a good thing!
As customers move from traditional banks and financial services firms to online-only options, the digital transformation is causing challenges for some firms. According to research by Security.org, one third of login attempts for financial services and financial technology companies were suspected account takeover attempts. The average value of financial losses from account takeovers of financial accounts was around $12,000.
Account takeover fraud often begins with compromised credentials that have been stolen, found on the dark web, or obtained through phishing attacks that trick users into giving their login information to fraudsters. Because customers reuse and share their passwords, the risk of account takeover fraud grows exponentially.
Account takeover fraud is completed through a series of steps, typically starting with the use of compromised credentials. The fraudster begins by making small changes to an account, often changing the password so the legitimate account owner can no longer access their own account. The fraudster then moves on to financial transactions, including money transfers, until the fraud is detected or the customer's account is drained. The customer may have to spend months or even years undoing the damage done by fraudsters.
The more personally identifiable information (PII) the fraudster gathers from the victim's account, the easier it is to take over additional accounts, including accounts connected to partners of the institution. Fraudsters can also use the PII to create new fraudulent accounts using the victim's information.
The impact on account takeover fraud for institutions is extensive, including:
Multi-factor authentication (MFA) and two-factor authentication (2FA) provide banks and other financial institutions with an added layer of security to prevent fraudsters from using compromised credentials to access customer accounts. Some financial institutions even provide pages that explain the importance of these security measures on their websites.
MFA and 2FA require users to provide proof of their identity from more than one authentication category:
Fraudsters rarely possess multiple types of authentication, so access to accounts is denied.
Multi-factor authentication is part of a scalable customer identity and access management (CIAM) solution for financial institutions that also includes registration, self-service account management, consent and preference management, single sign-on (SSO), access control, directory services and data access governance tools. CIAM solutions ensure a secure, frictionless customer experience from any device at any time.
Watch this short video to see how seamless the process is for customers.
Because financial institutions are regulated, mitigating fraud risk goes beyond corporate and customer losses. Regulations dictate that solutions that need to be in place to protect customer data and allow customers to control how their information is shared. Open banking standards and Payment Services Directive 2 (PSD2), Payment Card Industry Data Security Standard (PCI DSS) and other regulations ensure that customer information is protected and stored in a secure environment. Customer identity and access (CIAM) solutions for financial institutions help ensure regulatory compliance.
While prevention is the ultimate goal, modern online fraud detection tools have been developed to identify abnormal user behavior should fraudsters gain access to accounts. ATO fraud can be conducted using manual and/or automated methods, with fraudulent activity by bots being easier to detect than activity involving humans.
Fraud detection tools use artificial intelligence (AI) to dissect hundreds of user data points from human-to-device interactions, device attributes and account activities to differentiate between legitimate users and fraudsters. Because automated and fraudster behavior do not follow the same pattern as legitimate user activity, behavioral and context-based analysis identify the discrepancies. Fraud detection tools activated when a session begins can recognize this abnormal activity during the session and stop fraud before it occurs.
Watch this short video to see how online fraud detection tools and MFA work together to prevent fraud.
To learn more about online fraud, please read Everything You Need to Know about Online Fraud.