Customer Stories
Payment Solutions Provider

Payment Solutions Finder

Global payment solutions provider trusts Proofpoint for protection against account takeover attacks
The Challenge
  • Stop advanced, multistage attacks beyond email that could disrupt business operations and customer trust.
  • Keep security teams efficient with limited resources amid rising investigation demands.
  • Optimize security spend by consolidating protection under a unified platform.
The Solution
  • Proofpoint Prime Threat Protection
The Results
  • Stopped a sophisticated, multistage ATO attack in minutes, before it could disrupt payment operations or customer trust.
  • Increased SOC efficiency by eliminating false positives and cutting investigation time from hours to minutes.
  • Optimized security spend as Proofpoint Prime’s integrated ATO Protection paid for itself within 72 hours through faster detection and response.
Financial Services
Today’s financial technology leaders power the digital economy with fast, secure, and frictionless payments. Whether enabling transactions for healthcare, hospitality, entertainment, or retail, they sit at the center of global commerce and are prime targets for account takeover and fraud. When a leading payment solutions provider set out to strengthen cybersecurity across its infrastructure and protect customer trust, its IT team reached out to Proofpoint.

The Challenge

Staying steps ahead of the latest cyberthreats

For a global payment platform provider, even a single cybersecurity breach can interrupt services and put customers at risk. With advanced, multistage attacks on the rise, the security team needed stronger defenses to protect its global payments infrastructure. Account takeover (ATO) attacks, where an unauthorized user gains access to an account had become a top concern. As their frequency and complexity grew, the provider sought a solution that could detect and

““[As part of Proofpoint Prime Threat Protection], we set up Account Takeover Protection on a Friday, with guided help from Proofpoint. The following Monday, on a call with our compliance team, multiple alerts went out for the account takeover and suspicious login rules. By helping us stop this first threat, [Proofpoint Prime Threat Protection] with Proofpoint Account Takeover Protection paid for itself in under 72 hours.””

—Associate Vice President, Security Engineering

The Solution

Discovering and stopping hard-to-find attacks

After exploring several products, the payment platform provider chose Proofpoint Prime Threat Protection to strengthen defenses across its global payment platform. Prime unifies protection across email, cloud, and collaboration channels, helping the team stop advanced multistage attacks before they disrupt business operations or customer trust. A key integrated capability—Account Takeover Protection—uses Proofpoint threat intelligence and machine-learning analytics to detect and contain compromised accounts early. With clear visibility into events like suspicious logins, MFA changes, and mailbox rule updates, analysts can quickly pinpoint which users are affected and how the attack unfolded, all from a single view. And by consolidating capabilities within one platform, the organization gains stronger protection without exceeding its security budget.

Proofpoint Account Takeover Protection quickly demonstrated its value just a few days after it was installed.

“We set up Account Takeover Protection on a Friday, with guided help from Proofpoint,” said the company’s Associate Vice President of Security Engineering. “As part of the process, we decided to set up some key detections to automatically remediate and page out to the on-call list. The following Monday, on a call with our compliance team, multiple alerts went out for the account takeover and suspicious login rules. We walked through the alerts, thinking that they might be a false alarm. But we quickly realized the issue was much more serious.”

The Results

Advanced protection quickly pays for itself

Proofpoint Prime Threat Protection, with its integrated Account Takeover Protection capability, quickly proved its worth. Within days of deployment, it identified and contained a sophisticated, multistage ATO attack that had bypassed traditional defenses.

At first, the security team thought the alerts had been triggered by a smart phone VPN application showing “impossible travel”. But Proofpoint revealed that the user had been redirected to a malicious site in Western European when they were trying to order lunch, using SEO poisoning.

“The user saw a normal Microsoft login page, including a prompt for number matching MFA, then completed the MFA challenge,” said the Associate Vice President. “The attacker passed the session back though a VPN in the U.S. and successfully logged in and tested their access 30 seconds later. Proofpoint Account Takeover Protection detected the attack, killed the session tokens, and fixed everything in under 15 minutes. As we continued to monitor this user, we saw the attacker return about five hours later from another VPN based in the U.S. Fortunately, since the account and MFA sessions had been revoked, they failed to authenticate.”

The provider’s managed detection and response (MDR) solution also discovered the threat, but Proofpoint’s powerful automation helped the organization respond faster.

“Our MDR solution spotted the threat after other organizations had already fallen victim to it,” said the Associate Vice President. “But this was a little more than six hours later, and one hour after the attacker tried to use the compromised credentials. We were even able to provide some additional context to the MDR team when they reached out. By helping us stop this first threat, Proofpoint Account Takeover Protection paid for itself in under 72 hours.”

Together with Proofpoint, the payment solution provider can confidently protect their network from evolving threats today and tomorrow.

Download Customer Story