Account takeovers (ATOs) are a growing problem for online businesses of all types. Although not a new security threat, account takeovers have become a much bigger problem in recent years as fraud attacks have become more automated and more sophisticated. A Javelin Strategy and Research study estimates there was a 90% increase in ATO attacks between 2020 and 2021, and 2022 was even worse. Over 24 million Americans were victims of account takeover fraud last year.
What Are Account Takeovers?
Account takeovers occur when cybercriminals take control of legitimate customer accounts using stolen passwords and usernames. The dark web provides cybercriminals with ready availability to customer credentials that are mined from data breaches and phishing attacks. Using these credentials, hackers can deploy bots that automatically test password and username combinations and attempt to login to online accounts.
The Impact of ATOs
Every industry is vulnerable to account takeover attacks. Cybercriminals attack financial institutions to drain bank accounts and steal cryptocurrency. They steal from online gambling accounts. In the world of ecommerce, they take over existing accounts and use them to purchase expensive goods, changing the shipping address to their own.
Financial loss is a huge aspect of the harm caused by account takeovers, but negative customer experiences and damage to brand reputation may be the most long-lasting and hard-to-correct damages. Here are some examples:
How to Fight Account Takeovers
Verosint helps online businesses detect and prevent account takeovers in two important ways:
First, Verosint evaluates each account login in real-time and detects risk signals that point to account takeover attempts. Behavioral analytics, account profiling and otherrisk signals detected by Verosint including suspicious changes in browser use, ISP, new country or VPN use, multiple customers using the same IP or device; use of bots to automate credential stuffing, and more.
Second, Verosint provides configurable rules to respond to account takeover attacks. Working with partners like Ping Identity and Auth0, Verosint allows customers to challenge attackers with multi-factor authentication. Or, where needed, it can block the login completely.
Importantly, the Verosint approach minimizes unnecessary friction for online customers. With Verosint, companies can challenge or block access by account takeover attacks, while at the same time minimizing friction for legitimate customers who do not like security challenges slowing them down and disrupting their flow.
See how Verosint works and request a demo today.