Account Takeover: The Defense in Depth Strategy

by Guest Contributor 4 min read December 22, 2020

Preventing account takeover (ATO) fraud is paramount in today’s increasingly digital world. In this two-part series, we’ll explore the benefits and considerations of a Defense in Depth strategy for stopping ATO.

The challenges with preventing account takeover

Historically, managing fraud and identity risk in online banking has been a trade-off between customer experience and the effectiveness of fraud controls. The basic control structure relies on a lock on the front door of online banking front door—login—as the primary authentication control to defend against ATO.

Within this structure, there are two choices. The first is tightening the lock, which equals a higher rate of step-up authentication challenges and lower fraud losses. The second is loosening the lock, which results in a lower challenge rate and higher fraud loses. Businesses can layer in more controls to reduce the false positives, but that only allows marginal efficiency increases and usually represents a significant expense in both time and budget to add in new controls.

Now is the perfect time for businesses reassess their online banking authentication strategy for a multitude of reasons:

  • ATO is on the rise: According to Javelin Strategy & Research, ATO increased 72% in 2019.1
  • Users’ identities and credentials are at more risk than ever before: Spear phishing and data breaches are now a fact of life leading to reduced effectiveness of traditional authentication controls.
  • Online banking enrollments are on the rise: According to BioCatch, in the months following initial shelter-in-place orders across the country, banks have seen a massive spike in first time online banking access.
  • Users expect security in online banking: Half of consumers continue to cite security as the most important factor in their online experience.

Businesses who reassess the control structure for their online banking will increase the effectiveness of their tools and reduce the number of customers challenged at the same time – giving them Defense in Depth.

What is Defense in Depth?

Defense in Depth refers to a strategy in which a series of defense mechanisms are layered in order to protect data and information.

The basic assumptions underlying the value of a Defense in Depth strategy are:

  • Different types of transactions within online banking have different levels of inherent risk (e.g., external money movement is considerably higher risk compared to viewing recent credit card transactions)
  • At login, the overall transaction risk associated with the session risk is unknown
  • The risk associated with online banking is concentrated in relatively small populations – the vast majority of digital transactions are low risk

This is the Pareto principle at play – i.e., about 80% of online banking risk is concentrated within about 20% of sessions. Experian research shows that risk is even more concentrated – closer to >90% of the risk is concentrated in <10% of transactions. This is relatively intuitive, as the most common activities within online banking consist of users checking their balance or reviewing recent transactions. It is much less common for customers to engage in higher risk transaction. The challenge is that businesses cannot know the session risk at the time of challenge, thus their efficiency is destined to be sub-optimal.

The benefits of Defense in Depth

A Defense in Depth strategy can really change the economics of an online banking security program. Adopting a strategy that continuously assesses the overall session risk as a user navigates through their session allows more efficient risk decisions at moments that matter most to the user. With that increased efficiency, businesses are better set up to prevent fraud without frustrating legitimate users.

Defense in Depth allows businesses to intelligently layer security protocols to protect against vulnerability – helping to prevent theft and reputational losses and minimize end-user frustration. In addition to these benefits, a continuous risk-based approach can have lower overall operational costs than a traditional security approach.

The second part of this series will explore the cost considerations associated with the Defense in Depth strategy explored above. In the meantime, feel free to reach out to discuss options.

Contact us

1Identity Fraud in the Digital Age, Javelin Strategy & Research, September 2020

Related Posts

Used EV Growth Signals a New Phase of Consumer Purchasing Behavior

The electric vehicle (EV) revolution isn’t slowing down, it’s changing lanes. While recent conversations have seemingly focused on softening demand for new EVs, the used segment has been gaining momentum. According to Experian Automotive’s 2025 EV Year in Review Report, new retail individual EV registrations fell 35.9% year-over-year. Meanwhile, the used retail individual EV registrations grew 25.4% from a year ago. As affordability and growing model availability reshapes consumer behavior, buyers are increasingly turning to pre-owned EVs, which has shown an interesting market divergence that is redefining how consumers are adopting this segment and what it can mean for automakers, dealers, and the overall industry. Key players behind rising used EV demand Notably, Tesla accounted for over half (60.5%) of used retail individual EV registrations in 2025, followed by Chevrolet at 6.4% and Nissan (5.5%). Diving a bit deeper, Tesla made up the top three models of the used individual registrations last year, with the Model 3 coming in at 27.2%, Model Y at 21.7%, and Model S (6.6%). The Chevrolet Bolt EV followed at 4.8% and the Nissan Leaf was at 4%. Tesla’s position as the leading make in the used EV market is a natural extension of its long-standing dominance in new EV sales. The brand’s leadership over the years created a large fleet of vehicles that are now entering the pre-owned market. What the used EV boom means for automotive professionals The growing demand for used EVs can present more opportunities for automotive professionals. Dealers that provide a healthy supply of pre-owned EVs can increase accessibility and play a role in adoption for consumers who are actively looking to purchase, while marketers can emphasize value and ownership benefits. As the market continues to evolve, automotive professionals who understand and respond to these changing dynamics will be best positioned to capitalize on the expanding pool of used EV shoppers. To learn more about EV insights, visit Experian Automotive’s EV Resource Center.

Published: June 30, 2026 by Kirsten Von Busch
How Terrace Finance Uses NeuroID to Respond to Fraud Faster and Smarter

Learn how Terrace Finance used NeuroID behavioral analytics to detect fraud faster, respond to attacks, and strengthen risk management.

Published: June 29, 2026 by Scarlet.Nickel@experian.com
Ask the Expert: A Closer Look at Modern Lending with Jeff Hops and Erin Haselkorn

In this first episode of Ask the Expert, Experian's Jeff Hops, Senior Director of Data Platform and Product, and Erin Haselkorn, Senior Director of Analyst Relations, explore how broader data and new signals can help lenders better understand today’s consumers, while maintaining responsible decisioning. Lending is changing  Interest rates, regulation, embedded finance and AI are reshaping the lending landscape. Consumer behavior is evolving just as quickly. But the core job hasn’t changed. Lenders are still making decisions about people they don’t fully know, and that makes data more important than ever. "There are periods where nothing changes, and periods where it seems like everything changes. We’re in the latter … but the core premise hasn’t changed. You’re still trying to lend to somebody you don’t know."Jeff Hops, Senior Director of Data Platform and Product To make those decisions with confidence, lenders need a strong foundation of identity, history and reliable signals. In a period of rapid change, the quality and completeness of that data become even more critical. A more complex view of today’s consumer What has changed is the consumer. Traditional credit data is foundational but can be further enhanced with visibility on how people earn, manage and move money. Income may come from multiple sources, and financial activity often spans bank accounts, applications (apps) and digital channels. Cash flow data, for example, can provide a clearer view of what’s actually coming into a consumer’s account, beyond what traditional records may show.These additional signals can help lenders better understand: Income variability across multiple earning sources Current financial behavior through cash flow activity Digital and identity-linked activity across channels These signals don’t replace traditional data; they expand it. The result is a more complete and current view of the consumer. From exploration to real-world application The conversation around broader data signals has moved beyond theory. Lenders are no longer just asking whether these signals are useful. They’re asking where, how and under what governance they can be applied across the lending lifecycle. Lenders are actively researching, testing and implementing new data sources across the lending lifecycle. What was once experimental is now operational. Institutions are progressing through a clear path: Research Understanding available signals and use cases Testing Evaluating performance in controlled environments Implementation Applying insights in production Today, alternative data is being used in areas like analytics, channel scoring and decisioning, often within governed environments that allow for safe testing and validation. AI may accelerate this shift by helping institutions identify patterns at scale, but its value depends on the strength of the underlying data: quality, governance, context and clear business use cases. More signal, more responsibility As data availability expands, lenders have access to more granular insights than ever before. That creates opportunity, but also responsibility. The institutions that lead won’t be the ones that use the most data. They’ll be the ones that know which signals to use, how to validate them and how to apply them in ways that are fair, explainable and aligned to consumer outcomes. “Institutions can unlock more granular and powerful decisions, but they have to do it responsibly.”Erin Haselkorn, Senior Director, Analyst Relations The future of lending will be shaped not just by how much data is available, but by how thoughtfully it’s applied. Keeping the consumer at the center of decisioning is essential to building trust and long-term success. Explore alternative data with us A more complete understanding of today’s consumers starts with better data. We help lenders responsibly incorporate broader data signals and advanced analytics into decisioning strategies, enhancing visibility into today’s consumers while strengthening risk assessment and expanding access to credit. Let’s work together to build more confident, more responsible lending decisions. Learn more Contact us About our experts Jeff Hops Senior Director, Data Platform and Product, Experian Jeff Hops is a Senior Director in Experian’s Financial Services and Data business with over eight years of experience driving innovation in credit and data solutions. He has led product development for Experian’s Credit Report and played a key role in launching Ascend Identity Platform™, a leading identity resolution platform. Erin Haselkorn Senior Director, Analyst Relations, Experian Erin Haselkorn is responsible for analyst relations for Experian. She has developed an understanding of key marketing trends across a broad range of verticals. Her market research around data strategy, AI, fraud, identity and data management, paired with her broad Experian product knowledge, gives her a unique understanding of business automation and data trends. Erin is a frequent spokesperson and guest blogger.

Published: June 22, 2026 by Julie.JLee@experian.com

Subscribe to our thought leadership

Enter your name and email for the latest updates.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Subscribe to our thought leadership

Don't miss out on the latest industry trends and insights!
Subscribe