Account takeover fraud exploded during the Covid year of 2020 and, through half of 2021, ATO fraud is continuing to grow and evolve, according to the Sift Q3 2021 Digital Trust & Safety Index.
According to the San Francisco-based antifraud technology provider, between April 2019 and June 2021, ATO attacks increased 307 percent. ATO attacks accounted for nearly 40 percent of all the fraud blocked by Sift customers in Q2 of 2021. The types of abuse fraudsters are perpetrating via ATO have become much more varied, but many merchants have not caught up with how those attacks have evolved, Sift said.
“Though ATO is more than a pathway to financial theft, trust and safety teams often consider it a downstream problem to be addressed only if and when payment abuse, unauthorized transactions, or similar activities occur—failing to act in the seemingly quiet period of time between the initial takeover and any clear signals of fraud,” the authors of the Index wrote. “Fraudsters are keenly aware that this is often how ATO is handled by merchants. They understand that it can take a backseat until the attack is already in motion, and are exploiting that knowledge to do scalable damage; hijacking users’ credentials and loyalty points to sell on the dark web is only one piece of the puzzle.”
The Index found that of consumers whose accounts were illegally accessed by fraudsters, 45 percent had money stolen, 42 percent had unauthorized purchases on a stored credit card and 26 percent lost loyalty credits or rewards.