There has been a targeted increase of account takeover fraud on online gambling operators. In part, this is due to the fact that users choose very weak passwords.
Payments professionals, Ravelin, a fraud detection firm in one of their latest surveys of global fraud disclosed that gambling came second only to taxi firms in terms of account takeover attacks on average yearly.
These attacks are perpetrated by fraudsters that obtain the credentials of users to take control of their online account. The account is then used to spend profligately on services or goods and in some cases, they sell the compromised data to malicious third parties.
The report showed that gambling companies battled an average of sixty account takeover attacks every year. Only taxi companies come close with 65 attacks but they are ahead of grocers with 53 attacks.
While gambling websites are noticeable targets because of the large sums that are contained in the accounts, the profile of grocers’ increased this year because of nervous buyers filling their carts online when the pandemic lockdown was in full swing.
More than half – about 52 percent – of gambling operators disclosed a massive rise in serious account takeover tries this year. This was because of the rise in online gambling activities as the land-based options could not be used because of COVID-19.
Gambling operators topped the charts as they cited ‘shared industry data’ as a major factor when to identify fraud trends.
More than 56 percent of gambling operators that were ranked shared data among their top 3 factors. However, 20 percent listed this as the top factor.
Other industries cited customer profiles, location, device ID and order content as the top factor.
Mairtin O’Riada the CIO of Ravelin said that the havoc caused by account takeovers could be traced to users, banks and merchants. But in a situation where it is not clear, in most cases, the merchant takes the hit.
As interesting as it sounds, the digital goods sector – which happens to be the sector where gambling is grouped – offered 2FA (two-factor authorization). However, customers were asked to opt-in.
Digital goods operators were one of the lowest sectors that enforced the use of 2FA for all its customers. Riada stated that this method was a very effective way of reducing takeover attempts, but this too has its limitations as it can be circumvented.
This can be because of customers that choose weak passwords that can be detected by password cracking software. Customers worsen the situation when they use such weak passwords across several online accounts.
The yearly most popular online list of passwords is published by NordPass a proprietary password manager and it shows that ‘123456’ was the most common password used in 2020.
This password dethroned ‘12345’ which was the most popular last year and sent it to 8 spot, while password ranked fourth. The above password takes less than one second to crack when a malicious hacker has the right tool at his disposal.