Sift Logo Several blue dots forming a sphere to the left of the word Sift in italic font.
  • Products

    Digital Trust & Safety Suite

    Fight fraud without sacrificing growth

    Learn more →

    Passwordless
    Authentication

    Account
    Defense

    Content
    Integrity

    Payment
    Protection

    Dispute
    Management

    Sift
    Connect

    PSD2
    Solution

    New Releases & Enhancements

  • Partners

    Sift Partner
    Program

    Join the leader in Digital Trust & Safety

    Learn more →

    Commerce platform partners


  • Industries

    One solution, many applications

    Learn how Sift can work for your industry

    Learn more →

    Featured industries


    Fintech

    Retail

    Food & Beverage

  • Customers

    See case studies by industry

    Sift works across every use case and region

    Learn more →

    Featured customers


  • Resources

    Explore our resources

    Access trends, guides, and insights from Sift

    Learn more →

    Blog

    Ebooks

    One Pagers

    Demos

    Videos

    Webinars

    Infographics

    Podcasts

    Trust & Safety University

  • Fraud Center
  • Company

    Why leaders choose Sift

    Technology, community, and partnership

    Learn more →

    Our mission: Help everyone trust the internet


    About

    Careers

    News & Press

Request a demo
Products
  • Digital Trust & Safety Suite
  • Passwordless Authentication
  • Account Defense
  • Content Integrity
  • Payment Protection
  • Dispute Management
  • Sift Connect
  • PSD2 Solution
  • New Releases & Enchancements
Why Sift
  • Salesforce
  • Magento
  • Shopify
Industries
  • Fintech
  • Retail
  • Food & Beverage
Customers
Resources
  • Blog
  • Ebooks
  • One Pagers
  • Demos
  • Videos
  • Webinars
  • Infographics
  • Podcasts
  • Trust and Safety University
Fraud Center
About
  • Search Careers
  • Our Company
  • Contact Us
  • Engineering Blog
Request a DemoSign In
  • Blog Home
  • Fraud
< prev / next >
Share this article on LinkedIn
Tweet this article
Share this article on Facebook
SOCIALICON
Share this article via email

Account takeover: Protect your business from this emerging threat

By Sarah Beldo  / 

14 Nov 2017

You may have heard that account takeover (ATO) is on the rise for all types of companies, from e-commerce merchants to SaaS businesses. The first step to protecting your business is understanding the problem. Let’s take a look at why ATO is growing.

What is account takeover?

ATO, also known as account compromise, is just what it sounds like: a bad actor getting access to a good user’s account. Once that access is achieved, the fraudster can use the account for all kinds of opportunistic and malicious ends. As part of the ATO, the fraudster may change the user’s password to lock them out, and change their email address so the good user doesn’t receive any additional communication about activity on their account.

Some of the ways fraudsters profit from ATO include: using up stored credits or rewards points, making high-value purchases, buying digital goods, scamming other users and phishing, creating fake listings, spamming, selling the credentials on the black market, extorting money from the legitimate account owner, and assuming the identity of the real user.

Why are fraudsters attracted to ATO?

ATO can be more profitable than credit card fraud. First of all, many businesses do not have a robust solution in place for stopping ATO, so the window of time for exploiting the information before detection is typically longer. Furthermore, a credit card can only be used until it’s canceled. But even once an ATO is discovered, the fraudster still has access to the credentials or personal information, which can be used to create a new fake account or a synthetic identity.

ATO also provides fraudsters with the advantage of built-in trust. New accounts are more likely to be flagged for fraud or given more scrutiny. If the account already exists and is connected to a legitimate user, the fraud is more difficult to detect and the fraudster has more time to operate before they are discovered.

The era of data breaches

According to the Sift Science Fraud-Fighting Trends report, 48% of online businesses observed a rise in ATO last year. How did ATO gain such traction over the past few years? You need only look at the big cybersecurity headlines to get a clue. We’ve entered the era of the data breach.

From Equifax to Yahoo, from eBay to Tesco Bank, the scale and sophistication of breaches is growing. Some 554 million records were compromised in the first half of 2016 alone, according to the Gemalto Breach Index. The downstream effect of more data breaches? A rise in ATO. With 59% of people reusing passwords on multiple sites, it’s easier than ever for criminals to leverage all of the data available on the dark web to cash out.

Latest trends in ATO

Like so many other types of fraud, ATO is increasingly committed at scale by bots, as well as manually. Hackers write scripts that test various combinations of stolen usernames plus potential passwords across multiple websites and apps, until they find a way in. These brute force attacks are helping fraudsters move as quickly as possible and focus on maximizing the value of each successful ATO. Researchers at Shape Security found that criminals can have as much as a 2% success rate by using these automated attacks.

Want to learn more about how to prevent ATO? Download our free ebook, The Complete Guide to Preventing ATO.

Related

account takeoverATOdata breaches

Sarah Beldo

Sarah Beldo was the Director of Content Marketing at Sift.

  • < prev
  • Blog Home
  • next >
Company
  • About Us
  • Careers
  • Contact Us
  • News & Press
  • Partner with us
  • Blog
Support
  • Help Center
  • Contact Support
  • System Status
  • Trust & Safety University
  • Fraud Management
Developers
  • Overview
  • APIs
  • Client Libraries
  • Integration Guides
  • Tutorials
  • Engineering Blog
Social

Don't miss a thing

Our newsletter delivers industry trends, insights, and more.

You're on the list.

You can unsubscribe at any time. Please see our Website Privacy Notice.

If you are using a screen reader and are having problems using this website, please email support@sift.com for assistance.

© 2022 Sift All Rights Reserved Privacy & Terms

Your information will be used to contact you about our service and subscribe you to our direct marketing communications. You can, of course, unsubscribe at any time. Please see our Website Privacy Notice.