Why ATO Attacks Are Attainments Against Your Customers
Motivated by the ongoing increase in eCommerce, which has seen unprecedented growth during the COVID-19 epidemic, retailers are trying to react to a shift in consumer demand and offer distinctive customer experiences that set them apart from their competitors. Because of the rise in online sales and new technologies, businesses are becoming more strategic about their physical stores, using them as fulfillment centers, offering curbside delivery, and designing pop-up and augmented reality experiences around them, while reaching out to online shoppers via social media and virtual worlds like the Metaverse.
While the United States Department of Commerce says that the current surge in eCommerce has returned to pre-pandemic levels, it is apparent that eCommerce will continue to grow, merging with automation technology to create more seamless digital and physical purchasing experiences. For many retailers, the decision is no longer whether to sell online, but rather when and how much to sell online.
Whether you are transitioning your brick-and-mortar storefront to an online presence, increasing an existing online presence, or beginning a digital-first firm, you must do so securely. Many eCommerce retailers, however, are caught off guard by particularly cunning bot assaults that masquerade as actual consumer accounts and steal their login credentials. Account Takeover (ATO) is essentially a kind of identity theft, putting clients at risk in a variety of ways, including compromising personal data and fraudulent transactions.
Why are dangerous bots focusing on eCommerce?
Every firm has bot issues, but eCommerce is more targeted than most. According to recent eCommerce security data, retail websites accounted for more than half (57%) of all bad bot assaults, compared to only 33% across all industries. Furthermore, ATO attempts accounted for nearly a third of all login attempts to online retail websites, compared to a quarter in all other sectors.
Why so many login attempts rather than alternative methods of actually hacking eCommerce sites? For example, many businesses have distributed denial-of-service (DDoS) security layers and web application firewall (WAF) defenses in place to mitigate more direct efforts to access critical data. Bot-driven ATO assaults, on the other hand, may be launched in minutes, are typically less obvious, and are becoming more sophisticated in their pursuit of not only customer login credentials, but also personnel credentials.
ATO assaults have a hefty cost for your customers…and your business
Malicious actors will make their way into client accounts through a variety of methods, including brute force attacks, credential stuffing, and phishing emails. When an ATO effort is successful, it can erase years of hard work creating a devoted client base in a matter of minutes.
At best, the customer is locked out of their account, which may result in hours of emails and phone calls attempting to figure out what’s wrong while they could have been buying, souring their relationship with your business. At worst, ATO assaults can cause significant financial and infrastructure damage at the expense of your customers. According to a recent Forrester study, up to 38% of UK companies claimed to have lost business due to security issues, and PCI-PAL, a UK-based secure payments provider, discovered that 44% of consumers said they would temporarily stop spending with a business after a security breach, and 41% of consumers said they would never return to a business post-breach.
- Complaints of fraud If important customer information is stolen, they will face years of identity theft and privacy issues in the future. They may file a lawsuit against your company.
- Time and resources are limited. Detecting ATO efforts in the first place and distinguishing between genuine and fraudulent activity in user accounts consumes time and resources that could be better spent elsewhere.
- Chargebacks, refunds, and reimbursements Reimbursing clients for purchases they did not make, reinstating reward points, offering them complimentary things to assist compensate for their losses, and other damage control measures are all part of your damage control strategy.
- Reputational harm. Once your brand’s reputation has been harmed, it can be difficult to regain customer trust and obtain new clients. Word-of-mouth is still one of the most effective ways to market — according to a recent Nielsen study, 88 percent of individuals questioned globally trust recommendations from people they know more than any other advertising channel. If there is a poor perception of your brand, it can spread quickly through social media and have a detrimental influence on your bottom line. Furthermore, suppliers and payment service providers may be hesitant to do business with you.
- Issues with website performance. Your efforts to repair issues and counter malicious bot attacks may cause your website to slow down during peak traffic periods, resulting in abandoned shopping carts.