Deciding on your strategy for protecting your company from account takeover (ATO) begins with deciding whether to rely more on prevention or remediation. Prevention maximizes your opportunity to avoid loss, brand reputation risk and customer loss but it also comes with a higher cost to implement and more friction for your customers or employees when they are really more focused on purchasing or productivity. Remediation can allow you to reduce your cost to implement along with the number of people who experience heavy security friction, but it comes with more risk of bad actors getting through and more likely than not some bad customer experience.
Balancing both is a viable solution, based on your company’s product and client mix combined with your go to market strategy.
The case for remediation:
Focusing on remediation can mean that you’re limiting customer disruption to only those who are victims of ATO.
If you have a very low likelihood of customers being targeted for ATO, a remediation-based strategy can save you the expense and effort of trying to prevent something that is unlikely to occur (low ATO frequency).
Similarly, if you have very low potential loss or liability from an ATO, you can save the effort and cost of prevention (low ATO impact).
Whether ATO risk is low because of low frequency or low impact, a focus on remediation not only saves on cost, but also provides a better user experience as users can avoid the friction caused by most forms of prevention.
Drawbacks of a remediation-only approach:
ATO can be very difficult to detect until there is an obvious loss, e.g., a customer reports a purchase they didn’t initiate.
If you can’t detect the ATO until there’s a loss, bad actors with access to your systems may be stealing information (e.g., private customer details) over an extended period of time in order to commit more serious fraud, like identity theft.
Customer satisfaction and your business reputation are at higher risk - we all know that unhappy customers are more likely to speak publicly than happy customers. Every ATO event is a threat to brand reputation.
The case for prevention:
Focusing on prevention limits the number of successful ATO events, maintaining strong brand reputation and trust among customers.
Preventing ATO limits your exposure - whether that is to direct loss like refunds or chargebacks, or indirect loss of proprietary information.
By definition, prevention is proactive - putting you in control of when and where to apply the preventative measures.
Drawbacks of a prevention-only approach:
Focusing on prevention means more users will face friction, and this will often be legitimate users at legitimate login attempts.
Some prevention measures can be very difficult to implement accurately; e.g., device recognition, IP address geolocation, and user behavior pattern recognition need sophisticated technology.
For workplace accounts, more friction means reduced efficiency. For consumer accounts, more friction can lead to lower sales conversion, or reduced use/access of service.
Balancing your identity solution is the ultimate way to prevent bad actors from harming your business or your employees. Consider the risk of an ATO (likelihood and impact) versus the risks that come with prevention (cost and user friction). You need to weigh the factors and find the solutions that are right for your business.
At myNetWatchman we have solutions for both prevention and remediation, enabling our clients to support whichever is the right mix for them. For prevention, we offer AllCreds, our credential screening service leveraging our repository of over 30 billion compromised credential pairs. This screening occurs behind the scenes and presents no friction to users, unless the use of a compromised credential pair is detected and you choose to apply multifactor authentication (MFA) or other forms of friction. You strategically apply the friction that comes with stronger forms of prevention.
For remediation, we offer Web Monitoring and Email Reputation services. myNetWatchman’s Web Monitoring service monitors the web domains, email addresses, usernames, or credit card BINs (for card issuers) our clients request to have monitored so we can detect when the organization is being targeted with credential stuffing attacks via web, APIs, a portal, login page or elsewhere. Earlier detection leads to earlier remediation and less time for the bad actor to cause financial and brand damage.
Email Reputation tells you if bad actors have access to an email inbox, a common point of communication for executing password resets as part of the remediation and account recovery process. myNetWatchman’s Email Reputation service makes the remediation and recovery process more secure by alerting clients when they may be sending the new password or account recovery link right into the hands of a bad actor.
Comments