New Solution Acts as an “Early Warning System” That Stops the Viability and Proliferation of Credential Stuffing Attacks
SAN MATEO, Calif., November 18, 2021 – PerimeterX, the leading provider of solutions that detect and stop the abuse of identity and account information on the web, today announced the early access availability of PerimeterX Credential Intelligence. Available to retail e-commerce businesses, financial services companies and any organization dealing with the threat of account takeover (ATO) attacks, it is a cloud-native web app security solution that flags and stops the use of compromised credentials on websites and mobile apps with speed and accuracy.
As a result of tracking and preventing billions of credential stuffing attacks per day against the largest websites in the world with the market-leading PerimeterX Bot Defender, PerimeterX has developed a dynamic and up-to-date database of compromised credentials that are actively used in real-world attacks. This provides businesses a key advantage over static lists of credentials that are theoretically compromised and are being traded on the dark web.
This proprietary collection of compromised credentials provides a new level of intelligence that enables organizations to get early signals that cybercriminals are attempting to use stolen usernames and passwords on their site, and to take mitigating action before any damage is done. It also warns real users that their credentials have been breached and triggers a password reset. By detecting and stopping the use of compromised credentials before a transaction takes place, the PerimeterX solution puts an end to the viability of credential stuffing attacks, building a strong disincentive for future attacks on the site. And once the use of stolen usernames and passwords are blocked for one PerimeterX customer, all customers get the benefit.
Unlike other solutions that rely only on static lists, Credential Intelligence is based on insight into current and active credential stuffing attacks. It stops the use of stolen credentials up front, decreasing fraud claims and saving money in the form of lower transaction fees and fewer write-offs. The solution also helps businesses provide additional value to their consumers and account holders by making sure that their accounts cannot be taken over by a bot or cybercriminal, improving customer satisfaction and protecting brand reputation.
These threats are increasingly significant, as reported in the recent study, Quantifying the Impact of Bad Bots on E-commerce Merchant Profitability, in which Aberdeen Strategy & Research found that up to 80% of an e-commerce retailer’s operational costs are negatively impacted by malicious bot activity. A related study of impact on the financial services sector found that credential stuffing and ATO attempts in financial services have become an effective way for attackers to exploit weak or compromised credentials to gain unauthorized access to user accounts, with 84% of all respondents reporting that some online users had experienced a successful ATO over the previous 12 months.
“PerimeterX now offers a new approach to stopping account and identity abuse in its tracks. Our primary source of data is from active credential stuffing attacks in the wild, and with Credential Intelligence we are poised to make a significant impact on the ‘attacker economy’ by disrupting their activity head-on,” explained Omri Iluz, Co-founder and CEO of PerimeterX.
Credential Intelligence is a key component of the PerimeterX Platform, complementing PerimeterX Bot Defender as an additional layer of protection, safeguarding consumers by detecting and stopping the theft, validation and fraudulent use of their sensitive identity and account information. It works in line with an organization’s traffic, which means that no integration work is necessary to match credentials, passing the information as part of the existing login flow, with no negative impact on performance.
PerimeterX is the leading provider of solutions that detect and stop the abuse of identity and account information on the web. Its cloud-native solutions detect risks to your web applications and proactively manage them, freeing you to focus on growth and innovation. The world’s largest and most reputable websites and mobile applications count on PerimeterX to safeguard their consumers’ digital experience while disrupting the lifecycle of web attacks. PerimeterX is headquartered in San Mateo, California, and at www.perimeterx.com.