Account access fraud carries heavy consequences. Financial account losses from account takeovers alone are $12,000 on average and as many as one-third of all attempted logins for such accounts are suspected takeover attempts.
To make matters worse, as many as 28% of customers would simply close their account with a company if it was taken over at any point.
This form of fraud is unfortunately quite common and can cost both businesses as well as their customers a considerable amount of money. As attackers increasingly set their sights on consumer account information for financial services, the need for better baseline protections continues to grow.
Account access fraud (also known as account takeover fraud) typically involves the use of pilfered user information and credentials to gain access to existing online accounts. With that said, so-called “brute force” techniques, in which account details are guessed sequentially, can also result in an account takeover. Information that is not obtained through brute force can often be purchased on the so-called dark web in bulk.
Once attackers have gained access to a given account, they can use it to obtain more information about the account’s legitimate owner, place purchases for items with the account owner’s funds, or even complete withdrawals to accounts that they control, draining those of their victims in the process.
Although the risks this form of fraud poses to consumers may seem obvious, those posed to businesses in the financial sector could be considerably more severe.
Financial institutions in particular are generally beholden to the rules and standards defined by the Federal Financial Institutions Examination Council (FFIEC). This branch of the US government oversees and examines the activity of financial institutions operating in or interacting with financial institutions that operate in the US.
The FFIEC does not issue fines or sanctions directly, but certain federal agencies comprising its membership do and can issue fines of up to $2 million.
Failure to perform regular risk assessments in which account takeover threats are quantified and controls for these are outlined can cost financial institutions a considerable amount of money. It can also be incredibly damaging for a financial institution’s reputation to receive fines of this nature.
Here are a few of the most common ways you can begin to prevent account access fraud more effectively:
Passwords can be tough for users. Shorter passwords are easier for users to remember, and easier for thieves to figure out. In order to stop this, and the account takeover that may result, companies often adopt password quality standards that require a minimum password length and the presence of a minimum number of capital letters, numbers and symbols. Organizations can also specify when passwords must be changed. Both of these tactics can help reduce account takeover, as well as the frequency of users forgetting their passwords. In this case, a password app that allows users to use distinct strong passwords at each site can be an important part of the process.
Multi-factor authentication fills in the gaps in security left by typical username and password pairing for account access. Instead of relying on a single set of authentication data that often doesn’t change for long periods of time (making it stealable and potentially guessable), multi-factor authentication bolsters security with an additional piece of information that only an account’s legitimate owner would be expected to know or have.
The most popular form of multifactor authentication is for a user to enter a code sent to their phone in addition to entering their username and password. Also popular is using an authentication app that generates a dynamic code as the second piece of authentication.
Identity Validation technology can be used to validate account owners’ identities periodically or before high value transactions, providing your company a strong layer of security.
Intellicheck can validate an ID card and match the person on the ID to the person presenting it. It is highly accurate and relied upon by companies of all types from large financial services companies to police forces around the US to high tech start-ups. It is also fast enough to ensure that your online processes are truly real time processes, and so that your in person processes do not create lines.
Account access fraud ends with Intellicheck. Schedule a demo today to see how Intellicheck can help.