FB pixel

ATO attacks surge in Q2 2024, Sift warns of growing ‘Fraud-as-a-Service’ threat

ATO attacks surge in Q2 2024, Sift warns of growing ‘Fraud-as-a-Service’ threat
 

A recent report highlights the growing threat of account takeover (ATO) attacks, which surged by 24 percent in the second quarter of 2024 compared to the same period last year. This increase is part of an ongoing trend, with such attacks steadily rising in recent years. In 2023, ATO incidents spiked by 354 percent year-over-year, and new data suggests the problem is far from abating.

The findings come from the Q3 2024 Digital Trust Index, a report released by fraud prevention firm Sift, which analyzed data from its global network and surveyed consumers about their experiences. According to the survey, 24 percent of respondents reported falling victim to an ATO in the past year, up from 18 percent in 2023.

“With large scale data breaches exposing billions of user records in 2024 alone, account takeover attacks have scaled to become one of the most common and damaging types of fraud online,” says Brittany Allen, senior trust and safety architect at Sift.

“These attacks are almost always ‘stepping stones’ for cybercriminals who are after stored payment credentials, loyalty points, or other stored value.”

The surge in attacks has been linked to several high-profile data breaches in 2024, including breaches at National Public Data, which exposed 2.9 billion records, and incidents involving Ticketmaster and Change Healthcare. Data breaches like these are often a precursor to account takeovers, where cybercriminals use stolen information to access personal accounts and steal payment credentials, loyalty points, and other valuable data.

The report also uncovered a new tool being used by cybercriminals on Telegram, a messaging app. This tool allows even inexperienced users to search for compromised credentials and carry out account takeovers. For $10 per week, buyers can allegedly access breached data aggregated from sources like Intelligence X. This “fraud-as-a-service” application is raising alarms due to how easily it allows fraudsters to exploit personal data.

The accessibility of these tools underscore the broader trend of the “democratization of fraud,” where fraud techniques once limited to experts are now available to virtually anyone. As a result, both businesses and consumers face heightened risks.

Sift’s research also involved a consumer survey conducted by Researchscape International in July 2024, which polled over 1,000 U.S. adults on their experiences with online fraud. In addition, the report used data from the Fraud Industry Benchmarking Resource (FIBR), an online tool that tracks fraud metrics across different industries and regions.

2FA for security varies

According to the report, businesses are increasingly implementing two-factor authentication (2FA) to protect user accounts from unauthorized access, though adoption rates differ depending on the industry, risk level, and transaction volume. Sectors like ticketing, fintech, online marketplaces, and retail have higher-than-average 2FA usage due to the high value of transactions and the need for strong account security.

In contrast, industries that rely on rapid, frequent transactions, such as food delivery, remittances, and transportation, have lower 2FA adoption. These sectors prioritize maintaining a fast user experience, often minimizing added steps like biometric authentication to reduce consumer friction.

Related Posts

Article Topics

 |   |   |   |   |   | 

Latest Biometrics News

 

Biometrics race for the borders

Biometrics to ease border crossings are a major theme of the week among Biometric Update’s most-read articles of the week….

 

US election likely to be a missed opportunity to advance digital ID policy

The 2024 U.S. election represents an opportunity for social dialogue around digital identity policy in the wake of a series…

 

India to pilot Digi Yatra for foreign nationals in 2025

India is planning an international pilot project for June 2025 that will see the introduction of facial recognition technology beyond…

 

Papua New Guinea advances digital ID, wallet and govt platform to pilot

Papua New Guinea has stood up a new digital ID, wallet and online government platform, and plans to pilot them…

 

UK police organized crime unit seeks new facial recognition software

The UK’s main law enforcement agency against organized crime is looking into new facial recognition solutions, as the country doubles…

 

The EUDI Wallet was not meant for age assurance: AVPA

The European Union should not look at the EU Digital Identity (EUDI) Wallet as an age-assurance solution to keep minors…

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Read This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events