What is Account Takeover Fraud?
Account takeover fraud (ATO) is a form of identity theft where fraudsters overtake an online account and pose as real users. Typical means for ATO include compromised credentials, session-hijacking, social engineering, and device takeover.
For example, ecommerce sites are common targets for ATO fraudsters for a variety of reasons, including the fact that quite a lot of sensitive and financial data are stored there, and yet individual users may be less vigilant with their security than in some other verticals. Once bad actors gain access to an ecommerce account, they can make purchases with the card on file, but they can also view sensitive personal data such as credit card numbers, home addresses, phone numbers, and email addresses. Not only does this example show how an ecommerce platform can be damaged by ATO, but it also highlights how ATO is used for identity theft. Similarly, a bad actor may seek access to an online banking portal in order to transfer funds or to harvest enough PII to use elsewhere – for example, at another financial institution to apply for a loan under a stolen identity.
ATO is a problem in most industries that do business online. The following industries are especially common targets for ATO:
Online retail & ecommerce
Video streaming & entertainment
Common ATO Red Flags
Odd Login Behavior: Logins from new devices, new locations, new times, or anything outside of previous common behavior is considered a red flag.
Large Number of Failed Login Attempts: When multiple login attempts occur in a short period of time, this may indicate a brute force attack, which involves repetitive attempts to “guess” a password based on minimal pieces of PII.
Login Spikes: Bots are commonly used to flood the system, similar to a brute force attack.
Account Detail Changes: If there are changes to an account’s preferred email, phone number, or security/account recovery details, especially all at once, this can indicate an ATO.
- Suspicious Activity: High volumes of chargebacks or purchases from new locations should be considered suspicious.