• Latest
Account Takeover

Account Takeover

June 1, 2022
Moving identity authentication earlier in customer flow is top of mind at MRC Vegas 2023:

Moving identity authentication earlier in customer flow is top of mind at MRC Vegas 2023:

March 28, 2023
How to Strengthen Your Small Business’s Defenses Against Identity Theft

How to Strengthen Your Small Business’s Defenses Against Identity Theft

March 23, 2023
How Companies Can Avoid Zero-Party Data Fraud

How Companies Can Avoid Zero-Party Data Fraud

March 13, 2023
New Podcast Episode: Walls of Thieving Cellphones with Nethone

New Podcast: How to Stop Return Policy Abuse Fraud (Pt. 2)

February 22, 2023
Germany’s Fraud Prevention Firm Hawk AI to Focus on Global Expansion with $17M Series B

Germany’s Fraud Prevention Firm Hawk AI to Focus on Global Expansion with $17M Series B

February 15, 2023
Merchant Fraud Journal Releases Biggest Annual Fraud Trends Report Yet with Insights from 16 Leading Payment and Fraud Solutions

Merchant Fraud Journal Releases Biggest Annual Fraud Trends Report Yet with Insights from 16 Leading Payment and Fraud Solutions

February 7, 2023
Curbing emerging fraud types with network intelligence and data enrichment

Curbing emerging fraud types with network intelligence and data enrichment

January 31, 2023
Policy Abuse Fraud: What Is It and How to Protect Against It

nSure.ai Delivers Growth to Digital Commerce Leaders and Boosts YoY Revenue by 280%

January 25, 2023
Fraugster and Refurbed partner to increase approval rates and reduce fraud for refurbished electronics marketplace

Sift Appoints Former Ping Identity COO Kris Nagel as CEO

January 20, 2023
Veridos Announces Innovatrics as Strategic Partner for Advanced DNA ID Verification

Veridos Announces Innovatrics as Strategic Partner for Advanced DNA ID Verification

January 19, 2023
New Podcast Episode: Walls of Thieving Cellphones with Nethone

New Podcast: How to Stop Return Policy Abuse Fraud

January 10, 2023
How to Write a Strong Chargeback Policy: Tips to Help You Protect Your Business

How to Write a Strong Chargeback Policy: Tips to Help You Protect Your Business

January 6, 2023
  • Contribute
  • Contact Us
  • About
  • Join Us
  • Advertise
Tuesday, March 28, 2023
Merchant Fraud Journal
  • Home
  • Articles
    • Chargebacks
    • Fraud Prevention
    • Influencer Insights
  • Resources
    • Recorded Webinars
    • Podcasts
    • Vendor Directory
    • eCommerce Fraud Reports
    • Training and Certifications
    • Jobs Board
    • Associations and Non-Profits
  • News
No Result
View All Result
  • Home
  • Articles
    • Chargebacks
    • Fraud Prevention
    • Influencer Insights
  • Resources
    • Recorded Webinars
    • Podcasts
    • Vendor Directory
    • eCommerce Fraud Reports
    • Training and Certifications
    • Jobs Board
    • Associations and Non-Profits
  • News
No Result
View All Result
Merchant Fraud Journal
No Result
View All Result

Account Takeover

Q&A w/ Brittany Allen, Trust and Safety Architect at Sift

by Bradley
June 1, 2022
in Articles, Influencer Insights
Account Takeover

Account takeover is when a cyber criminal gains access to a user’s username and password in order to steal money, reward points, personal information, or corporate assets.

The post answers common questions about account takeover (ATO) fraud:

  • What merchant vulnerabilities are leading to the huge increase in account takeover fraud?
  • Why are fraudsters attracted to account takeover fraud?
  • What are the most popular types of account takeover fraud attacks??
  • What should fraud prevention specialists be doing to prevent account takeover fraud attacks?
  • What should executives be doing to stop account takeover attacks?
  • What should an organization do once it discovers it has been hit by an account takeover attack?
  • How do companies define and identify login attempts that are ‘higher-risk’ for account takeover fraud?
  • Are there scenarios where friction must be introduced into the customer experience to prevent account takeover fraud?
  • What is the future of passwordless authentication?
  • If you could give one tip to merchants to stop ATO fraud attacks, what would it be?

What merchant vulnerabilities are leading to the huge increase in account takeover fraud?

The shift to the digital-first economy has given fraudsters more places to hide, far more potential data to steal, and a growing number of online accounts to exploit. As businesses see sustained growth in digital transactions and a rise in consumer accounts being created, it invites the attention of cybercriminals. However, the main reason fraudsters are able to successfully commit ATOs isn’t because of merchants’ digital-first business growth, but the rise of data breaches, phishing attacks, and consumer password reuse. Data breaches lead to credential theft, and 65% of consumers commonly reuse passwords make it easier than ever for fraudsters to access multiple accounts with a single set of stolen credentials.

Why are fraudsters attracted to account takeover fraud?

The reason ATO attacks have surged 307% between 2019 and 2021 is because fraudsters see the potential to go beyond accessing payment information, such as stored credit cards. Through ATOs, cybercriminals can hijack a user’s credit or loyalty point balances to sell on the Dark and Deep Web as another way to make a profit. In fact, 26% of consumers who suffered an ATO attack lost loyalty credits and rewards.

More often than not, fraudsters don’t steal loyalty points or make unauthorized purchases immediately after they’ve hacked an account. Instead, they find it more valuable to use the account to execute other scams such as selling credit card numbers or testing users’ credentials across high-value accounts. This lag in action allows criminals to stockpile stolen account credentials, effectively scaling their ability to attack again and maximize profits.

What are the most popular types of account takeover attacks?

Due to the wealth of email addresses cybercriminals have access to, they’ve increased the sophistication and scale of their attacks via automation. One of the main methods fraudsters use to execute ATOs is credential stuffing where fraudsters use bots to input thousands of stolen usernames and passwords into website forms to gain access to a large number of accounts in a short timeframe.

Sift researchers, for example, uncovered a sophisticated fraud ring named Proxy Phantom which attempted to overwhelm e-commerce merchants by using a massive cluster of rotating IP addresses paired with credential stuffing attacks. The group used 1.5 million stolen credentials to flood businesses with bot-based attempted logins and conduct as many as 2,691 attempts per second to try and hack user accounts on merchants’ websites.

Cybercriminals are also using high-touch manual attacks, such as spear phishing, to execute ATOs. Through this method, they send scams and spam through a known user account to trick targeted individuals into sharing sensitive information, such as usernames and other credentials.

The bottom line is that fraudsters have the time, means, and motivation to attack, and are now more knowledgeable about the mechanics of digital commerce and the merchants they target.

What should fraud prevention specialists be doing to prevent account takeover fraud?

Firstly, fraud prevention specialists need to understand that fraud is constantly evolving, becoming more sophisticated, and impacting business growth – whether organizations believe it or not. With the massive shift to digital commerce and online everything during the pandemic, the fraud landscape is different than it was just two years ago and beating back attacks is critical. Sift data shows that 56%-74% of customers will abandon a business if their account gets hacked.

The main way to proactively fight against fraud is to leverage machine learning. With machine learning, fraud teams can spot trends before they become pervasive and proactively prepare for fluctuations. Machine learning is essential to not only identifying new trends but changing risk thresholds. By reviewing purchases or logins in real-time, machine learning can quickly adapt to look at new signals in order to detect suspicious activity without human intervention. This helps fraud teams proactively stay ahead of ATOs and stop fraudsters from getting into user accounts.

At the same time, businesses must ensure that they make things easy for their customers by applying friction dynamically – that is, only adding friction to the site or app experience when necessary.

What should executives be doing to stop account takeover attacks?

Executives must recognize that fraud prevention goes beyond security – fraud impacts business growth, customer experience, and a company’s reputation. ATO attacks are capable of driving all the wrong business results for merchants: revenue loss, churn, and disputes. Fraudsters will never stop adapting tactics and strategies, or hunting for security vulnerabilities in e-commerce, necessitating a proactive approach. To secure customer accounts and fuel growth, business leaders should provide their trust and safety teams with the right tools and technology to accurately surface and stop ATO fraud before it sneaks through the gate.

What should an organization do once it discovers it has been hit by an account takeover fraud?

To maintain consumer trust, always notify the user of malicious activity immediately. Within this alert, the organization should provide the user with clear next steps to secure their account, and warn them of other at-risk accounts that might share the same credentials.

The organization should also assume that more user accounts have been compromised, even if there isn’t evidence of other fraudulent purchases or other accounts being drained of funds. ATO fraudsters will often lie in wait until they feel the “coast is clear” before they start wreaking havoc. In this case, trust and safety teams should pay attention to changes in device, IP addresses and geolocation – especially if it’s linked to changes in account information. This activity provides evidence that two individuals are accessing one account – the legitimate account holder and the fraudster – proving that the account has been compromised.

How do companies define and identify login attempts that are ‘higher-risk’ for account takeover fraud?

Fraud teams can identify high-risk accounts by analyzing a range of user activity and identifying anomalies or suspicious behaviors. Some examples of suspicious behavior might include an account sending a large purchase to a new address, a different credit card making a transaction, or a change in how quickly an account made a purchase compared to typical purchase behavior. While any one of these behaviors may not be enough to confirm whether the activity is fraudulent, the combination of these signals can provide a powerful and accurate risk assessment. Through automation, businesses can track risky behavior in real-time to stop fraud before processing a transaction.

Are there scenarios where friction must be introduced into the customer experience to prevent account takeover fraud?

Incorporating a Digital Trust & Safety framework into your business model doesn’t have to negatively impact customer experiences. There are ways to add additional security measures, like passwordless authentication, which ensures a  seamless experience for legitimate users.

Businesses should introduce friction only when dealing with suspicious activity. Friction for all damages the customer experience, but dynamic friction powered by machine learning customizes user experiences in real-time, and ensures businesses aren’t treating legitimate activity like criminals.

Once you set up your fraud prevention strategy, a sophisticated machine-learning model can do much of the heavy lifting for your business and your users. For example, Sift’s machine learning models use over 16k signals to detect risks at the point of login, all in real-time.

What is the future of passwordless authentication?

Biometric multi-factor authentication is the future of account security, which is why Sift acquired Keyless – an authentication provider that leverages biometrics – in 2021, and is integrating it directly into our core Digital Trust & Safety Suite.

When implemented in a privacy-preserving way, biometrics eliminate the need for passwords and drastically reduce friction in the login experience.

If you could give one tip to merchants to stop account takeover fraud attacks, what would it be?

Think like a fraudster. This starts with determining how much your business is at risk. Ask yourself – would it be valuable for criminals to target user accounts on your company’s website? If so, what information would fraudsters go after – loyalty points or stored credit cards?

One example involves loyalty points that can be transferred to another merchant for redemption, such as turning airline miles into cash – this is one type of attractive target for fraudsters. Once merchants have determined where cybercriminals are likely to attack, they can develop specific strategies to prevent such abuse.

Understanding this risk allows merchants to implement strategies and tools, like machine learning, to track suspicious activity and improve their account defenses to better fend off ATOs on their platform.


Brittany Allen Bio: 

Brittany Allen has more than a decade of experience combating e-commerce marketplace fraud at companies such as Etsy, Airbnb, 1stDibs, and letgo. Her expertise in fraud mitigation, policy leadership, and dispute management has led her to speak at numerous industry conferences representing Sift as a Trust and Safety Architect, a role focusing on trust and safety education, developing industry best practices and strategies, and being the voice of Sift.

 

ShareTweetShareSend
Previous Post

New Report: Addressing Payment Fraud and the Customer Experience in 2022

Next Post

The App Store stopped nearly $1.5 billion in fraudulent transactions in 2021

Next Post
The App Store stopped nearly $1.5 billion in fraudulent transactions in 2021

The App Store stopped nearly $1.5 billion in fraudulent transactions in 2021

Our Latest Reports

2022 Chargeback Consumer Survey Report

Fraud Prevention Tactics that Enable Exceptional Customer Experience

Addressing Payment Fraud and The Customer Experience in 2022

2022 Fraud Trends Report

ATO Fraud In Retail Report

2022 Customer Experience Report

3 Ways a Unified Chargeback Management and Fraud Platform Increases Revenue

Digital Trust And Safety Report: Combating the Evolving Complexities of Payment Fraud

On-Demand Webinars

Balancing Customer Experience and Fraud Prevention: What’s the Secret?

Stopping Fraud Across the Customer Lifecycle

Addressing Payment Fraud and the Customer Experience in 2022

 

Get the 2023 Fraud Trends Report

Search Our Site

No Result
View All Result

Our Sponsors

Featured Directory Listings

  • logo
    NoFraud
  • SEON. Fraud Fighters
  • sift logo
    Sift
  • Signifyd
  • Ekata
  • Microsoft Dynamics 365 Fraud Protection
  • PayRetailers
  • Spotrisk

Our Sponsors

Fraud Industry News

Moving identity authentication earlier in customer flow is top of mind at MRC Vegas 2023:

Moving identity authentication earlier in customer flow is top of mind at MRC Vegas 2023:

March 28, 2023
How to Strengthen Your Small Business’s Defenses Against Identity Theft

How to Strengthen Your Small Business’s Defenses Against Identity Theft

March 23, 2023
How Companies Can Avoid Zero-Party Data Fraud

How Companies Can Avoid Zero-Party Data Fraud

March 13, 2023

Connect With Us

Quick Navigation

  • Home
  • News
  • Join Us
  • About Us
  • Contact Us
  • Advertise
  • Contribute
  • Privacy Policy

The Payments Media Network

Merchant Fraud Journal
Payments Review

Privacy Policy

Our Privacy Policy
Our Terms of Use

Resources

  • Articles
  • eCommerce Fraud Reports
  • eCommerce Fraud Webinars
  • Training and Certifications
  • Jobs Board
  • Associations and Non-Profits
  • Podcasts
  • Vendor Directory

Popular Posts

  • How to File a Claim With FedEx + What To Do If Claim is Denied

    How to File a Claim With FedEx + What To Do If Claim is Denied

    0 shares
    Share 0 Tweet 0
  • How Does Two-Factor Authentication (2FA) Work?

    0 shares
    Share 0 Tweet 0
  • Top eCommerce Fraud Prevention Companies

    0 shares
    Share 0 Tweet 0
  • The Best Reverse Email Lookup Tools in 2022 (with pricing)

    0 shares
    Share 0 Tweet 0

Featured Vendors

  • NoFraud
  • SEON. Fraud Fighters
  • Sift
  • Signifyd
  • Ekata
  • Microsoft Dynamics 365 Fraud Protection
  • PayRetailers
  • Spotrisk

Download the 2023 Fraud Trends Report

No Result
View All Result
  • About Merchant Fraud Journal
    • Interested in Contributing or Guest Posting to Merchant Fraud Journal?
  • Advertise on Merchant Fraud Journal
  • Articles
    • Chargebacks
    • Fraud Prevention
    • Influencer Insights
  • Contact Us
  • Download Addressing Payment Fraud and Customer Experience Report
  • Download Chargebacks Consumer Survey Report 2022
  • Download Evolving Complexities of Payment Fraud Report
  • Download Fraud Prevention Tactics that Enable Exceptional Customer Experiences Report
  • Download Merchant Fraud Journal 2023 Fraud Trends Report
  • Download the 2020 Chargeback and Representment Report
  • Download the 2020 Merchant Fraud Journal Vendor Guide
  • Download the 2021 Fraud Trends Report
  • Download the 2022 Fraud Trends Report
  • Download the 3 Ways a Unified Chargeback Management and Fraud Platform Increases Revenue Report
  • Download the MFJ 2022 Customer Experience Report
  • Download the MFJ ATO in Retail Report
  • Home
  • Job Dashboard
  • Join The Merchant Fraud Journal Community
  • Merchant Fraud Journal Advertising Agreement
  • MFJ Fraud Trends Report Giveaway
  • News
  • Post a Job
  • Privacy Policy
  • Resources
    • 2020 Chargeback Representment Guide for Merchants
    • 2020 Vendor Guide
    • 3 Ways a Unified Chargeback Management and Fraud Platform Increases Revenue
    • Addressing Payment Fraud and the Customer Experience in 2022
    • Associations and Non-Profits
    • ATO Fraud In Retail Report
    • Balancing Customer Experience and Fraud Prevention: What’s the Secret?
    • Chargebacks Consumer Survey Report 2022
    • Digital Trust & Safety: Combating the Evolving Complexities of Payment Fraud
    • eCommerce Fraud Reports
    • eCommerce Fraud Webinars
    • Fraud Prevention Tactics that Enable Exceptional Customer Experiences
    • Fraud Prevention Training and Certifications
    • How to Build a Recession Proof Chargeback Prevention Strategy
    • How to Stop Fraud During the 2022 Holiday Season
    • Jobs Board
    • Merchant Fraud Journal 2023 Fraud Trends Report
    • Merchant Fraud Journal’s Fraud Trends 2020 Report
    • Merchant Fraud Journal’s Fraud Trends 2021 Report
    • Merchant Fraud Journal’s Fraud Trends 2022 Report
    • MFJ’s 2022 Customer Experience Report
    • Podcasts
    • Prevent High-Velocity Fraud Attacks During the 2021 Holiday Season
    • Stopping Fraud Across the Customer Lifecycle
    • Vendor Directory
    • Webinar – Addressing Payment Fraud and the Customer Experience in 2022
    • Webinar – Mitigating Fraud and Risk on the ACH Network
    • Win January Chargeback Disputes
  • Subscribed
  • Terms and Conditions

© 2021 Payments Media Solutions Canada Inc.

Are you sure want to unlock this post?
Unlock left : 0
Are you sure want to cancel subscription?