Understanding Account Takeover Fraud


Learn How Account Takeover Fraud is Impacting Both Consumers and Merchants

Recent changes to payment industry technology have added a new layer of protection for consumers concerned about credit card fraud. Adopting the new EMV standards has alleviated many consumer and merchant fears of stolen credit cards and unauthorised transactions.

However, restricting one avenue to ill-gotten gains forces criminals to explore other options.

Account Takeover Basics

In an account takeover scheme, criminals target accounts of unwitting consumers by using stolen information to gain access. Once a criminal has acquired a piece of information used in the validation process, he is often able to gain access to the account and use the access to his advantage.

For example, accessing an online bank account means the criminal could change the billing address, reroute statements, and then make undetected purchases. Or, accessing a social media account and then changing the login credentials blocks the owner from accessing it.

Basically, once a criminal has access to an account, that account can be manipulated in several different ways to best suit the criminal.

How the Scheme Works

Criminals who discover a piece of identifiable information about a cardholder can capitalise on that information.

Unlike credit card fraud which is often quickly discovered, account takeover fraud allows the criminal to change the user’s information, reroute communication to prevent suspicion, and delay discovery. In this manner, criminals are able to perpetrate their fraudulent activity longer, giving them a much higher payoff.

The Danger of Account Takeover

Unfortunately, many consumers reuse passwords for multiple accounts. Consumers who repeat passwords across bank accounts, credit cards, loyalty cards, and more are setting themselves up for a potential disaster.

Fraudsters who crack the password have gained access to all of their victim’s accounts and can easily empty bank accounts, take advantage of credit cards, and wreak havoc on an individual’s finances.

Prevention Methods

Merchants are particularly vulnerable to risks associated with account takeover fraud. Consumers who discover unauthorised charges on their account file chargebacks, resulting in the loss of the sale for the merchant, along with additional fees.

To prevent potential fraud activity, merchants can establish safeguards within their transaction process.

  • Require the use of the card security code. Asking for the 3 digit verification code ensures that the individual has access to the card.
  • Use Address Verification Service to confirm a match between the address on file with the card and the address being used in the order.
  • Use third party services. The number of threats a merchant faces has grown, and it is nearly impossible for a merchant to prevent all fraud. Using the services of an outside fraud prevention service allows the merchant to focus on their business. A fraud prevention service stays current on the latest fraud techniques being used, as well as the best practice methods of prevention.

Consumers also have an important role in the prevention of fraud.

  • Use passwords that are difficult to guess. Combination passwords that include letters, numbers and symbols are more effective than common words and numbers.
  • Use different passwords for each account. If a criminal is able to crack one password, they will not have access to your other accounts.
  • Change your password frequently.
  • Check account statements and balances regularly.

There is no guaranteed method of preventing account takeover fraud. However, reducing opportunities for criminals to gain access to account information can help lessen the potential for theft.