February 27, 2018
U.K. consumers this week provided a quick glimpse into why account takeover fraud has become such a concern for merchants. As part of a campaign to raise awareness among consumers about responsible online security, the U.K. government conducted a survey with information aggregator Experian that found 27 percent of British consumers reuse one email password across multiple accounts. More worryingly for merchants, the younger they are (and younger users are more likely to be online) the more they engage in the dangerous practice. Fifty-two percent of 18-25 year olds in the U.K. reuse passwords across multiple accounts.
There are several factors that have given rise to the staggering increase in ATO fraud lately across a wider variety of merchants than ever. One is that the largest data breaches reported in the last few years (think Yahoo, Equifax, etc.) are targeting personal information, especially username/password combinations. Working in tandem with that, is the propensity for consumers to reuse passwords across multiple accounts. That gives thieves, who now have access to billions of username/password combinations, the opportunity to try those out on different online accounts until they hit on one (or more than one).
According to a recent report from Javelin Strategy & Research, a surge in stolen identities last year contributed to a 120 percent increase in losses attributed to ATO fraud from 2016 to 2017. Javelin reported that total ATO losses reached $5.1 billion last year.
The U.K.’s Cyber Aware campaign hopes to address the consumer side of that with a social media campaign called #OneReset featuring British celebrities like DJ Charlie Hedges and Instagram health-and-fitness star Dr. Hazel Wallace.