Fraud & Risk

Don't Get Stuffed! Credential Stuffing, Account Takeovers, and Identification/Mitigation

Michael Hammer -- American Greetings; Lynne Perrault -- Shopify

Presentation

With account credentials from numerous data breaches readily available and password re-use by end users commonplace, a scheme called credential stuffing is increasingly used by cybercriminals to compromise and take over accounts. This presentation defines what credential stuffing is, then looks at a typical account takeover lifecycle and common variations. Several identifying characteristics and mitigation strategies are then discussed, along with free tools, ideas on how to recover from a credential stuffing attack, and various resources merchants can utilize.

Slides for this presentation and presenters' notes are available by signing in or becoming a member, then returning to this page.

Don't Get Stuffed! Credential Stuffing, Account Takeovers, and Identification/Mitigation

Sign in or register to download these resources