ATO on the rise and suggestions on how to minimize it.
March 30, 2022
The more sophisticated fraud prevention becomes, fraudsters will quickly follow with new strategies to deceive millions of people out of their money. From 2015, when EMV chips became a requirement on credit cards as fraud became rife, fraudsters quickly moved onto card-not-present (CNP) fraud in 2016, to 2018, when fraud solution providers were able to shut down most of CNP fraud operations. Fraudsters have now moved on to account take over (ATO), a previously existing channel to commit fraud, but one that is gaining newfound popularity.
ATO is as convenient for fraudsters as it is inconvenient for the victims of said fraud: account takeover is surprisingly cheap for the perpetrator, as they can buy thousands of consumer’s credentials on the dark web. Consumers are vulnerable not only with one account but multiple ones, as many are lazy about changing credentials and will use the same email and password in different pages or applications. ATO can also be set to be automated, making it easy for whomever wants to commit fraud.
Unfortunately we only look at the obvious costs of fraud, such as the value of the transaction itself, however, there is another loss lurking; when a brand takes a hit in reputation, it will drive its existing or potential customers away. People are not keen on shopping where they don’t feel like their information is kept safe.
As we have previously mentioned many times now in our blog, the COVID-19 pandemic had a significant impact in payment methods, consumer’s expectations for a seamless experience has directly impacted the way businesses accept payment. Unfortunately, this has left gaps in the defenses of many merchants, as adopting new methods without setting up fraud solutions in place has left their businesses vulnerable.
There are several different types of ATO, but there are three that are particularly popular amongst fraudsters: buy now, pay later (BNPL), peer-to-peer payments (P2P), and cryptocurrencies.
There are some things businesses can do in order to address this issue.
Many businesses that have been successful in fighting ATO have done so with continuous adaptive trust. According to Rob MacDonald, a director at Solution Strategy Security, Adaptive trust is a security framework that requires everyone to authenticate identity before entering the network. Every app and device must be verified for each session. Employing it throughout the whole process ensures that your customer is trustworthy.
It is also recommended that businesses do not rely on technology too blindly. While manual reviewing is often seen as efficient and expensive, it is necessary, as it can provide a much needed last line of defense against fraud. Automating decisioning is important, but pairing it with manual reviewing could make the difference between fraudsters succeeding or failing in their goal.
Fraudsters are constantly looking for ways to improve their workflow. Businesses need to step up and focus their efforts not only on improving their customer experience, but on finding fraud solutions as well. We need to make it difficult for fraudsters, only then will they move away from ATO.