• Products
    Digital Trust & Safety Suite

    Expand with confidence, and fight many types of fraud and abuse

    Payment Protection

    Reduce risk and grow revenue

    Content Integrity

    Protect users from spam and scams

    Account Defense

    Stop account takeover attacks

    Latest Product Releases & Enhancements
    Sift Connect
    PSD2 Solution
  • Why Sift
    The Sift Way

    Technology, Community, Partnership

    Commerce Platform Partners

    Low-code integrations for leading commerce platforms

  • Customers
    See case studies by industry

    Sift works for companies across e-commerce, travel, on-demand, and more.

    Featured Customers

    Harry’s

    85% reduction in chargebacks

    Poshmark

    70% less spam content

    Turo

    100% of ATO blocked

  • Resources
    Blog

    Digital Trust & Safety news

    Demos

    Walk-throughs of how Sift works

    Ebooks

    Guides, research, and more

    Infographics

    Data brought to life by design

    One Pagers

    Product and use case info

    Podcasts

    Stories from the fraud front lines

    Videos

    Testimonials and brand stories

    Virtual Events

    Virtual expo and online events

    Webinars

    Insights from industry experts

  • About
    Search Careers

    Make the internet a safer place — Grow your career.

    Our Company

    Learn how Sift helps companies grow securely

    Contact Us

    Want to get in touch? We'd love to hear from you

    Partner with Us

    Join the leader in Digital Trust & Safety

  • Request a demo
  • Sign in
Products
  • Digital Trust & Safety Suite
  • Payment Protection
  • Content Integrity
  • Account Defense
  • Latest Releases
  • Sift Connect
  • PSD2 Solution
Why Sift
  • Salesforce
  • Magento
  • Shopify
Customers
Resources
  • Blog
  • Demos
  • Ebooks
  • Infographics
  • One Pagers
  • Podcasts
  • Videos
  • Virtual Events
  • Webinars
About
  • Search Careers
  • Our Company
  • Contact Us
  • Engineering Blog
Request a Demo Sign In
  • Blog Home
  • Fraud
< prev / next >
Share this article on LinkedIn
Tweet this article
Share this article on Facebook
SOCIALICON
Share this article via email

Calculating the Cost of Account Takeover

By Kevin Lee  / 

20 Dec 2017

Account takeover (ATO) is a growing threat faced by online businesses across industries – from social networks and e-commerce merchants to SaaS and professional services. But not every company even realizes ATO is a looming threat.

Besides counting your company lucky for not making headlines, how do you measure whether ATO is a problem for your business? ATO can be harder to quantify than payment fraud. When measuring the total cost of ATO, there are a number of individual costs to consider.

Chargebacks (if applicable), including:

  • Product cost
  • Chargeback fees
  • Dollar amount of the transaction
  • Does this chargeback put your company over the excessive chargeback threshold, which could result in financial penalties?

Reduced customer engagement, including:

  • Fewer clicks, fewer purchases, lower average dollar amount, less time spent on the site or app
  • Customer lifetime value (LTV): If the customer churns, you lose all future sales. We have more info on calculating LTV below.
  • Customer acquisition costs: Now you need to spend more money to acquire more customers.

Brand damage + Cleanup costs

  • Negative PR: This is tough to measure, but you may consider looking at negative social media sentiment and article mentions.
  • Lost brand value: For example, Yahoo lost approximately $350 million in the Verizon deal because of its data breaches.
  • Legal fees (if applicable)
  • Compliance fines or additional audits
  • Ops, Eng & PM staffing: This includes salary, equipment, and overhead costs.
  • Cost of external tools used to fight ATO

How do you put a price on lost user engagement with your site or app? We’ll walk you through a way to do this, based on calculating the lifetime value (LTV) of a user:

Collect active inputs

This bucket encompasses every complaint and reported ATO. You can find this information by asking Customer Support how many tickets, inbound phone calls, chats, and emails they’ve received that mention ATO. You can also track traffic to any support articles related to ATO. If you aren’t formally tracking this information, it’s a good idea to start now.

Collect passive inputs

But not every ATO victim proactively reports what happens to them. Some simply stop using a website or service, while others close their account altogether. One way to gauge passive ATO damage is to analyze all of the users who have deactivated their account, or haven’t engaged with your site for a certain amount of time. Do a post-mortem on a sample of each one (depending on volume) to determine whether they have suffered ATO.

Measure how ATO affects engagement

Once you have gathered both active and passive inputs, you can compare the LTV of an affected user to that of a normal user. For an e-commerce site, this value may be measured in terms of money spent. For a social site, it could be how often they visited or engaged on the platform.

Compare the delta between the ATO affected user and the normal user. That will give you a sense of how ATO is affecting your business from a monetary perspective.

Learn more about why ATO is growing, and how to detect and stop it, with our free ebook, the Complete Guide to Preventing Account Takeover.

Related

account takeoverATO

Kevin Lee

Kevin is the Trust and Safety Architect at Sift Science. Building high-performing teams and systems to combat malicious behavior are what drive him. Prior to Sift, Kevin worked as a manager at Facebook, Square, and Google in various risk, spam, and trust and safety roles.

  • < prev
  • Blog Home
  • next >
Company
  • About Us
  • Careers
  • Contact Us
  • News & Press
  • Partner with us
  • Blog
Support
  • Help Center
  • Contact Support
  • System Status
  • Trust & Safety EDU
  • Fraud Management
Developers
  • Overview
  • APIs
  • Client Libraries
  • Integration Guides
  • Tutorials
  • Engineering Blog
Social

Don't miss a thing

Our newsletter delivers industry trends, insights, and more.

You're on the list.

You can unsubscribe at any time. Please see our Website Privacy Notice.

If you are using a screen reader and are having problems using this website, please email support@sift.com for assistance.

© 2021 Sift All Rights Reserved Privacy & Terms

Your information will be used to contact you about our service and subscribe you to our direct marketing communications. You can, of course, unsubscribe at any time. Please see our Website Privacy Notice.