Identifying and Preventing Account Takeover and Loyalty Fraud
July 16, 2020
Read time: 3 min
In the previous blog posts in this series, we discussed account takeover attacks and loyalty fraud, and the impact they can have on a business and its customers. We also acknowledged that identifying and preventing these attacks can be challenging—largely because fraudsters are logging in to customers' accounts using legitimate credentials stolen elsewhere.
As we outline in this blog, however, there are steps a business can take to guard against account takeover and loyalty fraud, and preserve customer trust.
The signs to look out for
One obvious sign of an attack is a surge in customers reporting unauthorized activity on their accounts to your customer service desk. For that reason, it's vital your service desk has an effective process for communicating these reports to your fraud management team, so that they can take action.
Other indicators (if you operate a loyalty program) are unusually high volumes of loyalty points being purchased, redeemed, or transferred between accounts.
Of course, once those signs have been identified, the attack is already in progress, and some damage will have occured. What you really need is the ability to prevent account takeover and loyalty fraud before it happens. That way, you'll minimize any impact on your customers—and save your business costs, hassle, brand issues, and customer attrition downstream.
Preventing account takeover
To prevent fraudsters taking over your customers' accounts, you need to be able to recognize and block fraudulent login attempts. Today's fraudsters tend to automate account takeover attacks using credential stuffing tools. These tools can carry out large-scale attacks, quickly testing high volumes of stolen account credentials against multiple websites. In a single eight-month period, more than 10 billion credential-stuffing attacks aimed at retailers were detected.1
The good news is that, from a behavioral point of view, login attempts using a credential stuffing tool look quite different from logins by genuine account-holders. Ideally, you'll deploy a solution that can distinguish between genuine and fraudulent behavior by:
- Monitoring account events (creation, login, and update) for suspicious activity
- Factoring in data such as email, IP addresses, and device usage
When detecting account-related attacks, the solution should challenge or block activity before the accounts can be created or compromised, and used to make purchases and/or redeem points.
How Cybersource can help
As part of the Cybersource fraud prevention suite we offer Account Takeover Protection. It monitors for high-risk requestor profiles and behavior. Account creation, login, and updates—plus loyalty point purchase and redemption—are all screened. The solution leverages rules set up by the business to inform decisions about accepting, challenging or rejecting user interactions. Rules may include, for example:
- Examining the originating device ID to check whether it's associated with spam or contains malware
- Understanding whether the device's IP address is identified as a known bad bot
- Examining the velocity of event requests and associated attributes
- Checking whether the same email address is associated with multiple accounts
- Making comparisons against the global network-level negative list and the business's own custom lists
Cybersource Account Takeover Protection integrates with Cybersource Decision Manager (or can be used with other transaction screening tools) to help you reduce your exposure to fraud throughout the transaction lifecycle.
Adding Account Takeover Protection to your existing fraud screening capabilities will help you safeguard your customers' accounts and loyalty points. Give your customers the service they expect and preserve their trust.
Find out more about Cybersource Account Takeover Protection.
1"Retailers Were Inundated With 10 Billion Credential-Stuffing Attempts In Just Eight Months," Digital Transactions, February 2019.