It seems as if 20% of e-commerce shoppers have fallen victim to an account takeover attack in the last year, according to new research from Riskified, the payments and fraud-prevention solutions provider.
Having surveyed 1,000 consumers and 120 retailers across Britain, the researchers found that a fifth of UK consumers has had an online shopping account accessed without their permission in the last year. Despite this, 26% had not done anything prevent this kind of attacks. Additionally, 52% of UK retailers think the coronavirus will lead to an increase in online fraud.
The problem for online retailers is that purchases compromised accounts look legitimate. For instance, 23% of them were unable to identify an account takeover attack during a purchase and 8% were unaware that a breach had actually happened unless a customer told them about it. Shockingly, only 4% of consumers learned their accounts were compromised from the retailers.
That being said, retailers seemed to have taken some steps to reduce this type of attacks. For instance, 44% use two-factor authentication for login attempts, which can frustrate legitimate customers and increase cart abandonment. Many retailers also require complex passwords to increase security, with 79% reporting that account passwords must contain a mix of characters, numbers, symbols and uppercase and lowercase letters.
“Our survey shows that retailers are aware of and concerned with [account takeover] attacks, but they usually lack the ability to identify and prevent them,” said Assaf Feldman, Riskified’s co-founder and CTO. “Without a dynamic approach that evaluates all relevant data, retailers risk significant financial losses, frustrated customers and damaged brand reputations. Advanced machine-learning solutions can instantly recognise legitimate customers and ease their path to checkout. Suspicious actions can be verified or blocked to minimise damage. By doing so, merchants maximise revenue while giving their customers a great experience.”
Copyright © 2018 RegTech Analyst