Jun 15, 2020

Adam Lee, Chief Product Officer at Boku, reviews the latest data on Account Takeover (ATO) fraud in the United States and calls on those involved in online commerce to take action.

The latest data to emerge on rising ATO fraud in the US should be of real concern to anyone engaged in online commerce. In its 2020 E-Commerce Report, TransUnion Global Fraud & Identity Solutions reports a 347% increase in account takeover fraud, and a 391% rise in shipping fraud attempts globally against online retail customers between 2018 and 2019.

TransUnion’s data also revealed that 78% of all e-commerce transactions came from mobile devices in 2019, which represents a 33% increase from 2018. As we predict in our white paper on Account Takeover, this is part of a long-term trend to mobile which has left companies involved in online commerce scrambling to ensure a mobile-first experience for consumers not just when browsing, but also when confirming their identity during the purchasing process.

As part of this same trend, TransUnion reported a 118% increase in risky transactions from mobile devices in 2019. Fraudsters have taken notice that more e-commerce transactions are coming from mobile devices and are trying to replicate consumer behaviour in the mobile channel to avoid detection. This is consistent with our own data at Boku, which estimates that 70% of all ATO fraud attempts are happening through the mobile channel.

To date, companies have tried a wide range of techniques to combat account takeover. Some of the better-known defence strategies such as Captcha codes to confirm user engagement have long since been compromised by fraudsters, with software for sale on the dark net to bypass Captcha routines. In our white paper on ATO, we outline the range of tools companies are currently deploying to mitigate ATO’s effects, including the use of One-Time Passcodes (OTP) via SMS, and in-app push notifications.

Our white paper argues that current methods of user identity confirmation, while becoming increasingly prevalent, are highly susceptible to compromise. We recommend that businesses should consider the use of silent phone number verification, or PNV, as an alternative or additional option. PNV is a next-generation service developed by MNOs that validates a user’s mobile number and SIM card through real-time queries over the mobile network. Because this service does not utilise an OTP, the risk of passcode theft is eliminated, and consumer friction is reduced, resulting in a better user experience and lower fraud risk.

The new figures from TransUnion should act as a wake-up call to our industry. We urgently need to adopt fresh approaches to confirming user identity in online commerce: failure to do so will put at risk the phenomenal growth trajectory we’ve seen in the last decade.

Click to download Boku’s white paper on preventing Account Takeover fraud in your business.