Our website uses cookies

Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing Infosecurity Magazine, you agree to our use of cookies.

Okay, I understand Learn more

Are You Prepared to Battle Account Takeover Fraud?

According to Javelin’s identity fraud study, mobile phone account takeovers (ATO) have increased 78% from the previous year, with fraudsters gaining malicious access to more than 680,000 victim accounts.

New accounts are being created in the name of authorized users to complete fraudulent online transactions. These could be as trivial as buying groceries on a debit card or as grave as taking out a mortgage through someone else’s account.

So far, this type of fraud has appeared as more of a serious threat for customers, who are then left battling for recovery in terms of both financial loss and compromised account identity. Greater volumes of fraud in credit and prepaid cards, as well as mobile phone accounts have been recorded as opposed to those on more traditional, albeit secure, bank accounts. 

With banks and other financial institutions rushing to expand services online, it is now pertinent that both customers and employees are well-prepared to thwart contemporary types of fraud with technologically advanced solutions. 

Why worry about ATO fraud?

The online marketplace has opened up a new world of opportunities for customers and corporations alike. Digital payments will amount to an estimated $4.8 billion in transaction value by 2020, with e-commerce making up the largest segment. At the same time, this indicates the risk faced by troves of online customer data that must be gathered to sustain these transactions. 

Vast amount of customers’ personally identifiable information (PII) is commonly available for sale on the Dark Web. Techcrunch reports the recent illegal sale of more than 700million accounts on a place called Dream Market usually in bitcoin prices, disclosing large scale information about customers’ name, email ids and passwords. 

Online account opening is not a new service anymore, but as it scales to fit a larger global market, safeguarding it becomes highly relevant. The focus has now shifted from merely securing business processes to streamlining safety nets with the purpose of balancing transaction security and convenience. 

A number of security techniques have been put in place to secure the various faces of online business. To counter credit card fraud, for instance, EMV chips have been used to encrypt user information every time an account is accessed, making it harder for criminals to copy personal credentials. 

Still, stringent safety measures must be incorporated to ensure high levels of digital data safety and proactive fraud detection in online accounts. These include biometric verification, document screening, customer risk assessments and digital identity management. These are some (key) security measures that will help you assess your capacity to battle account takeover fraud. 

Fraud prevention technology 

Account information that is compromised on the web is commonly used for social engineering attacks. Such a strike involves hackers who coerce customer representatives into granting access to online accounts. For this purpose, fraud detection and prevention software must be used to evaluate the possibility of risk and to signal counterfeit authorization attempts. Risky and suspicious user behavior and device usage must be tracked in order to make data-driven decisions about managing account fraud. 

For organizations providing additional services on cards such as promotional offers and loyalty rewards have felt a greater need for real-time verification of requests to battle rising levels of e-commerce fraud.

Card not present fraud and familiar fraud rates have also gone up, leading to more than $12 billion in fraud losses in the US alone. This is where organizations need to leverage automated fraud prevention services to ensure that only authorized users are logging in. 

Customer and employee training

Alongside, customers and employees should be educated about best practices in online safety such as password generation and website usage, as well as the various possibilities in online data fraud. Transaction and credit monitoring services, predictive scoring and identity verification services have proved helpful to apprise customers of suspicious account activity.

However, with more serious products such as loans and mortgages, it has become harder to track fraudulent accounts and involve victims immediately. 

As a parallel measure, customers should also have access to data controls in the form of real-time notifications and account abandonment options through mobile phones to prevent attacks at source. 

Employees, especially those at the customer end of the spectrum, need to be well aware of fraud possibilities and be prepared to take preemptive action against it. Without increasing false positives, information on customer characteristics should be able to screen fraudulent visitors and mitigate fraud at source. 

Multi-layered authentication 

One-time passwords as a traditional single security layer are a huge security loophole and can easily be compromised during mobile account takeovers. Statistics show that 81% of data breaches are due to weak or stolen unique credentials.  

Hackers can also intercept SMS codes and phone calls that provide validation tokens. Therefore, online merchants need to be extra vigilant about verifying customers at sign-up, as well as installing an ongoing authentication mechanism. According to a MobileIron study conducted by IDG, 90% security professionals have faced security lapses due to lost passwords. This indicates the need to deter all possible means of an information breach, without having to let go of a smooth customer journey. 

Therefore, passwords should be replaced with multi-channel security measures such as two-factor authentication to limit dependence on a single security later. Authorizing customer account access with multiple gateways helps alert customers in due time and mitigates financial loss at source. 

Biometric verification systems

While most organizations have put in place a rudimentary verification process, the gap between the intensity of threats and effectiveness of remedial measures is growing. Fool-proof identity proofing methods and multimodal biometrics are helpful in this regard, with the integration of more than one biometric characteristic now being used as a primary means of validating customer identity.

A study by IBM points to the increasing ease with which consumers are willing to use and consider biometric authentication for future transactions due to its convenience. Additionally, behavioral biometrics are also employed to track applicant history on the web and making it harder for bad actors to impersonate authentic end-users.

What’s Hot on Infosecurity Magazine?