• Latest
Account Takeovers

Account Takeovers

December 11, 2022
Policy Abuse Fraud: What Is It and How to Protect Against It

nSure.ai Delivers Growth to Digital Commerce Leaders and Boosts YoY Revenue by 280%

January 25, 2023
Fraugster and Refurbed partner to increase approval rates and reduce fraud for refurbished electronics marketplace

Sift Appoints Former Ping Identity COO Kris Nagel as CEO

January 20, 2023
Veridos Announces Innovatrics as Strategic Partner for Advanced DNA ID Verification

Veridos Announces Innovatrics as Strategic Partner for Advanced DNA ID Verification

January 19, 2023
New Podcast Episode: Walls of Thieving Cellphones with Nethone

New Podcast: How to Stop Return Policy Abuse Fraud

January 10, 2023
How to Write a Strong Chargeback Policy: Tips to Help You Protect Your Business

How to Write a Strong Chargeback Policy: Tips to Help You Protect Your Business

January 6, 2023

Anti-money laundering: Frequently Asked Questions

January 3, 2023
Card Not Present Fraud: How Companies Lose Nearly $10 Billion Per Year

Chargeback Fraud: How to Prevent it and What to Do if it Happens

January 1, 2023
Tailgating cybersecurity threat prevention

Tailgating cybersecurity threat prevention

December 30, 2022
AuthenticID Announces Partnership with Milk & Honey Labs

Axerve Partners With ACI Worldwide to Help eCommerce Businesses Grow Revenues in the U.K.

December 27, 2022
Best Risk Management Software

Best Risk Management Software

December 26, 2022
New Podcast Episode: Walls of Thieving Cellphones with Nethone

New Podcast: Know Your Customer. Or else.

December 20, 2022

Mastercard & Vesta Partner to Offer Enhanced Fraud Management Solution

December 5, 2022
  • Contribute
  • Contact Us
  • About
  • Join Us
  • Advertise
Saturday, January 28, 2023
Merchant Fraud Journal
  • Home
  • Articles
    • Chargebacks
    • Fraud Prevention
    • Influencer Insights
  • Resources
    • Recorded Webinars
    • Podcasts
    • Vendor Directory
    • eCommerce Fraud Reports
    • Training and Certifications
    • Jobs Board
    • Associations and Non-Profits
  • News
No Result
View All Result
  • Home
  • Articles
    • Chargebacks
    • Fraud Prevention
    • Influencer Insights
  • Resources
    • Recorded Webinars
    • Podcasts
    • Vendor Directory
    • eCommerce Fraud Reports
    • Training and Certifications
    • Jobs Board
    • Associations and Non-Profits
  • News
No Result
View All Result
Merchant Fraud Journal
No Result
View All Result

Account Takeovers

This article was contributed by Shawn Colpitts, Senior Fraud Investigator at Just Eat Takeaway.com

by Bradley Chalupski
December 11, 2022
in Articles, Fraud Prevention
Account Takeovers

Account takeovers have evolved over the past year, alone. They have become far more complex in their execution and lifecycle.

Their scripts can now revolve activities through lists of resources to look like many different devices and to be coming from many different IP addresses at varying velocities. Their activities are no longer simply login and use.

Account takeovers are more complex

Today, account takeovers run through their lists of credentials in stuffing attacks of various speeds to see which work and which do not. From there, they will take one of three different routes.

  1. Condense their list to the account details that led to successful logins and sell the list as-is for another bad actor to use and make a profit.
  2. Note the available details and payments stored to the accounts to add value to their successful list and sell it for even more profit.
  3. Pass the list off to another teammate to login to and use to place orders to their clientele in a triangulation (reseller) fraud and/or transaction laundering scheme.

Even with the varied velocities, revolving data and lengthened lifecycle, many elements in account takeover detection and prevention remain the same.

Internal and external account takeovers

There are two main categories of indicators when it comes to account takeovers: INTERNAL and EXTERNAL.

Internal Indicators are the ones that are visible to systems. These are your security and risk systems and are generally triggered while an attack is happening. External Indicators are generated from outside contact. These are the emails and calls received by the victims or those contacting the company on their behalf.

The strength of your defense comes from your ability to use Internal Indicators to your advantage. The velocities of attacks can and do vary quite a bit from actor to actor and the tools they may use. Some will just use bots and jack them right up. Some may limit their speed or even use a bot/human combination to achieve their goal. You may find success in widening the pace you pick for your alerts. Still, even with rate limiting and revolving through devices and IP addresses, many simple detection methods may still have a positive impact.

  • In a short period of time, many established accounts of various ages may have login attempts by the same IP address not seen on the accounts before.
  • In a short period of time, many established accounts of various ages may become accessed or have attempted accesses from the same devices or unknown devices that have not accessed them before.
  • An established account might have multiple login attempts in a short period of time by a new or unknown device with a new IP address not seen to have accessed the account before.
  • A foreign IP address may access or attempt to access one or more established accounts with a new or unknown device not seen to have accessed the account before.
  • Multiple new IP addresses might attempt to access one or more established accounts.

How to identify account takeovers

The key to identifying account takeovers and rooting out false positives when it comes to these activities based on Internal Indicators is NEW. Account accesses need to be attempted by a new device or a new IP address or a new geolocation. If all of the details have already existed upon the account, then the account is being accessed by someone known to the customer in some capacity and is Account Theft, not Account Takeover. Similar flags may be set to additional technical details you may be able to get from their devices and sessions. Look deep and experiment.

This is not always enough to just challenge or block a login. One example of this is in the case of pre-hijacking account takeovers that happen before a customer opens an account. Or, some companies will desire to be more certain that this activity is not coming from the genuine account holders before actioning. For that, you need a network view to see this activity happening across multiple accounts. The evolution of rate-limiting and resource lists have allowed fraudsters to often get away with an ongoing attack a little longer than they used to because of how long it takes them to cycle back to using the same details again. Cast your net wide and look for Internal Indicators on their own and in combination with one another to get alerted to smaller instances of suspicion that may need to be actioned.

That said, when pursuing a process, I would recommend requesting to challenge accounts upon suspicious logins instead of blocking them. You’ll probably find more success by still giving the user a chance to get into their account and place their order than to potentially block them out with a false positive.

Internal indicators

Additional Internal Indicators happen after an account has been successfully accessed and taken over.

  • Many established accounts of various ages could have their personal details (phone number, email address, etc…) changed to be the same in a short period of time. ● Established accounts may have their financial information changed to the same details over a short period of time.
  • Many orders placed to the same delivery address from different established accounts over a short period of time.
  • An established account is logged into by a new or unknown device and new IP, their personal details are changed and transactions are made to new addresses, typically of abnormal values.
  • An established account is logged into by a new or unknown device and new IP and all of their reward points are transferred to an unrelated account, often a fair distance away.
  • Many established accounts could place orders to the same service provider, store or restaurant that is not near them, or for the same items, typically of higher value.

You’ll see with these indicators that, not only do they somehow meet one or more of the unsuccessful indicators you may be looking for, they will also be seen on more than one account as additional confirmation that there was an account takeover.

External indicators

External Indicators from outside sources are almost always from the account holders themselves but are not always communicated directly to the company. Some victims will immediately take to social media to blast and blame the company or go right to the press, which is another reason why systems must be in place for prevention and retention. Your customer service and follow up must be aligned to put the customer at ease after such a harmful event.

  • Account holder claims their account was taken over, hacked or there was fraud on their account.
  • Account holder claims they cannot access their account or the systems are saying no such account exists when they try to login.
  • Account holder claims personal details on their account were changed or details have been added that they do not recognise (email address, phone number, name, credit cards, delivery address, etc..).
  • Account holder claims orders placed were not by them and to unknown addresses that are foreign to them.
  • Account holder claims they are missing reward points or credits that were previously on their account and they did not spend them.
  • Account holder claims they did not receive payment or deposit of earned funds which should have been transacted to their associated financial details.

These External Indicators need to be manually reviewed for accuracy. As much as we would like to, we cannot just take the word of our customers. Some will be trying to defraud you. You have to be sure.

A three-tiered approach to preventing fraud

As with most fraud, one flag or piece of information is not typically enough to confirm that something nefarious has actually happened. A good rule of thumb is to follow a three-tiered approach when confirming fraud. Some instances may require more and some less. That is up to your discretion and how confident you are in the process you are looking to put into place.

There are a lot of details and signals that you can receive to help you determine if account takeovers are happening upon your platform. You need accurate device details and fingerprinting. Don’t use a process that is easily worked around. Get data enrichment around IP addresses to receive more details about them to use, if you can. Although it can be useful on its own and being accurate really helps in these situations, do not rely heavily on your location data on its own unless you have a way that you can be sure of it. For all three of these important data points, there are services out there that can help you with them. Don’t be afraid to just reach out to learn about what they might be able to do for you.

Account takeovers are presently impossible to prevent 100% of the time. However, with the right tools and rules in place, you can probably stop about 95% of them. Given how customers react to identity theft and account takeovers, and the extreme damage they can do to brand reputation, it is important to prevent as many of them as you can.


This article was contributed by Shawn Colpitts, Senior Fraud Investigator at Just Eat Takeaway.com

Tags: Account Takeover Fraud
ShareTweetShareSend
Previous Post

Mastercard & Vesta Partner to Offer Enhanced Fraud Management Solution

Next Post

New Podcast: Know Your Customer. Or else.

Next Post
New Podcast Episode: Walls of Thieving Cellphones with Nethone

New Podcast: Know Your Customer. Or else.

Our Latest Reports

2022 Chargeback Consumer Survey Report

Fraud Prevention Tactics that Enable Exceptional Customer Experience

Addressing Payment Fraud and The Customer Experience in 2022

2022 Fraud Trends Report

ATO Fraud In Retail Report

2022 Customer Experience Report

3 Ways a Unified Chargeback Management and Fraud Platform Increases Revenue

Digital Trust And Safety Report: Combating the Evolving Complexities of Payment Fraud

On-Demand Webinars

Balancing Customer Experience and Fraud Prevention: What’s the Secret?

Stopping Fraud Across the Customer Lifecycle

Addressing Payment Fraud and the Customer Experience in 2022

 

Get the 2022 Fraud Trends Report

MFJ 2022 Fraud Trends Report

Search Our Site

No Result
View All Result

Our Sponsors

Featured Directory Listings

  • logo
    NoFraud
  • SEON. Fraud Fighters
  • sift logo
    Sift
  • Signifyd
  • Ekata
  • Microsoft Dynamics 365 Fraud Protection
  • PayRetailers
  • Spotrisk

Our Sponsors

Fraud Industry News

Policy Abuse Fraud: What Is It and How to Protect Against It

nSure.ai Delivers Growth to Digital Commerce Leaders and Boosts YoY Revenue by 280%

January 25, 2023
Fraugster and Refurbed partner to increase approval rates and reduce fraud for refurbished electronics marketplace

Sift Appoints Former Ping Identity COO Kris Nagel as CEO

January 20, 2023
Veridos Announces Innovatrics as Strategic Partner for Advanced DNA ID Verification

Veridos Announces Innovatrics as Strategic Partner for Advanced DNA ID Verification

January 19, 2023

Connect With Us

Quick Navigation

  • Home
  • News
  • Join Us
  • About Us
  • Contact Us
  • Advertise
  • Contribute
  • Privacy Policy

The Payments Media Network

Merchant Fraud Journal
Payments Review

Privacy Policy

Our Privacy Policy
Our Terms of Use

Resources

  • Articles
  • eCommerce Fraud Reports
  • eCommerce Fraud Webinars
  • Training and Certifications
  • Jobs Board
  • Associations and Non-Profits
  • Podcasts
  • Vendor Directory

Popular Posts

  • How to File a Claim With FedEx + What To Do If Claim is Denied

    How to File a Claim With FedEx + What To Do If Claim is Denied

    0 shares
    Share 0 Tweet 0
  • Top eCommerce Fraud Prevention Companies

    0 shares
    Share 0 Tweet 0
  • How Does Two-Factor Authentication (2FA) Work?

    0 shares
    Share 0 Tweet 0
  • How to Fight PayPal Chargeback Fraud

    0 shares
    Share 0 Tweet 0

Featured Vendors

  • NoFraud
  • SEON. Fraud Fighters
  • Sift
  • Signifyd
  • Ekata
  • Microsoft Dynamics 365 Fraud Protection
  • PayRetailers
  • Spotrisk

Download the 2022 Fraud Trends Report

No Result
View All Result
  • About Merchant Fraud Journal
    • Interested in Contributing or Guest Posting to Merchant Fraud Journal?
  • Advertise on Merchant Fraud Journal
  • Articles
    • Chargebacks
    • Fraud Prevention
    • Influencer Insights
  • Contact Us
  • Download Addressing Payment Fraud and Customer Experience Report
  • Download Chargebacks Consumer Survey Report 2022
  • Download Evolving Complexities of Payment Fraud Report
  • Download Fraud Prevention Tactics that Enable Exceptional Customer Experiences Report
  • Download the 2020 Chargeback and Representment Report
  • Download the 2020 Merchant Fraud Journal Vendor Guide
  • Download the 2021 Fraud Trends Report
  • Download the 2022 Fraud Trends Report
  • Download the 3 Ways a Unified Chargeback Management and Fraud Platform Increases Revenue Report
  • Download the MFJ 2022 Customer Experience Report
  • Download the MFJ ATO in Retail Report
  • Home
  • Job Dashboard
  • Join The Merchant Fraud Journal Community
  • Merchant Fraud Journal Advertising Agreement
  • MFJ Fraud Trends Report Giveaway
  • News
  • Post a Job
  • Privacy Policy
  • Resources
    • 2020 Chargeback Representment Guide for Merchants
    • 2020 Vendor Guide
    • 3 Ways a Unified Chargeback Management and Fraud Platform Increases Revenue
    • Addressing Payment Fraud and the Customer Experience in 2022
    • Associations and Non-Profits
    • ATO Fraud In Retail Report
    • Balancing Customer Experience and Fraud Prevention: What’s the Secret?
    • Chargebacks Consumer Survey Report 2022
    • Digital Trust & Safety: Combating the Evolving Complexities of Payment Fraud
    • eCommerce Fraud Reports
    • eCommerce Fraud Webinars
    • Fraud Prevention Tactics that Enable Exceptional Customer Experiences
    • Fraud Prevention Training and Certifications
    • How to Build a Recession Proof Chargeback Prevention Strategy
    • How to Stop Fraud During the 2022 Holiday Season
    • Jobs Board
    • Merchant Fraud Journal’s Fraud Trends 2020 Report
    • Merchant Fraud Journal’s Fraud Trends 2021 Report
    • Merchant Fraud Journal’s Fraud Trends 2022 Report
    • MFJ’s 2022 Customer Experience Report
    • Podcasts
    • Prevent High-Velocity Fraud Attacks During the 2021 Holiday Season
    • Stopping Fraud Across the Customer Lifecycle
    • Vendor Directory
    • Webinar – Addressing Payment Fraud and the Customer Experience in 2022
    • Webinar – Mitigating Fraud and Risk on the ACH Network
    • Win January Chargeback Disputes
  • Subscribed
  • Terms and Conditions

© 2021 Payments Media Solutions Canada Inc.

Are you sure want to unlock this post?
Unlock left : 0
Are you sure want to cancel subscription?