Account takeover (ATO) fraud reached alarming levels in 2024, driven by an unrelenting wave of data breaches. Massive incidents, including the theft of every American’s Social Security number and over 2.9 billion stolen records, underscore the urgency of this escalating threat. From the Ticketmaster breach to AI-generated voice scams, these attacks are making it more challenging to detect fraud.
As ATO fraud evolves, businesses and consumers alike face growing challenges. The financial impact is staggering, with losses climbing to nearly $13 billion in 2023, up from $11 billion in 2022. Beyond monetary damage, ATOs cause lasting damage to consumer trust and brand reputation. Read on to discover the top ATO trends and insights from this year and strategies for businesses to stay ahead in 2025.
ATO Trends and Insights from 2024
In 2024, the average ATO attack rate rose 24% YoY across the Sift Global Network in Q2. Fraudsters are increasingly capitalizing on stolen personal identifiable information (PII), payment details, and credentials to take over accounts. Over the past few years, there’s been tremendous growth in data breaches, driving this wave of fraud. Once inside accounts, cybercriminals execute fraudulent transactions, steal sensitive data, and launch additional attacks.
Certain industries faced even sharper spikes, including marketplaces, e-commerce, and ticketing. Marketplaces are particularly vulnerable, as economic pressures lead more consumers to sell items online, creating a prime target for fraudsters. Similarly, ticketing and travel platforms face consistently high attack rates, fueled by consumers’ stored payment details and unmonitored accounts.
The Role of AI in ATO
Generative AI has transformed the fraud landscape, empowering attackers with tools to create convincing phishing scams, deepfake voice and video forgeries, and automated scripts. Fraudsters also fabricate identities to bypass verification, leveraging AI’s power to scale and refine their methods.
This year, 54% of consumers expressed deep concern about AI’s role in compromising account security—it’s more necessary than ever that businesses adopt AI-driven fraud detection to fight increasingly sophisticated threats with equally smart solutions.
Consumers Face Increased ATO Vulnerability
78% of individuals use the same password for more than one account, significantly increasing their vulnerability to ATO fraud. Once attackers breach one account, they can easily infiltrate others. Beyond unauthorized purchases, victims often lose loyalty rewards or stored credits, compounding their losses. This year, 24% of consumers reported being victims of account takeover, up from 18% in 2023. The most commonly breached websites and apps include social media platforms, streaming subscriptions, and bank or credit card accounts.
The Democratization of Fraud
Fraud is no longer limited to professional cybercriminals. With tools readily available on platforms like Telegram, 37% of consumers reported encountering offers to participate in account fraud, up from 24% in 2023.
Sift’s Trust and Safety Architects observed the rise of “fraud-as-a-service” schemes, such as tools selling breached data for as little as $10 per week. These tools enable anyone to search for credentials and launch attacks within minutes, democratizing fraud and amplifying its reach.
Combating ATO with Two-Factor Authentication (2FA)
To counteract these trends, businesses are increasingly adopting two-factor authentication 2FA. Industries like ticketing and fintech lead adoption rates due to their emphasis on transaction security, while sectors such as food delivery prioritize speed and convenience over security. Data reveals a 21% increase in average 2FA adoption across the Sift Network.
ATO Solutions: Building Digital Trust
The rise in ATOs, coupled with the growing accessibility of fraud, underscores the urgent need for stronger security measures heading into 2025. Businesses must remain vigilant, adopt technologies like 2FA, and educate consumers on best practices to safeguard their accounts. Key measures include:
- Holistic Coverage: A holistic approach to ATO prevention emphasizes the importance of monitoring entire user sessions using passive data sets like device intelligence and user behavior analytics. By monitoring suspicious behaviors across the entire user session, businesses can better detect and proactively prevent ATO.
- Session-Level Data: Integrating session-level data enables businesses to analyze and respond to suspicious activities in real time. The Sift Platform allows you to see all logins and sessions and take informed actions based on that data.
- Customer Empowerment: Utilize notifications and 2FA to involve end-users in spotting suspicious activity and keeping accounts secure.
- Low-Code Integrations: Sift integrates with identity platforms like Ping Identity and Auth0 also make it easier for businesses to adopt robust fraud prevention tools.
Watch the on-demand webinar or dive into the full report to see more account takeover data and insights.
