Why is Account Takeover Fraud So Dangerous to Consumers & Financial Institutions?

July 2023

Online Payment Fraud

Cara Malone

Senior Research Analyst

As we discuss in our latest online payment fraud research, ATO (Account Takeover) fraud happens when a cybercriminal gains access to the victim’s login credentials to steal funds or information.

Fraudsters digitally break into a financial bank account to take control of it and have a variety of techniques at their disposal to achieve this, such as phishing, malware, and man-in-the-middle attacks, among others. ATO is a top threat to financial institutions and their customers, due to the financial losses and mitigation efforts involved.

How Does ATO Occur?

Some account takeovers begin with fraudsters harvesting personal information from data breaches or purchasing it on the Dark Web. Personal information such as email addresses, passwords, credit card numbers and social security numbers harvested are valuable to cyber thieves for financial gain. 
 
When an account takeover attack is successful, it can lead to fraudulent transactions, credit card fraud and unauthorised shopping from compromised customer accounts. Account takeover is often referred to as a form of identity theft or identity fraud, but it is mainly credential theft because it involves the theft of login information, which then allows the criminal to steal for financial gain.
 
Account takeover fraud is continually evolving and is a constant threat that comes in different forms. A successful account takeover attack leads to fraudulent transactions and unauthorised shopping from the victim’s compromised financial accounts.

What Threat Does ATO Pose to Financial Institutions?

ATO is a significant loss area in most global markets; supported by the previously highlighted tailwinds of data breaches and FIs offering increased access and services. These tailwinds are likely to continue, and it is therefore likely that the proliferation of ATO will increase in the next few years.
 
In response to this persistent threat, FIs will need to adopt a mindset, when designing their fraud defences, that it is not a matter of ‘if’, but rather ‘when’ fraudsters will have access to their customers’ personal information and account access detail. With this mindset, FIs will need to focus on a multi-layered approach to mitigate ATO losses, including increased adoption and sophistication of authentication, such as multi-factor access authentication.
 
Awareness of authentication is at a record high, as it becomes ubiquitous in our daily usage of mobile technology, and this will assist FIs in the full roll-out of sophisticated, next-generation profiling capability of customers and behaviours; utilising the latest AI profiling capability with additional data sources for context.
 
Individually, authentication and profiling can be exploited by fraudsters. When combined, and with additional layers, they are an effective deterrent.

How is ATO Evolving?

Many already refer to a perceived industrialisation of ATO having occurred in the past 12-18 months. In this event, we will likely experience Account Takeover 2.0 in coming years, as fraudsters move from generalised attacks to an increasing focus on more targeted ATO attacks.
 
This approach replaces mass credential stuffing with more targeted exploitation that could yield higher returns for the fraudster and drive increased fraud losses for FIs. This is a critical future area for FIs, as customers experiencing ATO will experience a loss of trust in their provider, regardless of fault, and the organisational cost of remedying an ATO attack is significant.
 
Cybercriminals are constantly evolving their tactics and employing new ones in their attempts to breach consumers’ accounts. Increasingly automated methods such as credential stuffing, complex scripts, and bots, make fraud ever easier to deploy. In addition to targeting consumers, account takeover is increasingly being used to steal employee user credentials. It is often the easiest path to access sensitive information within organisations.
 
Bots have made these tactics extremely scalable so cybercriminals can hit more targets, or place greater focus on a single target. The increasing use of bots is leading to more brute-force attacks that span across the web and deploy stolen credentials against accounts.
 
In addition, the legitimate owner is not likely to be initially informed or aware of the takeover of their account. Often, it takes a period of time until they realise the damage, but by then, the perpetrator will have disappeared.

How Can Fraud Detection Systems Help Fight ATO?

ATO can be challenging to detect because fraudsters can hide behind a customer’s positive history and mimic normal login behaviour. Continuous monitoring provides the ability to detect signs of account takeover fraud before it begins.
 
An effective fraud detection system will give financial institutions full visibility into a user’s activity before, during and after a transaction. The best defence is a system that monitors all activities on the bank account because before a criminal can steal money, they need to perform other actions first, such as setting up a new payee. Monitoring all the actions on an account will help identify patterns of behaviour that indicate the possibility of account takeover fraud.
 
This type of fraud detection system can also assess risk based on data such as location. For example, if a customer first accesses their account in North America and then again 10 minutes later from Europe, it is clear that it is a suspicious activity, and could indicate that two different individuals are using the same account. If there is risk of ATO fraud, the fraud prevention system will challenge the person transacting on the account with a request for additional authentication.

Want more insights and statistics?

Download our latest online payment fraud whitepaper, which examines key challenges within the online payment fraud sector, including the current economic crisis across many developed regions as well as the lack of data sharing within the online payment fraud space. You can also visit our infographics area, where you'll find an infographic containing our latest online payment fraud market statistics.