RISKIFIED BLOG
  • Everything
  • Account Protection
  • Customer Experience
  • eCommerce Events
  • eCommerce Expansion
  • Fraud Prevention
  • Fraud Trends
  • News and insights
  • Podcast
  • Product & Technology
  • Recouping lost revenue
  • Uncategorized

The Login Dilemma: Shopping in the Age of Account Takeover

  • Guides
  • Webinars
  • Infographics
  • Reports

Categories

  • Account Protection
  • Customer Experience
  • eCommerce Events
  • eCommerce Expansion
  • Fraud Prevention
  • Fraud Trends
  • News and insights
  • Podcast
  • Product & Technology
  • Recouping lost revenue
  • Uncategorized

Resource Center

  • Guides
  • Infographics
  • Webinar
  • Reports

Riskified

  • Solution
  • Pricing
  • Customers
  • Company
  • eCommerce

Account Protection |

The Login Dilemma: Shopping in the Age of Account Takeover

The Login Dilemma: Shopping in the Age of Account Takeover
Written by Amarelle Wenkert
July 21, 2020
  • facebook
  • linkedin
  • twitter
Written by Amarelle Wenkert
July 21, 2020

Read highlights from our new Account Takeover Report, which analyzes Riskified's 2020 Account Security Survey. Discover how significant store accounts are to your customers' experience and understand the main challenges of account protection.

When we assess the potential damage of online fraud, there is the standard card not present (CNP) fraud, and then there are account takeovers (ATOs). When fraudsters gain access to your customers’ accounts, they obtain valuable information, and the fraudulent transactions they go on to commit are much harder to detect and stop. ATOs hurt merchants’ brand and their bottom line because they target their best, most loyal customers, driving a wedge between them.

Earlier this year, Riskified commissioned a survey of nearly 4500 participants to gain insights into the negative impact ATOs have on both customers and merchants. Despite the increase they recorded in ATO attacks—more than one in three (35%) merchants reported that at least 10% of their accounts had been compromised in the last 12 months—many merchants do not have the necessary safety measures to fend off such attacks. 

Our report, The Login Dilemma: Shopping in the Age of Account Takeovers, provides an overview of the ATO phenomenon, unpacking why such attacks are on the rise and sharing notes from Riskified’s research into popular tactics and MOs. You’ll also find actionable insights that reveal how online shoppers truly feel about store accounts and loyalty programs, their security expectations, and how they react when their accounts are compromised. Finally, we share tips for protecting store accounts and making accurate decisions at the first point of contact: the login.

Here are some of the topics we cover in our report.

How do fraudsters obtain those valuable login credentials?

ATO attacks require another layer of fraud on top of a standard CNP: a bad actor must gain access to a legitimate customer’s eCommerce store account. One popular way in which fraudsters get a hold of credentials is via phishing attacks. These are easy to execute, cheap, and effective—once you get a knack for it.

Phishing specialists manipulate and trick account holders—in some cases, even customer service representatives—into surrendering credentials. One of the schemes we’ve seen involves creating a mockup of a popular site, like Amazon.com, and prompting users to reset their passwords. Kits for creating such mockups are sold on the dark web. 

How do customers and merchants feel about ATOs?

Our survey results leave little room for ambiguity on one key factor: most online spending happens through store accounts. More than half of merchants say that account holders shop more often, and spend more per purchase, compared to customers who check out as guests. The overwhelming majority of customers, 81%, said that more than half of their online transactions happen at stores where they already have an account. 

Store accounts are much more than a service to customers; they are assets. Every time a customer opens an account with a merchant, their future expenditure prospect increases. The lifetime value of the shopper can double or triple when they open an account. But, like any other perk merchants offer their customers, accounts create a vulnerability. Customers are very aware of this threat, with the majority saying they are somewhat or very concerned about having their accounts compromised. Nearly 20% of consumers said they’ve had accounts compromised within the past year. 

How to protect your store from ATO attacks?

The fundamental challenge to stopping ATOs is that merchants do not have enough information to work with at the login point to make a reliable decision. Simply comparing IP addresses and device fingerprints are not enough to make an accurate decision.

So what can merchants do? The answer lies in mixing the right “cocktail” of data points. These can include IP geo data, behavioral analytics, and the input of a spoofing detection solution, to name a few. Many times, accurate login decisioning is the result of a comprehensive data-sharing program. For merchants who partner with an ATO fraud solution, it is vital to ensure that your provider aggregates data from other merchants because strong data networks can fill in the gaps in information.

Download the Full Report

These are just some of the insights included in our report about Account Security in 2020. For more on fraud prevention best practices, download the full report.

Subscribe to our blog updates

Subscribe to our blog

Survey Says?! ATOs Are a Major Threat and Many Merchants Are Unprepared

Account Protection

Survey Says?! ATOs Are a Major Threat and Many Merchants Are Unprepared

Read more
How the Fashion Industry Can Stay Resilient in 2020

Fraud Prevention

How the Fashion Industry Can Stay Resilient in 2020

Read more
European eCommerce: Promoting Resilience in a Disrupted Market

eCommerce Expansion

European eCommerce: Promoting Resilience in a Disrupted Market

Read more

Recommended

  • facebook
  • linkedin
  • twitter

Riskified

  • Solution
  • Customers
  • Pricing

Integrations

  • Documentation
  • Support
  • Riskified API

See our new infographics

  • Keeping Pace in Online Electronics Sales
  • Fighting Fraud in Cosmetics
Request Demo

Company

  • Careers
  • Blog
  • About
  • Partners

Resources

  • Content
  • Terms
  • Privacy
  • Security

Subscribe to the newsletter

Request demo

Subscribe to the newsletter