Blog

Stolen Accounts: The New Gold for Fraudsters

Let’s get this straight: an Uber account is worth a whopping 60 times of one’s credit card information in the black market. While a stolen Uber account can sell for $30, a credit card number is only worth $0.50. Fraudsters have moved on to account takeover (ATO). ATOs offer them far bigger gains and in turn, far greater losses for you.

The 2018 Identity Fraud Study revealed that cases of account takeover grew significantly – tripling over the past year and hitting a 4-year high. Total losses reached $5.1 billion, which was a 120% increase from 2016. Confirming this trend is the rise in high profile breaches such as that of Uber, Panera Bread and MyFitnessPal.

When hackers sell user account information on the dark web, fraudsters can take over these accounts easily. They masquerade as the real customers, and are able to make purchases, withdraw credit and use loyalty rewards. Fraudsters can also gain access to personal data from the accounts, to create new profiles impersonating users.

Accounts have indeed become the new pot of gold for hackers.

Why the rising tides of account fraud?

Companies such as WeChat, Alibaba and Amazon are establishing online ecosystems, where a user accesses multiple services on one platform. Purchasing just a single account on the black market can give fraudsters access to a treasure trove of data, including multiple stored payment methods, bank account information, usernames and passwords. Taking over an account is thus far more lucrative than having a list of stolen credit card numbers- fraudsters can have unparalleled access to a bunch of interconnected personal data rather than a single piece of information.

What makes accounts even more valuable is how companies are increasingly branching into different services beyond their initial product offering. A case in point: Amazon uses Amazon Pay as a virtual wallet system to be used within the app and has also recently started to offer alternative payment options in India, such as the debit EMI (Equated Monthly Instalments) scheme. With a growing connectivity of data in a world of frictionless payments, Amazon is at risk of various fraud scenarios such as having unauthorized transfers of Amazon Pay credits from compromised accounts.

Fighting the uphill battle against fraud

Fraudsters are constantly adapting and devising ways to optimize their operations. However, sophistication surrounding account protection has yet to catch up. Many businesses apply two-factor authentications or even multi-factor authentications as solutions to fraud. Unfortunately, such measures only serve to cause unnecessary friction to users. What makes this more frightening is that fraudsters are constantly on the lookout for new vulnerable points of entry. They will bypass these measures through the loopholes ultimately render them useless.

It might be impossible to create the perfect defence against account-related fraud, but it is crucial to safeguard your business against its potential damage. Unless you take strategic steps, you lose not only revenue to chargebacks, but also consumer confidence. With the changing fraud landscape, there is a crucial need for companies to start investing in accounts protection. It is almost inevitably just a matter of time before your business is targeted.