This alert may not be shared outside your organization, Do Not Repost or send, place on other websites, List servers, or send to others via email, including other associations or parties.  Members and Law enforcement use only. Contact us for any permissions.  To do otherwise will result in the loss of membership.

Complete Story


Credential Stuffing: Who Owns the Risk?

Security Boulevard

Kasada was recently in the news after identifying a credential stuffing campaign targeting Australian retail, fast food, and entertainment outlets. The discourse around this type of reporting – and responses from affected companies – usually contain the same few statements: “A small number of accounts were affected” and “Customers should ensure they do not reuse passwords across multiple sites.” This shifting of risk to affected customers, regardless of the number of accounts impacted, highlights a tension within cybersecurity, that of balancing security and usability.

Why credential stuffing still occurs

Security is a team sport. When everyone plays their part, we raise the effort required for a criminal group to successfully bypass security controls. Credential stuffing and account takeover attacks are often the visible effects of someone not playing at the top of the game.


Printer-Friendly Version



The FRPA alert system distinguishes us from other groups by gathering and providing information to law enforcement, retailers AND financial institutions.

more information


Your electronic library to help in fighting financial fraud for all of our partners.

more information