UK's leading free credit score and credit marketplace protects customer data from account takeover and credential stuffing attacks


Netacea, a provider of bot management solutions, today announces that ClearScore, the UK’s leading free credit score and credit marketplace, has selected Netacea’s bot management solution to protect against credential stuffing attacks and account takeovers.

Netacea’s Intent Analytics™ engine can quickly and accurately distinguish bots from humans, which allows ClearScore to give genuine users access and stop malicious bots. The partnership sees ClearScore advance its online security from web application firewalls, rate limiting, and similar techniques to a more sophisticated machine learning-based solution that can quickly evolve to protect against the current threat landscape of bots.

ClearScore provides its users with simple access to their credit score and report for free and provides financial product recommendations tailored to their credit report. Its ClearScore Protect product also provides “dark web monitoring” that can check if passwords and usernames have been stolen and are being traded online. It is exactly this sort of trading that Netacea helps protect ClearScore from—bots use credentials stolen in data breaches to gain access to accounts elsewhere. These attacks can then be used to commit further fraud or subvert existing accounts—for example applying for a loan in someone else’s name.

ClearScore found that keeping ahead of this fraud was proving increasingly difficult using standard techniques. For example, more sophisticated bots can avoid rate limiting measures by keeping just below thresholds, and while traffic from certain countries is more likely to be malicious, limiting IP addresses can keep genuine users out. In the last four weeks, Netacea has reduced traffic to login pages by 14% by mitigating bot traffic. In addition, the internal ClearScore security team, previously required to carry out late night manual blocking of suspicious traffic to minimise threats, is now free to tackle other concerns.

Klaus Thorup, Chief Technology Officer, ClearScore, commented:

“At ClearScore, we deal with highly sensitive credit report data every minute of every day. In the wrong hands, this data has the potential to have a negative impact on our users’ personal finances, so we go to great lengths to ensure their data is safe with us. Though our security systems are extremely robust, it’s critical that we protect against user credentials that have been stolen from elsewhere on the Internet being used for account takeover. As a fast-growing business, it’s critical that we maintain our users’ trust to continue our growth.

“Solutions such as rate limiting and blacklisting IP addresses are only of limited use and can prevent genuine users from gaining access. Working with Netacea means we can stay one step ahead of criminals even as they change how they operate—and we can focus on giving our users the best possible service.”

Andy Still, Netacea’s Chief Technology Officer, commented:

“Credential stuffing and account takeover attacks are a worry for any business, but especially for those who are dealing with sensitive information on behalf of their users. Working with ClearScore means working with a business that is dedicated to delivering its innovative services in a way that keeps its users safe.”

Leave a reply

Please enter your comment!
Please enter your name here