Digital accounts tend to age like fine wines. The older the account, the more value it has.
This is most obvious in gaming, where people sometimes sell off their accounts for thousands of dollars. It’s a breach of most games’ terms of service, but it’s a quick way to level up your own gaming experience if you can afford to do so.
The same goes for banking. Older customer accounts are prime targets for money launderers because activity from those accounts is less likely to generate alerts in legacy anti-money laundering (AML) systems.
Account takeover is a much bigger problem than it may appear. In 2021 losses in the United States caused by account takeover fraud amounted to more than $11 billion.
Fraudsters aren’t simply breaking into customer accounts to siphon out the money, though that certainly is normally the main objective. Customer accounts are rich in data and opportunities, too. As fraudsters become more and more sophisticated in their operations, account takeover fraud becomes a more complex problem for financial institutions.
In this article, we will explore the holistic challenges that account takeover fraud presents, and the tools and strategies banks have at their disposal to fight back.
What is account takeover?
Account takeover is when a cybercriminal gets unauthorized access to a legitimate account for their own gain. When the criminal takes over a banking account, it’s often to steal money, launder illicit funds, and/or steal personal data for further fraudulent activity.
Identity theft vs. account takeover: What’s the difference?
Identity theft happens when someone steals a person’s data to pose as that individual. The identity thief might be trying to run a phishing scam on all of your contacts or might be trying to take out a credit card in your name.
Account takeover is a specific type of identity theft. It’s when the thief employs one of many tactics to steal your data to gain access to an account in your name. It could be a social media account. It could be a gaming profile. It could be a banking account.
Identity theft is an important aspect of this conversation because personal data that gets stolen and leaked is often what allows a criminal to take over an account.
Causes of account takeover
Account takeovers are particularly awful for account holders because the fraudster can access personal information, change settings (like email or telephone details) and logins, then lock out the rightful account holder.
There are many ways for cybercriminals to get access to someone’s account or login details. Some of the most common pathways to account takeover fraud include:
- Phishing and social engineering. This is when a fraudster impersonates a trusted party, such as a bank website, bank representative or any other role that can gain the customer trust. When their ruse is believable, an unsuspecting victim might hand over login information that the fraudster can then use to take over that person’s banking account.
- Credential stuffing. Personal data gets leaked, aggregated, and sold on the dark web all the time. When a fraudster has this data, they can use it to try logging into different platforms to see whether any login/password combination is successful. Usually, this process is automated via botnets and done at scale.
- Man in the middle attacks. This is when fraudsters use techniques to intercept communications between the legitimate user device and, as an example, the online bank website with the aim of stealing sensitive data such as login details, transaction codes or even the one-time password (OTP) in real time. They then take that stolen data to log into and take over a specific user’s account or complete a fraudulent payment.
- SIM swaps. This is when a fraudster takes control of a person’s mobile phone number, often by using social engineering tactics on the phone’s service provider. By gaining access to the phone number, the fraudster can work around two-factor authentication (2FA) protocols and gain access to a variety of accounts.
What are the consequences of account takeover?
Once the fraudster is in the account and the victim is locked out, the fraudster can perform a variety of actions. Those include:
- Moving money from that account to another account they control.
- Using that account to make purchases.
- Using that account as a mule account for money laundering.
- Using that account to apply for a line of credit.
- Opening a new account in the victim’s name.
- Connecting other accounts.
- Redirecting income such as salaries or pension payments into other accounts.
- Harvesting all of the personal information in that account to commit new fraud, or to sell that information to other criminals.
The financial and emotional toll of an account takeover can be enormous for banking customers, not only because of the economic losses. There can be instances when customers can find themselves involved in legal issues without their own knowledge due to unpaid loans as an example. And for the bank, too, account takeover fraud has far-reaching impacts, which include:
- Straining the time, energy and resources of the bank’s IT and customer support teams.
- Opening the door to chargeback requests and the further reconciliation of fraudulent transactions.
- Eroding customers’ trust in the bank’s reputation.
- Exposing the bank to penalties from regulators.
Account takeover protection and money laundering
Anti-money laundering (AML) teams know that fraud frequently leads to money laundering. That’s why bringing fraud and AML teams together can be so effective in preventing financial crimes.
In account takeover fraud, the connection is often direct. It’s hard to launder money through a brand-new account. Most banks will have controls in place to monitor the activity of those new accounts.
Older accounts, however, are less likely to trigger legacy AML systems because they have already been vetted. This is one reason criminals commit account takeover fraud. Once they have access to a legitimate account, they can move potentially significant amounts of money before those transactions get flagged.
Keep this relationship between account takeover and AML in mind as we explore account takeover fraud prevention and detection. By having this kind of holistic perspective on account takeover, banks will give themselves an advantage in fighting financial crime.
Account takeover detection
One of the most useful tools financial institutions have for fraud detection is data — specifically, data about breaches or leaks that impact banking customers.
Imagine a major retailer suffers a data breach, and the personal data of 20 million shoppers is compromised. Fraud managers at every financial institution should get the names of every person whose information was leaked because they will want to cross-reference those names with their customer list.
Knowing what kinds of threats are upstream from your own organization can help you identify attempts at identity theft and account takeover fraud that target your customers by implementing proactive measures within the fraud prevention strategy.
From there, having robust anti-fraud tools will be important to detect suspicious activity. Featurespace’s ARIC™ Risk Hub is built to do the detection work by monitoring the behaviors of individual customers. Proprietary machine learning models help ARIC Risk Hub learn which behaviors are normal and which behaviors are out of the ordinary for individual customers. This can help fraud analysts catch suspicious activity quickly.
Going back to the example of the retailer’s data breach. With a fraud solution like ARIC Risk Hub, a financial institution could identify customers whose data was exposed in the breach, then set specific controls to monitor their accounts and add to that the risk detection capabilities enabled by machine learning models. Among the things those rules could look for would be:
- Transactions to brand new recipients.
- Changes to the account holder’s contact information.
- The linking of new accounts.
Any of those actions could signal to the fraud team that someone has taken over the account.
Account takeover prevention
In most banks, account takeover prevention falls to the same legacy fraud controls that most organizations have. These include:
- Password protection and multi-factor authentication. These are the basic safeguards of customer accounts. As shown above, however, this security layer can be circumnavigated with a leaked password and a SIM swap, neither of which requires a sophisticated fraudster.
- Device identification tools. Device identification is a helpful first line of defense against unknown users who try to access accounts.
- IP analysis. This is another useful tool to filter account login attempts from someone using a VPN, for example.
- Fraud detection tools. There are multiple solutions for fraud detection, and many of these tools complement one another.
As cybercrime technology evolves, it will become easier for fraudsters to overcome the hurdles of security barriers. They will get better at spoofing devices and IP addresses, for example. That’s why the real key to preventing account takeover fraud lies in an organization’s ability to see, understand, and make predictions based on customer behaviors. All that activity, which takes place after login, can help fraud teams spot suspicious activity.
That’s what we built ARIC Risk Hub to do.
Featurespace fraud detection
By studying and learning from everyday customer behaviors, ARIC Risk Hub learns how to monitor all activity and how to separate inconsistent behaviors from legitimate behaviors with a high detection rate and minimizing the volume of false positive alerts.
Without this level of visibility, fraud and money laundering appears great. If a bank’s defenses against account takeover are limited to passwords, 2FA and device identification tools, then it has some chance of stopping an account takeover when a customer’s phone gets stolen. However, the first alert might only come once the criminal has begun to move money out of the account that’s been taken over.
ARIC Risk Hub solves this problem by providing visibility across all customer activities. In the example above, behavior monitoring might have allowed the fraud team to respond earlier, say if the fraudster changed the phone number associated with the account.
Additionally, ARIC Risk Hub integrates with third-party solutions that can provide wider context to bring all of that account monitoring into one platform – an integrated dashboard that helps prevent fraud and money laundering. This allows your organization to assign risk scores to accounts, monitor transactions and bring in third-party data about things like how customers use their devices, where additional information is relevant.
The richness of that data allows fraud teams to identify cases accurately and intervene quicker.
Get in touch