Increase Revenue,
Not Cyberfraud

Shape has deflected over $1B in fraud losses for major retailers, financial institutions, airlines, and government agencies.

Case Studies


Global Retailer Defends $5B Gift Card Program

Global retailers with gift card programs are vulnerable to account takeover and credential stuffing attacks, resulting in millions of dollars of losses per year.

With online retailers' login pages as the primary target, automated credential stuffing attacks test large numbers of stolen credentials and successfully identify and take over legitimate accounts.



Top 5 Bank Prevents Account Takeover and Unauthorized Content Scraping

Financial institutions are prime targets for cybercriminals intent on taking over accounts for monetary gain. Large-scale automated attacks on financial institutions can rapidly test out millions of stolen credentials, and with even a 1 - 2% success rate, cyber fraud losses easily reach millions of dollars.

Increasing use of financial aggregator apps, and unauthorized content scraping of account balances and transaction history is creating compliance headaches for financial institutions. Looking to lower risk, financial institutions are seeking avenues to block unauthorized content scraping and direct legitimate traffic to approved APIs.



International Airline Fights Back Against Scraping Bot

Airline companies rely on their web and mobile applications to provide flight information and manage frequent flyer accounts. Automated attacks that closely mimic legitimate search and login attempts evade traditional security defenses, including web application firewalls (WAFs), IP reputation checkers and rate limiters.

Frequent flyer accounts are major targets for credential stuffing attacks, causing not only monetary loss from re-sale of stolen award tickets, but also damage to airline reputation and brand. Content scraping attacks extract route and fare information for repackaging and sale by aggregators.



Major Healthcare Insurer Deflects Application Layer DDoS Attack

Insurance company website applications service millions of customers, providing extensive information on providers, benefits, and plans. Online search is an important website feature for users to find the information they need.

Sophisticated automated application layer DDoS attacks can now evade traditional DDoS protections resulting in blocking of customer access to website features such as search, resulting in loss of revenue and customer trust.



Government Agency Reduces Fraud and Protects Citizen Information

The US government serves over 100M households and processes $2T in payment and benefit value. Protecting citizen accounts containing sensitive information is an increasingly challenging task.

Cybercriminals now combine intelligent automation techniques with information stolen from other, unrelated data breaches to attempt account takeover of targeted citizen accounts, with the goal of redirecting benefits and payments.


4 minute preview

Avivah Litan:

VP Distinguished Analyst, Gartner

How to Stop Automated Attacks on Web Applications.
Learn how and why automation-based attacks pose serious threats to web applications. View the video preview to learn what type of websites are targeted.

View Full On-Demand Webinar

Under Cyberattack?
Test drive shape rapid defense.

Get Threat Assessment