Case Study: Leading Canadian Bank eliminates credential stuffing with Shape Security

Leading Canadian Bank - Customer Case Study

Leading Canadian Bank, one of Canada’s Big 5 banks, was hit by persistent credential stuffing attacks across its Canadian and U.S. websites, mobile apps, and OFX API endpoints. The automated attacks drove account takeover fraud and caused rolling outages, while the bank’s existing CDN-provided bot mitigation tool required constant manual tuning and could not keep up.

Shape Security deployed Shape Enterprise Defense on the bank’s web and mobile login applications, starting in observation mode and then moving quickly into mitigation mode during a massive spike in attack traffic. Shape Security stopped the automated login flood from reaching origin servers, stabilized service availability, and helped the bank eliminate malicious login traffic while improving fraud protection and gaining better control over financial aggregator access.