Search
Close this search box.

CASE STUDY

Mobile Ecommerce Marketplace

Industry: ECOMMERCE

Reduces ATO fraud and avoids $1 million in fraud losses in burgeoning Latin American market with SpyCloud

With over 27 million active users per month, this ecommerce marketplace provides a personalized and entertaining shopping experience to consumers around the world via mobile devices. As bad actors target its site and customers, the organization looked for new ways to proactively combat them.

Challenge

Following a surge in fraud after high-profile data breaches in the Latin American market, the ecommerce marketplace sought innovative and effective ways to reduce account takeover (ATO) to protect consumer information and reduce financial losses due to fraud.

Solution

The marketplace chose SpyCloud Consumer ATO Prevention to detect when its consumers are using compromised credentials, so they can be reset to prevent ATO.

Result

SpyCloud’s Consumer ATO Prevention solution has helped the company identify vulnerable accounts quickly and take action to prevent millions of ATOs. As a result, the marketplace avoided $1 million in fraud losses and enabled 2 full-time resources on the risk management team to focus on other projects.

Ecommerce Platform Sought Innovative Approach to Combat ATO

Historically, the ecommerce platform has experienced a higher fraud rate in the Latin American market, and noticed a spike in fraudulent activities and increasing losses following several high-profile data breaches that exposed credentials and sensitive data including credit card numbers. After the marketplace saw evidence of credential stuffing attempts and ATO attacks, the company sought innovative ways to protect their customers’ personal account information and their own bottom line.

For this organization, ATO impacts are two-fold: they negatively affect their brand reputation and their P&L. Accounts taken over by bad actors cause headaches for both the customer and the business, and can give the customer a perception of a lack of security on the marketplace. In addition to the potential loss of customers, fraudulent activity also causes increased chargebacks.

“ATO is one of those things that is very explicit for users who’ve been impacted. Even though financially there may not be huge impacts, it will create a scar when it comes to your trust with the customers.”
Director of Risk Management 

As the volume of ATO attacks and use of stolen credit card information increased on the platform, particularly with dormant accounts, tracking fraudulent activity proved to be a challenge for the ecommerce marketplace. While buyer behavior can offer insights into the validity of an account, the organization struggled to properly monitor suspicious account activity and transactions. 

Previous solutions that provided risk scores or signaled human versus machine behavior weren’t meeting the company’s expectations of combatting ATO. While these solutions were effective in detecting suspicious behavior, they came with a tradeoff between recall (identify as much fraud as possible with the lowest false negatives) and precision (accuracy in identifying bad actors with the lowest false positives so as not to disturb good users).

By using SpyCloud’s Consumer ATO Prevention solution, the ecommerce marketplace is able to leverage data recaptured from the criminal underground to flag users whose credentials are compromised, thus making the account vulnerable to ATO. Remediation steps include initiating challenges such as multi-factor authentication and password resets to better protect customers and their personal information. 

Results

Reduced ATO Fraud Activity in LATAM Region by 90%

With Consumer ATO Prevention leveraging recaptured data from the criminal underground to identify accounts using compromised credentials, the ecommerce marketplace saw a 90% reduction in ATO in the Latin America region, which accounts for 50% of the company’s fraud activity in that area. As a result, the ecommerce marketplace avoided $1 million in fraud losses.

Prevented Millions of ATOs Globally

As the organization began using Consumer ATO Prevention, they found the scale of risk was much bigger than initially thought since they previously didn’t have the ability to properly benchmark ATO attacks. With the success in reducing ATO fraud activity in the LATAM region, the marketplace rolled out Consumer ATO Prevention across the entire platform to protect all user logins. SpyCloud’s solution proved to be the best balance between precision (low false positives) and recall (low false negatives).

Reduced Resources Dedicated to ATO Prevention

Before SpyCloud, the company’s risk management team was overwhelmed by work related to consumer account takeover, dedicating 2 data scientists and 1 engineer to the challenge. With SpyCloud, the company was able to reallocate 2 of these team members to other projects. Now, the team only requires a single data scientist to handle the reduced workload, and that team member still has the bandwidth to focus on other projects. Maintaining the SpyCloud API requires minimal time investment, as it runs automatically and only requires monitoring of high-level metrics.

“We value SpyCloud because not only does it help solve ATO, it also gives our team more bandwidth and allows us to provide a better customer experience.”
Director of Risk Management 

With SpyCloud, you get enterprise-level, automated account takeover and ransomware prevention powered by Cybercrime Analytics based on actionable darknet insights.

SpyCloud offers the largest collection of recaptured darknet data in the world, combined with the earliest possible recovery. Our proprietary engine quickly ingests data from breaches, malware-infected devices, and other underground sources, then cleanses and enriches the data – adding context to the records so you understand the severity of the exposures (the source, breach description, and the actual password in plaintext). Our customers get notifications of compromised accounts and passwords far sooner with SpyCloud than any other provider.

Billion
0 +
Recaptured
Assets
0 K+

Breaches

Billion
0 +

Assets Ingested Monthly

0 +

Malware
Families

Download the PDF version of the case study to print or share with others.

Check Your Exposure has been expanded with more recaptured data. See Your Results Now

X
Search
Close this search box.