account takeover

5 Account Takeover (ATO) Statistics You Need to Know

1. Attempted Fraudulent Logins Increased 282% Last Year

Fraudsters looking to cash in on the wave of newly digitized business processes and online consumer offerings resorted to account takeovers to do so en masse. A 282% surge in the ratio of fraudulent login attempts overall user logins from 2019 to 2020 has been the net result. 

Businesses migrating their workforces to the cloud and shifting many of their core operations to continue remotely are suddenly becoming targets of novel forms of financial fraud they often have little experience counteracting. Online criminals are taking aim at these newly exposed processes more than ever.

2. Physical Goods Sales Through E-Commerce Businesses Saw an Account Takeover Increase of 378% Since Covid-19 

Ecommerce merchants specializing in the sale of physical goods have seen an even more pronounced increase in account takeover attempts since the COVID-19 pandemic first began, with the previous rate swelling up 378%. 

Ecommerce has seen tremendous growth in a very short span of time, owing much of this to the pressure businesses have faced as a result of the pandemic. Highly favorable projections for the space have signaled an attendant rise in attempted e-criminality as well.

For fraudsters, the appeal of hijacking user accounts on ecommerce websites specifically lies in the sensitive payment information they contain. Card info rewards points and more make cracking into new customer accounts a potential goldmine for attackers. Once obtained, sensitive information of this nature can be put to use on other platforms as well.

3. 28% of Consumers Would Stop Using a Website If Their Account Was Hacked 

A hacked account would be enough to turn 28% of your business’s online customers away, leaving a lasting effect on your bottom line. Such lapses in online security could also cost your company future customers as the stigma of a successful hack pushes people to consider your competitors instead.

Attacks are likely to increase in number and scope over the holidays, targeting ecommerce brands in particular as consumers rush to make purchases. The holiday season is especially important to online retailers as they depend on the period’s uptick in sales revenue to generate most of the year’s profits. The ramifications of customer account hacking at this time of year pose a much more serious threat to the majority of ecommerce companies.

4. 61% of ATO Attacks Targeted E-commerce Accounts

Online shoppers make up most of the victims of account takeover attacks as their accounts present cybercriminals with the opportunity to quickly profit. A full 37% of victims reported money being extracted directly from their accounts after a successful hack. Another 37% had their accounts’ accumulated rewards and credits siphoned off through illegitimate purchases or other means. For many others, the sensitive payment information was taken and leveraged for purchases either on the same website or elsewhere.

5. 66% of Consumers Surveyed Don’t Use a Password Manager

Password mismanagement makes matters much worse for the majority of consumers, exposing them to otherwise avoidable online threats. Bad actors can crack particularly simple passwords with brute force attacks and keyword stuffing techniques. Users who do not use a password manager might not have strong enough passwords to resist such attacks. In any case, most users resort to using passwords they can easily recall across multiple websites. This compounds the issue by making a single, simple password the keystone for all of their online activities.

Despite 52% of consumers being fearful of becoming account takeover victims and 25% of them have been victims of such attacks already, they are not likely to try useful tools such as password managers to make themselves safe. 

Password managers not only store a user’s passwords for later use but also assist them in generating secure new ones and entering them automatically into login forms as needed. Unfortunately, these and other important security measures are simply not used enough by online shoppers to keep them safe. The onus of enforcing online security falls chiefly on business owners and they must guard not only themselves but their customers as well.

ATO Prevention/Mitigation Tactics

Stopping fraud from threatening your customers’ experiences with your brand is critical to retaining them over the long term. Without businesses joining the fight against fraud, consumers stand little chance of being left alone online. In 2020 alone, a whopping 680,000+ victims’ accounts were pilfered by fraudsters. Between card-not-present schemes and familiar fraud scams, criminals have stepped up their collective impact over the course of 2020 to total over $12 billion in fraud-related losses.

Identity verification is one of the very few ways to combat the spread of fraud both online and off. As the only proven preventative measure against fraud, identity verification boasts of reliability, effectiveness, and real-world applicability. These characteristics make it uniquely suited to serving companies and their customers across physical and digital channels.

Intellicheck’s powerful identity verification platform protects users and businesses by leveraging advanced processes such as:

  • ID barcode scanning for text and security features

  • Facial liveness checking

  • Image and face matching

Our ID verification platform delivers results in under a second with accuracy that major retailers and law enforcement agencies nationwide depend on each day. Protect your customers and business with one robust tool. 

FAQs

To see a recorded demo, click here.

A transaction takes place every time you scan /validate an ID.

The transactions that you purchase are available for use for up to one year from the purchase date. When you run out of transactions, you automatically purchase another bucket of the same number of transactions that you originally purchased.

Groups allow you to set-up notifications that are shared across a specific set of devices. For instance if you marked a person as “do not serve” that alert would show when their ID was scanned by any user in the group.

Once you fill in the application form and are approved for purchase, you will be sent a credit card payment link. Once you have made your first payment, then Intellicheck will get you set up and ready to go.

Intellicheck Mobile is the app that your employees use to scan IDs. Once you have your account set-up, you can go to the Apple App Store or Google Play Store to download it for your device. Google Play Store Apple App Store

Standard pricing includes up to 5 devices. These devices will require a separate login, and can be set on the Intellicheck Admin Portal. Customers receive a link to the Admin Portal after they are set up.