Ongoing Growth of Account Takeover

Ongoing Growth of Account Takeover

By Doriel Abrahams, Head of U.S. Analytics

Account takeover (ATO) is having far more than a “moment” in the fraud-fighting world. The details of this ever-evolving trend highlight some interesting distinctions between different industries and a broader shift that might point toward what to expect and prepare for in the future.?

One of the things I love most about my role at Forter is that working with so many global brands, I get to see trends in customer behavior and fraud attack methods from a unique perspective. I see the trends up close — from working closely with our merchants — and from afar, as the trends play out over different industries and geographies.?

Although ATO has become a recurring theme from both up-close and afar, it should come as no surprise to merchants – especially when you think about its place in the broader ecosystem.

Growth in Fighting ATO

Ten years ago, fraud prevention was all about chargebacks and checkout. Five years ago, the emphasis was still firmly in the same place, although nuance had begun to creep in. But the better fraud fighters got at protecting checkout, the more actively and creatively fraudsters looked for other ways to attack online.?

I’ve been fighting fraud at Forter for seven years, and in that time, I’ve seen the shift happening at all levels. Fraudsters no longer focus on just checkout but rather the entire customer journey. And ATO is a significant part of that.

Accounts are attractive to fraudsters for the same reasons customers want them in the first place: they make interacting with online companies much more accessible, whether it’s making a purchase, storing and redeeming loyalty points, using gift cards, or taking advantage of a promotion. For the consumer, it’s convenience and discounts. But for the fraudster, it’s access to a wealth of options, covered by a cloak of legitimacy from the good reputation of the account.?

The COVID-19 pandemic added fuel to ATO — as it did for so many aspects of digital commerce — because many more people were suddenly online, creating new accounts on stores and apps they’d never visited. Some of those accounts went dormant after a while, and some are owned by those who are not digital natives, unlikely to protect their accounts with strong enough unique passwords, not to mention Multi-Factor Authentication (or even notice if a stranger has checked into their account).?

Retailers are still dealing with the fallout as ATO attacks are going after more valuable items than ever, and fraudsters continue to become bolder. Across Forter’s network, we’ve seen the average order value of items in ATO attacks has increased by 51%.?

Tracking Commerce Trends

Fraudsters are often very wise to market developments. While ATO is up across many verticals – from delivery to apparel to digital goods, travel and cryptocurrency – the beauty industry has seen an alarming increase of 94%.

What’s interesting about this is what it shows about how fraudsters work, always looking to turn new trends into opportunities. Beauty and cosmetics used to be very in-person experiences. Customers liked to try different products before they bought them, get advice from assistants in the store about colors, scents and techniques, and so on.?

All of that is still true — but the online shopping that became essential during the pandemic continues to grow in popularity. Predictions that people would switch back to in-person experiences as soon as they could haven’t come to pass; digital commerce is not only maintaining its position but, for many retailers, is still increasing.?

Part of the reason for the continued popularity of digital beauty commerce is the exclusivity and special offers associated with online accounts. Beauty brands inspire loyalty and enthusiasm for their products through carefully curated programs that delight customers — and provide fantastic opportunities for fraudsters.

But beauty isn’t the only industry where fraudsters track the broader trends of digital commerce and exploit their knowledge to attack more effectively. Apparel, like beauty, continues to grow, with some brands even incorporating purchase and interaction through apps into the shopping process in physical stores. Unsurprisingly, ATO against apparel brands continues to grow, with a 28% increase compared to 2021.?

It illustrates a lesson fraud fighters can never afford to forget: It’s not enough to know your own numbers. Fraudsters react to broader market trends, which means we must keep track of the trends affecting our wider industry, and even other industries to be prepared.?

Fraud Prevention: Continually Maturing and Evolving

As fraud evolves, the arms race will inevitably continue. The industries under attack will continue to shift depending on outside factors, and how fraudsters attack accounts will change as they find ways to get around our latest preventative measures.?

So what can you do to protect your company from ATO? Each company is different, of course, and fraud-fighting efforts must tailor to suit that. But there are a few things we’ve seen to be widely successful:

  1. Fight ATO upfront. Don’t wait until checkout; start by protecting the login process. Protecting login dramatically eases the burden on checkout; we’ve seen a consistent reduction of ATO at checkout by ~35%, purely by merchants adding login protection.?
  2. Block bad bots. Bots are used for checkout, ATO, account creation, and more. When you start blocking bots effectively, attempts decrease dramatically. Bot creators like to work at scale — that’s the entire mentality behind this attack. Once they slip through they’ll keep going forever. If you show them that they’re not going to see success with your site or app, they’ll simply move on, easing your job by reducing noise and helping protect the entire customer journey.
  3. Use dynamic friction at login. You don’t need to decide between letting someone access an account immediately and broadly applying friction. Using friction judiciously — applying only when appropriate — gives the customer a chance to prove themselves (much better than blocking them!) and ensures you’re not letting in the wrong person. For instance, I’ve seen how effective implementing MFA can be for our merchants; around two-thirds of MFA challenges failed, meaning it was great that the block was in place, while the remaining third continued their journey with barely a pause.?

The interest fraudsters have in accounts and the entire customer journey isn’t going anywhere. And while it’ll continue to evolve, there are plenty of ways you can protect yourself – and your customers – in the long run.

About Forter

Forter is the Trust Platform for digital commerce. We make accurate, instant assessments of trustworthiness across every step of the buying journey. Our ability to isolate fraud and protect consumers is why Nordstrom, Sephora, Instacart, Adobe, Priceline, and other leaders across industries have trusted us to process more than $500 billion in transactions. Click?here ?to learn more.

Tom Smith

Solutions Architect at Veza

2 年

Great post and advice, Doriel!

要查看或添加评论,请登录

社区洞察

其他会员也浏览了