By Tom Byrnes, Vesta
Merchants today are seeing an increase in revenue losses and fraud costs due to an often overlooked and hard-to-spot problem: account takeovers. Account takeovers occur when fraudsters gain access to consumers’ login and password information for a retailer, which allows them to see that customer’s personal information, credit card number, store rewards and more.
Unfortunately, these takeovers are becoming increasingly common — and costly. In 2015 alone, they grew by 36%, according to a recent Javelin study. The same study found that losses related to account takeovers increased by a whopping 60% in 2015, amounting to $2.3 billion. That’s up from $1.4 billion just the year before. In addition to those direct losses, many merchants are also being forced to devote considerable resources to resolving problems caused by the takeovers, with the blow to customer confidence being perhaps the most damaging.
Advertisement
The motive behind this explosive rise in account takeovers is readily apparent: fraudsters can exploit stolen account information in multiple ways. Cybercriminals use the accounts to perform fraudulent transactions. The valuable data is also sold to others: a single compromised account is worth $3 or more on the underground market, compared to just 22 cents for a stolen credit card number, according to one report.
Why It’s Happening
Account takeovers are on the rise due to two key trends: The recent U.S. conversion to credit cards with EMV chips, and the fast-paced growth of mobile and e-Commerce in recent years.
The EMV conversion has contributed to the account takeover problem because fraudsters have been driven to seek out other opportunities for cybercrime. In the year after full conversion to EMV, fraud affected a record-high 15.4 million victims, up 16% from the year before, according to a recent study. Experts say that much of that increase was due to criminals exploiting digital weaknesses now that point-of-sale crime is more difficult.
At the same time, convenience, product selection, and price comparison advantages are driving consumers — particularly Millennials — to do more of their shopping online. E-Commerce sales are expected to reach 12.4% by 2020, and 45% of those sales will be through mobile devices, according to one analysis.
Fraudsters are taking advantage of that fast growth by finding and exploiting security holes. Merchants with an online channel are already losing 7.6% of their annual revenue to fraud, according to a recent study. Merchants who deal in the growing digital goods space — selling electronic gift cards, e-books, digital tickets, and the like — are losing even more: 8.6% of their annual revenue goes to fraud costs. And M-Commerce is especially vulnerable: The takeover of mobile phone accounts nearly doubled between 2015 and 2016, according to Javelin.
How to Fight It
Account takeovers represent a new, more sophisticated and complex form of fraud, and fighting them will require more sophisticated, complex solutions. Merchants will need to adopt a variety of strategies and use a combination of human and technological resources to stop account takeovers before they can happen. These three steps can help:
- Upgrade to two-factor authentication. Fewer than half of merchants implement an account authentication solution beyond the standard user name and password login credentials, which leaves many accounts vulnerable. Two-factor authentication — asking customers to establish “trusted” devices, for example — can boost security without adding friction to the customer experience.
- Monitor behavior. Cross-channel account takeover is a particular challenge for retailers, as fraudsters can work across platforms to find vulnerabilities. Monitoring customer behavior in and across channels makes it easier to spot actions that are out of the ordinary and stop fraudulent transactions from occurring. Watch for anomalies like purchases made via new devices, non-typical product purchases and updated contact information.
- Consider tokenization. Encrypting customer data can make it nearly impossible for fraudsters to access sensitive information. With tokenization, customer data — like credit card and Social Security numbers — is replaced with alphanumeric characters, so the merchant never captures, stores, or transmits confidential information.
The account takeover problem is only expected to get worse, especially as merchants shift more of their business online. Forrester Research predicts that e-Commerce will grow to $480 billion over the next five years, and fraud — including account takeovers — will likely scale right along with it. It’s important for merchants to start adopting preventative measures now, protecting their customers — and themselves — from these costly takeovers.
Tom Byrnes leads Vesta’s global marketing, communications and strategic business development operations. With more than 25 years of experience in business development and developing integrated B2B branding systems, loyalty programs, digital retail and social platforms, and integrated multi-channel communications strategies, Byrnes brings a results-oriented approach to driving sales and revenue. Prior to joining Vesta, he served as the CMO at TGate Payments, Spectra Payments and Evanta. He was also VP of marketing for Chockstone, a customer loyalty and payments innovator. As the founder of Spark Brand Marketing, Byrnes worked closely with C-level executives in providing counsel on a wide range of brand, business and launch strategies in the payments and high technology industries.