Spur customer achieves near-zero malicious logins by monitoring real-time login activity with granular IP intelligence.
The Challenge: Anonymous Logins and Fraudulent Accounts Undermining Trust
A U.S.-based bank was seeing a pattern of logins tied to anonymous IP traffic, including online job applications originating from VPNs, internal residential proxy usage, account takeover attempts on commercial clients, and fraudulent account openings.
The bank was utilizing basic IP data to investigate this activity, but its reliability – especially in proxy spaces – was low, risking further exposure that could result in lost customer trust and revenue.
The bank needed additional IP enrichment to differentiate between signal and noise and improve confidence in the data but had concerns about the impact of adding unnecessary friction to legitimate user activity.
Why Spur: Granular IP Intelligence to Inform Step-Up Authentication from Anonymized Sources
To address these challenges, the bank chose Spur for its granular IP intelligence. With Spur data, the bank gains more than simple true/false designations if an IP is anonymous. Spur goes much deeper, identifying what is actually behind an IP, including network type, hosting entities, and membership, and what the network/VPN/proxy is used for. Utilizing Spur’s daily download, the bank is now able to identify all IPs, send them to their SIEM to enrich logs, build alerts around specific activity, monitor real-time login activity, and enforce step-up rules for known proxies – all without adding unnecessary friction to legitimate customer activity. The bank enriches events in their SIEM solution including account openings, customer transactions, and authentication events, improving decision-making where manual review would normally be required.
Return on Investment: Automated Controls That Lock Out Proxy-Driven Threats
Since implementing Spur data, the bank has implemented new rules to auto-lock an account if there is high confidence in observed proxy IPs, enabling more effective profiling of threat actor groups that has resulted in near-zero logins from malicious actors.
Benefits: Real-Time Visibility Into Risky Logins and Threat Actor Behavior
With Spur data, the bank has evolved its account takeover prevention strategy by:
- Monitoring real-time login activity to determine step-up rules for friction, getting closer to real-time customer IAM.
- Identifying and mapping threat actors and patterns in commercial account targeting, strengthening defenses.
About Spur
Spur delivers the highest-fidelity IP intelligence available to detect anonymized, proxied, or otherwise obscured internet traffic, empowering you to stop fraud, fake users, and threats. Designed by expert security researchers and engineers, Spur elevated VPN attribution, bot detection, and residential proxy tracking to defend the most mission-critical government and commercial systems in the world.
What differentiates Spur from other providers?
- Breadth of Coverage: Spur delivers more comprehensive detection than anyone else in the market, covering 60 million+ active anonymous IPs and 1,000+ active VPN and proxy services.
- Depth of Attributes: Spur provides more than 20 attributes, including geo location, ASN, proxy/VPN status and attribution, device type, connection type, tunnel entry/exit context, and more – not opaque scoring.
- Residential Proxy: Spur is the only source that delivers insights into residential proxies, mobile IPs, and botnets where traditional providers fall short.
- High-Fidelity Data: Spur delivers real-time data that is accurate, fresh, and actionable, focusing on transparency and trust with low false-positive.
- Historical Data Access: Delivers access to historical records dating back to 2020.
- Results in Minutes: Spur delivers fast onboarding, clear documentation, and responsive support for engineers and analysts.
Sign up for a Spur account to get a free trial of our high-fidelity IP data.
Frequently Asked Questions
What is bank account takeover prevention?
Bank account takeover prevention refers to the process of identifying and stopping unauthorized access attempts on customer accounts. It often combines IP intelligence, behavioral analytics, and multi-factor authentication to block malicious logins in real time.
How does Spur help banks prevent account takeovers?
Spur provides granular IP intelligence that detects VPNs, proxies, and anonymized traffic sources. By enriching login and transaction events, banks can distinguish legitimate customers from malicious actors before fraud occurs.
Can banks reduce friction while preventing account takeovers?
Yes. Spur’s data allows banks to enforce step-up authentication only when anonymized or high-risk IPs are detected — maintaining a smooth customer experience while improving security.
