PaymentsJournal
SUBSCRIBE
  • Analysts Coverage
  • Truth In Data
  • Podcasts
  • Videos
  • Industry Opinions
  • News
  • Resources
No Result
View All Result
PaymentsJournal
  • Analysts Coverage
  • Truth In Data
  • Podcasts
  • Videos
  • Industry Opinions
  • News
  • Resources
No Result
View All Result
PaymentsJournal
No Result
View All Result

Merchants Are Unprepared to Tackle the Threat of ATOs

Assaf Feldman by Assaf Feldman
July 2, 2020
in Featured Content, Industry Opinions, Merchant, Security
0
Merchants Are Unprepared to Tackle the Threat of ATOs
0
SHARES
0
VIEWS
Share on FacebookShare on TwitterShare on LinkedIn

Account Takeovers attacks (ATOs) are a problem. My company, Riskified, recently commissioned a survey of about 4,000 customers and 425 merchants and found that 66% of merchants and 69% customers are concerned about their accounts getting hacked. But we also found that a surprisingly large percentage of merchants are completely unprepared to tackle ATOs, with 27% of all merchants reporting that they don’t have measures in place to prevent them.  

Account takeovers occur when a fraudster gains access to a legitimate customer’s account, often through stolen login information gained by phishing or a data breach. Once accessed, the fraudster can pose as a legitimate customer, making it harder for merchants to recognize the fraud, and helping fraudsters make off with stolen goods. It’s proven to be a successful tactic – 35% of merchants surveyed reported that at least 10% of their accounts have been taken over in the last year.

So what losses do merchants sustain as a result from an ATO? The obvious answer is chargebacks. Fraudsters love ATOs, and merchants vulnerable to ATOs will eventually have a chargeback problem on their hands. But that’s not all.

Damaging merchants’ brand and future business

To understand the full extent of an ATO’s impact, we must look at what happens to account holders after an attack or, more precisely, what doesn’t happen. Our survey found that of the customers who have been victims of an ATO, only 7.5% say they were contacted about the ATO by the merchant. The other 92.5% learned about it from their credit card company (36.3%), received an order confirmation (26.3%), saw the unauthorized purchase on their account (16.9%) or had their account details or password changed (13.1%).

That’s a terrible customer experience and a huge blow to a merchant’s brand reputation. It’s little wonder that 65% of customers say that they would stop buying from a merchant if their account was compromised. Our survey also found that 54% of customers would delete their account, 34% would go to a competitor, and 33% would tell their friends to stop shopping with the merchant. The revenue losses resulting from an ATO aren’t limited to chargebacks. They include further potential business from a merchant’s account holders and the referrals they could bring.

It’s even more important for merchants to have robust ATO prevention when you consider how much business merchants get from account holders. Sixty-four percent of merchants we surveyed say that at least half of their orders come from account holders, and those account holders spend more (according to 58% of merchants) and shop more frequently (according to 61% of merchants) than guest-checkout users.

Switching to an end-to-end approach

ATOs are hard to prevent effectively because the point at which the fraud occurs gives merchants little data to review. Merchants are working with a login and a password – and not the items purchased and billing and shipping details, for example – so it’s a tough decision based on limited information. Merchants can start by taking into account as much information as possible, such as device and network details, proxy usage, previous logins. They should use all the data points that can help determine in real time if the person accessing the account is the legitimate account holder.

But what’s more important is that merchants understand ATOs from the fraudster’s point of view. For them, the ATO isn’t the goal – stealing customer data or successfully placing an order is. With that in mind, merchants should view ATOs as longer-term events rather than isolated account actions and take steps based on the larger picture, the risk level and customer expectations. With an end-to-end approach, merchants can maximize revenue and minimize customer frustration by viewing account security as a continuum.

If, for example, a customer logs in from a new country and new IP using a unique device, they’re likely to be declined at checkout. That’s a bad customer experience, and it’s far better for the merchant to employ multi-factor authentication at login to verify the customer and approve the purchase rather than decline it at checkout.

But that type of hard verification isn’t always necessary. For account events that fall in a grey area, merchants can wait to see what happens next. If the cart from the initially suspicious login reaches checkout with an order typical of the account holder’s purchase history and shipping to a known address, then merchants can likely safely approve the order and recognize the unfamiliar device for the future.

On the other hand, if a merchant views an account activity as safe, but that’s followed by unusual shopping activity and a high-value cart, the merchant can ask the shopper to verify their identity, potentially preventing a chargeback and the ensuing damage. Viewing transactions from start to finish is invaluable in increasing accuracy.

That’s why it’s also important for merchants to ensure the teams managing the different parts of the shopping journey are communicating and coordinated. This end-to-end approach to tackling ATOs doesn’t just decrease risk for merchants, but results in a better customer experience that helps merchants increase revenue.

Tags: Account Take OverATOBrand reputationChargebackCybersecurityfraudFraud PreventionIndustry OpinionsMerchantsSecurity
0
SHARES
0
VIEWS
Share on FacebookShare on TwitterShare on LinkedIn

    Analyst Coverage, Payments Data, and News Delivered Daily

    Sign up for the PaymentsJournal Newsletter to get exclusive insight and data from Mercator Advisory Group analysts and industry professionals.

    Must Reads

    cross-border payments

    Cross-Border Payments: Fighting
    E-Commerce Fraud Using Data

    March 20, 2023
    fraud, ChatGPT-4

    How to Fight Fraud While Still Enabling a Great Online Customer Experience

    March 17, 2023
    RTP

    Financial Institutions Without an RTP Strategy Risk Being Left Behind

    March 16, 2023
    visa chargeback

    New Visa Chargeback Guidelines Will Be a Game Changer

    March 15, 2023
    liquidity management

    Liquidity Management Takes on Increasing Importance in Uncertain Economic Times

    March 14, 2023
    payments

    Key Challenges from Growing Payment Methods and Volume

    March 13, 2023
    Data Governance is a Journey, financial data

    How FIs Can Power Their Operations with a Modern Data Architecture

    March 10, 2023
    ISO 20022

    How Banks Can Realize Business Benefits and Reduce Payments Fraud With ISO 20022

    March 9, 2023

    Linkedin-in Twitter

    Advertise With Us | About Us | Terms of Use | Privacy Policy | Subscribe
    ©2023 PaymentsJournal.com

    • Analysts Coverage
    • Truth In Data
    • Podcasts
    • Videos
    Menu
    • Analysts Coverage
    • Truth In Data
    • Podcasts
    • Videos
    • Industry Opinions
    • Recent News
    • Resources
    Menu
    • Industry Opinions
    • Recent News
    • Resources
    • Analysts Coverage
    • Truth In Data
    • Podcasts
    • Industry Opinions
    • Faster Payments
    • News
    • Jobs
    • Events
    No Result
    View All Result