Stopping account takeover fraud across the financial services sector



The digitalization of the banking industry is seeing customers engage more and more with online financial services on a global level. With 70% of financial institutions worldwide already reporting losses exceeding $500K in 2022, it’s crucial to understand how digitalization is opening the doors to new and increasingly sophisticated fraud attacks. In fact, recent research indicates that one-third of login attempts for financial services are suspected account takeover (ATO) attempts, with the average value of financial losses from such attempts costing $12,000. According to Experian, account takeover fraud has increased by more than a third over the past few years.

What is account takeover fraud?

A particularly insidious form of identity theft, ATO fraud involves a bad actor gaining access to and taking over someone else’s online account. Once access is gained, the fraudster can drain the victim’s banking account, initiate wire transfers to other fraudulent accounts and take out fraudulent loans.

Collusion fraud prevention

How do fraudsters commit ATO fraud?

Fraudsters are becoming ever more sophisticated in their ability to take over unsuspecting customer’s accounts. They use a variety of tactics to target financial institutions, including exploiting weaknesses in application programming interfaces and web applications, with the intention of stealing the personal data needed to bypass security measures and access an account. In other instances, criminals launch malicious bot attacks to steal data. So pernicious are these attacks that it is predicted the cost of cybercrime data breaches will grow to over $5 trillion by 2024. Other techniques fraudsters use include social engineering attacks, such as phishing email campaigns to enter another’s account. Via a successful phishing expedition, fraudsters can then distribute malware to infect a user’s device and ultimately steal their information to access their accounts. Finally, there are direct brute-force attacks, which involve a bad actor using an automated script and trying multiple password combinations simultaneously until access is gained.

What are the consequences of ATO fraud?

Beyond the severe financial losses that affect both the financial institution and the consumer, there are other consequences of a successful ATO attack worth highlighting.

Reputational damage

The reputational damage that can impact an institution and erode a customer’s trust can be far-reaching, resulting in a loss of current and potential customers and further adding to the financial impact.

Legal consequences

Account takeovers within the industry can result in legal action and severe regulatory fines and penalties. This is why it is so important that financial institutions have comprehensive security measures in place.

How can financial institutions best protect themselves against ATO attacks?

When it comes to putting best-in-class security measures in place to mitigate ATO fraud, financial institutions need to remember that today’s consumer wants it all: a secure banking platform they can trust, unfettered by fraud and friction. Indeed, consumers know all about ATO attacks and are well aware of the implications. According to a recent survey of UK banking customers, more than one in four consumers are worried about ATO, with the same number again concerned their stolen identities will be used to open a fraudulent account. In our survey, we asked more than 7,000 consumers across North America and Europe what they wanted in their digital account experiences. A whopping 65% reported abandoning their account opening or transaction process on at least one occasion due to friction, including the process taking too long. For financial institutions to operate more efficiently and reduce unnecessary costs, fraud prevention that does not impede the onboarding process – nor any part of the customer experience – is paramount.

Data insights for identity verification

Automate confident risk decisions with identity data and insights

With Mastercard Identity data and insights, you can enhance your onboarding workflow, optimizing your verification process and associated costs by determining the risk level of each applicant at the very first touchpoint. In real-time, you can:

  • Leverage predictive, probabilistic data to complement existing KYC and AML checks
  • Capture compromised identities before they create an account
  • Onboard thin-file customers with more confidence

With Mastercard Identity data and insights, you see the complete digital identity footprint, which includes behavior as well as other data points—including device usage—to validate legitimate logins.  This is particularly pertinent when high-scale, sophisticated ATO attacks involve targeting different purchase options using different devices. This not only helps stop scripted attacks at login, but it also increases confidence in your customers and lowers friction for trusted users. By leveraging these real-time insights, financial institutions can reduce the costs associated with manual review and compliance checks while increasing customer satisfaction. Consumers have more choices than ever before when it comes to financial services. When it comes to mitigating fraud in this ever-competitive landscape, financial institutions need to consider the needs of the consumer as well as their bottom line. Want to fight account opening fraud without impacting your customer’s account opening experience? Reach out to us today.

Related content