• Latest
How to Detect Account Takeover Fraud

How to Detect Account Takeover Fraud

June 3, 2020
Moving identity authentication earlier in customer flow is top of mind at MRC Vegas 2023:

Moving identity authentication earlier in customer flow is top of mind at MRC Vegas 2023:

March 28, 2023
How to Strengthen Your Small Business’s Defenses Against Identity Theft

How to Strengthen Your Small Business’s Defenses Against Identity Theft

March 23, 2023
How Companies Can Avoid Zero-Party Data Fraud

How Companies Can Avoid Zero-Party Data Fraud

March 13, 2023
New Podcast Episode: Walls of Thieving Cellphones with Nethone

New Podcast: How to Stop Return Policy Abuse Fraud (Pt. 2)

February 22, 2023
Germany’s Fraud Prevention Firm Hawk AI to Focus on Global Expansion with $17M Series B

Germany’s Fraud Prevention Firm Hawk AI to Focus on Global Expansion with $17M Series B

February 15, 2023
Merchant Fraud Journal Releases Biggest Annual Fraud Trends Report Yet with Insights from 16 Leading Payment and Fraud Solutions

Merchant Fraud Journal Releases Biggest Annual Fraud Trends Report Yet with Insights from 16 Leading Payment and Fraud Solutions

February 7, 2023
Curbing emerging fraud types with network intelligence and data enrichment

Curbing emerging fraud types with network intelligence and data enrichment

January 31, 2023
Policy Abuse Fraud: What Is It and How to Protect Against It

nSure.ai Delivers Growth to Digital Commerce Leaders and Boosts YoY Revenue by 280%

January 25, 2023
Fraugster and Refurbed partner to increase approval rates and reduce fraud for refurbished electronics marketplace

Sift Appoints Former Ping Identity COO Kris Nagel as CEO

January 20, 2023
Veridos Announces Innovatrics as Strategic Partner for Advanced DNA ID Verification

Veridos Announces Innovatrics as Strategic Partner for Advanced DNA ID Verification

January 19, 2023
New Podcast Episode: Walls of Thieving Cellphones with Nethone

New Podcast: How to Stop Return Policy Abuse Fraud

January 10, 2023
How to Write a Strong Chargeback Policy: Tips to Help You Protect Your Business

How to Write a Strong Chargeback Policy: Tips to Help You Protect Your Business

January 6, 2023
  • Contribute
  • Contact Us
  • About
  • Join Us
  • Advertise
Wednesday, March 29, 2023
Merchant Fraud Journal
  • Home
  • Articles
    • Chargebacks
    • Fraud Prevention
    • Influencer Insights
  • Resources
    • Recorded Webinars
    • Podcasts
    • Vendor Directory
    • eCommerce Fraud Reports
    • Training and Certifications
    • Jobs Board
    • Associations and Non-Profits
  • News
No Result
View All Result
  • Home
  • Articles
    • Chargebacks
    • Fraud Prevention
    • Influencer Insights
  • Resources
    • Recorded Webinars
    • Podcasts
    • Vendor Directory
    • eCommerce Fraud Reports
    • Training and Certifications
    • Jobs Board
    • Associations and Non-Profits
  • News
No Result
View All Result
Merchant Fraud Journal
No Result
View All Result

How to Detect Account Takeover Fraud

by Bradley
June 3, 2020
in Articles, Fraud Prevention
How to Detect Account Takeover Fraud

Knowing how to detect account takeover fraud is a problem affecting both individuals and businesses alike. The average cost of a successful attack on an individual is $263. However, it is also one of the most potent forms of eCommerce fraud targeting merchants and enterprise companies. In fact, the estimated cost of these attacks to businesses is over $12.5 billion since 2013.

Moreover, fraudster methodologies for this type of fraud evolve constantly. This makes the problem even worse. However, their are a few known “best practices” used by hackers to execute these attacks. If you know how to identify them, you can put measures in place to prevent them.

10 Ways to Detect Account Takeover Fraud

1. Pay attention to Business Email Compromise (BEC) Scams

Corporate finance employees with direct access to the company’s cash flow receive an email requesting a cash transfer. BEC relies on urgency. The email often appears while an executive is away from the office, and requests payment to a known account or vendor. This adds a level of plausibility to the request. In fact, the account is a fraudster account, often with a single digit or two changed from the legitimate one. The FBI business email compromise best practices commonly refer to this attack as “CEO fraud”.

2. Setup Systems to Catch Credential Stuffing

Fraudsters purchase large volumes of credentials on the dark web. They then use algorithms to try huge volumes of them to see if any grant access to a customer account. One way merchants can protect against this attack is monitoring their systems for rapid-fire credential entry.

3. Never Click on Unknown Links

Account holders receive a legitimate looking email impersonating a brand, financial institution, or colleague. The email asks them to take some kind of action. This is commonly a request to click a link, transfer cash, or input login credentials. In fact, the fraudster is installing malware, intercepting the transfer, or stealing the credentials. Extremely sophisticated attacks even provide a number and impersonate institutional representatives.

4. Don’t Panic when Threatened with Blackmail

Email accounts often contain personal information the holder does not want made public. Blackmail attacks find compromising messages or media, and then threaten to release them to the account’s contact list if the holder doesn’t pay an extortion fee. When this attack targets sexually themed content, it is called a sextortion scam.

5. Monitor the Backend for a Replay Attack

Fraudsters attack a merchant’s network, intercepting account credentials as they pass between a site form and the backend. Then, the fraudster resends the data to the backend, tricking it into believing its arriving directly from the site. To help prevent this, merchants should monitor their backend for IP address anomalies, time stamp data transfers, and attempt to ID the device sending data.

6. Verify Call Center Representatives

Fraudsters contact a call center and use stolen personally identifying information to convince representatives they are the cardholder. They then change account credentials so they can gain access. To avoid this, merchants should use various device authentication methods and train call center employees to ask highly specific questions.

7. Be Mindful of Account Purchase Value and Volume

Pay attention to the use of accounts with a longstanding history. A sudden spike in the amount of money spent, or the frequency of purchases, could indicate fraudulent use. Merchant systems should be setup to indicate a deviation from normal shopping patterns.

8. Look for Bulk Changes to Account Information

Fraudsters need to change personal information for a variety of reasons. The most common is the name and shipping address, since this is necessary to receive stolen goods.

9. Watch for Large Transfers of Rewards or Loyalty Points

Pay attention to customer accounts with a sudden interest in cashing in reward program points. This can take the form of a transfer, or purchases that empty the account balance after a long stand pattern of non-use.

10. Know the Status of your Loyalty Program Benefit Account

Loyalty program fraud is when fraudsters target an account’s loyalty points balance. This is a common attack because points are not cash, so card holders often overlook their vulnerability to theft.

However, loyalty programs offer account holders value in the form of merchandise, services, upgrades, and other kinds of rewards. Frequent flyer and online gaming accounts are a very common fraudster target. In fact, there is an entire Loyalty Fraud Association dedicated to this single problem.

Knowing How to Detect Account Takeover Fraud is Only the Start

The tactics fraudsters use to execute these kinds of attacks vary. However, they all present variations on the theme of trying to profit from unauthorized access to an online account that can be prevented. In fact, it’s easier than you think to implement the best practices to stop account takeover fraud.

Nevertheless, fraud methodologies constantly change. Because what works today may be insufficient to face tomorrow’s threats, individuals and merchants alike should keep up to date on the latest trends in fraudster attacks.

Fortunately, there are a number of individual and eCommerce fraud prevention solutions to help. To learn more about how to protect yourself against account takeovers, chargebacks, and all the other kinds of fraud you’re up against, check out our business directory.

Tags: Account Takeover Fraud
ShareTweetShareSend
Previous Post

Zelle Scam Cleans Out the Bank Accounts of Unsuspecting Victims

Next Post

Google Pay PayPal Connection Expanded

Next Post

Google Pay PayPal Connection Expanded

Our Latest Reports

2022 Chargeback Consumer Survey Report

Fraud Prevention Tactics that Enable Exceptional Customer Experience

Addressing Payment Fraud and The Customer Experience in 2022

2022 Fraud Trends Report

ATO Fraud In Retail Report

2022 Customer Experience Report

3 Ways a Unified Chargeback Management and Fraud Platform Increases Revenue

Digital Trust And Safety Report: Combating the Evolving Complexities of Payment Fraud

On-Demand Webinars

Balancing Customer Experience and Fraud Prevention: What’s the Secret?

Stopping Fraud Across the Customer Lifecycle

Addressing Payment Fraud and the Customer Experience in 2022

 

Get the 2023 Fraud Trends Report

Search Our Site

No Result
View All Result

Our Sponsors

Featured Directory Listings

  • logo
    NoFraud
  • SEON. Fraud Fighters
  • sift logo
    Sift
  • Signifyd
  • Ekata
  • Microsoft Dynamics 365 Fraud Protection
  • PayRetailers
  • Spotrisk

Our Sponsors

Fraud Industry News

Moving identity authentication earlier in customer flow is top of mind at MRC Vegas 2023:

Moving identity authentication earlier in customer flow is top of mind at MRC Vegas 2023:

March 28, 2023
How to Strengthen Your Small Business’s Defenses Against Identity Theft

How to Strengthen Your Small Business’s Defenses Against Identity Theft

March 23, 2023
How Companies Can Avoid Zero-Party Data Fraud

How Companies Can Avoid Zero-Party Data Fraud

March 13, 2023

Connect With Us

Quick Navigation

  • Home
  • News
  • Join Us
  • About Us
  • Contact Us
  • Advertise
  • Contribute
  • Privacy Policy

The Payments Media Network

Merchant Fraud Journal
Payments Review

Privacy Policy

Our Privacy Policy
Our Terms of Use

Resources

  • Articles
  • eCommerce Fraud Reports
  • eCommerce Fraud Webinars
  • Training and Certifications
  • Jobs Board
  • Associations and Non-Profits
  • Podcasts
  • Vendor Directory

Popular Posts

  • How to File a Claim With FedEx + What To Do If Claim is Denied

    How to File a Claim With FedEx + What To Do If Claim is Denied

    0 shares
    Share 0 Tweet 0
  • How Does Two-Factor Authentication (2FA) Work?

    0 shares
    Share 0 Tweet 0
  • Top eCommerce Fraud Prevention Companies

    0 shares
    Share 0 Tweet 0
  • The Best Reverse Email Lookup Tools in 2022 (with pricing)

    0 shares
    Share 0 Tweet 0

Featured Vendors

  • NoFraud
  • SEON. Fraud Fighters
  • Sift
  • Signifyd
  • Ekata
  • Microsoft Dynamics 365 Fraud Protection
  • PayRetailers
  • Spotrisk

Download the 2023 Fraud Trends Report

No Result
View All Result
  • About Merchant Fraud Journal
    • Interested in Contributing or Guest Posting to Merchant Fraud Journal?
  • Advertise on Merchant Fraud Journal
  • Articles
    • Chargebacks
    • Fraud Prevention
    • Influencer Insights
  • Contact Us
  • Download Addressing Payment Fraud and Customer Experience Report
  • Download Chargebacks Consumer Survey Report 2022
  • Download Evolving Complexities of Payment Fraud Report
  • Download Fraud Prevention Tactics that Enable Exceptional Customer Experiences Report
  • Download Merchant Fraud Journal 2023 Fraud Trends Report
  • Download the 2020 Chargeback and Representment Report
  • Download the 2020 Merchant Fraud Journal Vendor Guide
  • Download the 2021 Fraud Trends Report
  • Download the 2022 Fraud Trends Report
  • Download the 3 Ways a Unified Chargeback Management and Fraud Platform Increases Revenue Report
  • Download the MFJ 2022 Customer Experience Report
  • Download the MFJ ATO in Retail Report
  • Home
  • Job Dashboard
  • Join The Merchant Fraud Journal Community
  • Merchant Fraud Journal Advertising Agreement
  • MFJ Fraud Trends Report Giveaway
  • News
  • Post a Job
  • Privacy Policy
  • Resources
    • 2020 Chargeback Representment Guide for Merchants
    • 2020 Vendor Guide
    • 3 Ways a Unified Chargeback Management and Fraud Platform Increases Revenue
    • Addressing Payment Fraud and the Customer Experience in 2022
    • Associations and Non-Profits
    • ATO Fraud In Retail Report
    • Balancing Customer Experience and Fraud Prevention: What’s the Secret?
    • Chargebacks Consumer Survey Report 2022
    • Digital Trust & Safety: Combating the Evolving Complexities of Payment Fraud
    • eCommerce Fraud Reports
    • eCommerce Fraud Webinars
    • Fraud Prevention Tactics that Enable Exceptional Customer Experiences
    • Fraud Prevention Training and Certifications
    • How to Build a Recession Proof Chargeback Prevention Strategy
    • How to Stop Fraud During the 2022 Holiday Season
    • Jobs Board
    • Merchant Fraud Journal 2023 Fraud Trends Report
    • Merchant Fraud Journal’s Fraud Trends 2020 Report
    • Merchant Fraud Journal’s Fraud Trends 2021 Report
    • Merchant Fraud Journal’s Fraud Trends 2022 Report
    • MFJ’s 2022 Customer Experience Report
    • Podcasts
    • Prevent High-Velocity Fraud Attacks During the 2021 Holiday Season
    • Stopping Fraud Across the Customer Lifecycle
    • Vendor Directory
    • Webinar – Addressing Payment Fraud and the Customer Experience in 2022
    • Webinar – Mitigating Fraud and Risk on the ACH Network
    • Win January Chargeback Disputes
  • Subscribed
  • Terms and Conditions

© 2021 Payments Media Solutions Canada Inc.

Are you sure want to unlock this post?
Unlock left : 0
Are you sure want to cancel subscription?