How to Balance Customer Retention and Protection
In 2017, cyber criminals pilfered banks and other businesses of $5.1 million by way of account takeover fraud (ATO) – tripling their spoils from 2016.1 And they are not relenting. They’re progressing: Just between 2018’s Q1 and Q2, financial services felt a 40% rise in ATOs and ATO mobile transaction hits erupted by 200%.Much is at risk with ATOs, from merchandise theft and diversion of funds to misappropriation of personal customer data. And the sabotage is tricky to detect because it can appear as benign customer activity - anyone with a customer’s log-in credentials can access the account. Fraudsters employ various means to acquire users’ authentications, one of which is software that can forage through billions of common phrases, dates, and other algorithms to crack passwords. And the more information and activities we move to The Web, the more opportunity bad actors have to abduct it.
“…a cache of 770 million email addresses and passwords was discovered recently on a popular hacking site.”2
Businesses, of course, must establish stalwart security precautions. But they must also be careful not to lose customers in the process. Too-rigid and sweeping security measures could cause false alerts and invalid declines on account access and purchases, spurring customer frustration. Too-lax security sets the business and customers as easy targets for ATOs, which can tarnish reputations, shatter trust, and drive away customers. There exists a teetering balance between protecting customers and retaining them. Here are a few suggestions for doing just that.
How to Protect Customers from ATOs
- Help Them Help Themselves
Offer suggestions and encourage customers to adhere to best practices for safe shopping, such as never saving passwords to the search engine for return auto-fill. Also, do not obligate your customers to provide identifiable personal data when it’s not pertinent to the situation, such as providing a birthdate to subscribe to a blog.
- Promote Strong Passwords
Establish online account creation parameters that require elements of a strong password, such as lower and upper-case characters, symbols, and numbers.
- Double Up on Credentials
Two credentials are always better than one. Offer multiple-factor authentication options to boost their security. Should hackers crack one, they may not break the other.
- Sound Alarms
Provide the option for alerts when purchases are made over a certain dollar amount or account information is updated.
- Location, Location, Location
Requiring verification for account log-ins originating from unknown devices, and sending out subsequent alerts for such, is another useful security strategy.
- Do It by Hand
Automation can work magic and aid businesses in reducing human errors and speeding up previously laborious tasks. But when it comes to flagged or suspicious orders, manual reviews in addition to auto-generated rejections are a must.
Remember no one of these – or even all together – are failsafe methods against account takeovers. But a fraud-prevention program that incorporates these strategies, combined with a comprehensive cyber security and business continuity program, will amplify your customers’ protection and retention.
For more great industry info, check out our free tip sheet:
2. A (Breach) Case for Account Takeover Prevention, Kount, 2019
Written by Angie Longacre
As a writer for Assurance Software, Angie devotes her craft to promoting business continuity and disaster recovery awareness, and trumpeting Assurance Software’s invaluable benefits for both. When she’s not commanding the keyboard, you can find her outside for a run, searching for her next antique treasure, or lost in a good book.