Organizations need to protect their customer base and ensure that threat actors aren’t maliciously accessing their online presence. Given the amount of data that retail accounts store for their customers, the retail sector is consistently a top target to credential stuffing attacks. According to Akamai’s The State of the Internet Report, there were 16.5 billion credential stuffing attacks targeted to the retail sector from January - September 2019.*



How should your organization prevent consumer ATO?

Check for known compromised credentials that log into your web domain

  • Retrieve a list of compromised credentials that were observed logging into your website domain by checking your web domain against Flashpoint’s Compromised Credentials Monitoring API.

Verify credentials after certain actions

  • When a customer makes an abnormal purchase, attempts to log in multiple times, or any other irregular event, check to see if their credentials have been compromised by using Flashpoint’s Compromised Credentials Monitoring API.

Verify credentials upon log-in and/or registration

  • Whenever a customer log-ins or creates an account, check to see if their credentials were found in Flashpoint’s database by integrating Flashpoint’s Compromised Credentials Monitoring API into your existing process.

Check high-risk customer populations

  • Segment your customer base and bulk look-up customer segments with high-risk accounts (have a credit card on file, meets a threshold of loyalty points, etc..) with

Flashpoint’s Compromised Credentials Monitoring API.


*Source: https://www.akamai.com/us/en/multimedia/documents/state-of-the-internet/soti-security-a-year-in-review-report-2019.pdf

Did this answer your question?