Account takeover (ATO) –when a bad user gets access to a good user’s account – is a growing threat faced by online businesses across industries, from social networks and e-commerce merchants to SaaS and professional services.
online businesses observed a rise in ATO in 2016
was lost to ATO in 2017, a 120% increase from the year before
is the average victims pay to resolve ATO
Sources: Sift Science, Javelin Strategy & Research
How did ATO gain such traction over the past few years? You need only look at the big cybersecurity headlines to get a clue. We’ve entered the era of the data breach.
data breaches happened in 2017 (breaking records)
records were compromised worldwide
Social Security numbers were exposed in the Equifax breach
Source: Gemalto Breach Index
people reuse passwords on multiple sites
use a password manager product
Source: Password Boss
What does ATO look like? Here’s an example from a ticketing site...
Fraudster accesses account through hacked credentials bought on the dark web
Changes the password so real account holder can’t access
Adds a stolen credit card to the account and uses it to buy tickets
Creates listings to sell the tickets they just bought fraudulently
Many of the signs of ATO are contained in subtle behavioral patterns across all of a user’s activity.
Here are some of the separate signals that may point to a potential ATO: