CREDENTIAL INTELLIGENCE

Security, fraud, risk, compliance and engineering teams spend significant resources combating account takeover (ATO) attacks and credential stuffing attacks. The majority of these attacks use compromised credentials — usernames, email addresses and matching passwords — acquired from a data breach or purchased on the dark web. With these credentials, attackers can transfer funds, use stored credit cards, deplete gift cards and loyalty points, redeem airline miles, and submit fraudulent credit applications. Widespread attacks on customer accounts can cause considerable damage to the brand, both in the short term and in the longer term, including: harming the brand reputation, disrupting consumers’ digital experience, increasing churn and regulatory fines.

Credential stuffing is a leading technique attackers use to accomplish account take-overs (ATO). Using automation to test if lists of credentials available in the dark web are valid on a web site - given that users are prone to reusing their credentials across multiple sites, is cheap, easy and effective. It is cheap primarily because of two factors, credentials can be purchased cheaply on the dark web and bots are cheap to deploy.

Blocking credential stuffing attacks does not deter future credential stuffing attacks. As long as there is still a chance to get through (and no solution, much less one that relies on volumetric indicators, is 100% effective), the economics mean that the attacker can keep on trying until they achieve some measure of success while still retaining a reasonable return on investment.

The best practices of dealing with credential stuffing attacks up until now have been reliant on either switching to a more robust authentication mechanism or attempting to block the attacks as they happen. However, such methods are still bypassed and introduce friction and are costly. Likewise as we have seen, successfully blocking credential stuffing attacks does not deter future attacks.

Credential Intelligence revolutionizes the approach to handling credential stuffing attacks by removing the surface area of vulnerability and making the attacks infeasible and economically unviable resulting in long term decline or cessation of the attacks.

As blocking credential stuffing attempts does not stop attackers from future attempts; accounts with compromised credentials are in high risk for future account takeover. By acting upon the Credential Intelligence flag, in real-time, the account is no longer vulnerable to account takeover. Over-time, accounts are flagged in real-time before any damage is done and the risk decreases.

Credential Intelligence makes the lists of compromised credentials irrelevant and useless in the future for any sites it protects. Furthermore, because the database is composed of information that HUMAN brings together from its network effect, once credentials are blocked for one customer, all customers get the benefit. In the event of a successful login by an attacker, resetting the credentials forces the attacker out of the account before damage can be done.