Account Takeover Fraud is on the Rise and it Doesn’t Discriminate

A consumer’s email address associated with their account just changed in your account management system. Did the actual customer initiate the request or did a criminal just take over their account? This could be account takeover fraud.

Account takeover fraud is a type of identity theft where a fraudster gains access to their victims’ accounts, then makes non-monetary changes that may include modifying personally identifiable information (PII), requesting a new card or adding an authorized user. Once they accomplish one of these seemingly insignificant requests, they have the power to carry out any number of unauthorized transactions.

Account takeover fraud doesn’t discriminate — everything from government benefits, wireless phone contracts, checking, savings, credit card, store loyalty rewards and e-commerce accounts can fall prey to this problem.

Activities that carry a high-risk of account takeover fraud, such as changing the email, phone number or password associated with an account, take place numerous times a day. The vast majority of these customer-initiated account management actions are legitimate. When they aren’t, the results can be costly.

The Gift That Keeps on Giving — Account Takeover

When account takeover attempts are successful, the pain for the customer — and the harm to the organization that did not stop the compromise — often extend far beyond the losses tied to the individual account. Account takeover puts a strain on customer relationships and can result in long-term damage to a company’s brand.

When a fraudster steals a credit card, they’ve stolen one relationship. With account takeover, criminals have the potential to infiltrate several relationships of their victims.

Stolen account information—including usernames, passwords, email and mailing addresses, bank account routing information and Social Security numbers allow fraudsters to forge a full-blown attack on a person’s identity.

Fraudsters move quickly and often use the data gathered from one account takeover scheme or data breach to take over additional accounts at other companies. Even worse, criminals often collaborate and sell compromised identities to the highest bidder, resulting in further damage to the consumer’s accounts and identity. Account takeover fraud is the gift that keeps on giving.

Fair or not, consumers often view the organization that did not prevent the fraudster’s access to their account to be at fault. However, excessive scrutiny of every requested change runs the risk of alienating customers and can generate significant operational expense. There is a fine line between protecting your account holders and providing them with a great customer experience.

How can companies stay ahead of fraudsters while minimizing customer friction on the millions of benign account management activities that occur daily?

Account Takeover Fraud Requires a Comprehensive Solution

Your business cannot afford to lose customers due to restrictive account management access or even worse, an account takeover occurrence. Because account takeover fraud knows no boundaries, combating it requires a comprehensive, real-time understanding of normal and abnormal account maintenance activity across your organization’s channels and product areas.

A cross-industry perspective can help flag suspicious activity before losses occur.

This is where ID Analytics’ proprietary repository of identity information comes in. With more than 100 million new identity elements coming in every day, our ID Network® knows your customers well. We can help you predict whether a change in account information is likely to be the first step in an account takeover by answering the following questions:

  • Has the account holder made similar changes at other organizations?
  • Holistically, does the full set of requested account changes match a pattern of account takeover?
  • For PII changes, does the new information being added to the account (i.e. new address or phone) have a history of high-risk behavior?
  • For PII changes, does the comparison of old and new information reveal a high-risk behavior?

The answers drive an assessment which allows legitimate customers to change their information with minimal hassles, while catching more fraudsters by uncovering truly high-risk changes.