Merchant accounts face great vulnerability as fraudsters engage in ATO.
A survey released by Riskified, a payments and fraud solutions provider, revealed an eye-opening revelation on the devastating effects of ATO’s or Account Takeover attacks on both customers and eCommerce business owners alike.
An ATO occurs when a fraudster successfully gains access to a customer’s stored account information within an eCommerce website. Once accessed, criminals use this information to commit fraud. The survey uncovered that ATO attacks have a destructive impact on both customers and merchants. Not only do merchants stand to endure a damaged brand reputation but their bottom lines will also suffer.
In spite of the clear consequences of these attacks, merchants surprisingly have done little to implement effective security measures. This has resulted in one in three (35%) merchants disclosing that, at minimum, 10% of their customer accounts had experienced ATO in the last 12 months.
Store accounts are incredibly valuable to merchants and customers, provided that they are secure. Customers specifically noted that they enjoy the convenience and rewards they earn.
ATOs A Growing Concern For Customers
With retail giants such as Target and countless other stores making headlines over the years due to breaches in security and stolen financial data, understandably, customers are growing more concerned. The primary concern is whether or not consumers’ sensitive financial information is being adequately secured.
According to the survey, 69% of customers reported their concern about the potential for their accounts to be hacked. The great challenge that merchants have is that it is incredibly difficult for merchants to determine whether purchases are compromised. This is largely because these purchases are very similar to purchases made by the rightful account holders or returning customers. However, when these criminals use stolen accounts to move forward with their fraudulent purchases, the merchant loses in two ways. One, the merchant loses money as well as the value of the products they sold. And Two, it will suffer a tarnished reputation and “diminished customer lifetime value”.
Customers take the security of their financial information seriously. How so? The survey demonstrated that 65% of customers said they would outright stop buying from a merchant if their account information was ever stolen or compromised. Fifty-four percent of customers said they would simply delete their store account, 39% would shop with a competitor, and finally, 30% of customers said that they would recommend their friends to stop purchasing from that merchant.
Currently, the security measures that some merchants do have is the two-factor authentication for any login attempts. Unfortunately, time-starved customers are likely to grow frustrated with this method and up the numbers of abandoned carts.
What Merchants Can Do Now To Thwart ATO Efforts
Given the immense complexity of detection, merchants need to look at network and device details, “proxy usage”, and any information related to previous logins to determine whether or not the individual attempting access is truly the legitimate owner. If there is any device or network that is unusual or giving off any red-flags that are consistent with fraudulent activity, merchants must act swiftly, alerting the account owner or implementing the two-factor authentication.
Merchants Must Act
Merchants stand to lose so much more than revenue and that is why it is critical that they must do all they can to reduce risk and increase their revenue. By implementing “advanced machine-learning solutions”, merchants will be equipped to identify authentic returning customers with ease, providing an easy, seamless journey to checkout. Any actions that look even remotely suspicious can be verified or obstructed to greatly reduce the damage.