Author: Roberto Valerio, CEO, Risk Ident
Between June 2015 and June 2016, we identified an increase of up to 300% in account takeover attempts on our eCommerce customers in Germany, making it one of the fastest-rising risks of modern online commerce.
An account takeover is when a fraudster logs into a genuine customer account, having obtained their login details, then poses as the customer to buy services and / or goods without the account holder’s authorisation.
Fraudsters can obtain login details via various techniques, whether buying them on the black market or through careless password security on behalf of the user. Google also reports that malware or phishing attacks have a success rate of 45% in stealing victims’ username and passwords.
The problem with account takeovers is that, because fraudsters are buying items from a trusted account, often with a good purchase history, by the time the account user and retailer realise what’s happening, the damage is already done.
What’s more, fraudsters do not sit still – they are always altering their techniques. Rule-based anti-fraud systems cannot capture this evolving threat effectively and often cause costly false positives for retailers, damaging the customer experience.
If German retailers want to enjoy a slice of an eCommerce pie that grew over 13% last year to €59.7bn, they need to recognise this hidden threat in modern online commerce.