Account takeovers (ATOs) are on the rise, fueled by the widespread use of automated bots. The media industry, which includes social networks, content streaming, gambling, gaming, and online dating sites, is seeing attacks on new account creation processes at a higher rate than any other industry in the second half of 2020, according to a recent report by LexisNexis Risk Solutions.
Fraudsters often test stolen identity data via media organizations. The media industry recorded significant growth in bots making payment transactions year over year. This likely stems from fraudsters testing stolen credit card data before using validated cards in a more lucrative attack elsewhere, like in e-commerce or with financial services. However, attack rates on media payments were lower than in other industries, likely because they present less opportunity to “cash-out”.
The pernicious and widespread impact of high-volume automated bot traffic plays a major role in fraud and it’s costing the industry billions each year. The footprint of automated bots is global and vast.
Still, businesses can provide a great customer experience while boosting their ATO prevention. This is certainly a balancing act for the media industry, but it is achievable.
The rise of online gaming and gambling makes ATOs simpler
A recent spike in online gaming and gambling is attracting fraudsters to the industry. New player bonuses lead to an influx of new account creations, creating an environment ripe for more ATOs.
Fraudsters often exploit free gaming opportunities on a mass scale to increase their chances of winning a jackpot. The significant volume of attempted account takeovers represents the risk posed to the industry by fraudsters looking to access good user account balances or to simply launder crime proceeds across different industries and geographies.
The telecommunication industry is ripe for ATOs
Telecoms offer fraudsters the opportunity to launder high-value hardware, as well as register pre-and post-paid mobile phone contracts to commit further fraud. With the COVID-19-driven shift from physical stores to digital transactions, telco organizations have had to prioritize their digital transformation, moving away from in-person selling and identity verification checks that they typical conducted in the store.
Monetary exposure from account takeover is extremely high although overall attack rates have remained low. This is largely due to the high value of mobile phones and the potential to quickly build up large account charges, particularly on content downloads and media streaming.
But what can we do? How can businesses turn the tide on ATOs without seeing customers head for the exits? Here are three key recommendations.
1. Adopt modern, digital identity-based authentication
Today, savvier businesses are transitioning from an over-reliance on login credentials to digital identity-based user verification solutions that combine identity and threat intelligence with advanced behavioral analytics. These solutions enable businesses to instantly recognize legitimate customers so they can automatically detect and block fraudsters and bots.
Organizations will be able to better align the right authentication method with the specific transaction risk to support the best customer experience. Among other things, this can help cut unnecessary interaction that frustrates returning customers and deliver the fast, convenient experience customers now expect.
2. Tap into global, shared identity intelligence
Several organizations are gravitating toward industry-specific consortiums to gain access to shared, global, and anonymized identity intelligence to dramatically scale their data sets with high-quality data sources. This allows merchants to identify legitimate customers while stopping cybercriminals (and the billions of automated bots they launch each year) from logging into a customer account—even if it’s the first time they’ve ever accessed the businesses’ site or app.
3. Confirm orders, comfort customers
A risk-based, multi‐layered solution approach is most effective for fighting fraud across various channels and transaction types. Evaluate transactions before they’re finalized and uncover account takeover attempts by confirming account changes by email, text, and other forms of multi-factor authentication. Customers also get the added reassurance that they get protection—without causing additional friction.
Less risk, more reward
The impact from just these steps can be profound. Cybercriminals are less able to seize customer accounts and go on illegal shopping sprees—thus reducing chargebacks, false declines, and fraud losses. Customer satisfaction and loyalty increase. It is the embodiment of speed, security, convenience, and consistency that today’s digital users demand. In the fight against fraud, that should give merchants plenty of incentive to turn back the tide on their own terms.
from Help Net Security https://ift.tt/2URkUrE
0 comments:
Post a Comment