Report: Account Takeover Becomes Weapon of Choice for Fraudsters Leading Up to Holiday Shopping Season
Sift, the leader in Digital Trust & Safety, released its Q3 2020 Digital Trust & Safety Index, which examines how cybercriminals have been employing Account Takeover (ATO) Fraud to steal from consumers and e-commerce merchants. The Index, which includes analysis from Sift’s global network of 34,000 sites and apps and from a survey of U.S. consumers, revealed that attempted ATO rates (the ratio of attempted fraudulent logins over total logins) swelled 282 percent between Q2 2019 to Q2 2020. Likewise, ATO rates for physical e-commerce businesses—those that sell physical goods online—jumped 378 percent since the start of the COVID-19 pandemic, indicating that fraudsters are leaning heavily on this attack vector in order to steal payment information and rewards points stored in online accounts on merchant websites.
Read More: Dun & Bradstreet Expands Partnership Program Globally
According to Deloitte’s annual holiday retail forecast, e-commerce sales are forecasted to grow 25-35 percent and are expected to generate between $182 billion and $196 billion this season. When combined with the surge in ATO rates, the 2020 holiday shopping season presents the perfect opportunity for fraudsters to leverage account takeovers to take advantage of more people shopping online. This can have a devastating impact on companies including financial repercussions and brand abandonment.
Account Hacking Leads to Brand Abandonment
According to Sift’s research, ATO attacks also create significant and lasting brand damage. In surveying 1,000 U.S. adult consumers, Sift found that more than one-quarter (28 percent) of respondents would completely stop using a site or service if their accounts on that site were hacked. And while consumers can secure their accounts by leveraging tools like password managers, multi-factor authentication (MFA), and by using unique passwords, they largely ignore these best practices. In fact, 66 percent of consumers surveyed either don’t use any type of password manager or aren’t sure if they do, despite 52 percent of them having concerns about becoming victims of ATO in the future, and 25 percent reporting that they have already had their accounts hacked at least once before.
Read More: Sixgill Pioneers a Continuous Investigations/Continuous Protection Approach to…