Rethinking account recovery measures to prevent identity fraud

The hidden cost of account recovery

“Password must be at least 10 characters long, have both uppercase and lowercase and contain at least one digit.” Sound familiar?

Adding extra steps to make sure users’ passwords are really secure is great. But it can backfire really quickly. Did you know 1 in 4 people ask to reset a password at least once a month because they can’t remember their details? Considering the average US and UK email address is currently associated with more than 100 online accounts, we can bet users will keep on forgetting their logins.

Account recovery—resetting users’ account credentials—has a huge impact on your business. With 20% to 50% of all helpdesk calls being about resetting passwords, the cost of providing account recovery services can go up to a staggering $70 per password.

 

A growing issue for you and your business

Along with huge operational costs, account recovery also poses great security threats.

Resetting credentials vary from platform to platform, but the process usually involves an email address. Most commonly a link will be sent to the users’ address redirecting them to a landing page where they can update their details. It’s easy, quick and has the benefit of providing a seamless user experience. But what happens if the email itself has been compromised?

All fraudsters need is a single address to use a genuine user’s credentials and access your platform. This explains why a shocking 91% of all login traffic to retail sites is fraudulent.

Account takeover fraud can only get bigger. The scale and frequency of new data breaches mean more and more leaked credentials are now available on the dark web. Between 2017 to 2018, account takeover attacks rose by 45% and in February 2019 alone, more than 620 million hacked accounts went up for sale.

According to LexisNexis, every dollar of fraud costs organisations like yours 2.5 times more than the actual loss itself, which totalled a staggering $5.8 billion a year in 2017.

 

Protecting your users and platform

Passwords and current account recovery processes aren’t fit for purpose–but while we might not be able to do away with them entirely, we can layer them with other, more secure identifiers.

Onfido’s identity verification service can help you catch fraudsters before they enter your platform. When resetting their login details, all users have to do is take a picture of their ID, giving you the assurance that they’re the real owner of the email address and account. And because the process is entirely remote, no need for them to contact the helpdesk.

Adding biometric verification phase to your identity verification process also gives an extra level of security. By tying a real person to their digital footprint and government-issued document, it shows you the user is genuine and the true owner of the ID. It also prevents identity fraud attempts from being scalable, simply because facial biometrics are harder to replicate or manipulate than even the strongest of passwords.

Ready to change your account recovery process? Talk to us today.

 
Previous Flipbook
The true cost of account recovery
The true cost of account recovery

When it comes to account takeover, the cost to businesses isn’t just what’s stolen. Find out why in our inf...

Next Video
Onfido's US Product Demo
Onfido's US Product Demo

A walkthrough of how Onfido's US product works to verify a user's identity, and reduce friction at registra...