Account Take Over (ATO) Frauds in Digital Banking:

Account Takeover (ATO) is?a form of identity theft where a fraudster illegally uses bots to get access to a victim's bank, e-commerce site, or other types of accounts. A successful account takeover attack leads to fraudulent transactions and unauthorized shopping from the victim's compromised account.

In the Financial Market, the digital battlefield is riddled with Account Takeover (ATO) attackers!?Crafty fraudsters unleash various tricks, from credential stuffing to password guessing and brute force assaults, all in pursuit of infiltrating your precious user accounts.

Depending on the type of account that’s compromised, the fraudulent actor can use the extracted information to impersonate the customer and open a new bank account, order a new credit card, redeem rewards points, or place orders on shopping or restaurant delivery sites. They can also use the information they obtain to access other accounts or sell the account information to nefarious parties.

Cybercriminals leverage two primary tactics to gain access to a user’s bank account – ‘the Rescuer’ and ‘the Investor’ .

The first tactic sees scammers masquerade as ‘the Rescuer’, where they pretend to be security experts and act out scenarios to ‘save’ users. They call bank customers posing as security officers and report suspicious charges or payments and offer their help.

The scammers may ask customers to verify their identity through a code sent in a text message or push-notification, to stop a suspicious transaction or to transfer money to a ‘secure account’. They may also asked the targeted user to install an application for remote management pretending that it is required for troubleshooting.

The scammers often introduce themselves as employees of the largest bank in the potential victim’s region and use a spoofed caller ID for incoming calls to pose as a real bank.

In the second tactic, cybercriminals act as ‘the Investor’.

This scenario involves fraudsters posing as employees of an investment company, or as investment consultants from a bank. They call customers offering a quick way to make money by investing in cryptocurrency or shares directly from the client’s account, without having to go to a bank branch.

As a prerequisite for providing the ‘investment service’, the investor asks the potential victim for the code received in a text message or push notification.

Common methods used in account takeover fraud and steps to prevent them:

1.Phishing Attacks: Attackers may use fraudulent emails, messages, or websites to trick users into revealing their login credentials or personal information. To mitigate this:

• Be cautious of unsolicited emails or messages requesting sensitive information.
• Verify the legitimacy of websites by checking the URL and looking for secure connections (HTTPS).
• Enable two-factor authentication (2FA) whenever possible to add an extra layer of security.

2. Credential Stuffing: Attackers obtain username and password combinations from data breaches and attempt to use them on other platforms where users may have reused their credentials. Mitigate this by:

• Using unique and strong passwords for each online account.
• Employing a password manager to securely store and generate complex passwords.
• Regularly monitoring for data breaches that may have exposed your information and promptly changing passwords if needed.

3. Social Engineering: Fraudsters manipulate individuals into divulging their account details through deceptive techniques. To minimize the risk:

• Be cautious when sharing personal information online or over the phone.
• Beware of unsolicited requests for sensitive information from unknown individuals.
• Educate yourself and your family members about common social engineering tactics to stay vigilant.

4.Malware Attacks: Attackers can infect computers or mobile devices with malware that captures login credentials or grants unauthorized access. To protect against this:

• Keep your operating system, antivirus software, and applications up to date.
• Be cautious when clicking on links or downloading files from unknown sources.
• Regularly scan your devices for malware and consider using reliable security software.

5. Monitor Account Activity: Regularly review your account statements, transactions, and notifications for any suspicious activity. If you notice any unauthorized access or fraudulent transactions, report them immediately to your bank or the concerned platform.

6. Credential stuffing: Using lists of compromised or stolen user credentials to break into an account is called credential stuffing. This is also referred to as breach replay attacks. Because many people use the same username and password combinations for multiple accounts, uncovering credentials for one account can give hackers access to multiple accounts.

7. Credential cracking: Plugging in different username and password combinations until one successfully unlocks the account is referred to as credential cracking or brute-force attacks. Scammers often use lists of common passwords created by bots to find a valid password, or they use bots to try different combinations of random characters until they uncover a user’s password.?

8. Man-in-the-middle attacks: A man-in-the-middle (MITM) attack happens when a fraudulent actor finds a way to get in between a user and an application they’re trying to access, such as an ecommerce site or mobile banking app. A common type of man-in-the-middle attack involves setting up a fraudulent WiFi hotspot and stealing login credentials, account details, and credit card numbers from people who attempt to connect to the hotspot.

9.Session hijacking:Taking control of the session when a user signs in to an online service is considered session hijacking. For example, if a user logs in to their account with an online store in order to make a new purchase, the hijacker could steal all the credit card details needed to make fraudulent charges.?

10. SIM card swapping: SIM card swapping involves a fraudulent actor contacting the victim’s mobile phone carrier and impersonating the victim to deceive a call center employee into moving the victim’s phone number onto another SIM card. Controlling the victim’s phone number allows the fraudulent actor to access bank details or carry out transactions that require text message authentication.

Ways to detect and prevent account takeover fraud

The key to protecting your business from account takeover fraud is being proactive rather than reactive. This means putting measures in place to detect and block fraudulent actors before they have the chance to execute a breach. Because different types of account takeover fraud manifest in different ways, businesses must remain vigilant when it comes to detection and prevention.?

How to prevent ATO:

Due to the potential reputational, financial and legal issues that can arise from an FI experiencing ATO attacks on its clients, FIs should have measures in place to detect and prevent fraudsters.

Tactics for ATO prevention include:

• ?Implement Robust Security Measures : FIs should have strong security measures in place, such as multi-factor authentication, to help prevent unauthorized access to user accounts. This can include the use of one-time passwords (OTPs), biometrics, or hardware tokens.
• Educate Customers :FIs, especially Banks and payment companies, should regularly educate their customers on the risks of ATO, and provide guidance on steps they can take to protect their accounts. This can include creating strong, unique passwords and being cautious about sharing personal information online.
• Monitor Accounts for Suspicious Activity:FIs should proactively monitor accounts for signs of ATO, such as unusual login patterns or transactions. If suspicious activity is detected, they should immediately notify the account holder and take appropriate action to secure the account.
• Employ Advanced Fraud Detection Tools:Artificial intelligence (AI) and machine learning can be used to analyze large amounts of data and identify patterns that may indicate ATO. Advanced tools such as continuous controls monitoring and procurement monitoring can help FIs detect and prevent ATO more effectively.
• Collaborate With Other Institutions: Banks and payment companies should work together to share information about known ATO threats and best practices for prevention. This collaboration can help improve the overall security of the financial industry.
• ATO and Anti-Money Laundering Compliance: In addition to implementing robust anti-fraud programs and fraud detection and prevention solutions, FIs can utilize data and tactics from their anti-money laundering (AML) compliance program.?Data collected and analyzed for AML compliance requirements, such as transaction monitoring, regulatory reporting ,identity verification and KYC processes can provide useful information for combatting types of fraud, including ATO and?payment fraud.

Account Takeover Fraud (ATO) poses a significant threat to financial institutions and their customers. By being vigilant for the top signs of ATO, implementing robust security measures, and proactively working to prevent unauthorized access, banks, payment companies and other FIs can help protect their customers and minimize the potential impact of ATO.