What is Account Takeover Fraud and How Can You Mitigate the Risk?

by Guest Contributor 7 min read November 9, 2023

This article was updated on November 9, 2023.

Account takeover fraud is a huge, illicit business in the United States with real costs for consumers and the organizations that serve them. In fact, experts predict that by the end of 2023, account takeover losses will be over $635 billion. With consumers’ data, your reputation, and your organization’s financial picture on the line, now’s the time to learn about account takeover fraud and how to prevent it. 

What is account takeover fraud? 

Account takeover fraud is a form of identity theft where bad actors gain unlawful access to a user’s online accounts in order to commit financial crimes. This often involves the use of bots. 

information that enables account access can be compromised in a variety of ways. It might be purchased and sold on the dark web, captured through spyware or malware or even given “voluntarily” by those falling for a phishing scam. 

Account takeover fraud can do far more potential damage than previous forms of fraud because once criminals gain access to a user’s online account, they can use those credentials to breach others of that user’s accounts. 

Common activities and tools associated with account takeover fraud include:

Phishing: Phishing fraud relies on human error by impersonating legitimate businesses, usually in an email. For example, a scammer might send a phishing email disguising themselves as a user’s bank and asking them to click on a link that will take them to a fraudulent site. If the user is fooled and clicks the link, it can give the hackers access to the account. 

Credential stuffing/cracking: Fraudsters buy compromised data on the dark web and use bots to run automated scripts to try and access accounts. This strategy, called credential stuffing, can be very effective because many people reuse insecure passwords on multiple accounts, so numerous accounts might be breached when a bot has a hit. Credential cracking takes a less nuanced approach by simply trying different passwords on an account until one works. 

Malware: Most people are aware of computer viruses and malware but they may not know that certain types of malware can track your keystrokes. If a user inadvertently downloads a “key logger”, everything they type, including their passwords, is visible to hackers. 

Trojans: As the name suggests, a trojan works by hiding inside a legitimate application. Often used with mobile banking apps, a trojan can overlay the app and capture credentials, intercept funds and redirect financial assets. 

Cross-account takeover: One evolving type of fraud concern is cross-account takeover. This is where hackers take over a user’s financial account alongside another account such as their mobile phone or email. With this kind of access, fraudsters can steal funds more easily and anti-fraud solutions are less able to identify them. 

Intermediary new-account fraud: This type of fraud involves using a user’s credentials to open new accounts in their name with the aim of draining their bank accounts. 
 
This is only an overview of some of the most prevalent types of account takeover fraud. The rise of digital technologies, smartphones, and e-commerce has opened the door to thieves who can exploit the weaknesses in digital security for their own aims. The situation has only worsened with the rapid influx of new and inexperienced online users driven by the COVID-19 pandemic. 

Why should you be concerned, now? 

Now that digital commerce and smartphone use are the norm, information used to access accounts  is a security risk. If a hacker can get access to this information, they may be able to log in to multiple accounts.. The risk is no longer centralized; with every new technology, there’s a new avenue to exploit.  

To exacerbate the situation, the significant shift to online, particularly online banking, spurred by the COVID-19 pandemic, appears to have amplified account takeover fraud attempts. In 2019, prior to the pandemic, 1.5 billion records — or approximately five records per American — were exposed in data breaches. This can potentially increase as the number of digital banking users in the United States is expected to reach almost 217 million by 2025.

Aite research reported that 64 percent of financial institutions were seeing higher rates of account takeover fraud than before COVID. Unfortunately, this trend shows no sign of slowing down.

The increase in first-time online users propelled by COVID has amplified the critical security issues caused by a shift from transaction fraud to identity-centric account access. Organizations, especially those in the financial and big technology sectors, have every reason to be alarmed. 

The impact of account takeover fraud on organizations 

Account takeover can be costly, damage your reputation and require significant investments to identify and correct. 

Protection of assets 

When we think of the risks to organizations of account takeover fraud, the financial impact is usually the first hazard to come to mind. It’s a significant worry: According to Experian’s 2023 U.S. Identity and Fraud report, account takeover fraud was among the top most encountered fraud events reported by U.S. businesses. And even worse, the average net fraud loss per case for debit accounts has been steadily increasing since early 2021.

The costs to businesses of these fraudulent activities aren’t just from stolen funds. Those who offer credit products might have to cover the costs of disputing chargebacks, card processing fees or providing refunds. Plus, in the case of a data breach, there may be hefty fines levied against your organization for not properly safeguarding consumer information. Add to these the costs associated with the time of your PR department, sales and marketing teams, finance department and customer service units. 

In short, the financial impact of account takeover fraud can permeate your entire organization and take significant time to recoup and repair. 

Protection of information 

Consumers rightfully expect organizations to have a solid cybersecurity plan and to protect their information but they also want ease and convenience. In many cases, it’s the consumers themselves who engage in risky online behavior — reusing the same password on multiple sites or even using the same password on all sites. These lax security practices open users up to the possibility of multiple account takeovers.

Making things worse for organizations, security strategies can annoy or frustrate consumers. If security measures are too strict, they risk alienating consumers or even generating false positives, where the security measure flags a legitimate user. 

Organizations are in the difficult position of having to balance effective security measures with a comfortable user experience.

Reputation 

When there’s a data breach, it does significant damage to your organization’s reputation by demonstrating weaknesses in your security. Fraudulent account take-overs can affect the consumers who rely on you significantly and if you lose their trust, they’re likely to sever their relationship with you. Large-scale data breaches can sully your organization’s reputation with the general public, making consumers less likely to consider your services.

How to build an account takeover fraud prevention strategy 

There are numerous ways to build an account takeover fraud prevention strategy, but to work for your and individual consumers, it must pair robust risk management with a low friction user experience. 

Here are some of the key elements to an account takeover fraud prevention strategy that hits the right notes. 

Monitor interactions

The risk of account takeover is constant so your monitoring should be as well. A layered, proactive and passive fraud prevention program can monitor your interactions, reduce false positives and keep track of consumers’ digital identities.

Use the right tools

When it comes to fraud prevention, you’ve got plenty of choices but you’ll want to make sure you use the tools that protect you, as well as consumer data, while always providing a positive experience. We use risk-based identity and device authentication and targeted step-up authentication to keep things running smoothly and only pull in staff for deeper investigations where necessary.

Automate to reduce manual processes 

Your organization’s fraud prevention strategy likely includes manual processes, tasks that are completed by employees—but humans make mistakes that can be costly. Taking the wrong action, or even no action at all, can result in a security breach. Automated tasks like threat filtering and software and hardware updates can reduce the risk to your organization while improving response time and freeing up your team. 

Choose a nimble platform 

Technology changes quickly and so does fraud. You’ll need access to a layered platform that lets you move as quickly as the bad actors do. 

The bottom line 

You can effectively mitigate against the risk of account takeover fraud and offer consumers a seamless experience. Learn more about account takeover fraud prevention and fraud management solutions

Related Posts

How Caliber Financial Uses Data to Drive Better Decisions

Learn how Caliber Financial uses Experian data to improve lead targeting, underwriting and AI-driven decisioning for better outcomes.

Published: July 14, 2026 by Scarlet Nickel
What Is Agentic Commerce? Why Trust Will Define the Next Era of AI-Powered Shopping

Learn what agentic commerce is, why AI agents are transforming digital commerce and how Agent Trust builds trusted AI interactions.

Published: July 14, 2026 by Laura Burrows
Ask the Expert: A closer look at financial inclusion with Corliss Hill and Dr. Vaneesha Dutra

Consumer visibility is changing Roughly 45 million Americans, or 1 in 5 consumers, are considered credit invisible or unscoreable.[1] They’re working, paying bills and participating in the economy, yet many are not fully visible during the lending process. That creates both a visibility challenge and a growth opportunity for lenders. In this Ask the Expert session, Corliss Hill, Senior Director, Inclusion and Belonging at Experian, joins Dr. Vaneesha Dutra, Endowed Professor of Finance at Morehouse College, to discuss how evolving consumer behaviors are reshaping conversations around financial inclusion and lending decisions. For lenders, visibility matters because confident decisions depend on reliable context and insight. Broader consumer signals can help institutions better understand repayment behaviors, financial stability and consumer capacity. “The benefit of banks using alternative data is that they capture a very significant and new consumer base. That's 20% of the population, 45 million Americans.”Dr. Vaneesha Dutra, Endowed Professor of Finance A more complete understanding of today’s consumers Today’s consumers often manage obligations across a wide range of payment types and financial channels, creating additional signals through cash flow activity, recurring payments and consumer-permissioned financial data. Rent, utilities, subscriptions and mobile phone payments can all provide meaningful insight into how consumers manage their financial lives. What’s changing isn’t the need for risk assessment. It’s the amount of consumer behavior lenders can now evaluate. For example, a consumer experiencing temporary financial disruption may fall behind on certain obligations while continuing to consistently pay rent, utilities and phone bills. Those recurring payment behaviors can provide important context into financial priorities and stability. “These are consumers that pay rent on time every month, pay utilities every month on time and meet many other financial obligations in a timely manner.”Dr. Vaneesha Dutra, Endowed Professor of Finance From visibility to more-informed decisioning Broader consumer insights may help lenders move from limited visibility to more informed decisioning. The conversation shifts when lenders move from asking: “Should we take a risk on this consumer?” to: “Do we have enough information to fully understand this consumer?” That broader context can help institutions: Strengthen risk assessment. Identify financially active consumers with strong repayment behaviors. Support more informed lending strategies. Alternative data isn’t about replacing established credit approaches. It’s about helping lenders build on trusted credit foundations with additional context and insight. Responsible lending starts with better context For lenders, the path forward is practical and actionable. As lenders evaluate broader consumer behaviors, three priorities become increasingly important: Modernize data strategies Incorporate broader consumer signals alongside existing credit data to create a more holistic view of repayment behavior and financial stability. Engage consumers earlier Earlier intervention may help lenders better support consumers before financial challenges become more severe. Create pathways to financial access Smaller lending opportunities can help consumers establish stronger financial profiles and demonstrate positive repayment behaviors over time. The institutions that lead will be the ones that can combine strong risk practices with a broader understanding of consumer behavior. Whitepaper: Bridging the credit divide: income, risk and inclusion in consumer finance Building on the themes discussed in this Ask the Expert session, Dr. Dutra explores how demographic shifts, evolving borrower behaviors and broader consumer visibility are reshaping lending strategies and what they mean for lenders seeking to balance growth, risk management and financial inclusion. Download whitepaper Explore alternative data with Experian Experian can help lenders combine broader consumer insights with trusted credit data to strengthen decisioning, improve risk assessment and support more-informed lending strategies. With solutions spanning identity, cash flow and advanced analytics, lenders can gain a more complete view of consumer behavior and expand access to credit with greater confidence. Learn more Watch episode 1 About our experts Corliss Hill Senior Director, Belonging Business Partner, Experian Corliss Hill is a collaborative leader well-versed in working with executive stakeholders, crossfunctional teams, external partners and community organizations to design and deliver initiatives and programs that create sustainable impact. With over 25 years of extensive experience in multicultural marketing, communications, PR and inclusion and belonging initiatives, she is dedicated to advancing equitable access to financial. Her mission is to drive impactful marketing initiatives that foster meaningful change and address systemic barriers to inclusion and the communities they serve.Hill has been a part of the Experian family since 2021, and resides in Atlanta with her daughter who is a rising 11-year-old entrepreneur. Vaneesha Dutra, Ph.D. Endowed Professor of Finance and Associate Dean, Morehouse College Vaneesha Dutra, Ph.D., serves as Associate Dean in the Division of Business and Economics. With more than 20 years of experience spanning higher education, banking and real estate, Dr. Dutra’s work focuses on the racial and gender wealth gap, financial literacy and financial decision-making. She is an active researcher and consultant whose work has earned numerous grants and fellowships, including serving as the inaugural Tracy A. Pruitt Visiting Research Faculty Fellow at the Wharton School of Business. Dr. Dutra has also been named a Research Faculty Fellow for both the Center for Black Entrepreneurship and the PNC Bank Center for Entrepreneurship. [1] Consumer Financial Protection Bureau, Expanding access to credit.

Published: July 13, 2026 by Julie.JLee@experian.com

Subscribe to our thought leadership

Enter your name and email for the latest updates.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Subscribe to our thought leadership

Don't miss out on the latest industry trends and insights!
Subscribe