Anti-Fraud Use Case Analysis

Bank Credential Stuffing

Overview

Unknown to them, the website of one of North America’s top ten banks faced persistent credential stuffing attacks. Fraudsters had been using automated tools to input stolen username-password pairs en masse, scaling ATO attempts. The bank had lacked any real means of detecting such attacks, let alone identifying affected customers. After deploying Memcyco’s Customer ATO and Fraud Protection solution, that all changed.

x3 powerful capabilities added

Seeing attacks-in-progress, not in retrospect:

Memcyco’s Customer ATO and Fraud Protection solution flagged in real-time devices that were actively submitting bulk login requests in rapid succession.

Getting the need-to-know:

The bank was alerted about attacks-in-progress automatically and near-instantly, helping activate a rapid, targeted insight-led response.

Identifying and notifying:

By cross-referencing credentials used in the attack against the customer database, those impacted were quickly identified and notified.

CLIENT CHALLENGES

  • Credential Stuffing Attacks

Automated fraudster submission of login credentials attempting trial-and-error account breaches.

  • Lack of Real-Time Detection

Previously unable to detect such attacks as they occurred.

  • Attack Forensics Blind Spots

Zero way to identify the attack source, or which customers were exposed or impacted.

  • Powerless to Raise the Alarm

Missing attack forensics meant no method for laser-focused comms, to alert the right customers and avoid spooking those unaffected.

CLIENT CHALLENGES

  • Credential Stuffing Attacks

Automated fraudster submission of login credentials attempting trial-and-error account breaches.

  • Lack of Real-Time Detection

Previously unable to detect such attacks as they occurred.

  • Attack Forensics Blind Spots

Zero way to identify the attack source, or which customers were exposed or impacted.

  • Powerless to Raise the Alarm

Missing attack forensics meant no method for laser-focused comms, to alert the right customers and avoid spooking those unaffected.

Forensic, insight-rich visibility, faster detection and response

The bank now receives real-time notifications of dozens of credential stuffing attempts daily, helping them pivot quickly from ‘fraud threat detection’, to ‘fraud response’ and counteraction.

Further, their security team can now quickly identify and notify impacted customers, thereby reducing the risk of account takeover (ATO). Overall, the improved capability to detect and respond to security threats significantly enhances the bank’s cybersecurity posture.

ATO fraud risk

SLASHED VIRTUALLY OVERNIGHT

Quick, simple
implementation

Tactical posture

FROM ‘RECOVERY’ TO ‘PREVENTION’

Agentless
Disruptionless

PR meltdowns

SLASHED VIRTUALLY OVERNIGHT

Flexible, open
API-ready platform

The bottom line

‘Transformative’ is a big claim, but that’s exactly what Memcyco’s solution proved to be here in terms of seriously upgrading the bank’s ability to combat credential stuffing fraud attempts effortlessly and continually, which was near impossible with traditional approaches.

This website uses cookies to ensure you get the best experience on our site. By continuing, you agree to our privacy policy.