Harness the power of your data to reduce fraud
and increase payment acceptance
Tailor-made fraud protection
Detect and stop fraud faster with clear
Adaptive solutions for emerging threats
Defend against ATO, promo abuse and seller
Optimize conversion with agnostic
Manage PSD2 and take control of
Online payment fraud
Understand chargebacks, fees &
Machine learning for fraud detection
Models, risk scores & thresholds
Link analysis & graph networks
Draw deeper insights from data
Account takeover fraud
Prevention strategies & reputational
Uncover & stop hidden costs
PSD2 & SCA
3D Secure, TRA & exemptions
Global payment regulation map 2022
Track PSD2 & more with a full report
Deep dives on fraud & payments topics
The latest fraud & payments updates
API & developer docs
APIs, glossary, guides, libraries and SDKs
Discover the story about Ravelin
Join our dynamic team
Read more about our happy customers
Join our partner programme
Harness the power of your data to reduce fraud and increase payment
Detect and stop fraud faster with clear insights
Defend against ATO, promo abuse and seller fraud
Optimize conversion with agnostic authentication
Manage PSD2 and take control of authentication
Understand chargebacks, fees & detection
Prevention strategies & reputational risk
Uncover & stop hidden abuse
Read more about our happy custmomers
Blog / Account Takeover
How can you get senior leadership to pay attention to the risk of account takeover? Here are our recommendations.
Account takeover happens when fraudsters target genuine customer accounts, and use stolen credentials to place fraudulent orders, rather than simply targeting stolen cards. It’s a growing problem, with the cost of account takeover rising by 120% from 2016-2017.
Despite the alarming rise in costs, merchants’ response has been slower. An account takeover looks very different from typical card-not-present fraud. A single attack affects hundreds of different genuine customer accounts at the same time. By the time the Payments team notices a chargeback relating to an account takeover, often the damage has already been done across multiple other accounts. Many businesses struggle to react quickly if they don’t have specific protection in place for this style of attack.
We often hear from merchants who say it’s a challenge to get business leaders to recognize the risk of account takeover and allocate budget to the problem. Aside from the C-suite, account takeover affects many different teams - it impacts Fraud and Payments but also Risk, Product and Marketing departments. Defining the right way to deal with account takeover is complicated by the goals and priorities of each; for example, the Marketing department may prioritize ease of ordering over repeating authentication checks when a customer logs in using a new device.
So, how can you get various departments involved - and your leadership team - to pay attention to the risk of account takeover? Here are our recommendations.
Make sure everyone understands the cost of account takeover
Protection against typical online card fraud has advanced, and so fraudsters are switching to new sophisticated tactics. Use statistics to highlight the dangerously mounting risk - attacks tripled between 2016-2017 and mobile account takeover attacks increased again in 2018.
Because fraudsters use genuine customer accounts with existing history, account takeover can be harder to detect than typical payment fraud, and can have a much higher impact on a business and its customers. Costs in the US were estimated at an eye-watering $5.1 billion in 2017. But it’s important to remember the cost of account takeover is not limited to chargebacks - they are just the tip of the iceberg. Under GDPR and other privacy laws, fines relating to customer data can be in the millions.
In today’s world of seemingly endless data breaches, 90% of companies say business security is a competitive differentiator and can help win new customers. When multiple customers are the victim of an account takeover, customers often believe the merchant is insecure, regardless of whether they were the source of the data breach or not. News of a hack spreads fast on social media, and this reputational damage can cause you to lose new/repeat business and lead to customers closing their accounts entirely.
Investigate the real impact of account takeover on your business
Talking about general statistics will only go so far - to get buy-in you need to relate to your own business. Look into instances of account takeover in your business. Find specific cases of customer complaints about their accounts being impacted on social media, investigate how this affected a real customer, listen to calls or read email complaints. Look into how long it took to resolve the issue across different teams and how the time impacted your response.
Unite all the departments involved in a taskforce
Account takeover is not only one team’s problem - it impacts Marketing, Product, Risk and Sales/Customer Service. Any solution will need to get approved and agreed on by various different departments. Collaboration is key - create a taskforce to discuss possible solutions that work for your business. Make sure everyone understands why the issue is so important - by using the examples and statistics above.
Understand different departments’ priorities and talk about what matters to them
As well as including different departments in the conversation, you also need to speak in their language. Speak about the aspects of account takeover that matter to them.
Marketing and Product teams want to make it easy for customers to sign up easily and make orders - but equally, understand it’s much easier to get an order from an existing customer than from a new customer. Marketing also understands the lifetime value of each of your customers. Executive Boards and Communications teams consider business reputation critical and want to avoid bad press related to an account takeover. If you’re working in Europe or anywhere with privacy laws, Risk teams will want to protect your business from fines and scrutiny as a result of having to disclose data breaches and account takeover attempts.
Linking the risks of account takeover back to the goals of each department will help you get teams engaged to find a solution.
We hope you find these tips useful when opening the discussion on account takeover. To learn more about how account takeover works, check out our insights page here.
Jessica Allen Head of Content
4 min read
More from Jessica Allen
Share this article:
Blog / News
Buy now, pay later is exploding - what risks could this bring your business? We speak with Nelda Biltauere, Fraud Researcher at Ravelin, about BNPL challenges, costs & strategy.
Grace Proctor, Content Writer
From blocker to revenue enabler, businesses are seeing their fraud teams with new eyes. What has brought about this change? And how can you build on it?
Lola Omo-Ikerodah, Content Writer
Disputes and chargebacks are often viewed as a “necessary evil” in ecommerce. But the pandemic has made them a serious threat to business and revenue. How are you fighting back?
Subscribe to our newsletter to get the latest fraud & payments updates sent direct to your inbox.