Account Takeover


Account takeover fraud is a type of identity theft where a fraudster gains access to their victims’ accounts, then makes non-monetary changes that may include modifying personally identifiable information (PII), requesting a new card or adding an authorized user. Once they accomplish one of these seemingly insignificant requests, they have the power to carry out any number of unauthorized transactions.


Your data sells cheaper than chewing gum

There can be many intentions behind account takeovers, however, in most cases, the most common intention involves financial gain. Account takeover fraud involves a fraudster getting access to the credentials to log into an individual’s account. Using the credentials, they then masquerade as the owner of the account to make purchases and/or transfer funds effortlessly. As the e-commerce world is moving towards frictionless payments, the threat has only increased and more and more customers have become more vulnerable. A successful account takeover attack ends up in deceitful transactions and unauthorized shopping from the victim’s compromised account.When account takeover attempts are successful, the pain for the customer — and the harm to the organization that did not stop the compromise — often extend far beyond the losses tied to the individual account. Account takeover puts a strain on customer relationships and can result in long-term damage to a company’s brand.


When a fraudster steals a credit card, they’ve stolen one relationship. With account takeover, criminals have the potential to infiltrate several relationships of their victims.Stolen account information—including usernames, passwords, email and mailing addresses, bank account routing information and Social Security numbers allow fraudsters to forge a full-blown attack on a person’s identity. Fraudsters move quickly and often use the data gathered from one account takeover scheme or data breach to take over additional accounts at other companies. Even worse, criminals often collaborate and sell compromised identities to the highest bidder, resulting in further damage to the consumer’s accounts and identity. Account takeover fraud is the gift that keeps on giving.


Fair or not, consumers often view the organization that did not prevent the fraudster’s access to their account to be at fault. However, excessive scrutiny of every requested change runs the risk of alienating customers and can generate significant operational expense. There is a fine line between protecting your account holders and providing them with a great customer experience. The second repercussion is the damaged customer relationship. When a customer chooses to shop with you, they are in turn trusting you. If a customer’s account gets breached, they will feel like you failed to protect them. A breach can turn away a loyal customer and taint the name of your company