• Products

    Digital Trust & Safety Platform

    Fight fraud without sacrificing growth

    Learn more

    Platform solutions

    • Payment Protection
    • Account Defense
    • Dispute Management
    • Content Integrity
    • Sift Connect
    • Passwordless Authentication

    Sift innovations

    • PSD2 Solution
    • New Releases & Enhancements
  • Industries

    One solution, any industry

    Learn how Sift can work for your industry

    Learn more

    Featured Industries

    • Fintech
    • Payment Service Providers
    • Retail
  • Customers

    Case studies by industry

    See how leading brands succeed with Sift

    Learn more

    Featured Customers

    • DoorDash
    • Uphold
    • Paula’s Choice
  • Partners
  • Fraud Center
  • Resources

    Fraud-fighting resources

    Explore fraud trends and insights

    Learn more

    • Blog
    • Demos
    • Infographics
    • Ebooks & Reports
    • Videos
    • Podcasts
    • One-Pagers
    • Webinars
    • Trust & Safety University
  • Company

    Why leaders choose Sift

    Technology, community, and partnership

    Learn more

    Our mission: Help everyone trust the internet

    • About
    • Careers
    • News & Press
Request a demo
Products
  • Digital Trust & Safety Platform
  • Payment Protection
  • Account Defense
  • Dispute Management
  • Content Integrity
  • Sift Connect
  • Passwordless Authentication
  • PSD2 Solution
  • New Releases & Enchancements
Industries
  • Fintech
  • Retail
  • Payment Service Providers
Customers
Partners
Fraud Center
Resources
  • Blog
  • Ebooks & Reports
  • One-Pagers
  • Demos
  • Videos
  • Webinars
  • Infographics
  • Podcasts
  • Trust and Safety University
Company
  • Search Careers
  • Our Company
  • Contact Us
  • Engineering Blog
Request a Demo Sign In
  • Blog Home
  • Account Fraud
  • Digital Trust & Safety
< prev / next >
Share this article on LinkedIn
Tweet this article
Share this article on Facebook
SOCIALICON
Share this article via email

[REPORT] Battling the New Breed of Account Takeover Fraud

By Kathryn Schneider  / 

18 Oct 2021

The global disruption caused by the pandemic gave fraudsters ample opportunities to attack—fluctuating online transaction volumes to hide behind, more data to steal, and a growing number of dormant accounts to take over and exploit led to staggering jumps in online abuse. And the data from the past two years shows just that. Account takeover fraud boomed by a staggering 307% between 2019 and 2021.

Every quarter, Sift investigates fraud trends and publishes a report derived from our global data network, representing over 34,000 sites and apps using Sift, as well as responses from over 1,000+ consumers surveyed. The data in our Q3 2021 report, Battling the New Breed of Account Takeover Fraud, highlights the rapid, evolving state of account takeover abuse and its webbing impact throughout digital commerce.

ATO attacks damage consumer trust

One of the most consequential costs of ATO for businesses is its impact on customers. Account takeover fraud costs a business the customers’ lifetime value (LTV), significantly raising customer acquisition costs, and leading to additional time, money, and resources spent on brand damage control. And ATO has a significant correlation to brand abandonment—of customers surveyed by Sift, 74% would stop engaging if their account was hacked on a specific site or app.

Account takeovers don’t just impact the site the customer’s information was stolen from, but create a ripple effect across other sites that defrauded customers use. This issue is exacerbated by the fact that 65% of people globally use the same password for every account they own, according to research from LastPass. It’s alarmingly easy for fraudsters to patch together a complete user profile and pinpoint where they may have associated accounts, making data breaches exponentially more damaging in scale.

“Hacked accounts that go unflagged until a clear signal of fraud is surfaced could prove the most dangerous to consumers and businesses alike,” says Jane Lee, Trust and Safety Architect at Sift. “That’s because hacked accounts with no obvious fraudulent activity—like multiple password changes or unauthorized purchases—are unlikely to be caught by rules and reviewers right away, and even less likely to be flagged by customers.”

Uncovering the Proxy Phantom fraud ring

Sift’s Data Science team uncovered and blocked a global fraud ring—dubbed Proxy Phantom by Sift—that used automation to execute international, rapid-fire ATO attacks against e-commerce merchants. The sophisticated ring of fraudsters utilized bots, proxy servers, and millions of compromised credentials to cycle through millions of usernames and passwords, all while rapidly rotating IP addresses in order to skate by undetected. The largest group, or cluster, of blocked IP addresses grew by 50x between Q1-Q2 2021.

For merchants, the potential of this automated fraud ring poses a huge risk for those who have outdated rules-based fraud prevention systems. As fraudsters become savvier with the technology they deploy, merchants will be faced with the omnipresent threat of large-scale attacks—leaving them in an endless game of whack-a-mole trying to catch up to bots that can rotate data at inhuman speed. This new breed of attack illustrates the need for an adaptable machine learning solution that has the power to accurately surface and stop account takeover fraud before it happens.

Fraudsters are banking of fintech

Although many industries have experienced a surge of account takeover fraud since the pandemic began, fintech has seen the most dramatic leap. Between Q2 2020 and Q2 2021, fintech companies have seen an astronomical 850% increase in attempted ATO, primarily concentrated in crypto and digital wallets. According to Sift Data Scientists, this rise can be at least partially attributed to consumers trading physical bank branches for digital-first financial services, giving fraudsters an opportunity to exploit the lack of consumer education and protections associated with these digital accounts. 

With the fintech industry now valued at $5.5 trillion, fraudsters are searching for any way to ride this wave. With 49% of consumers feeling most at risk of ATO on financial services sites, it’s crucial for fintech companies to re-evaluate their fraud prevention strategies to safeguard their customers and brand trustworthiness. 

Discover more insights on the rapid evolution of account takeover fraud and its impact on digital businesses by downloading our Q3 Digital Trust & Safety Index report. 

EXPLORE THE REPORT

Related

account takeoverAccount takeover fraudATOdigital fraudDigital Trust & Safetyfraud datafraud economyfraud preventionfraud solutionsproxy phantomsift datatrust and safety

Kathryn Schneider

Kathryn Schneider is Sift’s Content Marketing Manager, specializing in digital content that sparks lasting impact. She’s an avid hiker, art enthusiast, and dedicated nonprofit volunteer.

  • < prev
  • Blog Home
  • next >
  • Company
  • About Us
  • Careers
  • News & Press
  • Partner With Us
  • Blog
  • Support
  • Help Center
  • Contact Support
  • System Status
  • Trust & Safety University
  • Fraud Management
  • Developers
  • Overview
  • APIs
  • Client Libraries
  • Integration Guides
  • Tutorials
  • Engineering Blog
  • Social

Don’t miss a thing

Get industry trends, insights, and actionable fraud-fighting tips.

You're on the list.

You can unsubscribe at any time. Please see our Website Privacy Notice.
Do Not Sell My Personal Information

If you are using a screen reader and are having problems using this website, please email support@sift.com for assistance.

© 2022 Sift Science, Inc. All rights reserved. Sift and the Sift logo are trademarks or registered trademarks of Sift Science, Inc.
Privacy & Terms

Secure your business from login to chargeback

Stop fraud, break down data silos, and lower friction with Sift.

  • Achieve up to 285% ROI
  • Increase user acceptance rates up to 99%
  • Drop time spent on manual review up to 80%
Your information will be used to contact you about our service and subscribe you to our direct marketing communications. You can, of course, unsubscribe at any time. Please see our Website Privacy Notice.