Executive Summary

Account takeover attacks (ATOs) are on the rise: fraudsters have learned that while they require a little more effort, they yield better rewards than basic CNP fraud. ATOs also cause a great deal more harm. To customers, they can feel like a personal attack, and the compromised information fraudsters obtain through ATOs can have a lasting impact. Merchants, on their end, may suffer residual damage to their bottom-line.

Earlier this year, Riskified conducted our most comprehensive survey to date on account security, participated by 4,000 online shoppers and 425 merchants. We learned why store accounts are so critical to shoppers and merchants, and saw how ATOs drive a wedge between them, damaging brands’ hard-earned reputation.

This report explores how cybercriminals obtain legitimate login credentials, examines key MOs, and breaks down the variety of fraudulent schemes available to these bad actors once they breach an account. Read to discover actionable insights on customers’ and retailers’ attitudes towards account takeovers, and learn tips to detect a bad actor at the first point of contact: the login.


You’ll find insights on:

01    What are ATOs and how do they happen?

ATO attacks are multi-layered acts of fraud. First, a bad actor must obtain the login credentials to a good customer’s online store account. While the methods for doing that are typically more complex than simply buying stolen credit card details on the dark web—often involving advanced manipulation techniques and technological savvy—the effort is often worthwhile. Once a customer’s account is breached, there is a smörgåsbord of fraud schemes to pursue.  This chapter breaks down the methods fraudsters use to obtain login credentials and explores the main fraud tactics they employ once they gain account access.

02   Account Security Survey Results

How do customers and merchants feel about ATOs? Our 2020 Account Security Survey measured the pervasiveness and impact of ATO attacks. The majority of eCommerce transactions today happen via store accounts. 

Shoppers have come to expect the frictionless experience these accounts facilitate, and the loyalty perks that come with them, and are much more likely to return to a store where they are account holders. That is why store accounts are central to merchant-consumer relationships and to a shopper’s lifetime value. But how confident are your customers in their security, and what happens when these accounts are compromised? In this chapter, we share the most compelling and actionable insights we discovered.

03   How to protect your store from ATO attacks

The fundamental challenge in stopping ATOs is that merchants do not have enough data to work with at the point of login to make a reliable decision. What can merchants do to increase accuracy when making high-stakes approve or decline decisions? The answer lies in mixing the right “cocktail” of data points, including IP geo data, behavioral analytics, and spoofing detection, to name a few. In this chapter, we share tips on how merchants can obtain additional data points to aid in their decision.