Companies need to prepare diligently for the threat of account takeover or ATO, especially considering their business falls in the “high ticket value, with a low margin” category. Why ATO is proving to be lucrative for fraudsters at this juncture?
There are multiple reasons behind this. First, this type of fraud can be more valuable than credit card fraud. Second, organizations don’t have stringent measures in place to fight against ATO. As the team at Sift Science points out, the time available to exploit the information before detection is typically longer. Third, this type of cheating isn’t easy to detect. Since the account already exists and is related to a genuine customer, the fraud is relatively tougher to spot and the fraudster has more time to operate before they are caught.
ATO in the loyalty space (featuring airlines, hotels, banks, etc.) is coming under scrutiny owing to data breaches. Password stealing tactics pose a risk to all account-based online services.
Fraudsters get access to stolen credentials from a number of sources:
- From data breaches, sold on the dark web
- Phishing with fake websites
- Malware, trojans, spyware
- Social engineering
- Hijacking a mobile device
Merchants need to look for more protections beyond just passwords. The claim for owning an account needs to be handled carefully. Machine learning comes in to understand the user behavior. Even as credentials have been stolen, it is imperative for organizations to bolster the authentication process. This way the risk of loyalty fraud can be minimized. So it comes to down to authentication and one of the tools is machine learning.