home / Fraud Detection and Prevention

Account Takeover Fraud: What Online Lenders Should Know

5 Jul 2022
Account Takeover  What Online Lenders Should Know 1024x619 optimized

Account takeover (ATO) is on the rise, in fact, in 2020, over 1 in 3 people (38%) in the US had been affected by account takeovers. This rising statistic could be bad news for lenders as it could mean account takeover fraud is also on the rise. While account takeover fraud isn’t new, its growing proportion of fraud losses indicates that lenders, and others, should take note and start devoting more resources to detecting and preventing it.

What Is Account Takeover Fraud?

what is account takeover fraud optimized
what is account takeover fraud optimized

Account takeover fraud is a form of identity fraud in which a fraudster uses an individual’s compromised account to gain access to their available credit and withdraw money in their name.

More specifically, fraudsters will use a compromised set of credentials to log into a victim’s lender, fraudulently apply for a new loan, and then once the money is in the victim’s account, withdraw it. While the methods of obtaining an individual’s credentials may vary, the end result is always the same. The fraudster withdraws the money and disappears.

While account takeover fraud may be riskier for the fraudster than other forms of identity fraud, it does have several advantages, most importantly access to an individual’s available credit. In addition, the person committing fraud does not need to build a fake identity or financial history to commit the fraud. Instead, all they need to do is steal a person’s existing credentials, pre-existing accounts, and credit history then illicitly send money to themselves.

Account takeover fraud is not facilitated like most other kinds of identity fraud or financial fraud. Instead of needing sensitive information, such as bank account numbers, social security numbers, names, and addresses, a fraudster only needs access to a stolen username and password. These credentials are often obtained via malware or phishing. With those credentials, it’s possible for the fraudster to take out a loan in the victim’s name and withdraw the funds.  If a victim’s account has SMS multi-factor authentication (MFA) enabled, a fraudster can perform a SIM swap, which associates the victim’s phone number with the phone the fraudster has in their possession, allowing them to bypass MFA.

Once the funds are in the victim’s account, the fraudster can move the funds into an intermediary account. Once the funds have left the victim’s account, the fraudster can cash out the funds by making ATM withdrawals, purchasing cryptocurrencies, transferring funds to online payment platforms, or buying e-commerce goods, among other methods.

free checlklist banner cta 2

Combatting Account Takeover Fraud

Account takeover poses unique challenges to online lending, but online technologies, stronger account management, and robust fraud awareness programs can help lenders approve more loans with ease.

Lenders have many existing solutions to choose from when it comes to recognizing account takeover. First, they can help to make the login process more secure for themselves and their customers. This means requiring multi-factor authentication (MFA) during login with a time-based one-time password (TOTP) or a universal second-factor (U2F) hardware token. In fact, Microsoft has claimed that the addition of MFA to login processes can block over 99.9 percent of account compromise attacks. However, it’s important to remember that with experienced fraudsters, SMS MFA is not as effective as other methods, due to SIM swapping.

In terms of stronger account management, lenders can also implement identity or verbal confirmation of new lines of credit and withdrawals, withdrawal limits and alerting, waiting periods, and the detection of compromised accounts. These types of security measures are especially helpful for continuous fraud monitoring.

The most important ally a lender has in the fight against account takeover fraud is vigilant borrowers. Letting borrowers know what to be on the lookout for, especially regarding phishing emails or fraudulent calls from someone claiming to be your lending institution, can be helpful. Borrowers should also be continuously monitoring their own accounts to keep an eye out for suspicious transactions, payments, and activity to be able to notify their provider as soon as possible. 

Lenders can also help their users practice good security hygiene with a robust knowledge program. This means recommending users create unique and random passwords for every new account, use a password manager, don’t install untrustworthy software, and don’t enter their passwords into websites they don’t recognize.

Account Takeover Fraud: A Manageable Issue

Account takeover can be one of the most expensive forms of online lending fraud. However, with the right fraud detection solutions as well as vigilance on the part of themselves and their borrowers, lenders can combat account takeover and try to minimize the negative impact it has on profit margins, platform security, public image, and the customer experience.

If you’re interested in learning more about how Ocrolus can help you detect file tampering, start a free trial today.