Account takeover fraud (ATO) has emerged as the most important cyber security risk of 2020. According to recent studies, ATO fraud has been a growing issue for online merchants ever since the lockdowns due to global COVID19 pandemic compelled consumers to shop more on the internet. ATO fraud involves the compromise of user accounts and their payment data.
Some estimates suggest that between 2021 and 2025 online businesses will suffer more than $206 billion in losses from ATO fraud. The increase in threats related to ATO fraud in the past year is down to hackers attacking mobile phones. More and more online shoppers are ordering items from their mobile phones. As a result, mobile phones have become the most vulnerable to these threats.
In a recent survey involving security agency professionals, 62% of the respondents said that combatting ATO fraud in each vector – both mobile and desktop portals, will be key to preventing these risks. That’s because the complexity of ATO attacks improves over time. The more security officials do to prevent ATO fraudsters, the more sophisticated these cybercriminals become.
Thankfully, merchants can fight back against these threats. They must use fraud prevention tools with Machine Learning capabilities. That’s the only way to stay prepared in the face of ever-evolving and increasingly sophisticated criminal attacks. Unlike other cyberattacks on online platforms, ATO fraud is the hardest to prevent because –
These attacks prey on the weaknesses of both the online platforms and their consumers. So, a fully secure eCommerce platform can get compromised if one of its users doesn’t take necessary security steps.
In the past, the security hurdles that used to be imposed on online shopping platforms to protect employee accounts, were not customer-friendly. The added security measures deterred shoppers from completing transactions. This lead to countless cart abandonments. To cut losses, many online merchants decided not to use complicated security solutions on their platforms anymore. As a result, they were left more vulnerable to ATO attacks.
Even if online shoppers are to blame for the unauthorized access that ATO fraudsters gain to their accounts, the seller or the merchant can still be held responsible in court by customers, government agencies, etc.
Since ATO attacks rely mainly on the reuse of stolen customer data, the first thing that every merchant should do is use a security system that detects login attempts using previously compromised credentials. However, that’s not enough. These tools must also –
Assess all Transactions
Cyber criminals have harvested terabytes of stolen data to execute sophisticated ATO attacks on vulnerable platforms. They fraudulently open new accounts to bypass standard security tools. Then, they do everything to make themselves appear as valid customers.
To catch such sophisticated fraudsters, merchants must use advanced account takeover protection tools that assess each transaction to discover –
- The location, identity, and other details of the person/people other side of the digital transaction (GPS locations, HTML5 device-based locations).
- Immediately assign risk scores to each transaction based on the trends and behaviors of the user in question.
- Make sure the customer experiences aren’t hampered due to these assessments.
- Interactions with different links on the online platform.
- Typing speed
- How long specific users spend on specific pages?
Real-time insight helps these AI-powered tools distinguish between good and bad activities. These tools can instantly detect what device the shopper is using, how they connected to the eCommerce site, their location, and their past reputation on the platform.
As a result, the platform makes fact-based decisions, every time a transaction is processed. Thanks to AI programs, these assessments take less than a couple of seconds. Consumers won’t even realize that their online behaviors, location-related data, etc., are being tracked. They’re only apprehended if they do something wrong.
Plus, these tools also come with in-built compliance features. They help online merchants remain compliant and follow the latest regulations regarding online transactions. As a result, these tools evolve and improve with time. As ATO attacks get more sophisticated, so does the fraud detection capabilities of these AI-powered tools.
Consistency in Identifying
With a good anti-ATO tool an online merchant can quickly differentiate between trusted customers and potential scammers. As a result, the amount of friction that “trusted” consumers experience during payouts, is minimal. This consistency in identifying normal shoppers is key to enhancing an online platform’s customer experience.
For example, an ATO protection tool shouldn’t just assess the GPS location of a consumer. During transaction requests, it should assess additional details like ISP metadata or IP location. That’s the only way of surely knowing where these users are really located.
Thankfully, maintaining consistency in identifying is now possible with security tools with ML capabilities. As machine learning programs improve with time, the consistency of theirs output also improves. In a world where ATO fraud is so prevalent, using such cutting-edge tools is a necessity for online merchants.