Account takeover (ATO): Fraudsters use usernames and passwords to access accounts—they change the address and passcodes on the account, lock the rightful account owner out and take control.
Data breaches seem to be an almost weekly occurrence. Consumers are urged to change passwords and monitor their credit ratings. It’s a recurring story that has become all too common. So what’s the real danger behind a fraudster taking over an account? From the consumer perspective it could be just one account that can be shut down … unless of course the same password and username has been used for other accounts too. Then fraudsters have the keys to a customer’s online account kingdom. They can shut consumers out of their banking and credit card accounts while quickly draining them.
A complete lockout is just one approach fraudsters take to ATO. The other is to simply access the account and use it. If an account has a credit card associated with it, fraudsters can buy merchandise and have it shipped to multiple locations. This usually takes place before the account owner even realizes there was a breach. In this scenario, the fraudsters have the merchandise at no cost to them, and the bill will go to an accountholder who won’t pay it. The result is a chargeback to the business involved—who has now lost both the merchandise and payment. In this type of situation not only does the credit card need to be canceled but the account login details must be changed in order to stop the fraudster from using the new card to start the process over again.
There’s no denying that account takeover hits consumers hard, but the businesses dealing with the aftermath of this type of fraud are hit even harder. Some of the issues a company deals with after being hit by ATO fraud:
- Financial losses incurred by fraudsters
- Loss of consumer confidence as they blame the company for not protecting them
- Increased operational expenses dealing with the aftermath of ATO including customer communications
- Potential fines from governing bodies
ATO fraud plagues businesses both big and small. It can quickly overwhelm fraud teams unless they have a specific strategy in place to combat it. Because data breaches have become more common, businesses need to get very serious about preventing ATO. The black market for usernames and passwords has become a huge industry—which means ATO is becoming even easier to commit. And of course data breaches are just one of the ways accounts are compromised. There’s also:
- Brute force attacks (automated password guessing)
- Gaming the customer support process
- Stolen/compromised device
Making the internet a safer place to do business is part of our mission at iovation. Everyone here is truly passionate about this. As the leader in the device-based intelligence space, we’ve seen the impact ATO can have on a company’s bottom line. We believe strongly that a fraud prevention plan that includes device recognition is critical to stopping ATO. It is much more cost effective to stop ATO before it happens than to try to clean up after it.
Additional Information: We’re teaming up with Equifax on December 9 at 2:00 p.m. EST to offer a webinar on Account Takeover Protection for Online and Mobile Banking. Register today!