Shield your customer accounts from fraudsters

Account takeover fraud occurs when fraudsters use stolen consumer credentials (typically username/email and corresponding passwords) to take control of an existing account. These same individuals may also use stolen personal information to establish new fake accounts. Fraudsters can then use these accounts to carry out unauthorised activities, including loyalty fraud, card testing and creation of fake accounts.

In addition to fraudulent payments, account takeovers may have far-reaching consequences for victims, undermining trust and loyalty among valued customers and causing rapid attrition away from the brand. Make sure you’re taking steps to protect your business.

Protect online accounts from unauthorised access

Stop fraudsters, while providing a streamlined experience for good customers. Account Takeover Protection actively monitors new account creation or login activity on your website to identify valid transactions versus high-risk requests.

Avert fraud attempts before they take place

Avoid the costs and risks associated with fraudulent transactions and chargebacks. Machine learning plus a flexible rules engine identifies suspicious activity based on requestor’s behaviour, email, device, communications and other attributes. You decide whether to accept, reject or challenge account related requests—helping stop fraud before it happens.

Preserve customer trust and loyalty

Protect your brand by ensuring customers enjoy a secure online experience. Real-time decisions mean that account creation, login and changes will be seamless and safe. You can also identify valuable returning customers to provide them with a frictionless path to purchase.

The rise of account takeover fraud

Account Takeover Protection plays a key role in preventing two mounting fraud threats: credential stuffing and card testing.

Protect customer accounts from credential stuffing

Cybercriminals are using increasingly sophisticated methods to access accounts, including phishing through malware, SQL injection attacks, spyware, Trojans, worms, and botnets (network of machines that can automate an attack).

The now prevalent use of botnets means fraudsters can conduct rapid, large-scale automated login attempts to validate and use stolen credentials. This is known as credential stuffing, and it puts businesses at an even greater risk of account related fraud on their sites. Account Takeover Protection screens for credential stuffing to help keep your business safe.

Stay ahead of card testing attacks

More and more fraudsters are using botnets to superpower their card testing schemes. In these attacks, fraudsters run thousands of low-value transactions on a merchant’s site to “test” the validity of card details. By the time merchants notice, they often face a staggering number of authorisation fees, and the chargebacks may jeopardise their standing with major acquirers and processors.

Account Takeover Protection can help identify and block bots or fraudsters prior to logging in and attempting to load and test cards.

Safeguard your loyalty programmes too

Fraudsters are also on the lookout for weak points in loyalty programmes. In this scenario, cybercriminals takeover good customers’ accounts to steal reward points and resell or redeem them. Account Takeover Protection monitors high-risk behaviour at account access, purchase and redemption of points—so you can protect your incentive programmes and drive customer loyalty.


Spike in account creation attacks

In the first six months of 2019, bot-based account creation attacks perpetrated against online retailers spiked by 305 percent.1


Rise in account takeover attempts

Increase in account takeover attempts and a 391 percent rise in shipping fraud attempts globally for online retail customers from 2018 to 2019.2

Identitfy suspicious activity from account creation through checkout

How it works

User-friendly Cybersource Enterprise Business Centre interface makes it easy to configure risk strategies.

Create profiles for each event you’d like to review:

Account Creation, Account Login, and/or Account Update events (such as password changes).

For each profile, create review rules based on comprehensive strategies, including device, email, communications, velocities, bot detection and user behaviour

These rules can flag anomalies about the requestors trying to access your systems, such as jailbroken devices or suspicious proxy IP activities. Cybersource can access cross-merchant device data, providing insight into past device usage and other attributes.

Rules can also incorporate velocities around items

such as number of times a device is used in conjunction with username, password, name, billing address, phone number and payment card information.

Based on rule output, decide whether to accept, monitor, challenge or reject the user action. For instance, events originating from new devices for existing customers could be challenged, requiring users to verify their identities before they’re allowed to create, access or change data in their accounts.

Supported on web and mobile devices, with SDKS for iOS and Android implementation in mobile apps

Easy integration

Account Takeover Protection operates on the same platform as our payment fraud and risk management solution, Decision Manager, providing the critical ability to share learnings from the payment side to the account review side, and vice versa.

By using Account Takeover Protection in combination with Decision Manager, you can access information about pre-purchase account activity during review. Since Account Takeover Protection leverages the same integration, customers using Decision Manager can easily add the Account Takeover Protection service. Enable Account Takeover Protection and start safeguarding your customer accounts today.

1 LEXISNEXIS® Risk Solutions Cybercrime Report, January-June 2019.
2 TransUnion Global Fraud & Identity Solutions, Global E-commerce in 2020 Report.

Interested? Let’s talk.