Many Merchants Unprepared for Account Takeovers

Many Merchants Unprepared for Account Takeovers

May 28, 2020

Many merchants lack the security measures they need to prevent account takeovers, according to a new survey from Riskified. The survey of 4,007 U.S., U.K., French and German consumers who shop online, and 425 e-commerce professionals, found more than one in three merchants (35 percent) report that at least 10 percent of their accounts have been taken over in the last 12 months.

Concern about account security is an issue for both customers and merchants as 66 percent of merchants and 69 percent of customers say they are concerned about their accounts getting hacked. 

A lack of account security measures can also have lasting effects as 65 percent of customers say they would likely stop buying from a merchant if their account was compromised. More than half of customers (54 percent) say they would delete their account, 39 percent would go to a competitor, and 30 percent say they would tell their friends to stop shopping with the merchant.

The most common approach to prevent ATOs is two-factor authentication for login attempts (62 percent). Many merchants also require complex passwords to increase security, with (73 percent) reporting that account passwords must contain a mix of characters, numbers, symbols and uppercase and lowercase letters. 

The unique challenge of ATO prevention

Riskified also noted that, because ATOs require only a login and stolen password, merchants have less data with which to evaluate the action, making detection and prevention difficult. 

The survey found:

  • More than a quarter of merchants (27 percent) admit that they do not have measures in place to prevent ATOs.
  • 24 percent of merchants can’t identify an ATO during a purchase.
  • 14 percent of merchants say they are not even aware that an ATO has occurred unless a customer contacts them.
  • Only 7.5 percent of customers learn their accounts were compromised from the merchant. The vast majority spot changes to their accounts or learn of unauthorized purchases.

“Purchases made using compromised store accounts are hard for merchants to detect because they look like they are made by legitimate returning customers,” said Riskified in a release on the survey. “ATOs are also very costly for merchants. When fraudsters use compromised accounts to make fraudulent purchases, not only does the merchant lose the revenue and the value of the goods sold, but it also often suffers serious damage to its brand reputation and diminished customer lifetime value.”

Previous-Article-CNP  Next-Article-CNP

State of Fraud


  • Share this Article:
Joan Goodchild

Lastest Fraud News