How to Prevent Account Takeover Fraud: Use Cases

Sumsub’s Identity Fraud Report found account takeover as among top five identity fraud types of 2023, increasing by 155% year over year. 

In 2023 alone there were 2,365 cyberattacks with over 343 million victims. In comparison to 2021, there was a total increase of data breaches of 72%. Usually these attacks target personal and work emails in attempts to steal sensitive information and/or take over a user account.

This growing threat can be attributed 
to several key factors, such as sophisticated fraud techniques (e.g., malware attacks), exploitation of human vulnerabilities through social engineering, and exploitation of weaknesses in the digital ecosystem. 

To prevent account takeovers, companies need to deploy advanced anti-fraud systems that encompass continuous monitoring of user behavior and real-time alerts—along with measures like biometric authentication, device intelligence, and more. Moreover, it’s not enough to protect users during the onboarding stage alone; Our data shows that over 70% of fraud happens beyond the onboarding stage. Therefore, it is essential to protect the whole user journey—and this is where behavioral analytics can help.

What is account takeover?

Account takeover (ATO) is the process of stealing sensitive personal information and to gain access to their account(s) for illicit purposes(e.g., withdrawing money, sending phishing emails).

The most common schemes fraudsters use for ATO are:

• Phishing
• Credential stuffing
• Malware attacks
• Brute force
• Man in the middle (MitM) attacks

You can learn more about different ATO schemes and ways to spot them here.

Account takeover red flags

The key signs of ATO may include:

• Several failed login attempts
• An abnormal amount of password change requests
• Account detail changes (e.g., payment method, shipping address)
• Geolocation changes
• Large number of chargeback requests

While these circumstances do not always guarantee that an account has been stolen, they provide reasonable grounds for further investigation. 

Suggested read: The 10 Most Common AML Red Flags 2024—Complete Guide

Efficient ATO prevention solutions 

When it comes to countering ATO, it’s essential to react in a timely manner and minimize the number of false positives/negatives. The following tools that can help with this:

• Real-time user activity monitoring ensures that user activities are constantly on the watch 
• Advanced anomaly detection and behavior analytics analyzes user behavior and alerts to abnormal activity (e.g., suspiciously large transaction) 
• Location intelligence keeps track of IP addresses and geolocations used to access accounts, ensuring that any suspicious location will trigger an immediate alert for further investigation
• Device fingerprinting detects new or unrecognized devices attempting to login
• Payment method checks keeps track of which cards are used by the user over time

All of these tools are included within Sumsub’s Fraud Prevention solution. 

How to use Sumsub solution

Sumsub can allow your business to detect and prevent fraud, including ATO. 

After setting up an account with Sumsub, you can install ready-to-use rules from our rules library or create your own scenarios according to your local specifics and regulations. 

You can learn more about customizing our solution here.

You can also manually review all alerts, with the option to forward them to other teams in your company. 

Below, an alert was triggered since a new withdrawal method was introduced and the remitter address country doesn’t match the IP countries used for the last 90 days.

You can see all user activity in a single dashboard for a complete picture. You can also conveniently sort and filter lists as needed.