Uspeh SCA dviguje goljufije s prevzemi računov v nove višine (Ed Whitehead)

Medtem ko je uveljavljanje močne avtentikacije strank (SCA) še vedno na začetku, je že jasno, da robustnejše zahteve glede identitete bolje ščitijo e-trgovino na blagajni pred goljufi, ki želijo izvesti goljufije pri plačilih. 

And while that’s indisputably good news, one of the key indicators of SCA’s effectiveness is certainly bad news. Frustrated by SCA, fraudsters are looking elsewhere along the online shopping journey for vulnerabilities. And so it is that account takeover
fraud is in the midst of a revival and a period of rapid growth.

Account takeover is very much what it sounds like. Fraud rings compromise a consumer’s account with stolen or surmised log-in credentials and take charge of everything valuable associated with the account. In the first half of the year, such attacks grew
229%, according to Signifyd’s global ecommece data. 

Razlogov za razcvet ATO je več in niso presenetljivi. Goljufi so podjetniki. Kot vsak podjetnik nenehno iščejo nove priložnosti in se spretno prilagajajo spreminjajočim se razmeram na trgu.

SCA was a key change, making fraud at checkout more difficult. Even before SCA enforcement, though, the number of valuable consumer accounts ripe for attack was growing. With the cost of digital advertising — and therefore the cost of customer acquisition
— rising steadily, brands realized they could better hold onto the customers they had by encouraging them to open online accounts. 

Retailers offered convenience, perks and loyalty points to customers willing to set up an account on their sites. Meantime, poor security habits among consumers played into fraudsters’ hands. The typical consumer has dozens, if not hundreds, of online accounts,
many rarely-used or long-forgotten. Survey after survey reveals that consumers frequently reuse their passwords across the internet.

Once a fraud ring has a consumer’s log-in credentials — either after stealing them or buying them in batches from the dark web — it can create bot-driven programs to try the credentials on site after site in rapid succession. Fraudsters then seize control
of the accounts they successfully breach. 

Once in the account, the fraud ring can alter email addresses and shipping and billing information. It has access to loyalty points that the ring is free to use to its financial advantage. And best of all from the criminals’ vantage point, it has access
to payment information (i.e. a credit card) that it knows is valid and trusted by the merchant involved.

Account takeover saves the fraud ring the trouble of having to test batches of stolen credit cards to see which are valid. They know the credentials are valid and valuable on the dark web, where they can choose to sell them. Or they can get right to work
using the stored payment methods to buy products — focusing on
transakcije, izvzete iz SCA — brez stroškov za sebe in naj te predmete pošljejo kamor koli želijo za nadaljnjo prodajo. 

Commandeering an account holds other advantages in the SCA era. Once in an account, fraud rings have access to loyalty points that can be converted to cash at some retailers. The stolen account might also contain digital gift cards, which are liquid assets
that the fraud ring can have emailed anywhere they choose. 

Obviously, all these scenarios are a disaster for both the consumer and the merchant. The consumer loses valuable points built up over months or years and faces the trauma and inconvenience of having their credit cards compromised. The merchant faces the
cost involved in fraud and endures serious damage to its brand reputation and the customer lifetime value it sought to enhance by promoting online accounts in the first place.

ATO will almost certainly continue to grow in the SCA era as the scheme provides criminals with another revenue stream and it allows them to assume the identity of their victims. Retailers will need to consider more sophisticated fraud defenses that protect
accounts while ensuring that good customers are not being turned away due to friction during the account-creation process or during the shopping experience itself. 

Retailers will want to take a holistic approach to the entire shopping journey to disrupt a variety of fraud attacks at different stages. A fraud protection platform that understands the identity and intent behind each online interaction provides comprehensive
zaščita.

Having the big picture, a comprehensive platform can detect account takeover and block a transaction from that account at the checkout stage. That said, here are a few steps retailers can take to navigate the fraud landscape that’s been reshaped by the enforcement
of SCA: 

• Zaokrožite ožji izbor platform za trgovinsko zaščito tako, da raziščete ocene strank in povprašate kolege iz industrije za priporočila.

• Preučite ocene analitikov industrije (teh je veliko) in razmislite o posvetovanju.

• Upoštevajte velikost in širino trgovske mreže ponudnikov, da ugotovite bogastvo vpogledov, ki jih lahko ponudi vsak.

• Ne ustavite se pri trenutnem stanju. Poglobite se v zemljevide izdelkov ponudnikov. Prihodnja vizija katerega prodajalca se ujema z vizijo vašega podjetja? Ki je pokazala, da lahko obljubljene izdelke dostavi pravočasno.

• In čeprav se ne morete zanesti samo na svoj občutek, ga tudi ne zanemarjajte v celoti.

Prve ocene moči SCA v boju proti goljufijam so spodbudne. Zdaj je na trgovcih, da pretehtajo celotno nakupovalno pot, da zagotovijo, da ne zapravijo začetnega uspeha SCA.