Solutions overview
Account take over (ATO)
Digital Impersonation
Credit card data theft
SEO poisoning
Credential stuffing
For security teams
For fraud/risk teams
For digital business teams
Library
Blog
Partner Up
About
News
Events
Careers
Contacs
Case Study
How Memcyco reduced ATOs by 65% for a major global bank
The business challenges
The spike in ATOs was caused by a pattern of phishing-related credential harvesting scams targeting the bank’s website and customers. The brand impersonation and social engineering techniques used were highly sophisticated, suggesting possible use of Generative AI to prepare and scale attacks.
Over $27M per year in remediation costs:
Each ATO cost the bank around $1,500 in refunds and incident handling, multiplied by 18,500 cases annually.
Late (and partial) attack visibility:
The bank learned about attacks only when customers actively decided to complain – or shamed the bank on social media.
Loss of digital trust, and related churn
Once defrauded, even reimbursed customers were closing accounts, fearful of repeat incidents.
Incalculable damage to brand equity:
Some impacted customers were sharing negative experiences online, discouraging others from doing business with the bank.
Post-takedown ATO risk:
Despite offending websites being taken down, the threat persisted – of further, related attacks launched from other domains, or through using stolen credentials sold to other bad actors on the darknet.
About the client
- A notable presence in corporate finance and personal banking
- Global network of branches, plus a robust digital platform
- Serves over 60 million customers in 50 countries
Why they approached Memcyco
The client needed a quick and proactive way to eliminate a rise in phishing-related scams responsible for harvesting customer cards details using highly accomplished digital impersonation techniques.
MEMCYCO’S APPROACH
Real-time Digital Risk Protection from Credit Card Fraud
After a quick and simple installation of Memcyco’s real-time AI-based technology, the issuer’s teams could instantly detect and counter digital impersonation and credit card harvesting attacks in ways previously not possible.
DETECTION
- Offending sites are now detected instantly, as the attack starts
- Impacted customers are immediately identified
- Previously unobtainable attack device data is now available
PROTECTION
- Red Alerts pop up on customer screens when entering fake sites, advising them not to move forward
- Exposed card data was swapped for marked decoy data, protecting customers who provided data despite alert
RESPONSE
- Customers can keep working with their cards even if they fell victim to the attack
- Attackers are blocked from using customer cards
- Risk engine data is enriched via an API
Business Impact
With Memcyco’s agentless solution installed, the bank’s team could effortlessly and proactively protect customers from credential harvesting and ATO, without adding any friction to customer experience.
They could also effortlessly identify every customer who clicked a link to an offending site, or entered their credentials, unaware that they were being scammed.
- ATOs reduced by over 65%
- Millions saved in related costs
- Decreased customer churn
- Less risk of negative PR
- Better control of brand equity
- MTTD of zero (instant detection)
- Improved anti-fraud tools models
- Lighter caseload management
- Lower SOC workload
- Stronger compliance posture
ROI
18,500
ATO cases annually
~ $1,500
in remediation costs per case
~ $27,750,000
per year in refunds and incident handling
Memcyco prevents around 65% of annual ATO incidents, saving the bank approximately
$18M per year
