Let’s get this straight: an Uber account is worth a whopping 60 times of one’s credit card information in the black market. While a stolen Uber account can sell for $30, a credit card number is only worth $0.50. Fraudsters have moved on to account related fraud, which offers them far bigger gains and in turn, far greater losses for you.
The 2018 Identity Fraud Study conducted by Javelin Strategy & Research revealed that cases of account takeover grew significantly – tripling over the past year and hitting a 4-year high. Total losses reached $5.1 billion, which was a 120% increase from 2016. Confirming this trend is the rise in high profile breaches such as that of Uber, Panera Bread and MyFitnessPal.
When cybercriminals managed to breach 150 million user accounts on MyFitnessPal, fraudsters could take over these accounts and masquerade as the real customers. This means that they were able to change account details, make purchases, withdraw credit and use loyalty rewards. Gaining access to personal data stored in these accounts, such as email addresses, account user names and passwords, also meant that fraudsters could create new profiles to commit promo abuse.
Accounts have indeed become the new pot of gold for hackers.
Why the rising tides of account fraud?
Companies such as WeChat, Alibaba and Amazon are establishing online ecosystems where a single platform can be used to access multiple services. Purchasing just a single account on the black market can give fraudsters access to a treasure trove of data, including multiple stored payment methods, bank account information, usernames and passwords. Taking over an account is thus far more lucrative than having a list of stolen credit card numbers- fraudsters can have unparalleled access to a bunch of interconnected personal data rather than a single piece of information.
What makes accounts even more valuable is how companies are increasingly branching into different services beyond their initial product offering. A case in point: Amazon uses Amazon Pay as a virtual wallet system to be used within the app and has also recently started to offer alternative payment options in India, such as the debit EMI (Equated Monthly Instalments) scheme. With a growing connectivity of data in a world of frictionless payments, Amazon is at risk of various fraud scenarios such as having unauthorized transfers of Amazon Pay credits from compromised accounts.
Fighting the uphill battle against fraud
Fraudsters are constantly adapting and devising ways to optimize their operations, but sophistication surrounding account protection has yet to catch up. Many businesses apply two-factor authentications or even multi-factor authentications as solutions to fraud, but such measures only serve to cause unnecessary friction to users. What makes this more frightening is that fraudsters are constantly on the lookout for new vulnerable points of entry which will allow them to bypass these measures and ultimately render them useless.
It might be impossible to create the perfect defence against account related fraud, but it is crucial to safeguard your business against its potential damage. Unless you take strategic steps, you lose not only revenue to chargebacks, but also consumer confidence. With the changing fraud landscape, there is a crucial need for companies to start investing in accounts protection. It is almost inevitably just a matter of time before your business is targeted.