Account security

How to protect your business and customers with stronger account authentication


  • nabeel_saeed_headshot.jpg
    Nabeel Saeed
  • Jan 31, 2020
TLDR

The rise of identity and account data theft means user verification and account authentication is more important than ever before. Here's how to protect your business with account authentication. 

Adjust text size

Watch our on-demand webinar on protecting your business—and your customers—with industry-leading account security and user authentication.

Fraud generated by automated bots is a significant threat for nearly two-thirds of midsized to large e-commerce companies. And fraud costs, as a percentage of annual revenue, are also on the rise –– account takeovers can cost businesses as much as $15,000 per incident.

There are four forms of online fraud wreaking havoc on customers and the enterprise alike:

  • Data breaches.  Once a rare news item, breaches are increasing in scope and occurring more frequently. Data farmed from those breaches are used to open fraudulent accounts which, in turn, are used to commit identity fraud and exploit any value your business provides, like free credits or loyalty programs. 
  • Account takeovers. To a fraudster, exploiting an existing, validated account is more valuable than trying to create a dozen fake new ones. That’s why we’ve witnessed an 182 percent jump in account takeovers (ATOs,) in recent years. ATOs have driven up IT and account security costs to the tune of $25.6 billion in losses.
  • Imposter customers calling contact centers.  A contact center staffed with live agents is particularly vulnerable. While the contact center is supposed to increase customer satisfaction, introducing complex security steps often has the reverse effect. Balancing fraud controls with customer experience is an ongoing challenge and can often lead to a loss in revenue.
  • Account recovery and password reset. The vast majority of applications today send an email with a link to reset forgotten or expired passwords. If the email address used to open an account has also been taken over, sending an account reset to that email does no good. 

Account security in action

For the nine million sellers and 27 million buyers using MercadoLibre, Latin America’s largest e-commerce company, account security isn’t necessarily top of mind. 

MercadoLibre is able to collect users’ activity information, from sign-in to first purchase or sale, to administer a variety of security options: low-value transactions may have entry-level protection like username and password, while the stronger security of phone verification can be implemented to protect sales of a higher value, like appliances, jewelry, mobile phones, and automobiles.

For example, as MercadoPago became more integrated into the transactional process, the company found themselves providing credit to sellers so they can replenish their stock while still selling, and providing cash advances to others. 

MercadoLibre also automatically initiates a phone verification event when witnessing suspicious or unusual transactions: either a user publishing something that is out of their normal value range or an account that abruptly changes its buying patterns. In cases like these, MercadoLibre brings the user through a screening process that includes account verification via phone

Phone verification as user verification: learn how

The rise of identity and account data theft means user verification is more important than ever before. 

Watch our on-demand webinar that covers best practices for using phone numbers for identity proofing, and how to implement 2FA across your entire customer’s journey. 

In this webinar, you’ll learn:

  • How fraud is typically committed

  • What identity proofing methods businesses are using today

  • How phone-number verification can help fight fraud without harming customer experience

  • Best practices for collecting and using phone numbers for identity proofing

  • Using 2FA to lock fraud out along the entire customer journey


Seats are limited; reserve yours now!

I want to see more about: 
Editions
  • Editions
  • Industry
  • Product
  • Region
  • Solution
  • Use case
 ‐ 
Edition 1 | Winter 2021
  • Edition 1 | Winter 2021
  • Edition 2 | Spring 2021
Let's go
nabeel_saeed_headshot.jpg

Nabeel Saeed

Nabeel has worked in multiple application and network security roles over the last 5 years, and is a speaker at the Bay Area Cyber-Security Meetup. His interests include identity and authentication and he is currently involved in helping fintech companies with PSD2 compliance. He holds a Bachelors in Economics from UC San Diego, California.