Connect with us

Avoiding Account Takeover Fraud on Your Ecommerce Website

Published on November 16, 2014 1:50 PM EST

Question: What is the one thing that can make or break your reputation in an online shopper’s eyes? Answer: Trust. It may sound like an exaggeration to say that ecommerce is based on trust, but it’s true. Potential customers make purchasing decisions based on your website and reputation; they will only hand over their personal information if they’re confident you’ll keep it safe.

As such, it’s important to safeguard your online store against fraud, data breach and other unseemly cybersecurity risks. Failure to do so will jeopardize your brand image in the eyes of potential and existing customers—potentially hurting your bottom line, big time.

Avoiding account takeover fraud on your ecommerce website is one concrete way you can keep consumers’ accounts safe. Keep reading to learn more about this phenomenon and its potential impact.

Importance of Cybersecurity in Ecommerce

It’s impossible to overstate the importance of cybersecurity in ecommerce. First of all, shoppers’ trust is on the line. As cites, one poll found 40 percent of respondents named “lack of trust” as the reason they don’t shop online. Trust is a fragile thing; it’s easy to shatter but it’s very difficult to repair. There’s often no such thing as true second chances when it comes to upholding your role in protecting customers’ information.

Furthermore, it’s very expensive for retailers to suffer instances of data breach or fraud. Not only might you have to pay to rectify the immediate situation, but you’ll also incur the cost of losing potential future sales from customers who decide to take their patronage elsewhere.

These reasons alone should be motivation for retailers of all shapes and sizes to invest in proper cybersecurity measures, like SSL Certificates to facilitate encrypted connections to your website.

Ins and Outs of Account Takeover Fraud

Imagine how customers would react to finding out a malicious third-party cybercriminal gained access to their accounts in order to make fraudulent purchases. Hint: It probably wouldn’t be a pleasant scene—and understandably so, as this represents a major violation of the customer-retailer relationship. When people create accounts with online merchants, they are offering up their private financial information for the purpose of making repeat purchases themselves. Allowing a hacker to violate this trust by seizing control of an unsuspecting consumer’s account is a huge blow to any loyalty you may have previously garnered.

And really, what is an ecommerce business without the ability to protect customers’ payment information? The most basic function of ecommerce is to facilitate the buying and selling of online goods. Account takeover fraud warps this give-and-take by allowing cybercriminals to make purchases with funds that are not theirs to spend.

Here’s a real-life example of account takeover fraud in action: Practical Ecommerce cites a story local to Spokane, Wash. from May 2018 in which an Amazon customer’s account was compromised by a criminal. As a repeat purchaser, the customer did not notice the account takeover fraud until the criminal had already made $1,640 in purchases, including gift cards. She eventually noticed because she received shipping notices for purchases she hadn’t made. Ultimately, Amazon refunded this shopper the amount of the fraud—and likely suffered a bit of reputational damage. As an ecommerce giant, this company is more equipped to absorb the blow from account takeover fraud (ATO) than most.

For smaller stores, ATO can be even more dangerous because it eats into thin profit margins and can seriously strain customer relations. For this reason, avoiding account takeover fraud on your ecommerce website is key. Here are a few tips:

  • Ask customers to re-enter payment information after they change their passwords, log in on a new device or change their address.
  • Utilize two-factor authentication like text or email verification periodically.
  • Stay abreast on data security best practices.
  • Comply with the Payment Card Industry Digital Security Standard (PCI DSS).
  • Reach out via customer service channels if you notice any suspicious activity to verify it’s actually the customer making purchases.

It’s entirely possible to minimize ATO and build customer trust by taking cybersecurity very seriously.

Be the first one to leave a comment!

Leave a Reply

Your email address will not be published. Required fields are marked *