FB pixel

ATO attacks surge in Q2 2024, Sift warns of growing ‘Fraud-as-a-Service’ threat

ATO attacks surge in Q2 2024, Sift warns of growing ‘Fraud-as-a-Service’ threat
 

A recent report highlights the growing threat of account takeover (ATO) attacks, which surged by 24 percent in the second quarter of 2024 compared to the same period last year. This increase is part of an ongoing trend, with such attacks steadily rising in recent years. In 2023, ATO incidents spiked by 354 percent year-over-year, and new data suggests the problem is far from abating.

The findings come from the Q3 2024 Digital Trust Index, a report released by fraud prevention firm Sift, which analyzed data from its global network and surveyed consumers about their experiences. According to the survey, 24 percent of respondents reported falling victim to an ATO in the past year, up from 18 percent in 2023.

“With large scale data breaches exposing billions of user records in 2024 alone, account takeover attacks have scaled to become one of the most common and damaging types of fraud online,” says Brittany Allen, senior trust and safety architect at Sift.

“These attacks are almost always ‘stepping stones’ for cybercriminals who are after stored payment credentials, loyalty points, or other stored value.”

The surge in attacks has been linked to several high-profile data breaches in 2024, including breaches at National Public Data, which exposed 2.9 billion records, and incidents involving Ticketmaster and Change Healthcare. Data breaches like these are often a precursor to account takeovers, where cybercriminals use stolen information to access personal accounts and steal payment credentials, loyalty points, and other valuable data.

The report also uncovered a new tool being used by cybercriminals on Telegram, a messaging app. This tool allows even inexperienced users to search for compromised credentials and carry out account takeovers. For $10 per week, buyers can allegedly access breached data aggregated from sources like Intelligence X. This “fraud-as-a-service” application is raising alarms due to how easily it allows fraudsters to exploit personal data.

The accessibility of these tools underscore the broader trend of the “democratization of fraud,” where fraud techniques once limited to experts are now available to virtually anyone. As a result, both businesses and consumers face heightened risks.

Sift’s research also involved a consumer survey conducted by Researchscape International in July 2024, which polled over 1,000 U.S. adults on their experiences with online fraud. In addition, the report used data from the Fraud Industry Benchmarking Resource (FIBR), an online tool that tracks fraud metrics across different industries and regions.

2FA for security varies

According to the report, businesses are increasingly implementing two-factor authentication (2FA) to protect user accounts from unauthorized access, though adoption rates differ depending on the industry, risk level, and transaction volume. Sectors like ticketing, fintech, online marketplaces, and retail have higher-than-average 2FA usage due to the high value of transactions and the need for strong account security.

In contrast, industries that rely on rapid, frequent transactions, such as food delivery, remittances, and transportation, have lower 2FA adoption. These sectors prioritize maintaining a fast user experience, often minimizing added steps like biometric authentication to reduce consumer friction.

Related Posts

Article Topics

 |   |   |   |   |   | 

Latest Biometrics News

 

Biden executive order prioritizes privacy-preserving digital ID, mDLs

In one of his last official acts as President, Joe Biden on Thursday issued a robust new executive order (EO)…

 

Problem with police use of facial recognition isn’t with the biometrics

A major investigation by the Washington Post has revealed that police in the U.S. regularly use facial recognition as the…

 

Sri Lanka considers another tender to solve passport crisis

Sri Lanka’s government is likely to open another tender for e-passports after a legal dispute caused a backlog of thousands…

 

Age assurance gets warm early response from U.S. Supreme Court

The U.S. Supreme Court appears to be leaning toward support for Texas’ age assurance law, as it weighs a host…

 

State of passkeys 2025: passkeys move to mainstream

More than 1 billion people have activated at least one passkey according to the FIDO Alliance – an astonishing number…

 

Ofcom publishes highly anticipated age assurance statement

Ofcom has published its Age Assurance and Children’s Access Statement. The much-anticipated statement includes guidance on “highly effective age assurance”…

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Viewed This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events