Account Takeover Fraud Losses Total Billions Across Online Retailers

Account Takeover Fraud Losses Total Billions Across Online Retailers

Account takeover (ATO) attacks are on the rise, and in fact have become a go-to attack of choice cybercriminals of all stripes. In fact, in 2019 alone, ATO attacks cost consumers and e-commerce retailers a whopping $16.9 billion in losses.

Account takeover (ATO) attacks are on the rise, and in fact have become a go-to attack of choice cybercriminals of all stripes. In fact, in 2019 alone, ATO attacks cost consumers and e-commerce retailers a whopping $16.9 billion in losses.

To be clear, ATO fraud isn’t new, it’s been a concern for online retailers for a decade. But Sift recently released its 2020 Digital Trust & Safety Index, which found that ATO attacks have jumped dramatically, by 282 percent, between Q2 2019 and Q2 2020, driven by a rise in digital business and a jump in online shopping since the COVID-19 outbreak last spring. The number of stolen credentials for sale on the dark web is meanwhile up 300 percent.

In a typical ATO attack, criminals use automated bots to crisscross the web and enter stolen credentials into online accounts – and they also try to search for clues to crack passwords and security codes to cash in further.

Undoubtedly, COVID-19 has driven more online retail activity, creating an even more target-rich environment for ATO fraudsters. But retailers are unintentionally making themselves more susceptible, too, according to Sift’s report. One-click, on-demand and mobile solutions, intended to make the shopping experience simple, also have the unintended consequence of making consumer data easier to steal. Sift’s report calls this a “Catch-22” for retailers in trying to balance “concerns of fraud and friction.”

The “friction” is the series barriers to fraud; tools like two-factor and multifactor authentication, biometrics, CAPTCHA codes and the like. The “catch” is that the more of these barriers you place in front of a shopper, the more likely retailers are to see a jump in abandoned carts and irritated customers repeatedly being asked to input their sensitive data.

ATO fraud victims have been exposed across all kinds of sites — dating, travel, banking and social media — meaning consumers are at risk almost anywhere they go online shop or buy services.

But hardest hit, according to Sift’s report, have been online sellers of physical goods. ATO fraud is up 378 percent among physical e-commerce marketplaces. Criminals have also become adept at exploiting new buy online, pick up in store sales models (BOPIS) which have become a go-to solution for low-contact shopping during the pandemic. Fraudsters buy goods online with stolen credentials, pick them up, then return them to resell for a quick profit.

And the cost to online retailers goes far beyond the initial fraud. More than half (56 percent), of customers surveyed by Sift said that if they discovered that their personal data was compromised, they would stop doing business with site and choose another provider.So, ATO fraud is a real threat to brand loyalty.

Also, forget the tired stereotype of the hoodie-wearing hacker trying to steal credentials from a basement. ATO criminals have evolved into well-funded, well-organized, state-sponsored actors, according to Sift.

“The lonely, disgruntled, hacker trope has mutated into far-reaching, state-sponsored teams of fraudsters who are just as focused on efficiency, expansion and ROI as any e-commerce merchant,” the report said.

They’ve also become adept at hiding their fraud behind periodic traffic spikes. In Sept. 2019, cybercriminals used the back-to-school and start of the holiday shopping seasons to hide their nefarious activity behind already bogged-down systems, Sift said.

The 2020 Digital Trust and Safety Index was complied through a survey of Sift’s global network of more than 34,000 sites and apps, in addition to more than 1,000 customers contacted throughout August.

most recent threatlists web security 2020 digital trust & safety index account takeover fraud ato ato attack biometrics bopis buy online pay in store captcha cyber criminal cyber security data security digital security e-commerce fraud fraud victim hack hacker online banking online data online merchant online shopping online theft sift two-factor authentication

Bootstrap 5 Complete Course with Examples

Bootstrap 5 Tutorial - Bootstrap 5 Crash Course for Beginners

Nest.JS Tutorial for Beginners

Hello Vue 3: A First Look at Vue 3 and the Composition API

Building a simple Applications with Vue 3

Deno Crash Course: Explore Deno and Create a full REST API with Deno

How to Build a Real-time Chat App with Deno and WebSockets

Convert HTML to Markdown Online

HTML entity encoder decoder Online

How To Set Up Two-Factor Authentication in cPanel

What is 2FA Two-Factor Authentication (or 2FA as it often referred to) is an extra layer of security that is used to provide users an additional level of protection when securing access to an account.

Experts Weigh in on E-Commerce Security Amid Snowballing Threats

Experts Weigh in on E-Commerce Security Amid Snowballing Threats. How a retail sector reeling from COVID-19 can lock down their online systems to prevent fraud during the upcoming holiday shopping spike. ... But experts are warning retailers not to focus only on one threat or on protecting one particular system.

What are the top Cyber Security Threats in 2020?

Learn Cyber Defense programming by Cyber Security Training. Know how to stop tactics of ransomware, malware, social engineering, phishing by hacking course.

Activision Refutes Claims of 500K-Account Hack

The Call of Duty behemoth said that the reports of widespread hacks are false. After reports surfaced that 500,000 Activision accounts may have been hacked, impacting online Call of Duty (CoD) players, the gaming giant is disputing the claim.

Attackers Horn in on MFA Bypass Options for Account Takeovers

Legacy applications don't support modern authentication — and cybercriminals know this.