Account takeover (ATO) fraud is when a fraudster seizes control of an online account, changes information such as the username, password or other personal information, and then makes unauthorized transactions with that account.
ATO is on the rise, and businesses and banks are in the crosshairs. Cybercriminals are targeting a variety of accounts including checking and savings accounts, credit card accounts, online accounts, mobile phone accounts, email accounts and mobile wallets to name a few. But, any account that is protected with a username and password is fair game.
ATO fraud shows no sign of slowing and it’s not completely unsurprising, considering the daily barrage of data breaches (many of which include the theft of usernames and passwords) and the parallel growth in the dark web and cyber toolkits to perpetrate attacks via bots.
This is precisely why companies need to reconsider the password as their go-to authentication methodology. We’re living in a Zero Trust World, so we need to start behaving that way and building in the necessary safeguards to more reliably ensure that the user logging in is the actual account owner and not a fraudster impersonating that user with stolen login credentials.
Fortunately, there are several tailwinds that may signal a change and willingness to forsake the username and password paradigm, including:
- The Will of IT: 86% of CIO, CISO and Security VPs would abandon password authentication if they could. (Source: MobileIron study conducted by IDG, 2019).
- Changing Consumer Attitudes: 67% of consumers are comfortable using biometric authentication today, while 87% say they’ll be comfortable with these technologies in the near future. This trend has been accelerated by the broad adoption and familiarity of facial recognition integrated within the most popular smartphones (e.g., Apple Face ID and Samsung’s facial recognition feature).
- The Rise of the Millennial: 75% of millennials (consumers between 20 and 36 years old) are comfortable using biometrics today (source: 2018 IBM Future of Identity). As this generation grows older, their impact on the economy and online preferences will shape the payments industry will become more and more noticeable.
In this era of no trust, it’s not surprising that companies are starting to pay more than lip service to online security and alternative authentication methods. While conventional wisdom holds that consumers will value speed over all else, more and more consumers are placing a premium on security and prioritizing it above convenience for the majority of their applications, particularly for money-related applications.
Just how real is ATO? Check out this infographic to better grasp the depth and current dangers of account takeover fraud.