The Growing Threat of Account Takeover Fraud


Account takeover fraud is typically thought of as a threat to cardholders. However, merchants are equally at risk to loss and damage to their business due to this prevalent form of payment fraud.
The very nature of account takeover fraud results in more loss for the merchant than it does for the cardholder. Whereas the cardholder is able to absolve liability for the fraudulent use of their credit card, merchants are left without recourse to recover lost revenue as a result of account takeover.
Account takeover fraud is not limited to just credit or bank cards—email accounts, online shopping carts, mobile wallets, and even payment gateways can be impacted.
Account takeover is a threat to the payments industry at large. It’s not something that happens only in fiction or to other people: account takeover fraud is real and on the rise with the growth of CNP sales.
Account Takeover Fraud Hurts Merchants at All Angles
A data breach occurs and users of a well-known email service or customers of a large social media company are impacted. Their data is stolen—including passwords, email addresses, phone numbers, home address, and other secure identifiers.
This information can then be sold on the dark web to criminals who use advanced technology to access credit card accounts and online shopping accounts, to apply for new credit cards and more. Criminals then to use this stolen information to make purchases, complete cash advances, and do worse.
Typically, the cardholder is infomred of this fraud when they learn about a maxed-out credit card or see unknown charges on their credit card statement. This can take months, depending on the level of vigilance of the cardholder.
For the consumer, this fraud can have long-term impacts, with no knowledge of who has access to their personal information. Fortunately, most credit card companies do not hold violated cardholders responsible for the charges.
The merchant, however, is not so lucky. The losses for the merchant go beyond the cost of the lost merchandise and associated revenue. Merchants now have to deal with the trickle-down effects of this payment fraud:

  • Monetary fraud loss. This payment fraud is outright theft. As a result, there is no recourse with a chargeback representment case or other established measures to allow the merchant to recoup losses.
  • Cardholder distrust. While the fraud isn’t the merchant’s fault, the cardholder may not understand this. He knows his credit card was used fraudulently at “XYZ Merchant” and no longer trusts sending business their way.
  • Brand damage. While the security breach was not initially exacted upon a particular merchant, it’s not easy for this merchant to gain distance from its stigma. This can result in great damage to brand and reputation.

Merchants are dependent on cardholder confidence and trust. Account takeover fraud can slowly but surely chip away at consumer confidence when it comes to buying online.
Merchants must make as many efforts to prevent the damaging effects of account takeover fraud as they would to prevent chargeback and payment fraud.
Detecting and Preventing Account Takeover Fraud
CNP merchants should implement intelligent payment and fraud prevention solutions that use a multilayered approach. Account takeover criminals use the latest in advanced technology, and so merchants must have an equal or better level of technology working for them.
These fraud prevention tools include:

  • Geolocation. Verify the location of the customer with actual location of the active card.
  • Biometric analysis. Compare the customer’s fingerprint with that of the cardholder.
  • Address verification service. The issuer compares the address provided during the transaction.
  • CVV. Additional credit card security code required during the final payment authorization.
  • 3D Secure. A cardholder authentication protocol for e-commerce transactions and CNP purchases.
  • Merchant co-op. New orders are compared against millions of orders taken by other merchant contributing in-network and scrubbed for fraud risk.
  • SSL. Secure encrypted communication protocols between devices and payment solutions.

Merchants should also monitor customer buying habits with a sight to unusually high purchases, purchases from an unrecognized address, a change in address, or purchases from a new or unknown device. It pays for the merchant to have a proactive customer service team that contacts cardholders when they notice unexpected purchasing activity.
Using a solution such as Verifi’s Intelligence Suite provides you with the multilayered and intelligent fraud prevention technology you need to combat account takeover fraud. You can contact us to learn how our fraud prevention experts can help set up a customized solution tailored to your specific business needs.