Netacea Protects UK’s Largest Loyalty Scheme from Bot Attacks

The Challenge

Our client, one of the world’s largest retailers, operates a 20-million-member customer loyalty scheme – the most popular in the UK.

The retailer identified they were frequently suffering credential stuffing attacks, mainly focused on their loyalty points accounts. Using username and password pairs leaked from other sites, attackers were gaining access to the retailer’s customer accounts, at which point they could spend, transfer or sell loyalty point balances on the dark web.

These attacks targeted quickly redeemable items like hotel stays, fast food vouchers and shopping gift cards. This allowed attackers to cash out within 48 hours, before their attacks could be identified and the funds cut off.

This cost the retailer millions each month, both in reimbursing defrauded accounts and replenishing items bought with stolen points. Customers were also getting locked out of their accounts, causing frustration on top of losing their points balances, and taking time to restore access.

The volume and sophistication of these attacks, which were being missed by WAF and DDoS protection tools in place, risked causing outages and eating up costly server resources. The business’s Security Operations Centre (SOC) team were forced to take manual mitigation measures, putting strain on internal resources. The team needed to move from being reactive to proactive against attacks.

The Solution

Focused on putting customers at the heart of everything it does, the business decided it needed to take a more proactive approach to protecting customer accounts from credential stuffing attacks, account takeover, and loyalty point fraud.

After running a formal RFP, followed by proof-of-concept engagements with multiple suppliers, Netacea was selected as vendor of choice due to its unique, highly accurate approach to bot identification, the flexibility of implementation and the advanced mitigation options provided.

Netacea integrated its bot management solution into the customer’s existing technology stack, pulling data from the SIEM solution and pushing recommendations and actions back via Netacea’s API.

Netacea uses advanced AI and a suite of machine learning approaches to detect and mitigate both high-volume and “low and slow” attacks. Our data scientists train supervised machine learning models to instantly identify requests acting maliciously, even if these are distributed across a wide range of origins (countries, data centers, IP addresses, user agents etc.) to avoid detection.

Netacea augments our supervised models with Intent Clustering, which creates dynamic clusters of requests in real time based on visitor behavior. This allows our bot experts to identify malicious requests, which are fed back into our mitigation engine.

If a credential stuffing attack is identified, Netacea sends alerts to the SIEM solution where the retailer can take several actions depending on the risk score assigned to the visitor, including limiting account functionality, requesting further verification, or locking or resetting the account.

The Outcome

Netacea accurately detected over 650,000 credential stuffing attacks targeting the site within the first 30 days of engaging. Netacea also highlighted continued low and slow attacks that were flying under the radar of existing tooling.

Netacea’s bot management solution enables the retailer to proactively protect more than 20 million customer accounts, both on the website and via their app, and facilitate over 100,000 customer logins every hour without adding any latency or friction to the customer journey.

Working with Netacea, the retailer has realized significant cost savings, with a reduction of £1.4m per month in fraud costs from breached customer accounts.

Alongside fraud savings, Netacea has reduced the strain on the retailer’s internal resources. Security and fraud teams are no longer reliant on manual intervention and can focus on other business priorities.