Demo Request
See how ComplyAdvantage’s suite of AML solutions has empowered 1000+ leading companies to make compliance painless.
Request demoIn the US alone, it is estimated that losses related to account takeover fraud (ATO) amounted to $11bn in 2021, representing a 90 percent increase from 2020.
In our 2023 global compliance survey, 39 percent of respondents said the type of fraud they were most concerned about was credit/debit card fraud, closely followed by identity theft (36 percent) – both of which have a close proximity to ATO.
As fraud and scams continue to evolve, it is critical for compliance teams to enhance their knowledge of specific fraud types so mitigation efforts are targeted and effective.
Account takeover fraud (ATO) occurs when a criminal takes control of a victim’s online account to steal funds or sensitive information. This can happen when a customer’s login details – such as username and password – are used without permission to access their bank account, credit card, mobile phone account, or eCommerce account. The cybercriminals then make fraudulent transactions from the customer’s account, using sophisticated techniques to remain undetected and avoid raising suspicions from the victim or their bank.
Commonly, customers’ credentials are stolen or bought on the dark web in order to commit ATO. This cybercrime has become even easier following several high-profile data breaches affecting large corporations. Once the credentials have been stolen, the criminals either financially defraud the victim or sell their details to a third party. For example, a cybercriminal may pay over $1,000 for the credentials to illegally access a PayPal account.
While account takeover fraud and identity theft are similar, the concepts are not interchangeable. With ATO, a victim’s credentials (username and/or password) are stolen for financial gain. With identity fraud, cybercriminals typically have access to some of the customer’s details, but not their login credentials.
The two fraud types, however, do have a strong connection. Aite Novarica found that 64 percent of US consumers who experienced identity theft in 2021 also experienced account takeover fraud.
Common ATO methods include:
With global e-commerce sales set to reach $8.1 trillion by 2026, it has never been more important to get ahead of criminal trends, technology, and behaviors.
Compliance and fraud professionals in financial institutions should be aware of red flags related to this practice and trained in how to spot and report illegal activity. Fraud and anti-money laundering (AML) teams should work together to share information in order to provide a high level of ATO protection. A fraud and AML (FRAML) approach can aid early detection, improve efficiencies and help professionals stay ahead of new typologies.
Examples of account takeover red flags include:
While no single red flag will reveal if an account has been compromised, firms should consider each transaction’s relevant facts and circumstances in line with a risk-based approach to compliance.
There are a number of methods financial organizations use for account takeover protection. For example, many firms typically:
ATO methods are constantly being devised and adapted by cybercriminals. Firms can use fraud detection technology to look for patterns and identify risks in real-time. Customer screening and transaction monitoring solutions that utilize artificial intelligence can compare a customer’s typical behavior with current behavior to identify and block suspicious activity. In the future, biometrics may also be key to account takeover fraud protection.
See how ComplyAdvantage’s suite of AML solutions has empowered 1000+ leading companies to make compliance painless.
Request demoOriginally published 21 March 2023, updated 22 March 2023
Disclaimer: This is for general information only. The information presented does not constitute legal advice. ComplyAdvantage accepts no responsibility for any information contained herein and disclaims and excludes any liability in respect of the contents or for action taken based on this information.
Copyright © 2023 IVXS UK Limited (trading as ComplyAdvantage).