29 December 2023
7 min read
As we explained previously, account takeover fraud happens when fraudsters gain access to the online accounts of other people. This can cause a number of consequences, such as:
Fraud prevention leaders need to invest in fraud detection at the earliest stages. For the most effective ATO prevention, however, this means implementing measures at various steps along the path, both before and after the fraudster logs in.
Another key issue such security managers face is implementing solutions that don't disrupt the customer experience or otherwise get in the way of business. This is why companies don't simply add more layers of authentication, for example. As the process becomes too complicated, there is a risk of losing legitimate customers.
To begin with, we will explore the most immediate defenses, such as setting rate limits on login attempts and implementing multi-factor authentication. Then we’ll move on to the more advanced means to prevent account takeovers, using historical data and real-time alerts to react before damage is done to the victim's accounts.
It's important to note that all of these options should be considered. Leaving your business exposed in any one area will create an opportunity for account takeover that fraudsters will exploit to gain unauthorized access. Fraudsters only need one avenue to compromise accounts.
Brute force attacks work by attempting to log in over and over until access is granted. Credential stuffing attacks, which use known email and password combinations from other accounts, also follow a similar pattern.
The best way to combat this pre-account takeover stage is to limit the amount of times that users can attempt to log in. Following a certain number of unsuccessful login attempts, users will be required to either wait for a while or use multi-factor authentication to prove their identity.
On another note, this is also the same reason that CAPTCHAs and other 'robot beating' solutions are implemented. Brute force and other en masse strategies implement bots by sheer necessity of scale, so many companies turn to solutions that require a human touch.
Multi-factor authentication comes in many forms, and can often be used both during log in and during the payment process. Examples can include:
It's worth noting that this also comes at the cost of customer friction. If poorly implemented, multi-factor authentication can disrupt the customer experience. As such, it's often better to implement this in a scaling fashion, automatically applying it when the risk level of an individual session is higher. For that, you'll need to set up alerts and a means of monitoring user behavior.
This approach involves checking the device and browser against the last known used devices. If the new login comes from an unrecognized device, this can be flagged and acted on appropriately. It's important to note here that it's possible users have a new device, so it's worth implementing additional measures rather than outright blocking the user.
This can also be combined with other indicators of unusual behavior:
But these indicators can be spoofed by fraudsters that use tools such as VPNs, proxies, TOR networks or Remote Access Tools. For this reason, digital fingerprinting, as part of a fraud prevention system, should be powerful enough to detect data that is not made available by the user.
Digital fingerprinting helps to greatly improve the reliability of your risk assessments. Unknown devices, for example, may simply represent a user buying a new phone, but combined with a distinctly different IP address and other differences, can represent a compromised account.
At the most advanced level, we can detect account takeovers by comparing them to the historical data of the known user. Behavioral biometrics is a wide field ranging across digital and physical environments but, as far as preventing account takeover fraud goes, it works by checking a range of factors, such as:
In these areas, a smart anomaly detection system can find micro differences that can expose a potential fraudster. This also goes very well with digital fingerprinting and, together, these represent a range of digital signals that can alert your automated defenses. Of course, they both also require historical data, so they are at their most effective in protecting existing users who have multiple recorded sessions.
ATO is a type of fraud that can cause a snowball effect if not stopped in its tracks. For this reason, businesses need to employ methods that detect it in real time with the highest precision. Yet this real-time detection is not easy to achieve.
Many fraud prevention companies depend on outdated information sources for their fraud intelligence. For instance, while we're able to detect when fraudsters use shady VPNs and proxies to hide or alter their tracks - thanks to our ability to analyze in-depth behavior and network data - other providers rely on lists of VPN and proxy servers that quickly become outdated as new devices join the network. As a result, their fraud prevention systems may not be up-to-date, allowing fraudsters to get away with fraud.
Nethone's AI-powered fraud prevention solutions use a range of risk signals and customizable risk levels. Our solution implements both digital fingerprinting and behavioral biometrics, as well as other continual monitoring solutions, into the background of user sessions. Doing so helps better determine ATO attacks from a legitimate account owner through small behavioral details that fraudsters can't replicate.
Our knowledge is powered not only via modern risk detection trends, but also knowledge gained directly from the darkweb, where fraudsters regularly discuss data breaches, new attack vectors, and means to gain access to accounts. This knowledge is then used to improve our solutions, further helping your business stay safe from account takeover attacks.