ATO on the rise and suggestions on how to minimize it.
March 30, 2022
The more sophisticated fraud prevention becomes, fraudsters will quickly follow with new strategies to deceive millions of people out of their money. From 2015, when EMV chips became a requirement on credit cards as fraud became rife, fraudsters quickly moved onto card-not-present (CNP) fraud in 2016, to 2018, when fraud solution providers were able to shut down most of CNP fraud operations. Fraudsters have now moved on to account take over (ATO), a previously existing channel to commit fraud, but one that is gaining newfound popularity.
ATO is as convenient for fraudsters as it is inconvenient for the victims of said fraud: account takeover is surprisingly cheap for the perpetrator, as they can buy thousands of consumer’s credentials on the dark web. Consumers are vulnerable not only with one account but multiple ones, as many are lazy about changing credentials and will use the same email and password in different pages or applications. ATO can also be set to be automated, making it easy for whomever wants to commit fraud.
Unfortunately we only look at the obvious costs of fraud, such as the value of the transaction itself, however, there is another loss lurking; when a brand takes a hit in reputation, it will drive its existing or potential customers away. People are not keen on shopping where they don’t feel like their information is kept safe.
As we have previously mentioned many times now in our blog, the COVID-19 pandemic had a significant impact in payment methods, consumer’s expectations for a seamless experience has directly impacted the way businesses accept payment. Unfortunately, this has left gaps in the defenses of many merchants, as adopting new methods without setting up fraud solutions in place has left their businesses vulnerable.
There are several different types of ATO, but there are three that are particularly popular amongst fraudsters: buy now, pay later (BNPL), peer-to-peer payments (P2P), and cryptocurrencies.
There are some things businesses can do in order to address this issue.
Many businesses that have been successful in fighting ATO have done so with continuous adaptive trust. According to Rob MacDonald, a director at Solution Strategy Security, Adaptive trust is a security framework that requires everyone to authenticate identity before entering the network. Every app and device must be verified for each session. Employing it throughout the whole process ensures that your customer is trustworthy.
It is also recommended that businesses do not rely on technology too blindly. While manual reviewing is often seen as efficient and expensive, it is necessary, as it can provide a much needed last line of defense against fraud. Automating decisioning is important, but pairing it with manual reviewing could make the difference between fraudsters succeeding or failing in their goal.
Fraudsters are constantly looking for ways to improve their workflow. Businesses need to step up and focus their efforts not only on improving their customer experience, but on finding fraud solutions as well. We need to make it difficult for fraudsters, only then will they move away from ATO.
Want to learn more? Check out Payments Journal’s full write-up here.
Share your thoughts on our LinkedIn page.
UK: businesses’ compliance capabilities are worryingly below par
UK: businesses’ compliance capabilities are worryingly below par March 22, 2023 Quod Orbis, leaders in Continuous Controls Monitoring (CCM) and cyber security services, recently released …
American SMBs redirect $225Billion to third-party providers
American SMBs redirect $225Billion to third-party providers March 15, 2023 A recently published whitepaper from BankiFi and RedCompass Labs unveiled American small and medium businesses …
Financial Organizations in the UK Spend £22k per Hour in the Fight Against Fraud.
Financial Organizations in the UK Spend £22k per Hour in the Fight Against Fraud. March 7, 2023 In your daily life, have you ever wondered …