What is an Account Takeover (ATO)
An account takeover, or ATO also goes by another definition: account compromise. The names are self-explanatory. They simply define the action when someone manages to log into an account which isn’t theirs.
As we’ll see below, this action can be performed by a lone hoaxer or a full organised crime ring. ATOs range from the basic and innocent, to large scale attacks that can steal millions of dollars worth each year.
1.1 MORE ATTACKS, MORE LOSSES
ATO is an increasingly costly issue for companies: in 2018, ATO accounted for $4 billion of losses for businesses worldwide. In the e-commerce sector, nearly 40% of all fraud losses in 2018 were due to identity theft and synthetic identities.
And the trend isn’t set to be curbed anytime soon, due to the increase in mobile usage. Javelin’s 2019 Identity Fraud Study saw a 45% increase in mobile ATO between 2018 and 2019, accounting for 679,000 incidents.
1.2 DAMAGING IN A VARIETY OF WAYS
Businesses and customers have a lot to lose with each attack. In fact, it is estimated that victims end up paying $263 out of their own pocket to resolve an ATO, not to mention the time, stress, and efforts needed to overcome the problem.
While it’s harder for businesses to put a monetary value on ATO losses than with, say, chargeback fraud, it doesn’t mean it’s a victimless crime. ATO drains time, resources, and damages businesses’ reputation, with very real consequences:
- Hacks and security issues put a strain on your IT team
- Support is overwhelmed by customer requests who need to reclaim their accounts
- The finance department must fight chargebacks
- Users turn to competitors due to a loss of reputation and brand trust
- Stocks can plummet after a publicised breach (dropping down to 7.5% in some cases according to Bitglass research)
1.3 NO VERTICAL IS SAFE
Darkmarket value of an account with different providers – Source: TrendMicro