We have things to say

Account Takeover: Understanding A Growing Threat

You do everything to protect the payment information of your online customers, from partnering with the best credit card processing company to staying PCI compliant. But are your customers’ online accounts safe? A growing trend in fraud is called Account Takeover, or ATO. Fraudsters do just that: weasel their way into another user’s account to profit from what’s there.

From 2015 to 2016, there was a 31 percent increase in incidences of ATO, with a whopping 61 percent increase in losses. This rise may partially be blamed on the added security that has come from the widespread adoption of EMV technology; fraudsters are shifting strategies to areas that still present an opportunity. Customer accounts are just such an opportunity, as they typically have flimsier security.

Why It Works

First off, ATO is hard to detect, as retailers can’t really see much that looks suspicious. It’s up to the customer to notice, but fraudsters can easily take steps to hide their activity, such as changing the email account that receives notifications. Once the fraudster has an account, there is a wide range of ways to make it pay, from using up stored credits, to phishing other users from the safety of the account, to selling the info gained on the black market. The potential is huge.

All Need To Be Wary

It may seem like only the big boys like Amazon need worry about this type of fraud, but even smaller online vendors are susceptible to ATO. That’s because fraudsters routinely rely on bots to do their dirty work. Bots use brute computing force to test huge amounts of stolen usernames and potential password combinations, over a huge number of websites to find a way into as many accounts as they can. It seems improbable, but this method can work surprisingly well; some researchers estimate a success rate as high as 2%—and just a few payoffs make it worth their time.

What To Do

What can be done to protect customers? Offering two-factor authentication, and measures to stop bots, are a few ways. If you are a small business, the most important step to protecting your customers’ accounts is to rely on a trusted, up-to-date e-commerce provider that uses the most advanced security measures available.

You can also encourage your customers to use safe password habits. One bad habit that can enable ATO attacks is the common practice of reusing username and password across many sites. If it’s compromised on one site, it becomes possible to access more accounts.

Becoming fully aware of the problem is the first step; making sure you’re partnered with the best credit card processing company and most dependable e-commerce provider is next. Your customers will be none too understanding if your site’s accounts are compromised, and the blame doesn’t fall on the e-commerce provider: it falls on you. Do everything to keep them safe.