Az SCA sikere új magasságokba emeli a fiókátvételi csalásokat (Ed Whitehead)

Míg az erős ügyfél-hitelesítés (SCA) betartatása még csak a kezdeti szakaszban van, már most egyértelmű, hogy a szigorúbb személyazonossági követelmények jobban megvédik az e-kereskedelmi fizetéseket a fizetési csalásokat elkövetni szándékozó csalóktól. 

And while that’s indisputably good news, one of the key indicators of SCA’s effectiveness is certainly bad news. Frustrated by SCA, fraudsters are looking elsewhere along the online shopping journey for vulnerabilities. And so it is that account takeover
fraud is in the midst of a revival and a period of rapid growth.

Account takeover is very much what it sounds like. Fraud rings compromise a consumer’s account with stolen or surmised log-in credentials and take charge of everything valuable associated with the account. In the first half of the year, such attacks grew
229%, according to Signifyd’s global ecommece data. 

Az ATO virágzásának számos oka van, és nem meglepő. A csalók vállalkozók. Mint minden vállalkozó, ők is folyamatosan keresik az új lehetőségeket, és agilisan alkalmazkodnak a változó piaci feltételekhez.

SCA was a key change, making fraud at checkout more difficult. Even before SCA enforcement, though, the number of valuable consumer accounts ripe for attack was growing. With the cost of digital advertising — and therefore the cost of customer acquisition
— rising steadily, brands realized they could better hold onto the customers they had by encouraging them to open online accounts. 

Retailers offered convenience, perks and loyalty points to customers willing to set up an account on their sites. Meantime, poor security habits among consumers played into fraudsters’ hands. The typical consumer has dozens, if not hundreds, of online accounts,
many rarely-used or long-forgotten. Survey after survey reveals that consumers frequently reuse their passwords across the internet.

Once a fraud ring has a consumer’s log-in credentials — either after stealing them or buying them in batches from the dark web — it can create bot-driven programs to try the credentials on site after site in rapid succession. Fraudsters then seize control
of the accounts they successfully breach. 

Once in the account, the fraud ring can alter email addresses and shipping and billing information. It has access to loyalty points that the ring is free to use to its financial advantage. And best of all from the criminals’ vantage point, it has access
to payment information (i.e. a credit card) that it knows is valid and trusted by the merchant involved.

Account takeover saves the fraud ring the trouble of having to test batches of stolen credit cards to see which are valid. They know the credentials are valid and valuable on the dark web, where they can choose to sell them. Or they can get right to work
using the stored payment methods to buy products — focusing on
az SCA alól mentes ügyletek – önmaguknak költségmentesen, és ezeket a termékeket bárhová szállítják továbbértékesítés céljából. 

Commandeering an account holds other advantages in the SCA era. Once in an account, fraud rings have access to loyalty points that can be converted to cash at some retailers. The stolen account might also contain digital gift cards, which are liquid assets
that the fraud ring can have emailed anywhere they choose. 

Obviously, all these scenarios are a disaster for both the consumer and the merchant. The consumer loses valuable points built up over months or years and faces the trauma and inconvenience of having their credit cards compromised. The merchant faces the
cost involved in fraud and endures serious damage to its brand reputation and the customer lifetime value it sought to enhance by promoting online accounts in the first place.

ATO will almost certainly continue to grow in the SCA era as the scheme provides criminals with another revenue stream and it allows them to assume the identity of their victims. Retailers will need to consider more sophisticated fraud defenses that protect
accounts while ensuring that good customers are not being turned away due to friction during the account-creation process or during the shopping experience itself. 

Retailers will want to take a holistic approach to the entire shopping journey to disrupt a variety of fraud attacks at different stages. A fraud protection platform that understands the identity and intent behind each online interaction provides comprehensive
védelem.

Having the big picture, a comprehensive platform can detect account takeover and block a transaction from that account at the checkout stage. That said, here are a few steps retailers can take to navigate the fraud landscape that’s been reshaped by the enforcement
of SCA: 

• Gyűjtsd össze a kereskedelmi védelmi platformok szűkített listáját azáltal, hogy kutatod a vásárlói véleményeket, és kérj ajánlásokat az iparági szakértőktől.

• Tanulmányozd az iparági elemzői véleményeket (van rengeteg), és fontold meg a konzultációt.

• Tekintse meg a szolgáltatók kereskedői hálózatának méretét és szélességét, hogy meghatározza az egyes információk gazdagságát.

• Ne állj le a jelenlegi állapottal. Vágjon bele a szolgáltatók terméktervébe. Melyik szállító jövőképe illeszkedik az Ön vállalkozásának jövőképéhez? Ami megmutatta, hogy a megígért termékeket időben szállítani tudja.

• És bár nem támaszkodhat kizárólag a megérzéseire, ne hagyja figyelmen kívül azt sem.

Az SCA csalásellenes erejéről szóló korai értékelések biztatóak. Most a kiskereskedők feladata, hogy a teljes vásárlási utat mérlegeljék, nehogy elpazarolják az SCA kezdeti sikerét.