Payment Solutions Finder

Staying steps ahead of the latest cyberthreats

For a global payment platform provider, even a single cybersecurity breach can interrupt services and put customers at risk. With advanced, multistage attacks on the rise, the security team needed stronger defenses to protect its global payments infrastructure. Account takeover (ATO) attacks, where an unauthorized user gains access to an account had become a top concern. As their frequency and complexity grew, the provider sought a solution that could detect and

Discovering and stopping hard-to-find attacks

After exploring several products, the payment platform provider chose Proofpoint Prime Threat Protection to strengthen defenses across its global payment platform. Prime unifies protection across email, cloud, and collaboration channels, helping the team stop advanced multistage attacks before they disrupt business operations or customer trust. A key integrated capability—Account Takeover Protection—uses Proofpoint threat intelligence and machine-learning analytics to detect and contain compromised accounts early. With clear visibility into events like suspicious logins, MFA changes, and mailbox rule updates, analysts can quickly pinpoint which users are affected and how the attack unfolded, all from a single view. And by consolidating capabilities within one platform, the organization gains stronger protection without exceeding its security budget.

Proofpoint Account Takeover Protection quickly demonstrated its value just a few days after it was installed.

“We set up Account Takeover Protection on a Friday, with guided help from Proofpoint,” said the company’s Associate Vice President of Security Engineering. “As part of the process, we decided to set up some key detections to automatically remediate and page out to the on-call list. The following Monday, on a call with our compliance team, multiple alerts went out for the account takeover and suspicious login rules. We walked through the alerts, thinking that they might be a false alarm. But we quickly realized the issue was much more serious.”

Advanced protection quickly pays for itself

Proofpoint Prime Threat Protection, with its integrated Account Takeover Protection capability, quickly proved its worth. Within days of deployment, it identified and contained a sophisticated, multistage ATO attack that had bypassed traditional defenses.

At first, the security team thought the alerts had been triggered by a smart phone VPN application showing “impossible travel”. But Proofpoint revealed that the user had been redirected to a malicious site in Western European when they were trying to order lunch, using SEO poisoning.

“The user saw a normal Microsoft login page, including a prompt for number matching MFA, then completed the MFA challenge,” said the Associate Vice President. “The attacker passed the session back though a VPN in the U.S. and successfully logged in and tested their access 30 seconds later. Proofpoint Account Takeover Protection detected the attack, killed the session tokens, and fixed everything in under 15 minutes. As we continued to monitor this user, we saw the attacker return about five hours later from another VPN based in the U.S. Fortunately, since the account and MFA sessions had been revoked, they failed to authenticate.”

The provider’s managed detection and response (MDR) solution also discovered the threat, but Proofpoint’s powerful automation helped the organization respond faster.

“Our MDR solution spotted the threat after other organizations had already fallen victim to it,” said the Associate Vice President. “But this was a little more than six hours later, and one hour after the attacker tried to use the compromised credentials. We were even able to provide some additional context to the MDR team when they reached out. By helping us stop this first threat, Proofpoint Account Takeover Protection paid for itself in under 72 hours.”

Together with Proofpoint, the payment solution provider can confidently protect their network from evolving threats today and tomorrow.