With the rise of credential abuse attacks, especially after large credential breaches on some big websites, the traditional MFA alone won't work. Organizations like banks have to build layers of defense mechanisms to combat those attacks, such as risk assessment enrichment using intelligence, bot management, etc. The presentation starts with common evolving credential abuse attacks. Then it shares a few real world examples of those attacks, including a large scale credential stuffing attacks targeted at retail banking customers, phishing campaign and credential harvesting attacks using online ads targeting at commercial banking customers. We will share some outcomes, observations, lessons learned, as well as ongoing challenges.