Over the last several weeks, I’ve shared articles about the problems surrounding third-party, first-party and synthetic identity fraud. To wrap up this series, I’d like to talk about account takeover fraud and how digital transformation has impacted it over the last year.
What is account takeover fraud?
Account takeover fraud is a form of identity theft that involves unauthorized access to a user’s online accounts to enable financial crimes. Criminals can obtain information in a number of ways, including the dark web, spyware and malware, and phishing to allow them to make unauthorized transactions with the user’s account.
Fraudsters have made efforts to also gain control of mobile or email accounts so they can intercept one-time passwords or password change instructions to retain control of the account. Once fraudsters have control of one account, they can use it to access other personal information to breach additional accounts and graduate to full-scale identity theft.
How does account takeover fraud impact me?
Account takeover fraud is damaging to businesses and consumers. It leads to losses and well as resources invested to confirm fraud.
The potential losses from account takeover fraud have spiked over the last year, in large part due to the opportunities created by the rapid increase of digital interactions and the influx of users interacting with merchants and financial institutions online for the first time.
Aite research shows that 64% of financial institutions are seeing higher rates of ATO fraud attacks now than prior to the pandemic. – Trace Fooshee, Senior Analyst, Aite Group1
Account takeover can also be difficult to detect. Unlike credit card fraud where the true owner might quickly notice suspicious charges, an account takeover attack can go undetected for long periods of time. That’s because the criminal can change login and contact information, ensuring that the real accountholder doesn’t realize they’ve been compromised immediately.
Solving the account takeover fraud problem
A good account takeover fraud prevention strategy requires two things: frictionless customer experience and robust risk management.
It’s clear that customers expect seamless interactions with merchants and lenders. At the same time, businesses need to be able to spot risky or suspicious behavior before a bad transaction occurs. That’s where a layered fraud management solution comes into play. With the right tools—including risk-based identity and device authentication and targeted step-up authentication—businesses can provide a good customer experience and only pull in staff for deeper investigations where necessary. With this strategy in place, businesses can easily recognize good customers and provide a more personalized experience, while at the same time combatting fraud – boosting growth and minimizing losses in the long run.
I hope this series has helped provide insights into the different types of fraud and why each of them requires different treatment. To learn more about the risks of account takeover and how a layered fraud management strategy can help protect your business and your customers, feel free to contact us.