Most companies are aware of the threat of fraudulent account creation and take significant measures to prevent it from happening. While this is a solid strategy, it’s important to be aware of the threat of account takeover (ATO) fraud as well. Account takeover fraud can create significant financial losses along with the potential loss of good customers. Fortunately, strong onboarding processes can discourage and prevent scammers from hijacking the accounts of others.
What Is Account Takeover Fraud?
Account takeover (ATO) fraud occurs when a scammer either impersonates another person by using their financial and identity information to create a new account or, in some cases, create a “synthetic” identity using a combination of real and fake data. In an account takeover, the perpetrator finds a way to take over an account belonging to someone else. As you might imagine, the consequences of account takeover fraud can be devastating to both consumers and businesses. Consumers may find their accounts drained or high bills caused by unauthorized charges. This can require weeks, months or even years to untangle.
There is a massive cost to businesses as well. Your customers rely on you to safeguard their accounts and may well blame you for lax account security. This could end your relationship entirely with the customer, and they may discourage others from doing business with you. Even if the customer stays with your business or institution, your team will have to work with the customer to resolve the problem, return funds and restore access to the account.
How Does ATO Happen?
Scammers have multiple methods for taking over accounts. These include:
Hacking and Phishing
Some account takeovers are caused by standard hacking techniques to access login and password information. These could include purchasing data dumps online or brute force attacks in which a bot is programmed to rapidly submit passwords for accounts until one works. Another approach is phishing, in which the perpetrator sends an email to the victim stating that it is from the financial institution. The victim clicks on a link and submits their login credentials and password, not realizing that they have just provided a scammer with the information needed to take over the account.
In social engineering, the perpetrator interacts with the victim or, in some cases, a business or financial institution to gain control over an account. An example of victim interaction would be contacting the victim and pretending to be a friend or loved one in distress and in need of funds. The scammer persuades the victim to turn over account details, which are then used to take over the account. Another form of social engineering is using bits of personal information to convince a customer service or account representative to change the information on an account, thus facilitating a takeover.
Using a Device
Account takeovers can sometimes happen if the perpetrator gains access to a device or devices owned by the victim. The perpetrator accesses accounts through the device and changes the account information. If two-factor authorization is in place, the perpetrator often has access to the code because they already have control over the device to which the code is sent via text message or email. While these cases may be the result of the theft of a device, the perpetrator may simply be a friend, family member or roommate of the victim who has ready access to the victim’s phone, tablet or computer.
Identity thieves take on the identities of their victims, opening new accounts in their names and, in some cases, taking over existing accounts. Identity theft can happen when the perpetrator gets access to sensitive personally identifiable information (PII), such as a Social Security number, which can be used to open accounts or socially engineer an account transfer. These scammers may also take on the identity of a person who is elderly, disabled or even deceased. They might, for example, intercept mail containing account statements and use the information on the statements to make changes to the account, effectively taking it over.
Struggling With ATO? Secure Onboarding Is the Solution
In addition to preventing the creation of fraudulent accounts, secure customer onboarding can also help prevent account takeovers. Information collected during online onboarding can be a part of an overall profile of your customers that allows you to better identify unusual behavior to detect and stop the perpetrators in their tracks. It also prevents perpetrators from signing up for new accounts that could be used in social engineering attempts by using various identity verification methods. Finally, onboarding can also help your customers regain control over their accounts should an account takeover actually happen.
Interested in creating a simple and effective onboarding process that can bring in new customers while preventing ATO in the first place? Instnt’s solution is secure, quick and effective, reducing the need for manual review while also providing you with a fraud loss indemnification security guarantee for your peace of mind. Get started today with a free demo!