How to avoid falling victim to Account Takeover (ATO) Attacks
Account Takeover (ATO) attacks happen when a threat actor compromises a legitimate user’s e-commerce account and uses that account for fraud. This could be your Amazon, eBay, Walmart, Alibaba, IKEA, or Apple account, among others.
Because ATOs require only a login and stolen password, online retailers haven’t taken much action to prevent or detect these breaches. The statistics for online merchants are scary:
1) 27% admit that they do not have measures in place to prevent ATOs. 2) 24% of merchants can’t identify an ATO during a purchase. 3) 14% of merchants say they are not even aware that an ATO has occurred unless a customer contacts them. 4) Only 7.5% of customers learn their accounts were compromised from the merchant. The vast majority spot changes to their accounts or learn of unauthorized purchases.
How are you protecting yourself? Do you have multi-factor authentication (MFA) on your e-commerce accounts? Do you regularly check both your bank account and e-commerce account for unauthorized purchases? Have you configured virtual credit cards that are easily disposable? Does your online retailer have fraud analytics?