With chip technology making in-person credit card transactions more secure, scheming fraudsters are looking for new ways to defraud unsuspecting consumers and maximize their illicit returns.
One of these emerging threats is account takeover fraud. This type of fraud was up an astonishing 31% in 2016, compared with 2015, and cost merchants and customers nearly $2.3 billion worldwide in 2016.
A type of identity theft, account takeover fraud occurs when a fraudster uses a piece of a victim’s identity, like their Social Security number or email address, to gain access to and take over the victim’s account. Checking and savings accounts, brokerage, and even loyalty accounts can be compromised by fraudsters.
To protect their businesses and their customers against evolving trends, e-commerce retailers must understand the growing threat of account takeover fraud and implement the strategies that will dissuade fraudsters from compromising innocent customers’ accounts.
What Account Takeover Fraud Is, and How It Happens
There are several ways fraudsters can take over an account, including:
1. Installing Malware
Hackers can install malware on a victim’s computer that lets the fraudster capture the user’s keystrokes as they enter user names, passwords and emails. Fraudsters use that data to access the accounts and then use the funds to make fraudulent purchases.
2. Stealing Credit Card Data
Fraudsters can capture a victim’s credit card data any number of ways — like using a skimming device, copying the number at the point of sale or simply stealing the physical card — and then impersonating the victim to make purchases where ID isn’t required.
3. Hacking Mobile Phones
With the rise of mobile wallets, enterprising hackers are increasingly setting their sights on hijacking mobile phones, with hijackings doubling in 2016. Once fraudsters have access, it’s easy for them to compromise any financial accounts that are accessible on the phone. Controlling the victim’s cell phone also gives fraudsters the ability to intercept confirmation calls from banks and other financial institutions and to approve charges and changes to accounts.
After they’ve taken over an account, fraudsters frequently change the account’s contact information and reroute all communication about the account to the fraudsters. The longer the legitimate customer doesn’t realize they aren’t receiving transactional or statement notifications, the more time the fraudster has to drain the accounts.
The Impact of Account Takeover Fraud on an e-Commerce Business
Stolen account information has proven to be far more valuable to fraudsters than stolen credit card data: It can hold its value on the dark web for over a month, while the value of stolen credit card numbers declines from $5 to pennies in just two weeks. But customers aren’t the only victims of account takeover. Here are just a few ways that account takeover negatively affects online merchants.
1. Increased False Declines
Concerned that any transaction could be fraudulent, many merchants take the approach of denying every suspicious transaction in an attempt to protect revenue. Unfortunately, this effort generally ends up rejecting legitimate customers and losing the value of future transactions. In fact, 32% of customers experiencing a false decline choose to never return to that merchant.
2. Inability to Recoup Losses
While credit card holders are absolved of financial liability when their cards are used fraudulently, e-commerce merchants aren’t so lucky. They have no recourse for recouping lost product, revenue, and the fees and losses associated with chargebacks.
3. Added Checkout Friction
To try to filter out fraudulent transactions, some merchants may add security features like employing two-factor authentication or requiring the re-entry of credit card numbers. While these measures increase the likelihood that customers are who they say they are, they add enough friction to the checkout process to potentially dissuade customers from making a purchase.
4. Damage to Brand Reputation
If an e-commerce merchant is the victim of a data breach and sensitive customer information is stolen, customers are less likely to trust the merchant in the future with their sensitive personal information. And honest customers who have their transactions declined are often vocal about their displeasure, telling an average of 16 people about their negative experiences.
How Merchants Can Protect Customers From Falling Victim
With account takeover on the rise, e-commerce merchants can help customers avoid being a victim by encouraging them to:
- Change passwords regularly, and not use the same user name and password for every account.
- Review all credit card and bank statements regularly.
- Sign up for alerts when transactions exceed a certain dollar amount or when contact information changes.
- Not click on email links saying an account has been compromised and immediate action is needed.
- Turn on two-factor authentication when offered.
Balancing Speed and Security to Prevent Account Takeover Fraud
In the fast-moving world of e-commerce, merchants want to approve as many transactions as possible — as quickly as possible. But balancing speed and security isn’t easy.
One of the best ways to protect your business and your customers against the damaging effects of account takeover fraud is by reviewing every transaction and ensuring only legitimate ones are approved. That’s when e-commerce merchants need the right fraud protection solution in place.
ClearSale’s Total Protection Solution combines proprietary machine learning technology and a unique high-tech manual review process to help you reduce the number of false declines that can cost you sales and customer relationships. And if you’re worried about expensive chargebacks, we can help protect against those, too.
Contact us today to learn how our managed services solution guarantees your customers will never be inconvenienced again.