Operators experience “notable increase” in account hacks over last 12 months
New survey finds gambling customer accounts are heavily targeted by hackers and fraudsters
Fraudsters and hackers have ramped up their efforts to take over customer accounts at online gambling companies, according to a new report.
The Online Merchants Perspectives, Fraud & Payments Survey from fraud detection specialists Ravelin found that 52% of operators had experienced a “notable increase” in account takeover activity during the last 12 months.
The report noted that gambling suffered from a disproportionately high level of attacks when compared to other industries – with an average of 60 account takeovers a year.
Ravelin pointed to the fact that gambling customer accounts can hold significant funds, making a potential account takeover an enticing opportunity for hackers.
Outside of the gambling industry, Ravelin found nearly three quarters (72%) of merchants across various sectors now put account takeover in their top three security concerns.
Ravelin also noted that less than half of all merchants surveyed were tracking password changes for customers’ online accounts.
Mairtin O’Riada, Ravelin co-founder, said the difficulty in pinpointing the reason for account takeovers was a worrying situation for operators.
O’Riada said: “Account takeover is an extremely worrying threat for merchants, consumers and banks because it’s hard to assign blame.
“Who is at fault exactly? The user for reusing passwords? The merchant for allowing the transaction? Or the bank for allowing the purchase to go through? It’s unclear, but whenever it’s unclear, the merchant often takes the hit,” he added.
O’Riada went on to detail measures firms can take to prevent account takeovers from impacting their business.
“One of the most effective means for preventing account takeover is two-factor authentication (2FA) at customer login, but it can often be bypassed. Merchants therefore need to be able to be able to make smarter decisions using their data and shut down or temporarily freeze compromised accounts before cybercriminals have the chance to make fraudulent purchases.
“The only way to do that efficiently is through technology, tracking customer activities to identify behavioural patterns and scanning accounts for suspicious activity, because even the most sophisticated fraudsters repeat the same actions subconsciously,” he concluded.