Peter Taylor
Lets be clear, account takeover (ATO) fraud is not new – ATO fraud has been a concern for companies, particularly online retailers for over a decade. Simply put, ATO is essentially online identity theft – cybercriminals gain access to an account that does not belong to them, before using this unauthorised access to carry out illicit transactions. For example, they may use your account to purchase items, or lock you out of your account before selling it on to other fraudsters.
However, having recently released their 2020 Digital Trust & Safety Index, Sift, the payment fraud solutions company, have revealed that instances of recorded ATO attacks have vastly increased – by 282% between Q2 2019 and Q2 2020. Largely believed to be due to a rise in digital business and online shopping since the COVID-19 outbreak. Similarly, the number of stolen credentials for sale on the dark web has increased by a huge 300%.
Numerous methods of obtaining personal details exist. Fraudsters can hack computer systems, breaching their defences to steal data, use malware to obtain vital information or coerce a potential victim into directly providing the information needed, through social engineering. Even simpler, many cybercriminals simply purchase already stolen credentials, from an insider, or on the dark web.
Once credentials have been obtained, a document known as ‘fullz’, also available on the dark web, is utilised. Fullz (full or partial) can enable fraudsters to input the data they are currently in possession of and search both illegal and legal websites to find any missing information. Social media sites are among those scoured – highlighting a sinister significance to the various data-input activities regularly undertaken by its users. Details in high demand include mother’s maiden name, commonly used aliases, vehicle details, previous addresses, driving license details, national insurance/social security numbers, pay slip data, and of course passwords (particularly banking). These crucial snippets greatly aid would-be fraudsters circumvent in the best additional security checks. Fullz documents can even be purchased with an included credit check on an intended victim. This small upgrade increases a fraudsters chances of being accepted for credit on behalf of a potential victim.
Once in possessing of various personal details, fraudsters can undertake various types of illegal activities. For example, they could impersonate their victim to open a new line of credit. Thorough criminals will change account details, e.g., address and email address to delay detection. During this window of activity, most fraudsters open numerous accounts, also likely undertaking other types of fraud using the same identity. If a card has been stolen, but the PIN is not known, fraudsters will make use of online retailers. Providing they have the billing address, most retailers will not stop such transactions until the card is reported lost or stolen. To combat this, multi-factor authentication and ‘Verified by Visa’ are now in common use as second tier authorisation. However, if, through methods previously discussed, the criminal has identified the password or even the victims D.O.B, they can often still circumvent 3D secure or be granted permissions to change aspects of the account they do not have access to. Furthermore, I have it on good authority that a large proportion of the public have not actually set up multi-factor authentication. As a result, criminals exploit this gap and continue to make fraudulent purchases, some even going as far as to setting up the service themselves, on behalf of the victim. This facilitates large purchases, easily passing the second-tier authorisation and providing access to services such as transferring money.
Organised fraudsters use strict controls, enabling them to hide in the shadows. Often using permanent locations, operating out of sight, they have clear goals and organised, ever-evolving strategies. To combat fraud, I suggest focusing on four key areas:
In addition to the financial cost of ATO fraud, it also presents a real threat to brand loyalty. Over 56% of customers surveyed by Sift said that if they discovered that their personal data had been compromised, they would stop doing business with the breached site and choose another provider.
Fraud prevention and early detection is paramount – ATO criminals are educated, organised and experienced, and are as focused on ROI as any other revenue generating business. However, if an organisation presents robust systems, a zero-tolerance policy and regularly rebuff criminals fraudulently obtaining money or other assets from their customers, they will likely move on, to a target who is easier to compromise.
Peter Taylor is an accomplished and distinguished fraud expert and investigator. He begun his career with Greater Manchester Police, before obtaining the position of Head of Fraud for Major Loss Adjusters. Since founding a consultancy firm, Peter has expanded his areas of expertise and is a cross-industry specialist in and cybercrime and counter-fraud measures.
As Phronesis continues to expand, now offering our Mobile Identity and Fraud Prevention services directly to enterprise, we wanted to commission research into cybercrime, and the many facets within, to both add to our understanding, and to share with our growing network of partners, clients, followers, and of course to those who generally operate in the sector.
Sponsored by Phronesis Technologies Limited – Now TMT ID
Edits and afterword by Toni Pickering
Last updated on March 28, 2024
"BTS (Business Telecommunications Services) is successfully using TMT’s Velocity and Live services to check the status of mobile numbers. This way we make sure we optimize the performance of the service offered to our customers and ensure the quality of terminating traffic to all countries.”
"TMT is a valued partner that enables us to manage our routing costs effectively. They proactively and continuously expand their operator and country coverage while delivering exceptional customer service. We can always count on them to achieve high-quality results and look forward to our continued collaboration."
"TMT provides us with the most comprehensive numbering intelligence data through their fast and reliable Velocity and Live services. TMT is a trusted partner for us, their products ensure that we continue to optimise the best performance and service to our customers."
"TeleShield from TMT gives 42com the power to detect and target telephony fraud scams internationally, thereby protecting our company from the financial and customer experience impacts of telecommunications fraud."
"It has been a pleasure to work with the team at TMT. They have become an essential provider of accurate numbering data information and Number Portability services globally."
"Deutsche Telekom Global Carrier uses TMT ID as one of their key suppliers for Mobile Number Portability Data services. Deutsche Telekom Global Carrier uses TMT ID’s Velocity MNP solution. This is an ultra-fast query service that optimises the routing of international voice calls and A2P messaging."
We provide comprehensive device, network and mobile numbering data available.
Contact us > Chat to an expert >
