Graduation alert for millennials: Don’t become victims of account takeover fraud
The graduating classes of 2018 are soon to embark on the real world. Armed with a wealth of knowledge and college degrees in hand, there is something these graduates might not have learned from their text books—how to protect themselves from becoming victims of account takeover fraud (ATO). ATO is the act of impersonating an existing account holder to access their account without permission.
To commit ATO, conniving fraudsters gain access to wireless, financial, e-commerce accounts and more by using stolen credential information, such as usernames and passwords. Once a fraudster has taken over an account, they can carry out any number of unauthorized transactions. They can order expensive new phones charged to their victims, clean out savings accounts, or go on spending sprees with credit cards, PayPal or Venmo accounts.
ATO is big business and it is rapidly growing.¹ Unfortunately, the proliferation of data breaches and digital threats from malware, phishing, and mobile attacks over the past several years has provided these fraudsters a cache of the sensitive personal information needed to infiltrate unsuspecting consumers’ accounts.
Why should millennials be concerned? A recent study by Keeper revealed that 87% of millennial mobile device users between the ages of 18-30 reuse their passwords across accounts.² Primary research by ID Analytics found that millennials were the generation with the highest propensity to reuse passwords.³ IBM’s consumer perspectives study demonstrated generational differences in identity authentication practices. Millennials were less likely to use complex passwords for online accounts, and if reusing passwords saved from 1-10 seconds, millennials were more likely to sacrifice security than older generations.⁴
The danger of reusing passwords is that when a fraudster gets his hands on an individual’s credentials, he can take over not just one, but two, or even more accounts—depending on how many times the same password is used across institutions. The impact of ATO on consumers can be costly; from bank accounts being drained to the time and money it takes to clean up the mess.
ATO also puts businesses at risk. Exposure of credentials reused by consumers across multiple accounts not only poses a risk to the company that experiences a credential breach, it can also expose other enterprises to the similar risk. When a data breach occurs, the affected company may eventually learn about the compromise and alert their customers to reset their account login information—ideally before any harm comes to the consumer.
However, organizations that are targeted after a customer has reused their password across accounts, may be blind to the potential fraud exposure because they are never alerted of a breach. Fraudsters can log-in to a victim’s accounts at these unsuspecting companies, who have no indication that the account credentials are in the hands of a fraudster. The legitimate account owner will most likely be the one to alert the enterprise of a problem. This can cause a tenuous situation—account takeover fraud can put a strain on customer relationships and can result in long-term damage to a company’s brand.⁶
Millennials are the largest generation in the U.S. labor force⁵ and by 2020, they could account for $1.4 trillion in annual spending.⁷ These are valuable customers who are anticipated to drive economic growth and revenue substantially in the coming years. To help protect these potentially high-spend customers, enterprises may want to advise the 2018 graduates to prioritize digital hygiene, and never reuse their online passwords.
To protect consumers and their business from ATO, enterprises need actionable insights to identify at-risk accounts, including whether an account holder’s username and password has been compromised. To learn more, contact us at email@example.com or 858-312-6200.
Kevin King is Director, Product Marketing at ID Analytics.
1. Javelin, (2018) Identity Fraud Hits All Time High With 16.7 Million U.S. Victims in 2017, According to New Javelin Strategy & Research Study [Press release]. Retrieved from https://www.businesswire.com/news/home/20180206005363/en/Identity-Fraud-Hits-Time-High-16.7-Million. (accessed April 13, 2018).
2. infosecurity magazine, https://www.infosecurity-magazine.com/news/password-reuse-is-rampant-among/ (accessed April 20, 2018).
3. 2018 ID Analytics Primary Research.
4. 2018 IBM Security: Future of Identity Study, p. 11. https://public.dhe.ibm.com/common/ssi/ecm/22/en/22012422usen/security-ibm-security-solutions-wg-research-report-22012422usen-20180124.pdf (accessed April 20, 2018).
5. Pew Research Center, http://www.pewresearch.org/fact-tank/2018/04/11/millennials-largest-generation-us-labor-force/ (accessed April 20, 2018).
6. PaymentsSource, https://www.paymentssource.com/opinion/the-spike-in-fraud-will-hurt-issuer-reputations (accessed May 7, 2018).
7. Forbes, https://www.forbes.com/sites/laurashin/2015/04/30/how-the-millennial-generation-could-affect-the-economy-over-the-next-five-years/#43303ed032e1 (accessed April 24, 2018).