SHAPE is now part of F5,  Learn More
See why we are better together
Virtual Summit 2020 | App Security and Fraud Summit  Learn More
Watch On-demandSee why we are better together



Protection against manual account takeovers and other human-powered attacks


Criminals are launching manual fraud against your digital properties


Manual-Attack Defense add-on service for Shape Enterprise Defense

Bots and other forms of fraudulent, automated web and mobile traffic deservedly garner a majority of security focus. The ability for cybercriminals to attack at scale through sophisticated automation represents a primary business and fraud risk for many organizations.

However, for some organizations and some workflows, manual fraud against digital properties also represents a material source of risk and losses. For these situations, Shape Security offers Manual-Attack Defense™ as part of its Shape Enterprise Defense™ platform.

Protection Against Manual Account Takeovers and Other Human-powered Attacks

Cybercriminals focus human-powered attacks on high-value targets, including account takeovers and new account creation when they cannot achieve the same results through (far cheaper) automation. Shape has observed extensive use of human-powered attacks across a variety of vertical industries:


Financial services
Retail and ecommerce
Travel and hospitality
Telcos and service providers

Threat Vector

Account Takeovers
Gift card cracking and credit card fraud
Account takeovers and loyalty point theft
Account takeovers and mobile device mis-appropriation

Industry | Network leverage

Financial services | Account Takeovers
Retail and ecommerce | Gift card cracking and credit card fraud
Travel and hospitality | Account takeovers and loyalty point theft
Telcos and service providers | Account takeovers and mobile device mis-appropriation

How Manual-Attack Defense Works

Shape’s Manual-Attack Defense service leverage’s Shape’s patented, two-stage, detection and mitigation platform to protect businesses from manual attacks.

Manual-Attack Defense uses supervised machine learning to detect and mitigate human-powered credential stuffing attacks. It separates human-powered attack traffic from genuine customers by constructing unique fraud ‘signatures’ of human-powered traffic. 

Manual-Attack Defense is able to accurately detect human-powered attack traffic from genuine customer interactions, and deploy mitigation strategies to flag such traffic, and if necessary, block, deflect, or deceive.

Protect Your Online Business from Manual Fraud

Shape offers the industry’s only solution that prevents human-powered fraud at scale, Shape has unique insights into the scale of the human-powered credential stuffing. For a North American bank that Shape Security recently helped, 1 out of every two hundred login attempts were human-powered credential stuffing (0.5%), or several hundred fraudulent logins per day, representing $1M in losses per month.

By submitting this form, you agree to our Terms of Use and acknowledge our Privacy Policy.