Cybersecurity month: Turning customers into an ATO defense through education

October is European Cybersecurity Month (ECSM). It’s an annual campaign by the European Union Agency for Cybersecurity and the European Commission, aiming to raise awareness of cyber threats and security best practices – and for online merchants, it’s a reminder that security is a shared responsibility.

Today, we are thinking about the intersection of fraud detection and cybersecurity, and how this can be used to your advantage.

For ecommerce companies, investing in customer cybersecurity awareness has several benefits – including reducing risk and boosting your brand image.

Recruiting customers to the fight against cybercrime

In many companies, fraud and cybersecurity teams work independently, which can have its advantages. But collaboration can make a meaningful difference.

The crossover between cybersecurity and fraud detection is perhaps most evident when considering account takeover attacks, also known as ATO.

While internal controls are vital, a cybersecurity framework is only as strong as its weakest link. You have a lot to benefit from empowering your customers to recognize and avoid common cyberattacks.

Customers who reuse passwords or click suspicious links, for example, are more likely to have their credentials stolen in phishing attacks. Businesses then face unauthorized purchases, costly chargebacks, non-compliance fees, and a loss of customer trust and brand reputation.

Almost half of businesses (44%) say that fraud impacts their brand image KPIs, with 30% also claiming that ATO attacks cost them the most money of any fraud type, per Ravelin’s Global Fraud Trends Report 2025.

This makes ATO prevention a priority. And while much of the focus is on incident response, educating customers about phishing stops many attacks from occurring in the first place.

It also increases trust in your brand. Customers who feel that you prioritize their security are more likely to buy from you, make repeat purchases, and recommend your business.

How can merchants incorporate customer security awareness into their strategy?

Recommended methods to spread cybersecurity awareness in your customer base include email communications, popups and guides on your website.

The good news is that such a campaign doesn’t require new technology or technical knowhow. Instead, it involves incorporating education into your communication strategy.

To increase awareness, consider:

• Sending emails that educate customers about phishing. These can take the form of infographics, videos or text email campaigns. Make sure to emphasize steps such as checking the sender’s email address and hovering over links before clicking. You can also remind customers that you never ask for sensitive information via email.
  
  

• Highlighting the protections you have in place. Make it clear to customers that you are taking the security of their accounts seriously. Be as specific as possible – for example, say so if you have deployed ATO checkpoint protection at both login and checkout. Layered protection is best, since strengths in login protection compensate for weaknesses in checkout protection, and vice versa.
  
  

• Nudges on your website. A brief message or popup at the login or checkout stage of your online shopping platform can reinforce the need for strong password hygiene. At checkout, explain secure payment practices without introducing friction to the payment process.
  
  

• Posting security tips to your website and social channels. To keep security top of mind, share an image or infographic detailing common phishing tips and effective password hygiene. You could even go through how scammers exploit user vulnerabilities and take over accounts to make the tips more relatable.

These actions won't eliminate every instance of fraud. But they do create a more security-minded customer base which, in turn, reduces your exposure to account takeover fraud.

Moving from awareness to action

Take the opportunity to engage your customers about how they can best protect their accounts.

As a fraud manager, you can reach out to your company’s Marketing team to coordinate a campaign. This kind of cross-function collaboration can, in the long run, help you collaborate more closely with a department whose campaigns may impact your fraudscape.

Sharing ecommerce security tips with customers reduces fraud-related losses, demonstrates transparency, and shows them that you’re committed to their security and user experience.

Having strong internal cybersecurity measures to support customer awareness is just as important. To better understand the technical side of prevention and how you can manage a breach, read Ravelin's complete guide to account takeover fraud.