Retail brands saw unparalleled growth in ecommerce businesses this past year as they shifted to meet the growing demands of customers in the face of a global pandemic. This increase in online ecommerce has also contributed to an influx of online theft.
When fraudsters gain access to legitimate customers’ store accounts, they obtain a wealth of high-value information. The fraudulent transactions that follow are harder to detect, because they look like they are made by known customers. Riskified’s recent survey revealed that more than 82% of merchants were targeted by significant ATO attacks in 2020. This is a major threat to ecommerce sites as digital growth continues to climb.
The Cost to Your Ecommerce Site
The lost revenue and costs associated with chargebacks and Account Takeover (ATO) attack can have a devastating impact on brand reputation and the lifetime value of a customer. For example, nearly half of customers (43.2%) say they wouldn’t shop at an online store ever again if their account was compromised. Even if customers don’t ultimately suffer a financial loss, they typically have to spend hours addressing the fallout – regaining access to their account, cancelling any stored credit cards, and claiming reimbursement for stolen loyalty points.
In fact, in the event of an attack, the best case scenario for the customer would be that the fraudster gained access to only their purchase history. A much more consequential case for both the customer and the merchant would involve more serious types of identity fraud or high-value reimbursements. The solution cannot be to simply prohibit customers from storing personal information on your site, as these shortcuts help streamline checkout and encourage loyalty. With the right risk strategy in place, ecommerce sites can control their exposure. To assess their security needs, brands should first evaluate the sensitivity of the data stored on their site.
Solutions
We’ve partnered with Riskified to help our clients minimize the risk of cyber-attacks on Commerce Cloud websites. Riskified’s ATO prevention solution assesses the risk of every login and resulting account event providing a clear ‘allow’ ‘notify’ challenge’ or ‘block’ decision. When verification is required, their solution can deploy the notification or challenge on the site’s behalf.
Riskified has invested years in building a world-class solution to stop CNP fraud, giving their ATO product an enormous boost. Why? Two main reasons:
- They know what ATOs look like because we’ve seen millions of them already at checkout. They have enough data now for our models to recognize malicious login attempts, even those that look completely legitimate to the human eye.
- They already have a robust merchant network. By this point, when a new customer comes to one of your merchants, they’re able to recognize the vast majority of customers, usually between 80-90%.
As the shift to ecommerce continues to rapidly accelerate, so does the risk of ATO. When these attacks occur, brands are left to deal with downstream ‘repair work’ to make up for the many possible implications of just one ATO. With machine-learning solutions and data from their robust network of ecommerce brands, Riskified can identify legitimate shoppers and minimize friction, allowing brands to focus on growth from their most loyal customers.
