Netacea Protects a Growing FinTech Against Credential Stuffing Attacks

Category: Account Takeover

10 million

Customer accounts protected


Credential stuffing attacks blocked weekly
Credit cards

Article Contents

    The Challenge

    A fast-growing global FinTech organization was frequently observing large spikes in automated bot traffic on its login pages and APIs.

    The business was concerned about the risk the traffic posed to its customers. If left unchecked, the increasing surges in traffic exposed the organization to the very real threat of a data breach that would expose sensitive Personally Identifiable Information (PII) and result in fines from the FCA, while putting the brand at risk of significant reputational damage. Tackling this traffic put strain on the internal SOC team, which was regularly required to carry out late night manual blocking of suspicious traffic to minimize the threat to customer accounts.

    Despite having a WAF and CDN solution in place, the increasing necessity for manual blocking and risk of exposure of customer data made it abundantly clear that sophisticated bots were continually bypassing traditional security measures.

    Dealing with the automated traffic internally was quickly becoming a time-consuming and unsustainable task for the business. It was determined that their incumbent providers were unable to detect sophisticated attacks and a new approach was required.

    The Solution

    Using manual log analysis, Netacea’s data science team identified that malicious bots were persistently bombarding the FinTech’s login page with automated credential stuffing techniques.

    The business was quickly able to deploy Netacea Bot Management into its CloudFlare CDN using pre-built CloudFlare Workers.

    Benefits of the implementation:

    • Automated threat blocking with regular reviews to ensure the most effective mitigation is in place
    • Auto-scaling and proactive monitoring means the solution meets demands during peak periods
    • No additional latency added to the customer journey

    A standard CloudFlare logging endpoint streams access logs to Netacea, with no increase in latency. The mitigation strategy is checked on subsequent requests with minimal (<10ms) additional latency.

    The solution is deployed with automatic threat blocking, with internal monitoring tools and regular customer review meetings ensuring that the most effective mitigation strategy is always in place.

    Incorporating automatic blocking along with Netacea’s auto-scaling and proactive monitoring enables the solution to meet demand during periods of peak usage, taking the pressure off the customer’s internal SOC team. Now receiving the continual support of Netacea’s Bot Experts team, the SOC team receives:

    • Support for management of the solution
    • Recommendations made by Netacea’s Intent Analytics™ engine
    • Regular updates on emerging bot threats

    The Outcome

    Once inline, Netacea’s dashboards quickly illustrated the extent of the bot attacks and the FinTech’s SOC team worked closely with Netacea to build up tailored rules for automated mitigation.

    After six months, Netacea is now blocking on average 250,000 credential stuffing attacks per week to deliver the following benefits:

    • Over 10 million accounts are protected from credential stuffing attacks
    • A 5% reduction in traffic to login pages, APIs and apps
    • Internal resource is preserved with teams no longer required to respond to attacks out of hours

    Thanks to Netacea we have a proactive bot management strategy that protects our site and accounts. Netacea has successfully relieved our in-house team from the timely challenge of manually reacting to bot attacks at all hours of the day and night.

    Chief Technical Officer

    Block Bots Effortlessly with Netacea

    Book a demo and see how Netacea autonomously prevents sophisticated automated attacks.

    Related Case Studies

    US American Football cover art photo
    Case Study

    “The Big Game” Streamed Seamlessly to Millions Thanks to Netacea

    Netacea protected a major streaming service from outages during a major livestreaming event, mitigating huge credential stuffing attacks.
    Case Study

    Netacea Keeps an Online Pharmacy Safe from Scraping Attacks

    Aggressive scalper bots were threatening the availability of a major online pharmacy at peak times. Find out how Netacea protects them against malicious automation.
    Case Study

    Netacea Detects 11x More Bots Than Previous Bot Solution for Luxury Shoe Retailer

    Learn how Netacea helped a retailer of luxury shoe brands spot 11 times more bad bots than their previous solution, resulting in a 73% reduction in web traffic.

    Block Bots Effortlessly with Netacea

    Demo Netacea and see how our bot protection software autonomously prevents the most sophisticated and dynamic automated attacks across websites, apps and APIs.
    • Agentless, self managing spots up to 33x more threats
    • Automated, trusted defensive AI. Real-time detection and response
    • Invisible to attackers. Operates at the edge, deters persistent threats
    Book a Demo