91% Reduction in Account Takeover Exploits
An international marketplace retailer slashed ATO incidents from 532,000 to fewer than 49,000 — within weeks of deploying myNetWatchman Credential Screening.
The Challenge
Account takeover fraud was costing this international marketplace retailer at scale. Credential stuffing attacks — fueled by the billions of username and password combinations circulating in criminal networks — were hammering their login infrastructure. Over half a million exploit attempts per month were slipping through their existing defenses.
The problem wasn’t their security stack. It was the intelligence feeding it.
Traditional defenses rely on breach data that’s already weeks or months old by the time it’s processed and distributed. Criminals are faster. They obtain fresh credentials, test them in bulk, and monetize accounts before any breach list catches up.
The Solution
The retailer deployed myNetWatchman Credential Screening — a real-time API that fires on every login attempt and checks the submitted credential pair against live criminal activity data.
Unlike breach-sourced intelligence, myNetWatchman observes over 15 million credentials per day as fraudsters actively use them across the internet. The data isn’t historical. It reflects what’s happening right now — typically within 4 minutes of a credential being tested in an active attack.
Integration required no new infrastructure. The Credential Screening API connected directly into the existing authentication flow. When a login attempt matches a credential pair that’s been seen in live criminal use, the system returns a signal — block the attempt, force a password reset, or trigger step-up authentication — all in milliseconds.
The Result
Within weeks of deployment:
- ATO exploit attempts dropped from 532,000 to fewer than 49,000 per month — a 91% reduction
- Legitimate users experienced no additional friction — alerts are tied to confirmed criminal activity, not probability scores
- The security team gained visibility into the real scope of credential exposure across their user base for the first time
Why It Worked
The 91% reduction reflects a fundamental data advantage: myNetWatchman doesn’t wait for a breach to be discovered, processed, and distributed. It sees credentials being used — right now — and surfaces that signal at the exact moment it matters most: the login attempt.
Fraud tools that rely on static breach data will always lag behind. Live intelligence closes the gap.
Results reflect a single customer deployment. Outcomes may vary based on industry, user base, and configuration.
Ready to see results like these?
Request a 30-minute demo — we'll show you live data on your domain.