Account takeovers are not a great experience for anyone. Your customers are upset because their accounts are no longer in their control. When your customers are compromised, your fraud and customer support departments are taxed with verifying identities and rooting out fraudulent orders.
In order to help you to stay ahead of the threats posed by account takeover fraud, this article covers:
how fraudsters take over accounts
the most effective way to stop them
best practices for fixing an account that has been taken over.
how fraudsters perform an account takeover.
According to the Merchant Risk Council’s 2019 Global Fraud Survey Results, 96% of all ecommerce businesses report some form of fraud attack at their organization, with account takeover landing in the top three.
The first step a fraudster takes in an account takeover is to acquire a customer’s personal identification information.
Some common ways that fraudsters steal account and personal information include:
purchasing credentials via dark web sites
searching social media or publicly available databases
conducting a phishing scam through email or messaging services
leveraging malware to install keyloggers to collect all data
using a brute force password cracking tool.
The worst part? All of these tactics can be automated, so these operations occur on a vast scale, threatening consumers and companies alike, worldwide.
Once the fraudster acquires enough personal information, such as billing address, credit card number, or social security number, they will try to access the account and change the contact information. By changing the contact information, the fraudster locks the real customer out of the account. Depending on the business, while the consumer can’t access his/her own account, the fraudster has enough time to place fraudulent orders, create new accounts, and cause general havoc.
How to prevent account takeovers
As other security holes are closed, account takeovers are expected to rise. You should start implementing a solid account takeover and security plan. Here are some basic best practices:
Offer education and training. Provide your customers and the fraud department with the knowledge of how account takeovers happen. Linking customers to an article about how account takeovers happen and why secure passwords are essential will educate them and cut down on support questions.
Require strong passwords and offer two-step authentication. Requiring a strong password that excludes the most commonly used passwords will reduce your business’s susceptibility to brute force attacks. On top of passwords, give your customers the option to use two-step authentication for added security. With two-step authentication, you need to give your customer service team detailed documentation to securely help legitimate customers who get locked out.
Leverage complementary risk assessment layers. When building your risk engine, keep account takeovers in mind. Make sure to use complementary solutions that can stop the bad guys, even if they have legitimate customer data. Use these best practices to limit account takeovers and provide a quick response for your customers.
What to do if your customer is taken over
If you do detect an account takeover or you receive a support request for a customer you need a quick response to minimize damages. Here are a few universal best practices:
Lock down the account. When an account is in limbo, making sure the fraudster cannot make additional purchases is the top priority. By locking the account from purchases, you will save the fraud department time and have fewer fraudulent purchases.
Check for contact information changes. Fraudsters will quickly change contact information to lock legitimate users out of their accounts. When handling an account takeover make sure you check to see if contact information has been changed and give customers options for verification.
Have a written policy for account takeovers. Customer support representatives and fraud departments need an accessible set of guidelines to let them quickly make decisions. This will be different for every company but having standards about verifying identities and reversing fraudulent orders will empower the entire fraud department to make the best decision.
To identify potentially compromised email accounts, we use dynamic intelligence to look for behaviour changes around the use of an email address in transactions. Specific signals from our network can indicate whether an email address has been compromised. The biggest signal is if the email address has been part of any large-scale data breaches. The second most relevant signal is velocity activity – has there been an uptick in the number of transactions in a given timeframe?
Above all, we count on our network members to report suspected events associated with that email to raise key risk indicators.
Stopping account takeovers is a constant crusade, but by being vigilant and adequately preparing your fraud prevention and support teams, you can save yourself from many headaches.
About Amador Testa
Amador is Chief Product Officer at Emailage. He is an industry expert in online fraud, identity theft and cybercrime. Before Emailage, he was the head of fraud for card acquisitions at American Express and later led global fraud prevention divisions at Citigroup. Amador enjoys playing tennis, running marathons and traveling with his family.
About Emailage
Emailage, founded in 2012 and with offices across the globe, is a leader in helping companies significantly reduce online fraud. Through key partnerships, proprietary data, and machine-learning technology, Emailage builds a multi-dimensional profile associated with a customer’s email address and renders a predictive risk score. Customers realize significant savings from identifying and stopping fraudulent transactions.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now