Costs of mobile and web-based fraud reported as high as 8.3% of revenue with 84% of organizations experiencing account takeovers in the past year
SAN MATEO, Calif., August 31, 2021 – PerimeterX, the leading provider of solutions that secure digital businesses against automated fraud and client-side threats, today released Quantifying the Impact of Credential Stuffing and Account Takeovers in Financial Services, a comprehensive report that examines how attackers have found credential stuffing attacks and account takeovers (ATOs) against organizations in the financial services industry to be a highly effective, highly scalable way to commit fraud.
The study, conducted by the Aberdeen Group, quantifies the risk of credential stuffing and account takeovers for four segments of the financial services industry in the United States: commercial banks, credit unions, savings institutions and fintech.
Key findings of the report include:
- Financial consequences have grown to a level that goes beyond a mere “cost of doing business,” to become a material business risk.
- To address the issue of credential stuffing and account takeovers, organizations in the financial services industry are about three times more likely to invest in fighting malicious bots than to take steps to reduce weak passwords and password reuse.
- Advanced bot detection and mitigation services top the list of technical capabilities being adopted to combat automated credential stuffing attacks.
In particular, bot-driven credential stuffing attacks are prevalent, and growing. 84% of all respondents reported that some number of their online users had experienced a successful account takeover in the previous 12 months.
Respondents were asked about the direct consequences from attacks on their customer accounts. The survey found that:
- 45% of organizations experienced fraudulent transactions
- 31% saw the creation of new accounts, e.g., credit applications
- 24% reported transfer of funds or other fungible value, e.g., loyalty points, rewards
"Throughout the financial services industry, the monetary consequences of credential stuffing and successful account takeovers — both direct, and indirect — have grown beyond a basic 'cost of doing business' to become a material business risk,” concluded Derek Brink, CISSP, vice president and research fellow for Aberdeen Strategy & Research. "Given the central role of digital credentials in the management of long-term, account-based relationships with their customers, it’s clear that addressing these risks now demands much closer attention."
Aberdeen’s quantitative analysis also estimated the median cost of an attack ranges from 2.7% to 6.4% of the revenue generated from their monthly active users for each of the four market segments: commercial banks, credit unions, savings institutions and fintech companies.
“The business impact of ATO-related fraud on an organization is higher than many people realize, which is why we undertook this important industry analysis. For example, the median revenue for the credit unions that responded to the survey is $65 million, and the median amount lost due to a data breach is 5.2% of revenue, which is more than $3 million. Preventing and fighting these attacks requires an investment in people, tools, technologies, services and data, but these costs can really add up so accuracy and efficiency are paramount. PerimeterX is committed to supporting our financial services customers to meet these challenges head on, helping them assure their account holders, investors and stakeholders that they are taking a strong, proactive approach to security,” said Kim DeCarlis, CMO, PerimeterX.
For more information, read the full report from the Aberdeen Group here.
PerimeterX is the leading provider of solutions that protect modern web apps at scale. Delivered as a service, the company’s solutions detect risks to your web applications and proactively manage them, freeing you to focus on growth and innovation. The world’s largest and most reputable websites and mobile applications count on PerimeterX to safeguard their consumers’ digital experience. PerimeterX is headquartered in San Mateo, California, and at www.perimeterx.com.