Kasada was recently in the news after identifying a credential stuffing campaign targeting Australian retail, fast food, and entertainment outlets. The discourse around this type of reporting – and responses from affected companies – usually contain the same few statements: “A small number of accounts were affected” and “Customers should ensure they do not reuse passwords across multiple sites.” This shifting of risk to affected customers, regardless of the number of accounts impacted, highlights a tension within cybersecurity, that of balancing security and usability.
Why credential stuffing still occurs
Security is a team sport. When everyone plays their part, we raise the effort required for a criminal group to successfully bypass security controls. Credential stuffing and account takeover attacks are often the visible effects of someone not playing at the top of the game.
Companies must ensure they provide the best possible defense for their users. They can do this by reducing their attack surface, lowering the value of stolen credentials, and ensuring adequate detection and mitigation. For credential stuffing and account takeover, having a highly agile, effective anti-bot solution like Kasada ensures that your customer accounts are protected. This has the added benefit of reducing load on your site, cleaning up your web traffic metrics, and significantly decreasing infrastructure, operations, and downstream fraud costs – all while maintaining your brand reputation and customer loyalty.
Businesses with an online presence are really up against it. Building this presence, choosing the right eCommerce platform, attracting customers to your site, and then getting those customers to commit to the purchase takes a lot of effort. Getting a user to add an item to their cart is really only the beginning of making that sale. Every extra step you make this customer go through gives them another chance to leave that sales flow and abandon their cart.
Online retailers want to make this process as frictionless as possible and give the user a great experience. It’s inconvenient for a user to have to get off the couch, find their credit card, enter the details, and then complete the transaction. Retailers want customers to create an account, provide their data, and store card details for next time to reduce that friction. This is a great user experience and may mean repeat business from that customer.

