attacks. Fraudsters had been using automated tools to input stolen username-password pairs en masse, scaling ATO attempts. The bank had lacked any real means of detecting such attacks, let alone identifying affected customers. After deploying Memcyco’s Customer ATO and Fraud Protection solution, that all changed.
x3 powerful capabilities added
Seeing attacks-in-progress, not in retrospect:
Memcyco’s Customer ATO and Fraud Protection solution flagged in real-time devices that were actively submitting bulk login requests in rapid succession.
Getting the need-to-know:
The bank was alerted about attacks-in-progress automatically and near-instantly, helping activate a rapid, targeted insight-led response.
Identifying and notifying:
By cross-referencing credentials used in the attack against the customer database, those impacted were quickly identified and notified.
CLIENT CHALLENGES
- Credential Stuffing Attacks
Automated fraudster submission of login credentials attempting trial-and-error account breaches.
- Lack of Real-Time Detection
Previously unable to detect such attacks as they occurred.
- Attack Forensics Blind Spots
Zero way to identify the attack source, or which customers were exposed or impacted.
- Powerless to Raise the Alarm
Missing attack forensics meant no method for laser-focused comms, to alert the right customers and avoid spooking those unaffected.
CLIENT CHALLENGES
- Credential Stuffing Attacks
Automated fraudster submission of login credentials attempting trial-and-error account breaches.
- Lack of Real-Time Detection
Previously unable to detect such attacks as they occurred.
- Attack Forensics Blind Spots
Zero way to identify the attack source, or which customers were exposed or impacted.
- Powerless to Raise the Alarm
Missing attack forensics meant no method for laser-focused comms, to alert the right customers and avoid spooking those unaffected.
Forensic, insight-rich visibility, faster detection and response
The bank now receives real-time notifications of dozens of credential stuffing attempts daily, helping them pivot quickly from ‘fraud threat detection’, to ‘fraud response’ and counteraction.
Further, their security team can now quickly identify and notify impacted customers, thereby reducing the risk of account takeover (ATO). Overall, the improved capability to detect and respond to security threats significantly enhances the bank’s cybersecurity posture.
ATO fraud risk
SLASHED VIRTUALLY OVERNIGHT
Quick, simple
implementation
Tactical posture
FROM ‘RECOVERY’ TO ‘PREVENTION’
Agentless
Disruptionless
PR meltdowns
SLASHED VIRTUALLY OVERNIGHT
Flexible, open
API-ready platform
The bottom line
‘Transformative’ is a big claim, but that’s exactly what Memcyco’s solution proved to be here in terms of seriously upgrading the bank’s ability to combat credential stuffing fraud attempts effortlessly and continually, which was near impossible with traditional approaches.
