Retail, CPG and Logistics

Prevent account takeover fraud with account change risk insights

As the e-commerce sector experiences a boom, the number of online frauds has surged. This has become a huge cause for concern because it impacts brand reputation and customer experience negatively. Statistics indicate that e-commerce losses because of online fraud hit a staggering $41 million in 2022.

Different types of online fraud like promo abuse, triangulation fraud, and account takeover frauds, etc., constitute the rising numbers of online frauds.

Of these, account takeover (ATO) frauds have caught the attention because of their exponential increase in recent times. Data shows that ATO frauds increased by 131% in the second half of 2022 when compared to the first half.

What are ATO Frauds?

In simple terms, ATO fraud is when a hacker uses stolen credentials and illegally accesses an account to steal funds or information. Hackers use techniques like phishing, malware, etc., to digitally break into a bank account and take control of it.

ATO fraud is not limited to the e-commerce industry but impacts businesses across industries. A recent study shows that 22% of adults in the US were victims of ATO fraud in 2022.  

Detecting ATO fraud is difficult, especially in instances where fraudsters mirror the behaviour of the original account holder. Another aspect of ATOs that makes their detection difficult is the variety of accounts that hackers can steal. Some accounts that are vulnerable to ATO fraud include streaming accounts, e-wallets, betting accounts, online dating accounts, online banking credentials, and more.

How is an ATO Fraud Executed?

1. A hacker gains access to the victim’s account.
2. The hacker makes non-monetary changes to the account. These may be changes like altering personal identifiable information (PII), requesting a new card, changing the account’s password, etc.
3. Making such seemingly trivial changes to the account provides hackers access to the account and once they are in they strike at an opportune moment to carry out transactions that could result in loss of funds and other losses.

While the victim suffers these losses, the organisation in which the account has been hacked loses the trust of the customer. Frequent occurrences of ATO fraud can damage the reputation of the brand.

In most cases, customers hold the organisation responsible for frauds claiming that they occur due to lapses in the organisation’s security measures. However, if an organisation creates additional checks for scrutiny, customers feel hassled.

Therefore, a comprehensive strategy, that does not affect user experience, is required to address ATO fraud.

One of the most effective methods to prevent ATO fraud is closely monitoring account changes to identify vulnerabilities.

Some account change risk factors that are assessed include:

1. Verifying whether the account holder has made similar changes in accounts in other organisations.
2. Assessing if the complete set of requested account changes matches an account takeover pattern.
3. In case there are changes in PII, checks are conducted to assess if the new information being added reflects high-risk behaviour. The old PII data is compared with the new data to check for high-risk patterns.

Next comes the question of how these risk factors are assessed.

Machine Learning (ML) technology holds the key to identifying high-risk patterns. ML continuously tracks transactions as they happen. The real-time data helps in preventing ATO fraud.

When a customer lands on the bank’s website or mobile app, continuous monitoring identifies their normal behaviour and interactions. ML algorithms store the data about normal behaviour and can identify any aberrations that might indicate a cyberattack.

The data points monitored include new devices, cookies, headers, location, etc. Real-time monitoring of these points reveals discrepancies that do not match the normal behaviour of the customer. This integrates with other safety measures such as 2-factor authentication and technologies like transaction signing or transaction authorisation, etc.

ML-powered bots enable cybersecurity professionals to keep up with bot activity and other sophisticated account takeover strategies.

Machine Learning is effective in preventing ATO fraud while fraud rules help in combating attacks.

In Conclusion

ATO frauds are surging and they are difficult to detect. This is because new tools are constantly being developed for attack. Hence, organisations need to stay ahead of the ever-evolving environment of ATO fraud to identify risks and mitigate them. 

A fraud detection system that leverages ML and anti-fraud rules is effective in providing real-time risk analysis that detects and mitigates ATO fraud.

For organizations on the digital transformation journey, agility is key in responding to a rapidly changing technology and business landscape. Now more than ever, it is crucial to deliver and exceed on organizational expectations with a robust digital mindset backed by innovation. Enabling businesses to sense, learn, respond, and evolve like a living organism, will be imperative for business excellence going forward. A comprehensive, yet modular suite of services is doing exactly that. Equipping organizations with intuitive decision-making automatically at scale, actionable insights based on real-time solutions, anytime/anywhere experience, and in-depth data visibility across functions leading to hyper-productivity, Live Enterprise is building connected organizations that are innovating collaboratively for the future.