How to help customers avoid account takeovers

The Merchant Risk Council gives tips for merchants to share with their customers.

Amy Dusto

While merchants can deploy sophisticated technologies and security checks to verify a shopper’s identity and ensure her transactions are not fraudulent, several common consumer behaviors still put her at risk for having her account information stolen by criminals who then use the account to commit fraud, according to nonprofit payments security organization the Merchant Risk Council. Retailers must help educate consumers in order to combat that type of fraud, which is becoming more common, the council says.

“In the last two years, several of our online merchants have seen a drastic increase in this type of fraud and have even seen the rates rise a few months after a large data breach,” a spokesman for the council says. “Credit card numbers are no longer the only piece of information that fraudsters can use to commit fraud online against both consumers and merchants.” With many merchants storing a customer’s billing information within her account, in some cases all a criminal needs to log in and make a purchase is her user name and password.

From 2010 to 2012, the number of incidents of account takeover fraud—in which a criminal steals a consumer’s credentials for logging into an online account and uses her information to make fraudulent purchases—have doubled, according to a report by fraud prevention and payment services vendor Retail Decisions, or ReD.

The Merchant Risk Council suggests that retailers share the following tips with customers to help them keep their data safe:


credit card account data, credit card numbers, Data breach, e-mail, Merchant Risk Council, online fraud, online fraud prevention, passwords, payments security, Red, Retail Decisions, security tips, social media, user name