iovation has seen a 220% increase in confirmed reports of account takeover (ATO) from our e-commerce customers in the past twelve months. What is driving this rise? And how can you combat it without losing good customers?

In response to customer preferences, many e-commerce sites have launched dedicated apps or optimized their sites for mobile. This move has paid off with the increasing numbers of consumers who want fast, easy checkout, and optimized shopping experience. Retailers that have both mobile sites and apps are seeing, on average, two-thirds of their online sales coming from mobile devices, according to a recent report. They also found that conversion rates are 3x higher for mobile apps than for mobile web.1

While this move has been lucrative for merchants, it’s also created opportunities for fraudsters. The switch to dedicated accounts and applications, combined with the flood of breached credentials and personal data available on the dark web, has had the unintended consequence of opening the door to ATO attacks.

The Cost of ATO Attacks Goes Far Beyond Revenue

  • Cost of lost goods and chargebacks - e-commerce chargebacks due to fraud are expected to reach $30 billion by 2020. 3
  • Damage to customer relationships - Consumers spend 16 hours on average resolving issues after their account is taken over. 4
  • Loss of brand reputation - 44% of shoppers said they will never buy from a retailer again after a data breach. 5
  • Regulatory non-compliance - New regulations such as GDPR are setting a much higher bar for protecting customer's personal data.

To complicate matters, shoppers are very sensitive to any added friction in their shopping experience. This leaves merchants in the precarious position of having to balance the need to prevent account takeover against preserving positive customer experience.

Speed Good Customers to Checkout, Stop ATO

Legacy authentication solutions that rely on usernames and passwords cannot protect against ATO. Yet most businesses don’t have the time or resources to completely revamp their systems.

Enter transparent, device-based authentication.

Device-based authentication can easily be layered on top of existing systems without the need for personal data. It adds a second, invisible layer of authentication that can drive step-ups if new or suspicious devices try to access an account, enhancing your existing authentication procedures without heavy lifting or intense coding.

Customers simply register their devices to their accounts and then on subsequent visits a device check is done in the background without any further inputs needed. You receive powerful risk insight that allows you to assess risk factors indicative of ATO, including device anomalies, spoofing, and evasion; and because you have verified that the device belongs to your customer, they enjoy secure and seamless shopping experience.

If you’d like to learn more, check out our recent webinar on ATO in E-Commerce.

1 Source:
2 Gartner: Market Guide for online Fraud Detection, Jan 2018
3 TotalRetail 5 Ways E-Commerce Merchants Can Combat Identity Fraud
4 Javelin 2018 Identity Fraud: Fraud Enters a New Era of Complexity
5 TransUnion 2018 Retail Consumer Survey Insights