LibraryblogAccount takeover fraud recovery

Account takeover fraud recovery

Account takeover fraud carries a number of financial and reputational risks. For this reason, estimates suggest that around two thirds of businesses classify ATO as a top business threat. This is particularly the case because research has shown that the number of ATO attacks is on the rise, with fraudsters becoming increasingly sophisticated and difficult to spot.

Header image
August 9, 2022
Fraud Prevention

Don't miss the chance to explore the latest trends and gain actionable insights essential for combating fraud and protecting your business. Download our Identity Fraud Report 2024 today!


Account takeover fraud (ATO) attacks can cause irreparable damage to a business. As well as costing huge sums in chargebacks, ATO attacks can also damage a relationship between a business and its customers. Plus, these attacks can also put great strain on IT departments and customer service teams. 

If your business notices that a customer account has been compromised, it must deploy account takeover fraud recovery tactics in order to secure the account and return it to the customer.

In this guide, we’ll cover everything you need to know about account takeover fraud recovery, including what the recovery process involves, the cost of account takeover fraud, and how your business can recover from an attack.

What does account recovery include?

If you discover that a customer’s account has been compromised, you must freeze the account immediately. By taking this step, you can make sure that the fraudster cannot carry out any other malicious actions. This means they’ll be unable to make any further unauthorized payments or change a password.

Once the account has been successfully frozen, you should then check to see whether the fraudster changed the password linked to the account. If so, you should force a password reset with a new, temporary, and unique password. Once the password has been changed and the account is fully secure, you can mark the account as reclaimed.

At this stage, you must also inform the original user that their account has been compromised and that they need to reset their password. In doing so, you should keep in mind that the user will likely blame your company for what they perceive as a lack of security (even if it was their own security failings that caused the account to become compromised). Due to this, you should make sure that you have a solid communication process in place. This process should endeavor to reassure the affected customer that their account has now been secured again. You should also ensure your communications are empathetic and transparent.  

Sadly, the widespread nature of ATO means that hundreds or even thousands of accounts can be impacted in a single attack. Due to this, if you discover that one account has been compromised, you should check all of your other accounts to ensure they’re still secure.

Restore accounts rather than closing them

When recovering customer accounts, you should also remember that customers usually want to keep their current account rather than starting a new one. If you simply close the customer’s compromised account, the customer will lose all their previous order information, favorites, or loyalty points.

On top of this, if you close a customer’s account and ask them to open a new one, you’re at risk of losing a loyal customer to a competitor that offers sign-up discounts and bonuses.

Due to this, you should always opt to reclaim an account rather than closing an account entirely and starting a new one.

What’s the cost of an account takeover?

Account takeover fraud carries a number of financial and reputational risks. For this reason, estimates suggest that around two thirds of businesses classify ATO as a top business threat. This is particularly the case because research has shown that the number of ATO attacks is on the rise and the techniques employed by fraudsters are becoming increasingly sophisticated and difficult to spot.

The cost of every account takeover is estimated to be around $12,000. However, the consequences of ATO attacks aren’t just financial and they can affect almost every department in a business. This is because consequences of a security breach include:  

  • Hacks and security issues put a strain on your IT team
  • Your customer support team will be overwhelmed by customers who are trying to reclaim their accounts. This can also lead to further customer frustrations, as these individuals aren’t receiving replies in a timely manner
  • The finance department must fight chargebacks
  • Users will close their accounts and move to competitors as they’ve lost faith in your ability to safeguard their personal information
  • The reputation of your business can plummet

How can you recover from an account takeover attack?

The first step in recovering from an account takeover attack is securing all affected customer accounts. This way, you can prevent the fraudsters from causing any further damage.

Following this, you must reclaim the accounts and return them to the affected customers. As we mentioned earlier, at this stage of the process, you must also communicate directly with the customer to explain what has happened. They should then be invited to change their password and confirm all associated credentials.

Once all accounts have been secured and returned to their rightful owners, your business must then conduct a thorough review that outlines how the ATOs occurred and how effectively your business responded. During this part of the process, you must stay in regular contact with affected customers and ensure they’re aware of the steps you’re taking. This part of the process is crucial for rebuilding trust.

Finally, once you’ve conducted an account takeover recovery fraud review, you should analyze how you can prevent such an attack from happening again. Popular solutions include improving security measures, explaining to customers how they can protect their data, and enlisting the help of a fraud detection system.

How Veriff helps with recovery from ATO fraud

Stopping ATO fraud means both preventing it from happening and detecting suspicious activity so that you can intervene before a criminal takes hold of an account.

With the help of our solutions, you can manage user access and keep your business safe without damaging customer retention. You can also ensure that you know your customers are exactly who they say they are.

When it comes to customer onboarding, our identity verification platform and AML and KYC solution both ensure that you’re always on the right side of regulators. This is because, as well as making the remote onboarding process simple for customers, these solutions also ensure that you know your customers and comply with anti-money laundering regulations.

Once your customer has created their account, you can secure it with the help of our biometric authentication solution. This solution uses powerful automation to verify customers and ensures your business is no longer reliant on passwords and one-time passcodes, which can be intercepted by fraudsters.

Instead, it confirms that a returning user is exactly who they’re claiming to be with the use of a selfie, which is compared to a previously verified face and identity. It is checked for liveness and realness. The solution provides an authentication decision in only one second, is 99.99% accurate, and authenticates 99% of users on their first try.

By replacing passwords with biometric authentication processes, you can stop hackers from stealing customer information and ensure that even if a customer’s information is stolen, a fraudster cannot access their account.

Speak with the fraud prevention experts at Veriff

To discover more about how our fraud prevention solutions can help your business, speak with the fraud prevention experts at Veriff today.

We’d love to provide you with a personalized demo that shows you exactly how our solutions can help you secure customer accounts.

Download report now

Get all the latest global identity fraud data and insights you need to keep your business safe