A Guide to Account Takeover (ATO) Fraud Prevention & Detection

Account takeover fraud (ATO) cost US adults approximately $23 billion in 2023, a 13% increase from the previous year. Experts expect global losses from fraud to reach $5 trillion, including losses from ATO-related identity theft. 

This crime has been steadily increasing in recent years, with as many as 20 million US adults impacted. Recent data shows that bank accounts saw the most significant surge in ATO activity from 2021 to 2023 with a 10% rise. This is a higher rate than email accounts or eCommerce sites.

Read on to learn about account takeover fraud. Discover how this fraud works and get essential tips to protect your customers. 

Key Takeaways

• Account Takeover Fraud cost US adults roughly $23 billion in 2023.
• Global fraud losses are expected to reach $5 trillion.
• ATO occurs when fraudsters illegitimately access accounts using compromised credentials.
• Common methods of ATO attacks include credential stuffing, malware, SIM swapping, and more.
• Several avenues for preventing ATO attempts are available, including behavioral biometrics, malware detection, and device fingerprinting.
• Machine learning is a key tool for stopping account takeover fraud by detecting, analyzing, and learning how these attacks work.

What is Account Takeover Fraud?

Account takeover fraud is a type of cybercrime where unauthorized individuals access and control someone else’s online accounts. Their typical intention is to steal funds or personal information. ATO fraud can affect businesses and individuals alike, leading to financial loss and reputational damage.

The Association of Certified Financial Examiners ranked ATO fraud as the second-highest type of fraud in 2024. It is only behind pig butchering and tied with new account fraud.

Anatomy of an Account Takeover: Access, Alteration, and Abuse

Account takeover can be completed in three key steps. 

1. Fraudster Gains Unauthorized Access to Legitimate Accounts

ATO attacks are often the result of other fraudulent activities, including phishing, malware, social engineering, or data breaches. These tactics can leave user credentials and personally identifiable information (PII) vulnerable to compromise by bad actors. Once they access this information or gain important information by reviewing their target’s social media profile, they can unlawfully gain access to bank accounts. 

2. Makes Small, Often Unnoticed Changes 

Once they have access to the account, fraudsters start by making small and non-monetary actions on the account. They might update or alter PII information. Or they might add a new user, change the account password, or request a new payment card. 

Because these activities are non-monetary and considered regular activity, they are harder to detect.

3. Take Control of Breached Account

If the fraudster changes the account details, they can use the account to make purchases or transfers. They may also find reward points that they can use to buy goods.

Fraudsters can also get more personal information from the account. This includes past addresses and phone numbers. They can use this information to break into other accounts the victim has.   

Types of Account Takeover Fraud

ATO attacks utilize a wide range of methods. The most common ATO methods include:

1. Credential Stuffing 

Fraudsters can obtain large volumes of sensitive information—including usernames and passwords—from data breaches or purchase them on the dark web. Armed with this data, fraudsters can automate login attempts on multiple websites at scale. This type of attack is highly effective because passwords are so commonly re-purposed across numerous websites and accounts.

2. SIM Swapping

Fraudsters use SIM swapping to transfer a victim’s phone number to a new SIM card. By examining a person’s social media accounts, the fraudster gains personal details about their target. Next, they contact that person’s mobile carrier and switch the phone number to a new device under false pretenses. With a victim’s phone number now active on a device they can control, the fraudsters can bypass standard security measures like two-factor authentication (2FA) and get essential codes meant for the legitimate account holder.

3. Phishing Attacks

Fraudsters use phishing methods (including fake emails, text messages, or voicemails) to track users into revealing sensitive information or installing malware programs. Emails or text messages often contain malicious links to fake login pages that deceive victims into filling out their information.

4. Malware 

Cybercriminals can launch malware attacks targeting users’ devices. If a victim unwittingly installs malware from suspicious software or dodgy gaming apps, criminals can use programs like keyloggers to track keystrokes that reveal login information and typing patterns. Using this information, fraudsters can determine login credentials and log in to different accounts that the victim controls.

5. Man-in-the-Middle Attacks

Man-in-the-middle attacks are a devious form of digital eavesdropping. Fraudsters intercept and manipulate the communication between two unsuspecting parties. These cybercriminals masquerade as trusted entities in the conversation, fooling their targets into believing they are engaging with legitimate counterparts.

What Organizations are Impacted by Account Takeover Attacks?

Signs to Detect Account Takeover Fraud

Successful account takeovers can drain funds, damage credit, and erode customer trust. By monitoring these warning signs, banks can better protect their customers.

1. Sudden Account Changes or Activities: A spike in large-value transactions or withdrawals, rapid changes in passwords, addresses, emails, phone numbers, or payment beneficiaries is a red flag that an account has been compromised. 
2. Numerous Unsuccessful Login Attempts: A series of blocked logins indicates that a fraudster may be attempting to breach an account. Financial institutions should be especially mindful if the login attempts happen during an unusual time of day for the user or from an unfamiliar geographic location.
3. Unrecognized Devices: Login attempts from unfamiliar or unregistered are a red flag that a user’s credentials have been compromised.

How to Prevent Against Account Takeover Fraud

Now that we’ve covered how ATO fraud is perpetrated and the devastation it creates, let’s fight back! Here are some of the most effective ATO fraud prevention techniques.

Multi-factor Authentication

One of the most widely used ATO fraud prevention techniques is multi-factor authentication (MFA). MFA adds extra security to the login process, requiring different types of identification to gain access. This could include something they know, such as a password, something they have, such as a security token or phone, or something they are, such as biometric data.

Risk-based Authentication (RBA)

With RBA, you don’t just check the password but also where and how logins are happening. If something feels unusual—a login from a new device or location—a simple extra verification step can make all the difference. If a login attempt is flagged as high-risk, the system requires additional authentication steps or denies access.

Real-time Monitoring

Real-time monitoring is also a critical component of ATO fraud prevention. By continuously monitoring user activity, businesses can quickly detect any suspicious behavior and take action to prevent fraudulent activity. Behavioral analytics and machine learning are powerful tools that can help identify anomalous behavior patterns and detect potential ATO fraud attempts.

Biometric Authentication

Biometric data, such as an eye scan, facial recognition, or fingerprints, is unique for each person and impossible to duplicate. By using biometric authentication, banks can accurately verify their customer’s identity. This makes it much more difficult for fraudsters to take over accounts.

Anomaly Detection with Behavioral Biometrics

Anomaly detection with behavioral biometrics is one of the most powerful techniques for detecting ATO fraud. Behavioral biometrics analyze user behavior patterns, such as typing speed, mouse movements, and other unique behavioral characteristics.

By examining these patterns, banks can pinpoint anomalies that might indicate fraudulent activity. This may include incidents like unusual login times or unfamiliar devices. Most importantly, it works silently in the background to 

Device Fingerprinting

Device fingerprinting tracks unique device characteristics, such as the IP address, screen size, and browser type. By tracking device fingerprint data, banks can detect when an unfamiliar device is being used or if a login attempt is happening from an new location. Either of these scenarios can indicate a fraudulent login attempt.

IP Geolocation

IP geolocation technology uses a device’s IP address to determine its geographic location. By monitoring IP addresses and their associated locations, banks can detect when a user logs in from a suspicious location, such as a different country or region.

Machine Learning

Machine learning is another powerful tool for detecting ATO fraud. By analyzing large quantities of data, algorithms can flag subtle changes and anomalies that might indicate fraudulent activity. Machine learning can also help identify new and emerging fraud trends, allowing banks to stay ahead of fraudsters.

Malware Detection

A strong malware detection solution can quickly identify suspicious programs or entities attempting to impersonate a legitimate account holder. The program can review malware against known threats and quickly analyze patterns for new or unfamiliar ones.

AI is at the heart of advanced ATO fraud detection technology, and its role cannot be overstated. Advanced AI algorithms allow banks to analyze massive amounts of data in real time. They can detect suspicious behavior patterns and respond quickly to prevent fraud. AI also identifies new and emerging fraud trends so banks stay ahead of the curve and protect their customers from harm.

Unleashing Machine Learning’s Power to Prevent Account Takeover Fraud

Machine learning is a game-changer in combating account takeover fraud. Let’s look at just some of the ways AI empowers fraud detection and prevention:

• Fraud Scoring: Machine learning algorithms can analyze large customer behavior datasets to identify fraudulent activity patterns. By ranking each login or transaction by risk, they help fraud managers zero in on events that warrant further scrutiny.

• Anomaly Detection: Train machine learning algorithms to spot oddities in customer accounts. If a customer suddenly logs in using a new device or location, algorithms raise a red flag. This prompts fraud managers to investigate.

• Predictive Analytics: Harness machine learning to predict which customers are vulnerable to account takeover fraud. By analyzing customer behavior patterns, machine learning algorithms identify risky individuals and suggest proactive measures to prevent fraud.

• Continuous Learning: Machine learning algorithms evolve. This allows models to adapt to new fraud patterns and boost their account takeover fraud detection and prevention prowess over time. By constantly updating their models with new data, they stay ahead of fraudsters’ tactics.

In a nutshell, machine learning elevates banks’ ability to swiftly and accurately detect and prevent account takeover fraud. By automating fraud detection and analysis, algorithms liberate fraud managers to concentrate on high-risk cases and proactive fraud prevention.

8 Must-Have Features for an Account Takeover Fraud Solution

Banks interested in a machine learning solution to detect and prevent ATO fraud should look for the following key features:

• Real-time monitoring: Choose an ATO solution that provides real-time transaction monitoring of all customer transactions and account activity. Real-time monitoring allows banks to quickly detect any suspicious behavior.
• Multi-factor authentication: Look for strong authentication measures, such as multi-factor authentication, securing account access only for authorized users.
• Behavioral analytics: The account takeover fraud solution should use behavioral analytics to track user behavior patterns. Monitoring user behavior patterns allows banks to learn their users’ genuine habits and detect anomalies that could indicate fraud.
• Machine learning and AI: Opt for a solution with machine learning and AI at its core. Machine learning constantly adapts to the fraud landscape and enhances fraud detection.
• Risk scoring: The account takeover fraud solution should provide risk scores for each transaction or account activity. The risk score is based on the likelihood of fraud.
• Seamless integration: Find a flexible solution that plays well with your bank’s existing systems and is easy to integrate and customize.
• Comprehensive reporting: Choose a solution with comprehensive reporting capabilities, empowering your bank to monitor and analyze fraud trends and patterns.
• Compliance: The account takeover fraud solution should comply with all relevant regulations and standards (e.g., the Payment Card Industry Data Security Standard (PCI DSS), General Data Protection Regulation (GDPR)).

In a nutshell, machine learning elevates banks’ ability to swiftly and accurately detect and prevent account takeover fraud. By automating fraud detection and analysis, algorithms liberate fraud managers to concentrate on high-risk cases and proactive fraud prevention.

Additional Account Takeover Resources

• Webinar: How to Stop Evolving Account Takeover Threats in North America
• Report: Feedzai Scores High in Behavioral Biometrics
• Solution Sheet: Digital Trust for Account Monitoring
• Solution: Prevent Account Takeover with Behavioral Biometrics