Account Takeover Fraud Challenges and Solutions
Account takeover comes up as one of the number one concerns in pretty much every conversation that we have with financial institutions, FinTechs and e-commerce merchants. It goes back to the fact that so much of our data is breached; so much of it is out there. Consumers are really lazy about using username and passwords appropriately, and so we have multiple surveys that show that the majority of consumers use the same handful of username and passwords across all of their online relationships.
The bad guys know this too, and they are leveraging technology to perpetrate and automate these credential stuffing attacks. When attackers breach 37 million credential pairs at Twitter, for example, they can automate these credential stuffing attacks to see how many different e-commerce accounts or bank accounts the breached credentials will get them into.
In the face of this, it's really important for financial institutions to be analyzing the unique aspects of the digital identity. Look at the device fingerprint; look at the reputation of the device; look at the way the data is being inputted; look at the way that they navigate through the session. Is this something consistent with what a genuine user would do, or is this a navigation that would be indicative of some sort of reconnaissance activity? Also use risk analytics to analyze the types of transactions and the sequence of transactions.