Case Study

Top E-Commerce Retailer Prevents Credential Stuffing with HUMAN

Human-Case Study-Top eCommerce thumbnail

Company

This e-commerce retailer is one of the world’s largest sellers of photo, video, audio, and computer technology. Millions of audio and imaging professionals rely on its products to power their creative pursuits. 
Human-Case Study-Challenge
Human-Case Study-Exclamation Mark Icons@2x

Challenge

This large e-commerce retailer was bombarded with credential stuffing attacks that led to account takeovers (ATOs). Its bandwidth was saturated with malicious traffic, and successful attacks resulted in chargebacks and other fraud. This resulted in financial losses, customer churn and brand reputation damage.

Human-Case Study-Shield checkmark icon@2x

Solution

The retailer implemented HUMAN Credential Intelligence, a cloud native web app security solution that stops login attempts using compromised credentials on web and mobile apps.
Credential Intelligence uses an expansive, dynamic and up-to-date database of compromised credentials that HUMAN gathers from its unmatched visibility into the internet. The HUMAN platform verifies the humanity of more than 20 trillion interactions each week and sees 3 billion each day. This allows us to zero in on compromised credentials that are actively in use, rather than an outdated list of credentials stolen in past breaches. 

The retailer had previously implemented HUMAN Bot Defender to safeguard against bot-driven ATO attacks in real time. Credential Intelligence adds another layer of security that proactively stops account fraud before it happens.

RESULTS

Credential Intelligence provides an early signal that cybercriminals are attempting to log in with stolen usernames and passwords. This enables the retailer to take mitigating actions ahead of ATO attacks, such as notifying users that their credentials have been breached and triggering a password reset. This yielded a number of results:

Human-Case Study-1@2x

Reduced Credential Stuffing Attacks by 90%

Following the deployment of Credential Intelligence, the e-commerce retailer realized a more than 90% reduction in the volume of successful credential stuffing attacks, and the number of accounts at risk of ATO dropped from nearly 2.5 million per quarter to less than 2,500. This allowed the retailer’s security team to spend time on strategic tasks—rather than fraud investigations—and saved the company hundreds of thousands of dollars per month.
FIGURE 1
Human-Case Study-Reduced credential stuffing attacks
Figure 1 shows the volume of credential stuffing attack attempts before and after the implementation of Credential Intelligence.
Human-Case Study-2@2x

Decreased Number of Accounts at Risk of ATO

In the first two weeks alone, Credential Intelligence identified 3,988 login requests using compromised credentials. The HUMAN solutions blocked these login requests and prompted users to change their passwords. As passwords were reset, the stolen credentials were no longer usable and the number of accounts at risk of ATO dropped significantly. 
FIGURE 2
Human-Case Study-Decreased number of accounts
Figure 2 shows the reduction in accounts using compromised credentials over time.
Human-Case Study-3@2x

Deterred Future Attacks

Attackers sometimes conduct a dry run with manual attempts before launching a full-fledged attack. The graph below shows an example in which Credential Intelligence flagged some of the manual logins (yellow line), acting as an early signal that a larger scale attack was coming (red line). These insights were passed on to Bot Defender and used to fine-tune its detections to lower thresholds and block attacks in their infancy. The early blocks led bot operators to abandon the attack.
FIGURE 3
Human-Case Study-Deterred future attacks
Human-Homepage-Human Logo

The HUMAN Visibility Advantage

Credential Intelligence works because of HUMAN’s unparalleled visibility into what’s happening online. We leverage information gathered from every digital interaction we observe to build our credential database. By stopping the use of these stolen credentials up front, Credential Intelligence prevents fraud before it happens. This decreases fraud claims, transaction fees and write-offs, protects brand reputation and instills trust in consumers that their accounts are safe on your site.

Connect with Us
to Learn More How HUMAN Can Mitigate ATO Attacks for You

Related Resources