Account takeover (ATO) fraud, through which a bad actor takes over an individual’s financial accounts without their knowledge, is one of the most harmful forms of identity theft. It’s often difficult to detect because fraudsters have become skilled in gaining access to a person’s personal identifiable information (PII), such as their home address or Social Security number, and assuming their identity. It can destroy an individual’s finances and credit score and take a long time to recover from the damage.
The three most common activities cybercriminals performed after taking over an account in 2021 were making fraudulent credit card transactions; moving funds out of person-to-person (P2P) services like PayPal, Venmo or Zelle; and changing account contact information so they can confirm transactions when an institution reaches out.
Last year, a North Carolina man was sentenced to 36 months for account takeover fraud. In one scheme, he gained access to existing credit card accounts using stolen PII, changed the address and contact information, added himself as an authorized user, and requested new cards. Over three years, he attempted 80 ATOs, resulting in over $145,000 in financial losses.
Unfortunately, these types of activities from ATO fraud are continuing to increase. According to Javelin Research’s latest annual identity fraud study, ATO in 2021 increased 90% from 2020 to an estimated $11.4 billion.
A significant factor causing this growth has been the increase in online and telephone transactions, also known as card-not-present (CNP) transactions. CNP transactions make up the fastest-growing segment of fraud, mainly because the computer chip now found on most credit and debit cards has made it significantly harder to commit fraud when the card is used in a live, in-person transaction.
As ATO fraud becomes more prevalent, consumers, merchants and banks will demand better protection to limit their losses, which can be both financial and reputational. Lack of trust in the integrity of the financial transaction can have severe consequences across the entire payment landscape.
Let’s look at two strategies organizations can take to help protect consumers from ATO fraud.
Feed hungry AI/ML systems more data, faster
Today, organizations need to instantly validate digital identities and prevent fraudulent transactions without inconveniencing customers. This real-time fraud prevention relies on having a modern real-time data platform that powers artificial intelligence/machine learning (AI/ML) applications in real time to quickly process enormous amounts of data to discover emerging fraud patterns.
AI/ML models have an insatiable appetite for data. The more data they are fed, the better they run. Organizations need to feed these models large datasets, up to petabytes, consisting of all available historical information from their systems of record. They must continuously update the information in real time with data streaming in from the digital edge, such as internal customer and transaction data from storefronts, web pages, and mobile devices. And they should supplement with third-party data, such as demographics, behavioral data, geolocation data, credit bureau data, etc.
Unfortunately, the more data that is used, the slower the system will perform. Companies must use an extremely fast data platform to ensure real-time response times.
Optimize AI/ML to reduce false positives with Account Takeover Fraud
A fundamental way to minimize ATO fraud is to accurately authenticate the customer’s identity before they access your systems. An essential part of this is reducing false positives, in which the fraud system makes an error in classification and falsely says that a person is legitimate (e.g., positive) when they’re not.
Best-in-class fraud solutions need to perform sophisticated analytics across large datasets, balancing the goals of 1) providing customers a pleasant, fast login experience; 2) making sure that all good customers are approved quickly; and 3) denying all bad actors access. These goals have some tension between them, as companies don’t want to deny access to anyone who is a good customer while making a split-second decision on whether they’re legitimate. Companies tend to lean toward allowing customers access on the margin, which is why some bad actors are sometimes approved, resulting in a false positive.
The ability of a modern real-time data platform to ingest large amounts of data and process it quickly lets data scientists use increasingly sophisticated AI/ML algorithms, including neural networks and deep learning. These advanced technologies can process 10 million data attributes or more in real time, instead of just hundreds, to further reduce false positives. PayPal, considered an innovator in fraud detection, is an example of a more advanced organization that uses neural networks as part of its systems. By deciphering legitimate transactions from illegitimate, organizations can provide their customers with a pleasing, differentiated experience.
With skyrocketing ATO fraud, businesses need to take immediate steps to ensure their customers are safe from this type of criminal activity. Those at the forefront focus on strategies incorporating the most modern technologies to process and analyze vast volumes of data in real time.