LibraryblogHow to prevent account takeover fraud

How to prevent account takeover fraud

The account takeover fraud process begins when a hacker or fraudster steals a customer’s personally identifiable information, such as their social security number, address, and phone number. Using this information, the fraudster can then gain access to a person’s online account.

Header image
August 9, 2022
Blog Post
Fraud Prevention

Account takeover fraud (ATO) is one of the most common forms of identity theft. When executed effectively, the process can be incredibly damaging. As well as leading to financial losses, ATO can also cause reputational damage and can irreparably damage the relationship between a business and a customer.

Sadly, even though account takeover fraud is incredibly common, it is also very difficult to detect. That said, there are processes a business can put in place to stop accounts becoming compromised.

In this guide, we’ll cover everything you need to know about how to prevent account takeover fraud, including how to detect attacks.

How to detect account takeover attacks

The best way of detecting account takeover fraud is to spot any suspicious signs as early as possible. Due to this, ongoing monitoring is suggested as an ATO solution.

With the help of a fraud detection system, you can gain complete visibility into the activity of any user. The most effective defense systems will check all activities on a customer’s account. This way, the system can take action before a fraudster is able to access money.

For example, in banking, a fraud detection system will ensure that a criminal has to provide an alternate form of authentication (such as a biometric scan) before they’re allowed to create a new payee or transfer money.

When every customer action is monitored, you gain the ability to isolate patterns of behavior that could indicate fraud. Plus, a piece of software such as this can also help you detect immediate risks to an account. For example, if your system shows that your customer is trying to access their account from two different locations simultaneously, it can block any transactions until the customer has passed an additional verification check.

What happens during an account takeover?

The account takeover fraud process begins when a hacker or fraudster steals a customer’s personally identifiable information, such as their social security number, address, and phone number. Using this information, the fraudster can then gain access to a person’s online account.

Once a fraudster has gained access to the account, they will then usually make a series of non-monetary changes to the account. For example, they may change the delivery address associated with the account and then order a new card. They may also add a new authorized user or change the password so the original user can no longer access the account.

During this stage of the process, many criminals will also take the extra step of changing the customer’s account preferences. This way, they can ensure that the current customer does not receive any communications about the changes they’re making.

Once they’ve carried out these actions, the hacker has control of the account. Now, the criminal can use the account for a number of different purposes. Depending on the type of account they control, they may:

  • Order a new credit or debit card and then use it to make purchases
  • Redeem account credits and loyalty points
  • Pay a fraudulent company
  • Open a new bank account
  • Place orders for goods or services
  • Redirect any benefits
  • Use the information they obtain to access other accounts
  • Sell the customer information on the dark web

How does an account takeover happen?

In order to fully understand how to prevent account takeover fraud, you also need to understand how criminals target users and websites.

Sadly, criminals who wish to access user accounts have a variety of methods for doing so. Some of the most common methods employed by criminals include:

Purchasing stolen credentials

One of the most effective ways for a hacker to access an account is to purchase stolen credentials on the dark web. These credentials become available for sale when a data breach occurs.

Unfortunately, the methods criminals employ are becoming increasingly sophisticated. This means they’ve become adept at finding security weaknesses. Due to this, the Identity Theft Resource Center now estimates that just over 285 million individuals were impacted by publicly reported data breaches in 2021 alone.

Credential stuffing attacks

In this scenario, a criminal will find information in a large data dump. They will then try to use a range of combinations of passwords and email addresses to access an account.  

Phishing scams

With these scams, customers unwittingly provide the scammer with the information they need to hijack the account. In this scenario, a criminal will send a text or an email to a customer and ask them to log into a clone of a known website (such as their bank’s website). From here, the criminal will redirect the user to a page where a keylogger will capture their password and personal details.

Bot attacks

When administering a bot attack, a hacker will deploy a number of bots that will perform a rapid, high-volume brute force attack on the website. Sophisticated bad bots can take over a significant number of accounts before they are identified and can rotate between thousands of IP addresses.

Social engineering attacks

As part of a social engineering attack, a fraudster will contact a person in an attempt to extract login information from them. In doing so, they will usually pretend to be an authorized individual (such as someone who works for a bank) who needs to authorize the information connected to their account.

During a social engineering attack, a criminal will also research open databases, social media sites, and other platforms. They do this to look for scattered information such as the user’s name, phone number, or the names of family members. The attacker will then use this information when attempting to guess the victim’s password.

Man in the middle attack (MitM)

During a MitM attack, a fraudster will intercept data between a website and its end user. The tactic uses techniques such as SSL stripping or Evil Twin attacks that mirror Wi-Fi access points to capture data.

SIM swapping

SIM swapping attacks (also known as SIM jacking attacks) occur when a fraudster contacts a telecoms operator and manages to successfully take control of a mobile phone number.

Today, many accounts are controlled by two-factor authentication. This means that by gaining control of a mobile phone number, a hacker is also able to gain access to a range of other accounts and services.


XSS stands for cross-site scripting. It allows criminals to target a website by executing malicious scripts in a victim’s browser. This is often carried out with the goal of setting up a new password.

How Veriff helps prevent account takeover fraud

Here at Veriff, we offer a range of class-leading solutions that can help your business stay compliant with legislation, prevent identity fraud, and safeguard user accounts.

With our solutions, you can ensure that your customers are exactly who they’re claiming to be. With the help of our identity verification platform and our AML and KYC solution, you can have complete confidence in a customer’s identity before you grant them access to your service. Plus, you can act with certainty knowing that you’re fulfilling AML and KYC obligations.

If you’re looking to prevent account takeover fraud, then our biometric authentication solution can help you secure accounts. It allows you to take a step beyond passwords and one-time passcodes that can be intercepted by fraudsters. Instead, it uses biometric authentication to confirm that a returning user is exactly who they’re claiming to be.

Using just a selfie, it can authenticate any user’s identity in just one second. The solution is entirely automated and offers 99.99% accuracy. It also authenticates 99% of users on their first try.

The platform works by:

  1. Asking the user for a quick selfie
  2. Comparing the selfie to a previously verified face and identity (it’s also checked for liveness and realness)
  3. The solution sends the user back to your platform and provides you with an authentication decision in around a second

Due to this, you can help users access your products and services safely while also maintaining high levels of security that will protect your users and brand.

Speak with the fraud prevention experts at Veriff

Interested in discovering more about how to prevent account takeover fraud? Speak to our fraud prevention experts today.

Simply provide us with some basic information about your business and we can offer you a personalized demonstration that will show you exactly how our fraud prevention solutions can help you safeguard customer accounts.