ATO attacks surge in Q2 2024, Sift warns of growing ‘Fraud-as-a-Service’ threat
My suggestions at the end of what I currently do
ATO attacks surge in Q2 2024, Sift warns of growing ‘Fraud-as-a-Service’ threat
Sep 13, 2024, 3:28 pm EDT | Abigail Opiah
Categories Biometrics News | Financial Services
ATO attacks surge in Q2 2024, Sift warns of growing ‘Fraud-as-a-Service’ threat
A recent report highlights the growing threat of account takeover (ATO) attacks, which surged by 24 percent in the second quarter of 2024 compared to the same period last year. This increase is part of an ongoing trend, with such attacks steadily rising in recent years. In 2023, ATO incidents spiked by 354 percent year-over-year, and new data suggests the problem is far from abating.
The findings come from the Q3 2024 Digital Trust Index, a report released by fraud prevention firm Sift, which analyzed data from its global network and surveyed consumers about their experiences. According to the survey, 24 percent of respondents reported falling victim to an ATO in the past year, up from 18 percent in 2023.
“With large scale data breaches exposing billions of user records in 2024 alone, account takeover attacks have scaled to become one of the most common and damaging types of fraud online,” says Brittany Allen, senior trust and safety architect at Sift.
“These attacks are almost always ‘stepping stones’ for cybercriminals who are after stored payment credentials, loyalty points, or other stored value.”
The surge in attacks has been linked to several high-profile data breaches in 2024, including breaches at National Public Data, which exposed 2.9 billion records, and incidents involving Ticketmaster and Change Healthcare. Data breaches like these are often a precursor to account takeovers, where cybercriminals use stolen information to access personal accounts and steal payment credentials, loyalty points, and other valuable data.
The report also uncovered a new tool being used by cybercriminals on Telegram, a messaging app. This tool allows even inexperienced users to search for compromised credentials and carry out account takeovers. For $10 per week, buyers can allegedly access breached data aggregated from sources like Intelligence X. This “fraud-as-a-service” application is raising alarms due to how easily it allows fraudsters to exploit personal data.
The accessibility of these tools underscore the broader trend of the “democratization of fraud,” where fraud techniques once limited to experts are now available to virtually anyone. As a result, both businesses and consumers face heightened risks.
Sift’s research also involved a consumer survey conducted by Researchscape International in July 2024, which polled over 1,000 U.S. adults on their experiences with online fraud. In addition, the report used data from the Fraud Industry Benchmarking Resource (FIBR), an online tool that tracks fraud metrics across different industries and regions.
2FA for security varies
According to the report, businesses are increasingly implementing two-factor authentication (2FA) to protect user accounts from unauthorized access, though adoption rates differ depending on the industry, risk level, and transaction volume. Sectors like ticketing, fintech, online marketplaces, and retail have higher-than-average 2FA usage due to the high value of transactions and the need for strong account security.
In contrast, industries that rely on rapid, frequent transactions, such as food delivery, remittances, and transportation, have lower 2FA adoption. These sectors prioritize maintaining a fast user experience, often minimizing added steps like biometric authentication to reduce consumer friction.
Biometric
Me: I keep my banking information separate to my smart phone - well actually I don't have one - I use someone elses to verify my order and get the payment approval confirmed by my bank and I limit the amount of money in that account, so that if that account is stripped by an unknown 3rd party, I have not lost much, from a shopping or financial aspect.
Good advice Peter. Me same as you, but I don't grow my own food, I buy it in - I hate gardening.
Great advice again!
I use a credit card in another bank to pay on the Internet and transfer money between banks by bill pay to keep my card in credit so I do not pay interest or late payment fees on the card.
I also do not have mobile phone.
I do not use loyalty cards either as all this information is sold to the cabal companies.
The banks may go broke soon and the dollar will be worthless, but I can't think of a better place to invest.
In a Depression who is going to buy gold and silver? People will be starving and I grow my own food, but how can you store enough food to keep the people fed without a large facility?