CREDENTIAL INTELLIGENCE

Rapid Credential Verification to Prevent Account Takeover

HUMAN Credential Intelligence stops the use of compromised credentials in real time.

Human Security-Credential Intelligence-Header Image

HUMAN Credential Intelligence detects and stops the use of compromised credentials on websites and mobile apps in real-time.

It leverages an expansive, dynamic and up-to-date collection that HUMAN gathers from its position protecting some of the most popular and highly-trafficked sites on the web.

Acting upon the breached signal can stop a threat actor from accessing the account and can warn real users that their credentials have been breached. Changing an account password will remove the vulnerable account, reduce the attack surface and lower the overall risk of account takeover.

Stop account takeover before any damage is done

Protect your customers, by stopping threat actors from accessing the account and warn actual account owners that their credentials have been breached.

Human-Account Defender-See and Stop Fraud

Protect Customers

Protect the most valuable assets

Protect customers’ most valuable assets, their identity, maintain your brand reputation, and avoid costs associated with account takeovers.

Human-Bot Defender-Reduce Fraud

Reduce Risk

Reduce vulnerable accounts
Eradicate the cycle of credential stuffing on your site, reducing the risk to your brand and your customer’s accounts and increase your customers’ confidence and trust.
Human-Bot Defender-Optimize Efficiency

Optimize Efficiency

Gain visibility and control
Reduce customer complaints and support calls associated with password resets and refund requests, avoid write-offs and chargebacks and defend against regulatory fines.

HUMAN is trusted by the largest enterprises and internet platforms to protect them from the most human-like bots.

Early Warning System

Warn real users of a credential breach and trigger password reset to protect against:

Human-App Security-Account Takeover@2x
Account Takeover
Human-Solutions-New Account Fraud@2x
Credential Stuffing
Human Security-Credential Intelligence-Breaking Regulatory Compliance@2x
Breaking Regulatory Compliance
Human Security-Credential Intelligence-Holes in the Attack Surface@2x
Holes in the Attack Surface

Seeing Credential Intelligence in action for yourself is believing.

Learn more about how Credential Intelligence can help you protect user accounts, reduce risk to brand damage and comply with industry best practices.

How you win with
Credential Intelligence

HUMAN’s modern defense against compromised credential usage provides detection with unmatched scale, speed, and precision to safeguard your user accounts and brand reputation.

Early Warning System for Account Takeover
Security, fraud, risk, compliance and engineering teams spend significant resources combating account takeover (ATO) attacks and credential stuffing attacks. The majority of these attacks use compromised credentials — usernames, email addresses and matching passwords — acquired from a data breach or purchased on the dark web. With these credentials, attackers can transfer funds, use stored credit cards, deplete gift cards and loyalty points, redeem airline miles, and submit fraudulent credit applications. Widespread attacks on customer accounts can cause considerable damage to the brand, both in the short term and in the longer term, including: harming the brand reputation, disrupting consumers’ digital experience, increasing churn and regulatory fines.
Flips The Economic Script On Attacks

Credential stuffing is a leading technique attackers use to accomplish account take-overs (ATO). Using automation to test if lists of credentials available in the dark web are valid on a web site - given that users are prone to reusing their credentials across multiple sites, is cheap, easy and effective. It is cheap primarily because of two factors, credentials can be purchased cheaply on the dark web and bots are cheap to deploy.

Blocking credential stuffing attacks does not deter future credential stuffing attacks. As long as there is still a chance to get through (and no solution, much less one that relies on volumetric indicators, is 100% effective), the economics mean that the attacker can keep on trying until they achieve some measure of success while still retaining a reasonable return on investment.

The best practices of dealing with credential stuffing attacks up until now have been reliant on either switching to a more robust authentication mechanism or attempting to block the attacks as they happen. However, such methods are still bypassed and introduce friction and are costly. Likewise as we have seen, successfully blocking credential stuffing attacks does not deter future attacks.

Credential Intelligence revolutionizes the approach to handling credential stuffing attacks by removing the surface area of vulnerability and making the attacks infeasible and economically unviable resulting in long term decline or cessation of the attacks.

Reduces the Attack Surface Area

As blocking credential stuffing attempts does not stop attackers from future attempts; accounts with compromised credentials are in high risk for future account takeover. By acting upon the Credential Intelligence flag, in real-time, the account is no longer vulnerable to account takeover. Over-time, accounts are flagged in real-time before any damage is done and the risk decreases.

Credential Intelligence makes the lists of compromised credentials irrelevant and useless in the future for any sites it protects. Furthermore, because the database is composed of information that HUMAN brings together from its network effect, once credentials are blocked for one customer, all customers get the benefit. In the event of a successful login by an attacker, resetting the credentials forces the attacker out of the account before damage can be done.

Human Security-Credential Intelligence-Early Warning System for Account Takeover@2x
Early Warning System for Account Takeover
Security, fraud, risk, compliance and engineering teams spend significant resources combating account takeover (ATO) attacks and credential stuffing attacks. The majority of these attacks use compromised credentials — usernames, email addresses and matching passwords — acquired from a data breach or purchased on the dark web. With these credentials, attackers can transfer funds, use stored credit cards, deplete gift cards and loyalty points, redeem airline miles, and submit fraudulent credit applications. Widespread attacks on customer accounts can cause considerable damage to the brand, both in the short term and in the longer term, including: harming the brand reputation, disrupting consumers’ digital experience, increasing churn and regulatory fines.
Human Security-Credential Intelligence-Flips the Economic Script on Attacks@2x
Flips The Economic Script On Attacks

Credential stuffing is a leading technique attackers use to accomplish account take-overs (ATO). Using automation to test if lists of credentials available in the dark web are valid on a web site - given that users are prone to reusing their credentials across multiple sites, is cheap, easy and effective. It is cheap primarily because of two factors, credentials can be purchased cheaply on the dark web and bots are cheap to deploy.

Blocking credential stuffing attacks does not deter future credential stuffing attacks. As long as there is still a chance to get through (and no solution, much less one that relies on volumetric indicators, is 100% effective), the economics mean that the attacker can keep on trying until they achieve some measure of success while still retaining a reasonable return on investment.

The best practices of dealing with credential stuffing attacks up until now have been reliant on either switching to a more robust authentication mechanism or attempting to block the attacks as they happen. However, such methods are still bypassed and introduce friction and are costly. Likewise as we have seen, successfully blocking credential stuffing attacks does not deter future attacks.

Credential Intelligence revolutionizes the approach to handling credential stuffing attacks by removing the surface area of vulnerability and making the attacks infeasible and economically unviable resulting in long term decline or cessation of the attacks.

Human-Bot Defender-Provides Actionable Insights@2x
Reduces the Attack Surface Area

As blocking credential stuffing attempts does not stop attackers from future attempts; accounts with compromised credentials are in high risk for future account takeover. By acting upon the Credential Intelligence flag, in real-time, the account is no longer vulnerable to account takeover. Over-time, accounts are flagged in real-time before any damage is done and the risk decreases.

Credential Intelligence makes the lists of compromised credentials irrelevant and useless in the future for any sites it protects. Furthermore, because the database is composed of information that HUMAN brings together from its network effect, once credentials are blocked for one customer, all customers get the benefit. In the event of a successful login by an attacker, resetting the credentials forces the attacker out of the account before damage can be done.

How Credential Intelligence works

Fast deployment as a JS snippet or SDK
Human-Credential Intelligence-How it Works Graphic
Human-BotGuard for Growth Marketing-Collect

Collect

Real-time database consists of credentials that are actively being used in real-world attacks.
Human-BotGuard for Growth Marketing-Decide

Detect

Processes the hashed login attempt at the HUMAN Enforcer using an asynchronous call to the HUMAN Detector to determine if the login attempt is a human or a bot.
Human-BotGuard for Growth Marketing-Protect

Protect

Blocks unwanted credential stuffing and ATO attempts in real-time. Mitigation is done by the authenticating web app or CIAM solution.
Human-BotGuard for Growth Marketing-Report

Report

Continuously validates and updates stolen credentials in the database. Network effect constantly improves fraud detection.

Integrate Anywhere

Guard your user account information against compromised credential use by easily integrating
Credential Intelligence with your existing infrastructure.

Edge Integration (CDN, Cloud)
Load Balancers & Web Servers
Human Security-Key Integrations-Apache
Human Security-Key Integrations-Citrix NetScaler
Human Security-Key Integrations-f5
Human Security-Key Integrations-Haproxy
Human Security-Key Integrations-Varnish Cache
Human Security-Key Integrations-Kong
Human Security-Key Integrations-Ngnix
Human Security-Key Integrations-Apigee
Human Security-Key Integrations-Envoy
Human Security-Key Integrations-Cowboy
Application SDK/Middleware
Human Security-Key Integrations-PHP
Human Security-Key Integrations-NodeJS
Human Security-Key Integrations-Python
Human Security-Key Integrations-Ruby
Human Security-Key Integrations-Java
Human Security-Key Integrations-ASP.NET
Human Security-Key Integrations-Heroku
Serverless & Cloud Frameworks
Human Security-Key Integrations-Azure Active Directory
Human Security-Key Integrations-App Engine
Human Security-Key Integrations-Google Cloud Functions
Human Security-Key Integrations-Kubernetes
User Identity Platforms
Human Security-Key Integrations-Azure Active Directory
Human Security-Key Integrations-Okta Logo
Human Security-Key Integrations-Ping Identity Logo
E-Commerce Platforms
Human Security-Key Integrations-Salesforce Commerce Cloud
Human Security-Key Integrations-Magento
Human Security-Key Integrations-Marketo
Human Security-Key Integrations-Drupal
Logs & Metrics
Human Security-Key Integrations-Adobe Analytics
Human Security-Key Integrations-Google Analytics
Human Security-Key Integrations-Datadog
Human Security-Key Integrations-Splunk
Vulnerability Intel
Human Security-Key Integrations-Synk

Featured Resources