As we discussed in our last post, account takeover (ATO) attacks can take on a life of their own. If a fraudster is successful in gaining access to an online bank or merchant account that does not belong to them they can commit even more fraud using the targeted consumer’s data and personally identifiable information (PII). Fraudsters can build synthetic identities to open new bank accounts at different financial institutions or request new credit cards in the account holder’s name.

Decoding the DNA of an ATO attack is the first step in fighting back. Banks can either react to or prevent an ATO attack. If they are reacting, then the fraudster’s ATO attack has been successful, and the fallout can take a significant toll on a financial institution’s reputation and undermine consumer trust in the organization. And let’s not forget about the considerable financial stress that bank customers could endure as they attempt to sort through the fraud-related damage to their accounts and credit history. Here’s what banks can do to prevent future attacks armed with this understanding of ATO DNA.

Tip 1. Know Your Legitimate Customers’ DNA Profile

Prevention is a much more effective strategy when it comes to ATOs. Understanding the DNA of an ATO attack should be a central component of a bank’s fraud detection strategy. The second is to decode the financial DNA of their legitimate customers. This means developing a profile of their customers and their normal behaviors.

Building a DNA profile of legitimate customers relies on banks and businesses drawing on several different customer-generated data points to get a holistic view of normal behavior. These data points can include what time of day a customer usually logs into their account, the mobile devices they typically use, how much time they spend on a site or online platform, and how they typically transact. For example, a high number of failed login attempts could indicate that the customer’s account is experiencing a brute force attack. That’s why fraud prevention should begin at the moment of login to stop any potential ATOs and future fraud attempts.

This knowledge of typical customers’ behaviors can help banks determine if an ATO attempt is underway if the customer’s account suddenly starts to behave differently. Using unfamiliar mobile devices, an unusually high rate of failed login attempts, changes to default language settings, or login attempts from new geographical locations can alert banks that the account is experiencing some unusual activity and could be at risk of an ATO. Knowing when usual events are occurring is the first step in preventing them.

Tip 2. Educate your customers

Teaching customers about how ATO attacks succeed can be an important step in preventing future attacks. Fraudsters need access to legitimate customers’ personally identifiable information to commit ATO attacks. Banks and businesses should raise awareness about fraud tactics like phishing attempts like fake websites and SMS scams that trick customers into revealing their personal details.

Tip 3. Promote good digital hygiene

Teaching customers about how their everyday online habits can reveal personal information can also go a long way toward ATO prevention. Banks can warn customers that some mobile gaming apps that they download can carry risks for their privacy, especially if they carry some type of malware. Fraudsters can also use customers’ social media profiles to build fake profiles and attempt to pass themselves off as legitimate users.

Tip 4. Invest in layered security

Banks can thwart ATO attempts if they have effective safeguards in place. This can include two-factor authentication and biometrics measures to access bank accounts or authorize specific types of transactions. The more security layers of security, the harder it gets for fraudsters to succeed in their account takeover efforts.

Key Takeaways

Account takeovers are one of the most persistent types of fraud because they enable even more fraud. If left unchecked, ATO can take on a life of its own. Stopping this fraud in its tracks begins with decoding its DNA and building an understanding of a legitimate bank customer’s financial DNA.

Download the report Leveraging the Digital Banking Shift to learn how the pandemic has changed consumers’ traditional banking practices and how to build trust with digital banking newcomers.