Company Snapshot

Securing user accounts against account takeover (ATO) is essential, but it shouldn’t come at the cost of user satisfaction. An established gambling and gaming platform faced this dilemma when credential stuffing attacks began compromising user accounts, leading to financial risks and eroding trust. With concerns that Multi-Factor Authentication might frustrate their customer base and reduce engagement, they found a way to enhance security measures without disrupting the seamless experience their users expected.

The Challenge Faced By Gambling and Gaming Platform

Account Compromises and User Experience

Before integrating Enzoic, the gambling and gaming platform grappled with account compromises. Cybercriminals exploited compromised credentials to access user accounts, resulting in fake bets being placed. When there’s a fraudulent transaction, the company is responsible for 100% of the costs. This not only posed a financial risk but also eroded trust among users. They had a lean IT team, who had to work closely with the marketing department to notify affected users—a time-consuming and resource-intensive process that detracted from the ideal user experience.

Before Enzoic: Inefficient Detection Methods

To detect credential stuffing attacks, the platform relied on monitoring login locations. Alerts were triggered when there was a spike in login endpoint requests—a telltale sign of an attack. However, this reactive approach required manual analysis to identify suspicious activities, such as logins into multiple accounts from the same IP address or improbable location changes (e.g., a user logging in from New York and then California in quick succession). Once potential compromises were identified, accounts were flagged, and users were prompted to reset their passwords.

Despite these efforts, the platform couldn’t prevent users from reusing the same or compromised passwords. Basic password constraints (like an eight-character minimum with letters and numbers) proved insufficient in stopping the use of exposed passwords.

The MFA Dilemma

Implementing MFA was discussed but ultimately dismissed due to several concerns:

• User Friction: MFA adds additional steps to the login process, which could frustrate users and lead to decreased engagement.
• Aging Customer Base: A large portion of the platform’s users are older adults who might struggle with the complexities of MFA, leading to potential drop-offs in user sessions.
• Business Impact: Any barrier that could reduce user activity was seen as detrimental to the platform’s revenue and growth.

The Solution

Integrating Enzoic’s APIs

In search of a way to prevent account takeover while keeping things simple for users, the platform turned to Enzoic’s APIs. By embedding compromised credential checks into their routine security assessments, they improved account protection without complicating the user journey.

How Enzoic Addressed the Challenges

• Immediate Compromised Credential Checking: Enzoic’s APIs enabled detection of exposed credentials, alerting the platform if a user’s login info had been exposed in a data breach.
• Seamless User Remediation: When a compromised password was found, users were notified and guided to set a new, secure password.
• Maintained User Experience: Skipping MFA allowed the platform to keep the login process simple, which was crucial for retaining engagement among users.

Additional Security Measures

To further improve security, the platform incorporated CAPTCHA into the login flow. This addition offered another layer to deter bot-driven login attempts without significantly affecting genuine users.

The Gambling and Gaming Platform Results

Dramatic Decrease in Account Breaches

Since adopting Enzoic, the platform hasn’t experienced any account compromises. Recent testing of about 20,000 credentials revealed a 2-3% rate of compromised passwords. Identifying these early enabled them to secure accounts before any exploitation.

Saving Time and Resources

Enzoic’s automated solutions freed the IT team from manual monitoring and threat response, saving significant time. It also reduced the need for coordination with the marketing team for user notifications.

Boosted User Trust and Ongoing Engagement

By preventing breaches and keeping the login process simple, the platform enhanced user trust. The absence of extra authentication steps meant users stayed active, maintaining the upward trend in engagement and revenue levels.

Cost Savings

By opting for Enzoic, the platform avoided the high costs associated with other security solutions, achieving strong protection without significant expenditure. The time saved and the prevention of potential revenue loss resulted in a positive return on investment, making Enzoic a cost-effective and financially sound choice.

Outcomes and Insights

By integrating Enzoic’s APIs, the platform improved account security without disrupting the user experience.

Key Takeaways for Gambling and Online Betting Organizations:

• Balance Security and User Experience: It’s possible to strengthen security measures without adding friction to the user journey.
• Consider User Demographics: Tailor security solutions to suit the technological comfort levels of your user base and avoid the drop in engagement associated with adding additional steps to the login flow.
• Proactive Measures Pay Off: Implementing real-time compromised credential checks can prevent security incidents before they occur, saving time and resources.
• Cost-Effective Solutions Exist: You don’t have to choose between high costs and high risks; Enzoic offers affordable account takeover protection.

By looking at this platform’s experience, other gambling and online betting organizations can see the tangible benefits of integrating Enzoic’s APIs into their security infrastructure.

Contact Enzoic to learn how you can protect your users without compromising on experience.

 

Download Case Study