Account Takeover: A Cross-Functional Problem
By Angela Marrujo /
20 Aug 2018
Account takeover (ATO) isn’t just a problem for a business’s fraud and security teams – ATO has spillover effects that take a toll on every team in the company, from Customer Service to Data Analytics to PR and Communications. How does ATO impact teams cross-functionally, and what can a business do to help its entire team proactively prevent it?
We discussed this and much more with Alan Bernstein, Senior Manager of Fraud and Payments at Shutterstock in our webinar, Breaches are Coming: How to Detect and Prevent Account Takeover, and found that ATO makes everyone’s jobs a lot more difficult.
What are the consequences of ATO on teams across a company?
This will likely be the team most heavily impacted by ATO. Typically when a business is experiencing a new type of fraud, its systems aren’t set up to combat it. Rules can be adjusted in an attempt to widen your fraud-catching net, but you risk impacting good customers in the process by creating false positives.
There’s also the risk of fraudsters becoming savvy to the fact that you’re ramping up your ATO prevention efforts. This often means they will start changing their mode of attack, resulting in an increase in other types of fraud that you may be paying less attention to while trying to curb ATO, such as payment fraud. While putting out one fire, another one may start behind your back.
Customer Service and Operations
When customers can’t access their accounts, Customer Service will inevitably start fielding angry and frustrated calls for help, and the Operations team will need to assess financial damage and issue refunds for any users that need to be made whole. If the Customer Service team has some control over whether a user can access their account, fraudsters may catch on to this and start making calls to phish info to get into accounts.
IT and Security
This team has the advantage of using systems similar to what Fraud teams use, but they have an outside-in perspective on fraud rather than the inside-out perspective of Fraud teams. It makes collaboration between the teams easier, and IT and Security can help Fraud see what’s happening on the business’s site before attack attempts are made.
PR and Communications
If these teams get wrapped up in ATO, it usually means they saw an angry social post from a legit user whose account has been compromised. No business wants bad PR, and they definitely don’t want a negative social post to go viral and adversely affect its reputation. If a business’s social accounts are seeing a rash of comments from frustrated users, the Marketing team handling those accounts has to reach out to Customer Service and Support teams to get that user a solution, fast.
Data Analytics and Business Intelligence
These teams have dashboards and metrics they’re monitoring and measuring, and their data can be impacted in a variety of ways by the effects of ATO. For example, they might notice that purchases of a particularly expensive product have been spiking in certain regions or countries, but it’s not due to a sudden surge in demand for the product – it’s because of ATO.
How can teams align to make fraud fighting a collaborative effort?
ATO should be understood across the company. Ensuring that every team is aware of the unique cross-functional effects of ATO is not only educational, but can also bring teams together via a sense of camaraderie if they know that they’re all fighting the same fight against the same antagonist.
A good way of illustrating this is by communicating to every employee how ATO affects the company’s bottom line. For example, if a customer is lost to ATO, what is the cost of losing them? In other words, what is the lifetime value of a customer? Multiply that number by the number of customers with compromised accounts to determine the dollar amount ATO costs your company. That should be a pretty sobering thought for any employee, no matter what team they’re on.
The next step will be to develop a plan of action across teams to collect more data that will give you greater insight into ATO across the company. Partner with the Customer Service team to implement a process where every time a compromised customer reaches out, it gets logged; partner with Business Intelligence to set up regular reporting so every time there’s irregular activity, you can track whether it’s from ATO. Sit down with every team to determine the best methods for recording unusual activity, which will help everyone better understand exactly how far-reaching your company’s ATO problem is.
Be sure to watch our free webinar for more information on how ATO spans cross-functional teams, how to proactively combat it, and more!
Angela Marrujo, Content Marketing Manager at Sift, is a lifelong gamer with a deep love for Nintendo, in particular. Illustration and music are her other passions. Angela is a San Francisco State University alumna and, prior to Sift, worked in PR and Marketing in the video game industry.