As account takeover (ATO) attacks continue to plague e-commerce merchants, a growing number of businesses are turning to stronger forms of authentication, according to a new report, The State of Strong Authentication 2019 published by Javelin Strategy & Research.
Exploding ATO fraud, fueled by the easy availability of stolen login credentials validated at scale using bot attacks, has given rise to the need for more advanced authentication tools to protect e-commerce businesses. The 30-page report, sponsored by the FIDO Alliance, found that new regulations like PSD2 and GDPR have advanced the adoption of strong authentication—most notably cryptographically-backed implementations that use public key cryptography.
“The increase in strong authentication adoption makes sense given that while data breaches, phishing threats and regulatory pressures have risen, the financial and user experience costs associated with implementing strong authentication have decreased,” said Al Pascual, senior vice president and research director, Javelin Strategy & Research in a press release.
“What’s less encouraging is that we are finding that the holdouts believe passwords alone are sufficient security. These companies need to realize that even data they may think is low-risk can provide significant value to fraudsters and expose them to regulatory scrutiny. As such, they need to make plans to move to strong authentication now or they will find themselves an attractive target for cybercriminals.”