Riskified, provider of online payment and fraud prevention solutions, publishes a study nationwide revealing the vulnerability of French e-merchants to account hacking. In the absence of preventive measures, these attacks called “Account Takeover” should multiply …
Almost 40% of online merchants said that at least one in ten customer accounts were hacked in France last year. This is what this survey conducted by Riskified reveals with 100 e-commerce professionals (RSSI, CRM and loyalty director, Payments director, Financial director, Revenue insurance manager, E-commerce director …) and 1,000 French consumers.
These attacks (known as Account Takeover or ATO) occur when a fraudster takes control of an account using the identifiers of the legitimate owner and uses it for malicious purposes. Taking control of an account is not the ultimate goal of an attacker. His final goal is to be able to place orders.
This investigation also notes that:
- Almost a quarter of e-merchants admit that they have not taken any measures to protect themselves against this type of attack;
- More than half of them (52%) believe that online fraud will increase due to the pandemic.
This study shows to what extent this form of fraud has negative repercussions for brands, damaging both their reputation and their turnover.
63% of e-merchants and 90% of buyers fear that their accounts will be hacked. ATOs can be particularly costly for merchant sites: 76% of users surveyed said they would stop shopping online from the site where their account was hacked and more than a third would go to a competitor.
But professionals seem helpless to counter this type of attack: 18% of retailers surveyed said they did not have the capacity to detect account theft during the purchase process and 10% said they were unaware that hacking had taken place. unless the victim contacts them.
Some retailers and e-tailers have implemented measures. 40% of the professionals questioned indicate that they apply strong authentication for certain connection attempts and 68% require complex passwords.
But, half of the customers admit to using the same password for several of their online accounts…
“Without a dynamic and exhaustive analysis of all the relevant data, e-merchants risk financial losses, unhappy customers and a tarnished reputation. Machine learning solutions help identify legitimate customers in real time, making it easier for them to progress through the shopping tunnel, “said Assaf Feldman, co-founder and technical director of Riskified.
To detect these attacks, e-merchants must rely on as much data as possible. For example, take into account the device, the network used, the possible use of a proxy and analyze previous connections to determine if it is indeed the account holder.
If one of these elements is unusual or shows the characteristic signs of a hacking, it is preferable to contact the legitimate owner directly, or even to impose strong authentication.