Credential and Credit Card Stuffing Attacks

This document provides an overview of the shared responsibility model with respect to credential and card stuffing attacks, describing the collaborative efforts between the Arc XP team and yourself to ensure the security of your sites and data. It begins by outlining the proactive measures taken by our team to safeguard your digital assets. Subsequently, we delve into a prevalent threat affecting our customers: credit card and credential stuffing attacks. To conclude, we articulate the shared responsibility model within the specific context of these security challenges, offering insights into collective strategies for robust protection.

Credential stuffing attacks are a type of cyberattack that involves using stolen login credentials from one system to attempt to access an unrelated system. These attacks work on the premise that people often use the same user ID and password across multiple accounts.

The attacker acquires stolen username and password pairs, often from a data breach or phishing attack, and then uses automated tools to test the stolen credentials against many websites. If the login is successful, the attacker knows they have a set of valid credentials and can access the account.

These types of attacks are most often detected by a large volume of failed login attempts during a short period of time.

Credit card stuffing attacks are fraudulent activities that involve using the payment process to determine if stolen card numbers are valid or active. These payment requests often originate from botnets, similar to credential stuffing attacks. As a result, many of the same security approaches are applicable here.

However, it is also possible for human users to carry out these attacks on a smaller scale. This situation can be much more difficult to detect and prevent, as many of the controls for bots are not effective against human users.

These types of attacks are often detected by a large volume of failed purchase transactions during a short period of time.

To counter the impact of stuffing attacks requires action on the part of both the Arc XP team and you as a customer and user of our platform. The strategy for stuffing attacks comprises two components: detection and response.

The responsibility for detection lies primarily on the Arc XP team. We monitor traffic and behavior on our platform 24x7, and most attack attempts are thwarted as soon as they begin. If an attack requires a business decision from you, we will notify you. Exceptions, in which you can monitor attacks for yourself, are explained in the monitoring sections that follow.

The responsibility for response lies upon you as a user of our platform. There are a range of responses available to you depending upon the attack, including, but not limited to:

We will inform you when an attack has impacted your end-users or payment processing to the point where you need to take action. The action you take is up to you.

Monitoring for Credential Stuffing Attacks

The Arc XP team has monitoring and alerting in place to detect when a credential stuffing attack is occurring. Our Web Delivery team uses the Akamai platform to automate both the detection and response to these types of attacks, and most attempts are thwarted before a human ever needs to be involved.

Responding to Credential Stuffing Attacks

A credential stuffing attack is successful for an attacker when they are able to log in to an end-user’s account and confirm that stolen credentials are valid on your site. When our team detects this, we will inform you so you can take action. The most common approach is to reset the passwords and sessions for all of your impacted users. The Arc XP team will provide you a list of the impacted accounts so that you can reset the accounts of your impacted users.

Monitoring for Credit Card Stuffing Attacks

The Arc XP team does not have a relationship with your payment processor, so we can only see credit card stuffing attacks indirectly. Our platform has monitoring and alerting in place to detect abnormal payment failures and suspicious use of the Arc XP Subscriptions features. Should we identify a persistent attack necessitating your intervention, we will promptly notify you. Such occurrences typically arise during prolonged assaults that might lead to supplementary charges from your payment processor or potentially affect your standing with them.

We recommend that you institute your own monitoring, in coordination with your payment processor. Common metrics to monitor and alert upon are:

Responding to Credit Card Stuffing Attacks

A credit card stuffing attack is successful for an attacker if a credit card transaction succeeds and thereby confirms the validity of stolen credit card data. If we detect a credit card stuffing attack on your site that requires action on your part, we will inform you so that you may put mitigations in place.

We recommend that you harden your site to make these types of attacks less likely to succeed.

The most effective mitigations for credential stuffing attacks include:

The most effective mitigations for credit card stuffing attacks include:

This document outlines the shared responsibility model between Arc XP and you, with a focus on credential and credit card stuffing attacks. The shared strategy involves detection and response, with outlined monitoring mechanisms and mitigations. Embracing this model empowers you to make informed decisions, fostering ongoing collaboration for a robust defense against cyber threats on the Arc XP platform.

When it comes to stuffing attacks: