Fraudsters Think Account Takeover Is Easy Street. Make It a Dead End.

Fraudsters rapidly evolve their tactics as they look for the path of least resistance. And account takeover (ATO) fraud, especially in the retail space, is very much looking like Easy Street.
ATO fraud is not new, but it is growing. In 2018, fraud losses due to account takeover were around $4 billion. In 2021, this number has grown by more than 200% and is estimated to be over $12.5 billion.
Meanwhile, COVID has fundamentally impacted the way consumers interact with all businesses, including retailers. Consumers demand seamless customer experiences, and competitive forces push businesses to abide, or lose valuable customers. Broad adoption of digital wallets, guest checkout, and contactless payments had businesses scrambling to incorporate new payment methods.
Many businesses were unprepared for these changes, and as a result introduced vulnerabilities that were easy for fraudsters to exploit. In a 2021 study by Ponemon Institute, 81% of fraud professionals polled felt their organizations were more vulnerable due to digital transformation efforts.
Unfortunately, traditional fraud-prevention methods tend to be reactive as opposed to proactive. And as retailers play catch-up, identity criminals expand their target range. For example, high-impact opportunities with buy now, pay later (BNPL) options, peer-to-peer (P2P) payments, and cryptocurrencies are proving particularly interesting (and lucrative) for fraudsters.
Much More at Stake Than What's Obvious
While calculating fraud losses, most merchants just look at the value of the transaction and associated fees. This is the obvious cost of fraud. But the non-obvious costs can be significant as well. They include the expense of fighting fraud, and operational resources involved in reviews and remediation and lost revenue from a diminishing brand value.
The lifetime value of customers decreases as consumers are less likely to use services where they feel their information is not secure and this is often compounded by the reputational damage of the customer sharing their poor experience with friends and family. In addition to lost revenue , these consumers switch to competitive services and further decrease a brand’s market share.
How to Proactively Address Increased ATO Risks
Protect Yourself Before the Transaction Occurs
Companies that are successful in proactively combating account takeover employ prevention tools that enable continuous adaptive trust. Multi-factor authentication works well at the login phase, but it introduces friction to good customers and does not protect the whole transaction. Employing continuous adaptive trust beyond the point of login and at specific actions even before checkout ensures your customer is trustworthy throughout the whole journey.
Implement Efficient Manual Review Processes
Manual reviews often get a bad reputation as they are slow and expensive. While it is important to automate decision making, manual reviews are necessary as your last line of defense to prevent fraud and to approve trustworthy customers. Technology has evolved to improve the internal process and businesses should look at deep links and demand a good UX to speed up the process.
While many rules and guidelines around COVID are winding down, the rate of ATO will not go down with them. Businesses need to streamline their fraud operations as much as they did other operations during the pandemic. Only then will we convince fraudsters to move away from ATO.
—Nadir Masood, Senior Product Marketing Manager, Pipl