Study: Retailers not prepared for account takeover attacks
Two in three customers would stop shopping at an online retailer if their accounts were used fraudulently.
According to a new survey on the effect of account takeover (ATO) attacks on e-commerce retailers and customers from Riskified, more than one-quarter of retail respondents (27%) admit that they do not have measures in place to prevent ATOs. ATOs occur when criminals obtain control of a legitimate consumer e-commerce account and use it for fraudulent purposes.
Almost the same percentage (24%) of retailers can’t identify an ATO during a purchase. And almost one in six (14%) say they are not aware that an ATO has occurred unless a customer contacts them.
Almost three-quarters (73%) of retail respondents report that customer account passwords must contain a mix of characters, numbers, symbols and uppercase and lowercase letters. However, 47% of customer respondents admit to using the same password for two or more online stores, which can limit the effectiveness of a complex password. More than six in 10 (62%) retail respondents require two-factor authentication for login attempts (62%).
Two-thirds (66%) of retail respondents say they are concerned about ATOs, and more than one in three (35%) report that at least 10% of their accounts have been taken over in the last 12 months.
On the customer side, ATOs are also a source of significant concern and can cause permanent damage to a consumer’s relationship with an e-commerce retailer. Almost seven in 10 (69%) consumer respondents say they are concerned about their accounts getting hacked, and 65% say they would likely stop buying from an online retailer if their account was compromised.
More than half (54%) of customers say they would delete their account, 39% would go to a competitor, and 30% say they would tell their friends to stop shopping with the retailer. In addition, the study shows only 7.5% of consumers victimized by an ATO learn their accounts were compromised from the retailer. The vast majority spot changes to their accounts or learn of unauthorized purchases.
Additional key findings from the survey include:
• 83% of customers say they have accounts on individual sites for shopping.
• 75% of customers do most or all of their online shopping with retailers where they have accounts.
• 42% of customers said they shop more frequently when they have an account.
• More than 67% of the retailers surveyed say at least half of their orders come from customers with accounts.
• 58% of retailers report that account holders spend more per purchase than customers who use guest checkout.
• 61% of retailers say that account holders purchase more frequently than customers who use guest checkout.
The survey was conducted by Propeller Insights on behalf of e-commerce security platform Riskified, with multiple response questions addressed to a sample of 4,007 U.S., U.K., French and German consumers who shop online and 425 e-commerce professionals.