THE SILENT THIEF CREDIT UNIONS NEED TO BE AWARE OF:
Credential Stuffing Credential stuffing is a common account takeover technique used to gain brute force access to an account by continually, automatically injecting usernames and passwords into website login forms until they get a match. The financial services industry is a prime target for account takeover attacks, as attackers seek to access these extremely profitable accounts.
When attackers have access to customers' accounts they are able to commit acts of fraud, such as:
Moving the money across to their personal account
Acquiring credit or debit card details linked to the account
Selling the details of the account on the dark web for a profit
Why is credential stuffing a threat to credit unions?
90% of attacks on financial services organisations start with some sort of automation, with credential stuffing often the automated technique of choice.
There were 14.4 million fraud victims in the financial services industry in 2018.
59% of consumers re-use passwords across multiple sites, meaning another company’s breach can quickly become your problem.
95% of financial service organisations say that they have experienced a bot attack in the last two years.
WHY IS THE THREAT INCREASING? Credential stuffing software is readily available online and is being sold on the dark web at an affordable price. This means that it is now easier than ever for anyone – even those who do not have the knowledge to build automated programmes – to launch a credential stuffing attack.
Impact of credential stuffing on credit inions
Over 30 billion malicious login attempts were made against financial services accounts between November 2017 and June 2018.
58% of login traffic to the financial services industry comes from credential stuffing attacks.
Over 80% of financial services organisations fear a bot attack will result in the loss of customers.
The banking industry in the US loses nearly
$50 million
per day to credential stuffing attacks.
Sources: https://www.informationsecuritybuzz.com/expert-comments/credential-stuffing-attacks/ https://www.iii.org/fact-statistic/facts-statistics-identity-theft-and-cybercrime https://thefintechtimes.com/financial-services-under-attack/ https://dwaterson.com/2019/07/18/credential-stuffing-password-spraying-and-account-takeover/ https://blog.logixbanking.com/smartlab/credential-stufing-key-reason-to-have-unique-passwords-for-every-account