Banks preventing ATO attacks by understanding DNA

The key to keeping pace with new account takeover (ATO) attacks boils down to a simple concept: building a robust data strategy that enables earlier detection in the fraud lifecycle. Current systems, regardless of whether they rely on rules or machine learning for fraud detection, often are limited in their detection capabilities due to the fact that they score at the transaction level. 

The problem with scoring specifically at a transaction level (not including enrichment) is that by the time banks are scoring a transaction, the fraudsters are already attempting to move the money out of the bank. At this point, it is more often than not too late to be able to detect fraud. And, if the bank gets it wrong, the money disappears into the fraudster’s pockets.

A robust data strategy in 2 easy steps

Leverage a robust data strategy to detect fraud earlier in the fraud lifecycle breaks down into two distinct data-themed categories:

1. Use 3rd party data enrichers

First, banks need to be able to bring in 3rd party data enrichers. Data enrichers aid in the creation of fraud modeling and customer profiling by allowing banks to lift the anonymity that digital devices offer to hide who the fraudster truly is. When a fraudster/legitimate customer walks into a bank in person, a number of authentication measures can be enacted that just simply can’t be replicated in digital channels. In order to account for this, banks need to pull in 3rd party data (such as device, geolocation, behavioral analysis, malware detection, device emulation, etc.) so they can understand the context the transaction is happening in. For example, if the geolocation of the transaction matches historical data, but it’s evident that the device is hidden behind a proxy — and that may be the reason for concern.

2. Embrace omnichannel to thwart account takeover fraud

Second, banks need to be able to bring together their data from all other channels. Omnichannel solutions, which incorporate data from other payment channels (i.e. combining data from credit card & non-card channels), have been shown to drastically increase detection accuracy. However, for account takeover fraud specifically, it’s key that data is brought together from all customer touchpoints.

  • A caller claiming to be Bob calls into a call center to check on his bank account, and after a few minutes of talking with the representative he thanks him — he’s just verified that Bob actually has an account with the bank.
  • “Fraudster Bob” calls several more times to gain additional information and credibility, a change email on-file was made to a fraudulent one by a call center agent.
  • As “Fraudster Bob” gained credibility he was able to get the online bank account password reset sent to the fraudulent email address through a call center agent. “Fraudster Bob” was able to gain access to the online bank account and look at account balances.
  • Bob’s account has a new login from a location that is outside of 500 miles of his normal transaction area.
  • Bob makes a $2,500 instant transfer to a seemingly good instant transfer account.

By just looking at the transaction information in isolation, they are missing a key part of the picture. Multiple non-monetary events – calls, change of email, login attempts from a new device, and access from a new geolocation should have triggered warnings. But, without the appropriate context, the wrong decision can be too easily made.

With the appropriate combination of both internal data sources and 3rd party data sources, banks can shift their focus to earlier in the fraud lifecycle. This enables better ATO mitigation.

Download our how-to guide Becoming Preventative vs. Reactionary: Early Risk Detection for Account Takeover Mitigation to learn more about the ATO landscape and how to level up fraud detection to combat ATO growth.