CPO Magazine - News, Insights and Resources for Data Protection, Privacy and Cyber Security Leaders
CPO Magazine - News, Insights and Resources for Data Protection, Privacy and Cyber Security Leaders
  • Home
  • News
  • Insights
  • Resources
Man touching virtual screen with shopping cart icons showing ecommerce retailers are not prepared for account takeover attacks
Cyber SecurityNews
·3 min read

Ecommerce Unprepared for Dramatic Rise in Account Takeover Attacks

Byron Mühlberg·June 4, 2020
TwitterFacebookLinkedIn

Ensuring security in the online shopping world can be a tricky business for ecommerce retailers, with a sizeable minority not being prepared for account takeover attacks and equally as many customers willing to walk away if they suffer from one.

This was revealed by payments and fraud-prevention solutions provider Riskified, which announced these insights, among others, in a survey detailing the effect of account takeover attacks on ecommerce merchants and customers. The research revealed that over a quarter of ecommerce retailers are not prepared for an account takeover attack, and that two in three customers would stop shopping at the online retailer if they suffered such an attack.

Account takeover attacks, also known as ATO attacks, occur when a bad actor gains access to a legitimate consumer ecommerce account, obtaining full control in order to use it for fraudulent purposes. These data breaches are carried out using a variety of methods, including credential stuffing and login attempts using known username and password combinations.

Consequences can be severe for both the account holder and the online retailer, and can include identity theft for the former and a loss of reputation and business for the latter.

Key takeaways for ecommerce platforms

Riskified’s survey revealed not only the prevalence of account takeover attacks across the internet, but also the lack of knowledge and preparedness on the part of many online retail vendors.

According to the study, over a quarter of ecommerce vendors (27%) admit that they would not be prepared if they were to be struck by an account takeover attack. A full two-thirds (66%) expressed grave concern about such attacks, with more than one in three (35%) reporting that more than 10% of their total accounts had been taken over in the past 12 months.

The results of the study also hint at a degree of obliviousness about account takeover attacks among ecommerce retailers, in spite of their prevalence. Interestingly enough, for example, as many as a quarter (24%) of ecommerce retailers claim that they are unable to identify account takeover attacks at all, with one in every six (14%) going so far as to say that they would be unaware of an account takeover attack unless a customer were to notify them after having fallen victim to one.

Key takeaways for ecommerce customers

Ecommerce customers are a rapidly growing consumer base for whom the prevalence of account takeover attacks should be concerning.

About seven in every ten (69%) of consumer respondents report concern that their account could be hacked, with a sizeable two-thirds (65%) asserting that they would stop shopping at an online retailer altogether if their account were to actually be hacked.

Should this occur, according to the report, customers respond in a wide variety of different ways, with more than half (54%) choosing to delete their breached accounts, one-fifth (39%) opting to shop at a competitor, and almost a third (30%) even going so far as to recommend that their friends stop shopping with the retailer.

Somewhat shockingly, the Riskified researchers also revealed that a mere 7.5% of consumers who fall victim to account takeover attacks learn the news of the breach from the retailer. According to the report, the remainder only find out about the attack when they notice changes to their accounts, or when they see that unauthorized purchases have been made.

Account takeover attacks a challenge among many

With more and more of the world beginning to shop online—particularly in light of the ongoing circumstances surrounding the COVID-19 pandemic—the risk and prevalence associated with ATO attacks is as pressing today as it has ever been in the past.

“Our survey shows that merchants are aware of and concerned with ATO attacks, but they usually lack the ability to identify and prevent them,” explained Assaf Feldman, Riskified’s co-founder and CTO.

According to him, without a dynamic approach that strives to balance all the relevant data, online vendors risk “significant financial losses, frustrated customers and damaged brand reputations”. Given that solutions to prevent ATO attacks are within reach, Feldman noted, vendors should be doing more to prepare, and to better respond to their customers when things do go wrong.

One such way to make ecommerce accounts more secure and to reduce the risk of suffering from data breaches is to implement multi-factor authentication methods. According to Feldman, fraud prevention solutions can be even more effective when combined with artificial intelligence and machine learning technology.

Risk of account takeover attacks is increasing as more people are shopping online during COVID-19 pandemic. #cyberattacks #respectdataClick to Tweet

“Advanced machine learning solutions can instantly recognize legitimate customers and ease their path to checkout,” he said. “Suspicious actions can be verified or blocked to minimize damage. By doing so, merchants maximize revenue while giving their customers a great experience.”

 

TwitterFacebookLinkedIn
Tags
Account Takeover AttackEcommerce
Byron Mühlberg
Staff Correspondent at CPO Magazine
Byron Mühlberg is a journalist with particular interest in writing on matters relating to technology, business, and economics.
Related
Clubhouse application icon on smartphone showing Clubhouse and Facebook users phishing and account takeover attacks
Cyber SecurityNews

“Combo File” Merging 3.8 Billion Phone Numbers from Clubhouse With Scraped Facebook Users Could Cause Surge in Phishing, Account Takeover Attacks

October 1, 2021
Dark background image with an empty toy shopping cart showing use of guest checkout and ad blockers
Data PrivacyNews

Use of Guest Checkout, Ad Blockers Surges in Online Shopping as Consumers Air Privacy Concerns

May 26, 2021
Satellite dish sending data showing cyber attacks for telecom industry
Cyber SecurityInsights

Telecom Corporate Accounts at Highest Risk for Cyber Attacks

October 8, 2020
Woman hand holding mobile phone showing Instagram bug allowing account takeover attacks
Cyber SecurityNews

Instagram Bug Allows Account Takeover Attacks, Turns Mobile Devices Into Spying Tools

October 1, 2020
Close up of girl paying music services with credit card showing Magecart attack on ecommerce site
Cyber SecurityNews

Hackers Accessed Personal and Credit Card Information in Warner Music Group Magecart Attack

September 11, 2020

Latest

Shield Icon against data and network showing zero trust and attack surface

Gartner: Slow Adoption and Expanding Attack Surface; Zero Trust Will Not Stop Over 50% Of Attacks by 2026

Hands holding smartphone using Google Fi service showing T-Mobile data breach

T-Mobile Data Breach Includes Massive Compromise of Google Fi Service, Unknown Quantity of Customer Records Exposed

Data Privacy’s Tipping Point: Where We Go From Here

Hacker using mobile smartphone calling victim showing remote monitoring and management software used in phishing of federal agencies

Hackers Breached Multiple Federal Agencies via Remote Monitoring and Management Software

- Advertisement -

Learn More

About
Contact
Our Advertising
Privacy Policy
Cookie Policy
Terms of Use

Stay Updated

CPO Magazine

News, insights and resources for data protection, privacy and cyber security professionals.

Learn More

About
Contact
Our Advertising
Privacy Policy
Cookie Policy
Terms of Use
Do Not Sell My Data

Stay Updated

Follow Us

© 2022 Rezonen Pte. Ltd.
CPO Magazine - News, Insights and Resources for Data Privacy, Protection and Cybersecurity Leaders
  • Home
  • News
  • Insights
  • Resources
    Start typing to see results or hit ESC to close
    U.S. Data Breach Regulations EU GDPR Facebook
    See all results