As Online Sales Grow, So Does Cyberfraud

As eCommerce grows, so does cyberfraud.

One of the unintended consequences in the rise of eCommerce is a related rise in cyberfraud attacks on online shoppers.

Which is why online retailers are increasingly turning to companies like Shape Security, a Mountain View, California-based provider of web and mobile security applications founded in 2011, to counter ever-increasingly sophisticated types of cyberattacks.

Since its founding, Shape Security’s clients — which count among them two of the world’s top airlines, both the world’s largest banking and hotel chains, one of the top 10 retailers in the world and “one of the largest U.S. government agencies” (Shape Security does not publicly reveal the names of the clients it works with) — estimated that the platform has saved them more than $1.1 billion in fraud losses.

“We have been focused on protecting the world’s largest companies and government agencies against automated attacks,” according to Shuman Ghosemajumder, Shape Security’s CTO. “Automated attacks are used in a number of cybercriminal schemes, and they enable certain types of fraud and breaches that really aren’t possible without that level of automation.”

Ghosemajumder said that the most common form of cyberattacks that retailers have to contend with right now is what’s known as a credential stuffing attack where cybercriminals take usernames and passwords revealed by one security breach and test them against other websites and mobile APIs (application programming interfaces) to see where users might have used the same usernames and passwords to gain access to their accounts on other sites.

Ghosemajumder said that credential stuffing attacks are a constant problem for online retailers, as increasingly more advanced hacking methods make it easier to run credential stuffing attacks through a number of different sites on a 24/7 basis.

“Where we come in is actually preventing that account takeover from occurring in the first place by being able to do something at the credential stuffing side,” according to Ghosemajumder. “At the moment that attackers are coming in and testing those credentials, we can actually stop them from being successful.”

Shape Security recently secured a $40 million investment from Hewlett Packard Pathfinder, Hewlett Packard’s investment partnership program, in a Series D round of funding, which brings the total amount of founding the company has secured so far to $106 million.

Shape Security currently employs about 150 people, but Ghosemajumder said the company plans to use the new funding to expand both in the U.S. and internationally and accelerate growth in its Asia-Pacific region, including a partnership with Hewlett Packard that will make Shape Security’s solutions available to all HP customers worldwide.

“Shape, in partnership with [Hewlett Packard Enterprise], offers enterprise customers worldwide the best defense against automated attacks on their critical web and mobile applications,” according to Derek Smith, CEO of Shape Security. “We change the economics of cyberattacks, shifting the cost burden from the enterprise to the attacker, by making it economically unattractive to launch automated attacks against our Global 2000 customers.”

Shape Security’s mobile security solution alone has been very well-received since its rollout in January of this year, with it now protecting over 20 percent of all in-store mobile transactions worldwide, and the company’s new partnership with Hewlett Packard and new round of funding should only serve to better fuel its growth.

“Shape’s innovative technology has proven to offer highly effective defense against automated attacks from advanced cybercriminals,” according to Lak Ananth, managing director of Hewlett Packard Pathfinder. “We are very excited to partner with Shape to bring HPE customers best-in-class application defense and help Shape accelerate its business to enterprise scale.”