Magnifying glass over a credit card

Account takeover (ATO) fraud attacks that were once large-scale, “scattershot” campaigns have morphed into smaller, more honed attacks that are more finely tuned and, as a result, significantly more effective. Here’s what you need to know to fight back and protect your business. 

Why Has the Cost of ATO Fraud Increased?

Fueled by societal and economic instability, fraudsters utilize fraud-as-a-service social engineering sites and easily obtain malware to commit identity theft and access customer accounts (i.e., phishing attacks, stolen account credentials, remote access trojans (RATs)). The costs of these attacks can be substantial. The UK financial services sector reported a 43% increase in remote banking fraud losses in 2020. Meanwhile, total consumer identity fraud losses grew to $56 billion (USD) in 2020

It’s no secret that fraud is a constant game of cat and mouse: bad actors develop new attack techniques and utilize the latest credential-stuffing automation technology while banks upgrade their capabilities in response to keep pace. But why is the cost of ATO rising so rapidly?



There is a two-part answer to this question. First, the expansion of new payment methods and increased speed of payment transactions over the past decade enables fraudsters to rapidly scale their operations and profit faster from their scams. 

Peer-to-peer (P2P) payment applications have steadily increased among consumers in the U.S. As these P2P apps have been developed and rolled out, they’ve been key targets for fraudsters to exploit. P2P platforms like Zelle, for example, saw a 49% rise in transaction volumes in 2021 from the previous year, with nearly half a trillion dollars sent to consumers and businesses. Meanwhile, the FTC reports fraud involving P2P payment apps has seen astronomical growth of 885% between 2018 and 2020.

Second, fraudsters realize that banks are often slow to determine whether an ATO attack is in progress and stop it before fraud is committed. Current ATO solutions are designed to detect and alert, placing the remediation burden on the bank’s transaction monitoring system to stop the fraud. This gives fraudsters a window of opportunity to commit account takeover fraud before a bank responds.

Recovering the money exfiltrated via these new digital channels is extremely difficult, which further contributes to the growth of ATO fraud. Combine that fact with the rapid growth of anonymous payment methods (e.g., different types of cryptocurrency), and fraudsters have several ways to move money quickly out of accounts.

How Fraudsters Pull Off ATO Fraud Attacks

With the above method of exfiltrating funds, ATO attacks become even more widespread thanks to the availability of personal information compromised through data breaches. A recent report found data breaches soared by 68% last year, the highest increase on record. The sensitive data obtained from seemingly daily data breaches has only grown more valuable to fraudsters and poses an increasingly significant threat to banks. 

This stolen information opens the door to a range of ATO techniques for bad actors. Data breaches and proactive means of stealing credentials such as phishing and its variations (smishing, vishing, etc.) have led to a wide range of consumer data available for purchase on the dark web. This arms would-be fraudsters with the tools they need to convincingly pretend to be legitimate customers.

A report by Aite Group revealed only 43% of US consumers use a different username and password combination for separate sites. As more and more bank account credentials are compromised and bought and sold on the dark web, fraudsters can successfully use each set of credentials on both the compromised account and other businesses that use the same email address or phone number. 

Other advanced methods of compromising information include ID-stealing malware, where targeted malicious code is designed to swipe banking credentials. Stolen credentials enable fraudsters to use legitimate credentials to break into a customer’s account, change contact information to receive alerts and one-time passcodes (OTPs), and drain the account of funds. Some bad actors use a class of malware called remote access tools or trojans (RATs) designed to hijack a customer’s banking session or transaction after the legitimate user has already logged in.

Annual number of data breaches in US from 2005 to 1st half of 2020 graph shows increase from approx 10 million to over 1 billion

So the question remains: with the confluence of new digital payment technologies, the ease for fraudsters to move money and struggle for banks to recover it, and the dramatic increase in availability and quality of breached records, how can banks ensure that they can stay ahead?

3 Steps to Prevent ATO Fraud

Fraudsters are innovative and know how to make the modernization of payment technology work in their favor. The best way for banks to protect their customers from the ATO fraud threat is to embrace a strategy of prevention. This strategy rests on three core principles. 

1. Know Your Users

The key to fighting fraud is verifying without a doubt that each customer is who they claim to be and is not being impersonated or manipulated at any point in their online journey. 

Behavioral biometric analysis has become the cornerstone of any comprehensive online fraud prevention strategy, as it allows FIs to both know their user and to verify their identity at every interaction and create a holistic digital identity. It works by analyzing hundreds of parameters that make up a user’s typical online behavior, such as the way they type their name, how they access their online accounts, the pressure they apply to their screen, or the rhythm and cadence with which they type. Combining the user’s device usage information with device intelligence, network assessment, malware detection, and other contextual data enables FIs to create a digital identity unique to each user.

Another key benefit of a solution employing this kind of analysis is that it occurs silently, behind the scenes, enabling FIs to give their customers frictionless protection and block bad actors while simultaneously speeding up the process for legitimate users.

2. Take a Proactive Approach 

Solution-based detection for malware is simply no longer effective. By the time malware has been detected, it is likely already too late. In other words, the missile needs to be shot down before it hits its target.

Instead, a robust protection requires an always-on fraud response. To keep up, FIs must find a solution that employs an active defense and blocks potential fraud in real-time. Active defense capabilities prevent malware from successfully manipulating a user into taking action that compromises a session or from stealing credentials. This reduces the number of alerts sent to the internal fraud team and paves the way for a preemptive defense. FIs can use link analysis to discover bad actors and mule accounts tied to fraudulent behavior hiding in their system and stop them at the point of discovery.

3. Protect the Payment Process

An ideal fraud prevention solution should block bad actors from reaching the point of transaction. A proactive approach to blocking ATOs and preventing complex attacks makes it extraordinarily challenging and expensive for cybercriminals to ever get to that stage.

To accurately assess the risk for transaction fraud, FIs must treat each customer as a unique individual. Machine learning models can establish a baseline of typical behavior and continually learn an individual’s transactional patterns, frequency, amount, and more — at scale. This granular level of analysis identifies suspicious anomalies based on historical patterns and creates more meaningful alerts. This approach also helps mitigate false positives and negatives and avoids making online processes complex and challenging for genuine users attempting to carry out their regular transactions.

Fraudsters are always innovating, have more opportunities than ever before, and understand how easy it is to profit from account takeover fraud. Embracing a strategy of prevention is the most important step any bank can take to protect their customers and bottom line. 

Download our eBook 6 Crucial Capabilities to Protect the Online Customer Journey to learn how continuous authentication ensures customers are consistently who they claim to be.