Businesses are well aware of the devastation that account takeovers (ATO) can leave behind in their wake. But is awareness enough?
Arkose Labs, an online fraud and abuse protection tech provider, revealed some telling findings in their study on how exactly businesses are handling this threat. This study included the participation of more than 100 IT executives of U.S. companies in well over a dozen industries.
Just How Bad Is It?
Not only do businesses undervalue the sheer volume of the attacks, but also the total cost of account takeovers aimed at their users. Account takeovers are the driving force behind fraud and abuse at the global level. When personal information is stolen, it is sold on the Dark Web in order to be reused. This serves to sustain the endless cycle of data breaches.
Furthermore, the money that is stolen from hacked accounts can be utilized to finance more scams and make even more fraudulent purchases. Seemingly legitimate accounts can also be used to send spam and phishing messages to customers through email.
One thing is clear, ATOs gravely impact the user experience and endangers the brand’s reputation. Irrespective of the size of the company or the industry, almost half the companies surveyed reported losing customers over the course of last year due to ATOs. About 90% agreed that ATOs had negatively impacted user experience.
Compliance issues are another result of these attacks. If businesses simply stand idly and allow their accounts to be compromised at scale, it will inevitably catch the attention of regulators who will question the security of the platform. This can translate into higher compliance costs and add additional burdens on the internal staff to up their cybersecurity efforts.
More Highlights From The Study
Do businesses have the full picture of just how much ATOs are costing them? Some do not. One business reported facing a whopping 30,000 ATO attacks each day. With each costing around $100,000 every month, but they were mostly unaware of the sheer volume until further investigation brought this to light.
About 90% of the respondents reported that the ATOs were costing them less than $500,000 back in 2020. Over the past year, 39% said that they had lost less than $100,000.
Lizzie Clitheroe, Head of Product Marketing at Arkose Labs, had this to say:
“With this latest study, we wanted to better understand how ATO attacks are affecting businesses across industries. What we have found is that it can be deeply destructive – from a brand/user experience to the overall monetary loss for an organization.”
Upwards of 70% of participants mentioned that account integrity was a “top security concern” for their businesses.
Financial institutions (94%) reported that ATOs had impacted the user experience for their customers. Furthermore, the leading ways that ATOs had affected financial institutions in 2020 included negative brand reputation, increased compliance concern, and decreased revenue.
Whose Responsibility Is It?
Despite the clear and present danger of these threats, businesses are still at odds as to who should take on the responsibility of protecting the business and its customers. Most participants mentioned that the ones who should take on the primary role should be the information security department. Still other companies chimed in with the product, engineering, or fraud departments.
Regardless of who shoulders the responsibility, one thing is clear, businesses must be aggressively pursuing ways to prevent ATOs. One of the best ways is to monitor all of the login traffic. They should then classify the risk profile based on “real-time behavioral signals.” This would make it very difficult for fraudsters to attack, and perhaps avoid any future attacks.