A great description of the criminal craze in credential stuffing is found in PYMNTS’ May 2021 edition of the Digital Fraud Tracker®, done in collaboration with and supported by PayPal.
Jason Ordway, chief technology officer of Slice, the pizza-ordering app integrated with 15,000 U.S. pizzerias, put it like this: “You’ve got bad actors that download [or] write scripts that take a [stolen] login and password and test a million of them [at once].” It’s a vivid, accurate depiction.
Among others, Ordway is forthcoming about threats emerging from the Dark Web, with various known or new attack vectors being used in concert to capitalize on pandemic-era confusion.
Commenting on the booming bad actor “marketplaces” for trafficking in stolen credentials, Ordway told PYMNTS that the Dark Web is “databases on top of databases on top of databases with, at a minimum, millions of records. When users recycle the same login passwords across every food tech website, [fraudsters] can either break in and create orders for themselves or go back to [the] Dark Web again and sell those credentials to other bad guys.”
Payments tech providers are taking that fight back to fraudsters, however, as is revealed in this extensive examination of trends in digital thievery, as well as how they’re being thwarted.
Companies Underestimating ATOs Face Ongoing Peril
Defining the digital shadowlands where cybercrooks find and filch consumer credentials, the May Digital Fraud Tracker® notes that “businesses are aware of the threat ATOs pose to themselves and their customers, but they may be underestimating the actual damage they cause. A recent survey found that 90 percent of IT executives at United States companies said ATOs cost them less than $500,000 in 2020, with 39 percent reporting losses of less than $100,000. Some clients of fraud prevention companies report that they deal with up to 30,000 ATO attacks every single day, however, for a total monthly loss of $100,000.”
Put another way, it’s a bigger problem than some companies believe — and that’s very problematic. For example, certain verticals appear to be more alluring to bad actors than others.
Per the May Tracker, “[Account Takeovers or ATOs] are largely aimed at businesses in the retail, hospitality and travel sectors, with 90 percent of such attacks affecting retailers, for example. Businesses also reported increases in refund abuse and other forms of friendly fraud, which are typically the result of legitimate customers abusing return policies.”
To defend against these cyberassaults, more companies are going into the cloud. Per the Tracker, “Cloud systems do not provide ATO immunity, but they do offer some advantages. Four out of five survey respondents said that their cloud systems offered better visibility into attacks that bypass firewalls or other external security measures, allowing them to catch fraudsters in the act. Respondents’ biggest fraud-fighting frustration was the amount of time needed to manage security solutions, however.”
Artificial Intelligence (AI) Looks for Crooks
Considering that overall fraud has increased on the order of 46 percent worldwide — 22 percent in the U.S. — a year into the pandemic by reliable estimates, the targeting of new digital-first consumers learning the ropes of eCommerce has been an absolute fraud fête.
“The most commonly targeted industries were telecommunications and financial services, which experienced 58 percent and 57 percent increases, respectively. Average consumers were also frequent victims, with [one] study finding that 36 percent of individuals had been targeted by pandemic-related fraud as of March 2021” — from 29 percent in April 2020, per the Tracker.
To mount an effective digital defense, more businesses are using artificial intelligence (AI), particularly for its value in verification. As the new Tracker notes, “three-quarters of businesses … said that verification was a source of customer friction and abandonment, but reducing this friction could result in fraud slipping through. AI can close this gap by removing human error and judgment from the equation, resulting in faster and more effective verification processes.”
We’re always on the lookout for opportunities to partner with innovators and disruptors.
Learn More