The ATO landscape: how to proactively stop this type of fraud that highly affects digital commerce

Jeff Sakasegawa, Sift: 'Account takeover fraud has evolved into an interconnected network – the need for an end-to-end solution is critical to protect users and drive growth'

How has the pandemic impacted the account takeover landscape? What are the factors that have driven the surge of this type of fraud?

The COVID-19 pandemic opened up a massive opportunity for fraudsters to take advantage of fluctuating markets, shifting consumer spending habits, and surging digital traffic. Fraudsters have quickly exploited this dynamic landscape, looking for ways to profit from the disruption by any means necessary. And with businesses rushing to expand ecommerce operations to meet consumer demand, many trust and safety teams bypassed implementing the necessary fraud prevention measures, leaving their sites susceptible to cybercriminals looking for cracks in the system. At the same time, fraudsters knew these risk teams would be inundated by online traffic that is desperately needed during a time of economic hardship and reduced consumer spending - and an influx of manual reviews, providing the perfect cover as they attempted to evade security checks without detection. 

Through all of this volatility, fraudsters have leaned into account takeover as a highly lucrative form of fraud, targeting credentials and user information to infiltrate new technologies, apps, and even loyalty programmes that had been dormant throughout the pandemic. We’ve witnessed these fraud threats grow exponentially since the start of the pandemic – blocked account takeover fraud alone has increased 307% between Q2 2019 and Q2 2021 across the global Sift network. 

What are the characteristics that make a digital account attractive to fraudsters in the digital commerce space?

As fraudsters look to target consumer accounts, they’re typically identifying the ‘low-hanging fruit’ – accounts that lack strong security measures, complex passwords, or a regular routine for updating credentials. Dormant accounts also provide a guise for fraudsters looking to infiltrate logins without being caught, giving ample time to collect credentials, stored funds, and payment information.

To cybercriminals, the profits of account takeover are attractive because stolen payment details and login credentials can be employed to enact credential stuffing and card testing across even more sites, leading to an even bigger payout. This makes online accounts more valuable than stolen credit card details alone, as the average consumer uses dozens of sites or services that require a username and password, and about 66% use the same or similar credentials across multiple or all websites. And as fraudsters look to monetise different forms of data obtained through ATO, the price of account credentials has grown even higher on the dark web.

Are there any ecommerce verticals more heavily targeted than the others? If so, which ones?

So far in 2021, we have seen significant spikes in ATO rates across the fintech, digital goods and services, and retail verticals within the Sift network. The gigantic digital goods and services industry has seen a troublesome 142% increase in YoY account takeover rates, with retail experiencing a more moderate, but notable 20% increase. But the most significant spike we’ve seen has been in the fintech industry, with the global ATO attack rate jumping 850% between Q2 2020 and Q2 2021. We credit this astronomical surge to the recent growth in fintech and associated attacks aimed at crypto exchanges and digital wallets occurring this year. 

What role do automated scripts play in fraudsters’ ATO schemes?

Fraudsters utilise automation to maximise profits at an inhuman speed. As these fraudsters continue to stockpile stolen account credentials, the potential for damage compounds, leaving businesses and consumers unaware of the true scope of attacks. This delay in action is precisely why ATO can be so destructive, buying fraudsters valuable time to launch bots and credential stuffing as a means to infiltrate associated accounts and boost their gains. Once fraudsters successfully exploit an account, they launch these automated tactics to scale the abuse many times over. A single stolen password can give fraudsters access to a complete online identity, making them appear legitimate and enabling them to compromise accounts associated with that identity at scale – or sell them for a greater profit on the dark web. 

How does Sift support businesses to proactively surface and stop ATO before it happens?

To proactively secure customer accounts and fuel growth, trust and safety teams need holistic risk assessment methods and an end-to-end solution to accurately surface and stop account takeover fraud before it happens. Our Digital Trust & Safety Suite is bolstered by an unrivaled global data network of over 70 billion events per month and uses real-time machine learning to identify trusted and risky users with unparalleled accuracy. With Sift Account Defense, merchants can add points of friction to fraudsters while streamlining the user journey for trusted customers. Our complete solution is engineered for protection and growth, helping businesses reduce friction, stop losses, and minimise customer churn.

This editorial is part of the The Fraud Prevention in Ecommerce Report 2021/2022, the ultimate source of knowledge that delves into the evolutionary trail of the payments fraud ecosystem, revealing the most effective security methods for businesses to win the battle against bad actors.

About Jeff Sakasegawa

Jeff Sakasegawa is a Trust and Safety Architect at Sift. He has spent over ten years fighting fraud for Google, Facebook, and Square. He’s excited to be a part of Sift, helping to democratise access to best-in-class machine learning to protect payments, maintain content integrity, and defend accounts.

About Sift

Sift is the leader in Digital Trust & Safety, empowering companies of every size to unlock new revenue without risk. Our cutting-edge platform dynamically prevents fraud and abuse with real-time machine learning that adapts based on Sift’s unrivaled global data network of 70 billion events per month.