Categories: Fraud Prevention

Evening The Odds Against ATO With Fraud Decisioning

Petabytes of compromised personal information and card data are being commoditized for sale on the dark web, ushering in an era of what’s being called “industrial-scale account takeover” (ATO). The problem is growing as more commerce moves online — and is exposed.

According to PYMNTS’ July 2020 FI Fraud Decisioning Playbook sponsored by Simility, a PayPal service, “This fraud type occurs when bad actors seize control of victims’ bank or online merchant accounts and spend ill-gotten funds, and it is likely to become more frequent until FIs can demonstrate that their defenses are strong enough to deter criminals’ attempts.”

“Those that cannot adequately detect and thwart ATOs cannot safely serve the many consumers who need smooth financial support during the COVID-19- related economic downturn, and attempted attacks can be deeply damaging to consumers and banks’ brands alike.”

Strategies to combat the advancing ATO threat are core content in the latest FI Fraud Decisioning Playbook, which also contains valuable use cases for recovering businesses.

Tricks Of The Trade

Monstrously clever cybercrooks have favored tricks of their trade which come and go almost seasonally. ATO is immensely popular with baddies right now, and they’re not polite about it.

“A popular brute force method used to accomplish [ATO] is credential cracking, which involves fraudsters using bots to automatically plug potential usernames and passwords into login screens in the hopes of stumbling across the correct credentials,” per the new Playbook.

“A more focused ATO attack type is known as credential stuffing, which is typically conducted by hackers who possess customer login details that have been exposed in data breaches. Hackers attempt to find victims who have used the same usernames and passwords that were exposed in breaches and input these details into victims’ accounts at other companies, and they often leverage bots to plug this login information into many websites.”

Whatever their preferred poison, fraudsters can be stopped with the right tools. Increasingly that points to biometrics, artificial intelligence (AI) and machine learning (ML), often synchronized in cloud platforms for faster processing of larger datasets.

Orchestrating The Answer

By orchestrating multiple authentication types in platform environments, financial institutions (FIs) and merchants are gaining new weapons in the fight against industrial-scale ATO.

“Efforts to make authentication more difficult for fraudsters and quicker for legitimate users has led some FIs to adopt biometric authentication methods. Customers using mobile banking apps might scan their fingerprints to confirm their identities, for example. Such tools enable users to log in using few steps, and bots are unlikely to be able to fake credentials that depend on unique physical traits,” according to the July 2020 FI Fraud Decisioning Playbook.

“Many [banks] are leveraging ML- or artificial intelligence (AI)- powered tools to analyze customers’ behaviors for unusual activities that could indicate fraud. Deviations in normal transaction behaviors, such as large payments being sent to accounts with which customers have not previously transacted, would be red flags, for example. Significant differences in behavioral biometrics — details such as users’ typical keystroke patterns or how they usually navigate banks’ websites — could also indicate that fraudsters have compromised accounts.”

Get our hottest stories delivered to your inbox.

Sign up for the Newsletter to get updates on top stories and viral hits.



Banks, corporates and even regulators now recognize the imperative to modernize — not just digitize —the infrastructures and workflows that move money and data between businesses domestically and cross-border. Together with Visa, PYMNTS invites you to a month-long series of livestreamed programs on these issues as they reshape B2B payments. Masters of modernization share insights and answer questions during a mix of intimate fireside chats and vibrant virtual roundtables.

Recent Posts

UK Cracks Down On Late Payments To Suppliers

Large U.K. companies could face fines or penalties if they don’t pay smaller suppliers on…

4 hours ago

S.Korean FinTech Kakao Pay Preps For IPO

Kakao Pay is set to be the first South Korean FinTech working with mobile payments…

5 hours ago

Goldman Eyes Cutting 1 Pct Of Workforce

Goldman Sachs plans to move forward with a "modest number of layoffs," according to a…

5 hours ago

COVID Restrictions Leave Second-Hand Clothing Market Bursting At The Seams

Dwindling sales and mounting donations have spelled doom for the market for buying recycled clothing,…

6 hours ago

UK Faces $30B In COVID Loan Losses

The U.K. government now estimates its losses from the pandemic could hit 23 billion pounds…

7 hours ago