New Research: Account Takeover Implications for Financial Institutions

Eoin Horgan

Jul 16, 2021

The Aite Group study, commissioned by Accertify, is summarized in the whitepaper titled, The Dreaded Trinity of Identity Theft, Application Fraud, and Account Takeover. This survey was addressed to business leaders and executives in financial institutions. It examines trends in identity theft, providing data that underscores the connection between identity fraud, account takeovers, and application fraud.

Account takeover fraud is a form of identity fraud and costs financial institutions billions of dollars a year. A newly released survey from the Aite Group provides insight into the implications for financial institutions. Read on to learn more about trends in account takeovers, statistics of reported application fraud attack rates on financial institutions, and available fraud management solutions.

38% of Respondents Experienced Account Takeover Fraud

Identity theft often results in account takeover fraud. Once a fraudster has a user’s login credentials, they use them for malicious or criminal activities. The Aite Group survey reported the following trends in the types of criminal activity that result from account takeovers:

  • Wire transfers: 17%
  • Changing contact information on an account: 15%
  • Using a P2P service to move funds out of an account: 15%
  • Using bill pay or ACH to transfer funds out of an account: 14%
  • Using loyalty reward points to make purchases: 13%
  • Ordering checks and writing them for an account: 13%
  • Using a card stored on file at an e-commerce merchant to make purchases: 13%
  • Withdrawing funds from a prime equity line: 13%

There are also reported incidents of account takeovers that withdraw money from investment accounts, use insurance, cash out life insurance policies, and withdraw funds from 401(k) retirement accounts. The possibilities are numerous regarding what criminals can do once they have successfully overtaken an account.

2019-2020 Trends in Types of Account Takeovers

Financial institution fraud increased during the coronavirus pandemic. Survey respondents indicated an increase in most types of fraudulent activity during 2020 compared to 2019:

Method

2019

2020

Both 2019 and 2020

P2P transfer

27%

42%

31%

Bill pay or ACH transfer

33%

38%

29%

Reward points

31%

37%

31%

Travel rewards

33%

37%

30%

Card stored on file at an e-commerce merchant

36%

36%

28%

Wire transfer

53%

22%

25%

The types of account takeover fraud reported by consumers aligned with the rates reported by most financial institutions. Sixty-four percent of financial institutions report that account takeover attacks have increased since the COVID-19 pandemic, with as many 32% reporting an increase of 10% or more.

Reported Account Takeover Fraud Attack Rates on Financial Institutions

According to the Aite report, leaders at financial institutions report rates of account takeover fraud in their business as follows:

  • 32% report that application fraud is up by 10% or more
  • 32% report that application fraud is up between 1% and 9.9%
  • 28% report that application fraud is flat
  • 4% report that application fraud is down between 1% and 9.9%
  • 4% report that application fraud is down by 10% or more

Market forces have driven increases in account takeover fraud, and the environmental conditions of the pandemic have accelerated those trends. Sophisticated technological solutions are essential to protect users.

Account Takeover Protection: 3 Common Scenarios and Accertify’s Identity Fraud Solutions

It is important to implement a solution that can help protect a platform from fraud. Account takeover protection and prevention are only possible if the five pillars of trust are thoroughly analyzed. These include device, connection, location, behavior, and reputation, and this end-to-end approach reduces the risk of account takeovers.

Here are three examples of how Accertify’s fraud management software can mitigate the risk of common account takeover scenarios:

  1. Credential stuffing: Fraudsters can purchase usernames and passwords on the dark web. Automated systems churn through hundreds of credentials, which can then be monetized.

Solution: Accertify helps organizations proactively observe baseline activity on their digital channels. This defines normal user behavior, making it easier to spot abnormalities. For example, a series of logins and logouts, failed login attempts, and other indicators can set off alerts and activate account takeover protection and prevention measures.

  1. Malware: Malicious software, downloaded and installed by unsuspecting users, can be spread through phishing emails and other social engineering schemes.

Solution: Accertify’s Device Intelligence solution effectively protects users by detecting malware on mobile devices. Often, there are telltale indicators that malware is present. Fraud attacks like this may never originate if an effective fraud management solution with device-specific insight is used.

  1. Subscriber identity module (SIM) swap: A plastic chip, or SIM card, connects a mobile device with a cell network. This number can be rerouted, or assigned to a new device, and all codes and calls intercepted and used for malicious purposes.

Solution: Accertify offers a robust technology that binds to a physical device rather than a phone number, enabling secure 2FA messages straight to the device. This, in addition to user-initiated best practices such as password hygiene and good sense, help organizations use a multi-layered defense strategy that detects unusual activity.

If implemented effectively, these solutions can have a net positive or neutral impact on the customer experience.

Request a consultation to learn how implementing an account takeover fraud solution can help protect your business.