Many online merchants and service organizations face a paradox: Customers are demanding more convenient digital services at the same time that cyberattacks targeting e-commerce and online services are skyrocketing both in number and in impact. This puts online businesses in the unhappy position of trying to embrace customer preferences for digital innovation while opening themselves to increased risk of fraud and other forms of cybercrime.
At the heart of this conundrum are three primary drivers. First, each new digital service or e-commerce site that organizations roll out expands the existing attack surface, giving criminals a larger target and making detection and mitigation more complex. Next, in most organizations, the groups most focused on defending against cybercrime are security and fraud teams, which often exist in their own siloes, rarely collaborating on cyber strategy or defense tactics. This hampers a coordinated approach to cybersecurity that could limit or prevent attacks and more quickly shut down breaches and fraud.
Finally, and somewhat ironically, certain customer habits and behaviors unwittingly increase exposure for online vendors and service providers. Around two-thirds of consumers reuse the same credentials (usernames and passwords) across multiple websites, according to Google research. And who can blame them? There are nearly 33 million e-commerce sites on the Internet, according to a BuiltWith e-commerce usage distribution report, and nearly all will require some form of username and password to make a purchase.
However, repeated reuse of credentials creates vulnerabilities that are easily exploited by cybercriminals and their armies of automated bots. Stolen or compromised credentials account for 54% of all security breaches, according to Hacker News, paving the way for one of the highest impact cyberthreat vectors of all: account takeover, or ATO. Using armies of bots, the attacker conducts automated login attempts at massive scale, a practice called credential stuffing, to discover which credential pairs are valid on multiple login forms. Because a significant fraction of breached credentials will also work to gain access to accounts at other sites, attackers can take charge of accounts, change credentials to lock out the legitimate account owner, drain the assets, and use the accounts to commit additional acts of fraud.
ATOs surged the first half of 2022, rising 131% over the same period of the previous year, according to a report in VentureBeat. The impacts are real: According to the Javelin 2022 ID Fraud Study, 22% of U.S. adults have been victims of ATO, and digital fraud losses are anticipated to surpass $343 billion globally between 2023 and 2027, according to reports in American Banker.
It seems clear that for many e-commerce and online services, embracing digital innovation also increases the risk of cyberattack and potential fraud loss. But that does not mean that organizations should restrict innovation and investment in new digital customer services and experiences. It means that organizations should embrace technical innovation to protect their digital channels from security and fraud threats.
Here are four proactive measures businesses can take to help them mitigate risk within their digital channels:
Expanding your e-commerce sites and other digital services doesn’t need to also expand your risk of cyberattack. Advanced bot and fraud mitigation solutions like F5 Distributed Cloud Bot Defense help you stay ahead of attackers while eliminating frustrating security frictions to improve your customers’ safety and experience online. Using sophisticated technologies such as threat intelligence modeling and machine learning to detect attacker techniques, Distributed Cloud Bot Defense deploys appropriate countermeasures in real time to counter fraud and ATO with maximum effectiveness, enabling your organization to embracing digital innovation without risking fraud and customer friction.
To discover the economic impact of bots to your organization, schedule a free bot-management business ROI consulting session. To learn more about credential stuffing attacks that lead to account takeover, read the F5 eBook Credential Stuffing 2022: The Latest Attack Trends and Tools. Or, read this solution overview to learn how F5 Distributed Cloud Bot Defense can help protect your online channels from attack and fraud.