Every large retailer is familiar with the difficult challenge of protecting against credential stuffing and account takeover (ATO), which have been called the greatest security threats to online services today. The Yahoo data breaches were watershed moments in educating the public about the dangers of password reuse across online services. With more than 3.3 billion credentials reported stolen last year alone, credential stuffing attacks now represent more than 90% of the total login traffic on many large retailers. To combat these attacks and protect customers against large-scale ATO using stolen passwords, retail security, network, and fraud teams have begun collaborating more than ever before. In this talk, Google’s former click fraud czar and current Shape CTO, Shuman Ghosemajumder, will share leading practices and new ideas in business and technology across the retail industry to protect users against ATO.