Online fraudsters are constantly devising new ways to get rich at the expense of others. One such strategy, which is becoming increasingly popular recently, is account takeovers.
Here, fraudsters hijack existing user accounts and go on spending spree, acting in the genuine customer’s name. In most cases, neither the account user nor the online platform realises what is happening in time, and once they do, it is often too late and the damage is done.
From June 2015 to June 2016 we, at Risk Ident, saw an increase of up to 300% in account takeover attempts on our ecommerce customers. The relative ease with which fraudsters are able to access less secure accounts is causing a real headache for merchants. Fraudsters can buy login details from the black market, steal them through malware or phishing attacks, or sometimes simply just use a list of the most common passwords to crack a customer’s online shopping account.
The problem with account takeovers is that they have traditionally been very hard to detect. The fraudster is operating from within a genuine and trustworthy user account, which often will have an impeccable history, but will make small changes to the account as they obtain goods to sell on for a profit. They will also change their tactics frequently, whether it’s going for lesser-known brands, or smaller value items, or masking attempts via proxy services or via different devices.
Rule-based anti-fraud systems have long been used to watch out for suspicious trigger points such as the above, but they do not evolve over time or react to changing tactics. This results in costly false positives for retailers and harms their relationships with customers, who will simply shop elsewhere if they are denied a legitimate transaction.
Modern machine learning technology, based on a data science approach, is able to recognise changing patterns and irregularities in datasets, learning as it processes more data to continually create new models and better, constantly evolving algorithms that help retailers stay a step ahead of the fraudsters.
Signs of potential account takeover can include conspicuous behaviour during the login process, like an unusual amount of failed attempts; a password change followed by unusual customer behaviour; a change of address immediately before ordering; or deviating behaviour such as purchasing an unusually expensive or high volume of merchandise.
It can also include login attempts from different devices and places, suspicious device configurations that try to hide their whereabouts; a change of operating software and/or switching to an older browser version; logging in with an already suspiciously known device; or attempting to log in via a proxy server or VPN.
By analysing multiple changes to activity in combination, machine learning fraud prevention provides the strongest possible defence against account takeover attempts, when supported by a knowledgeable fraud manager, fighting back against the fraudsters who wish to damage both people and profits.
About Roberto Valerio
Roberto Valerio is the CEO of Risk Ident, leading the day-to-day management of the company. He is responsible for driving the development of the business to serve merchants in need of a modern, intelligent approach to online fraud prevention.
About Risk Ident
Risk Ident offers anti-fraud solutions for companies within the ecommerce and financial sectors, empowering fraud managers with intelligence and self-learning machine technology to provide stronger fraud prevention. Risk Ident are experts in device fingerprinting and behavioural analytics, while its products are specifically tailored to comply with European data privacy regulations.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now