Back to Insights

Prevent Account Takeover Fraud

Blog Post
Account takeover fraud (ATO) is a form of identity theft where bad actors gain access to online accounts and make legitimate-appearing changes to them in order to use the accounts to make fraudulent actions or purchases.
smiling woman shopping on laptop with here credit card out

Retailers encourage customers to create accounts to gather customer data that can be used to personalize marketing and help create a smooth, streamlined checkout experience for future purchases. However, fraudsters who gain access to these customer accounts can wreak financial havoc on customers and merchants.

Account takeover fraud (ATO) is a form of identity theft where bad actors gain access to online accounts and make legitimate-appearing changes to them in order to use the accounts to make fraudulent actions or purchases. 

As retailers encourage customers to create accounts, it is imperative to emphasize the secure handling of sensitive information, including bank accounts, social security numbers, and credit card numbers, especially during peak seasons. Here’s what to keep in mind as you prepare for a surge in transactions.

What Is Account Takeover Fraud & How Does it Work?

Account takeover (ATO) fraud is a form of identity fraud and one of many types of eCommerce fraud where individuals gain unauthorized access to a user’s account and exploit it for various fraudulent activities. Here’s a breakdown of how account takeover fraud typically works:

  1. Stolen Credentials: Fraudsters often acquire login credentials (username and password) from data breaches via phishing emails, malware, or purchases on the Dark Web. These stolen credentials may come from various sources, including previous data breaches on other platforms. Phishing is closely linked to ATO fraud and often serves as the primary method employed by cybercriminals to gain access to user’s accounts. 

  2. Credential Stuffing: Once fraudsters have a list of stolen account details, they use automated tools and techniques, such as credential stuffing. This involves systematically inputting these stolen credentials and account information, like logins, phone numbers, and passwords, into numerous websites and online services, exploiting the common practice of users reusing passwords across multiple accounts.

  3. Automated Login Attempts: Hackers use automated scripts or bots to conduct a large number of login attempts using password combinations in a short period, trying to gain access to user accounts. Since many people use passwords across different platforms, attackers have a higher chance of successfully logging in with the stolen credentials.

  4. Legitimate-Appearing Changes: Once inside an account, fraudsters make changes to avoid detection. These changes can include altering the account password, email account, and shipping address or adding an authorized user. Making these legitimate-appearing changes helps them maintain access to the compromised account without raising immediate red flags.

  5. Fraudulent Actions and Purchases: With control over the compromised account, fraudsters initiate various fraudulent activities. Account takeover attacks can include making unauthorized purchases, changing account settings, or exploiting stored financial information.

  6. Exploiting eCommerce Practices: In the context of eCommerce, fraudsters may exploit “Buy Online, Pick Up In Store” (BOPIS) or “Buy Online, Pick Up at Curbside” (BOPAC) options. They might set up proxy pickups or take advantage of lenient identification processes during in-store pickups, making it easier to receive fraudulently purchased goods.

  7. Delayed Detection by Victims: Victims often don’t realize they’ve fallen victim to ATO until they notice unauthorized transactions on their account or are blocked from accessing their account due to changed passwords. If fraudsters operate within the typical behavior patterns of the account holder, detection becomes even more challenging.

  8. Chargebacks and Financial Gain: Fraudsters may have purchases shipped to addresses associated with stolen credit cards and later initiate chargebacks, resulting in financial losses for both the retailer and the legitimate account holder.

This type of fraud is a significant challenge for businesses and consumers alike, requiring constant vigilance, cybersecurity measures, and user education to mitigate the risks associated with compromised accounts.

woman with head buried in hands after becoming victim of account takeover fraud


When does a customer realize they’ve been hacked?

Recognizing that their account has been compromised is a realization that often dawns on customers only after encountering telltale signs. The typical moment of awareness occurs when they observe unauthorized charges listed on their credit card statement or find themselves unexpectedly barred from accessing their account due to a changed password. 

While credit card companies and financial institutions equipped with robust fraud detection functionality may promptly send customers notifications of any suspicious activity on their cards, the challenge intensifies when fraudsters operate discreetly within the established behavioral patterns of the account owner. Detecting an account takeover (ATO) becomes particularly elusive until conclusive evidence of fraudulent transactions surfaces across multiple victims’ accounts.

So, how can retailers protect customers from ATO attacks?

Retailers play a crucial role in safeguarding their customers from account takeovers (ATO), and implementing comprehensive strategies is essential. Here are five key measures that retailers can adopt to protect customers from ATO and phishing attacks:

  1. Customer Education Launch an educational campaign to raise awareness about account takeover risks. Many customers may be unaware of the threats associated with using the same password and other sensitive information across multiple accounts. Encourage strong password practices and consider educating customers about the benefits of two-factor authentication, multi-factor authentication (MFA), or biometric authentication for enhanced security.As part of customer education, it is crucial to raise awareness about phishing scams that aim to compromise personal data, including credit card numbers, social security numbers, and other sensitive information. Empowering customers to use secure practices and robust tools, such as a reliable password manager, contributes significantly to the overall protection of their personal data.

  2. Employee Training for In-Store Pickups Train retail associates to be vigilant during in-store pickups, especially for orders placed through “Buy Online, Pick Up In Store” (BOPIS) or similar services. Ensure that employees ask for proper identification during pickups and are aware of the procedures for identifying and addressing suspicious behavior.

  3. Complete Data Sharing with Fraud Protection Providers Provide comprehensive data to fraud protection providers, enabling both manual reviews and automated detection systems to make well-informed decisions. Ensure that all necessary information, including details about proxy pickups and other relevant data, is shared to enhance the effectiveness of fraud prevention measures.

  4. Regular Process Reviews and Updates Conduct regular reviews of security processes with retail associates to stay abreast of the latest fraud strategies. Learn from past fraud experiences and update processes accordingly. Keeping fraud prevention top of mind for employees helps maintain a proactive stance against evolving threats.

  5. Collaboration with Retail Fraud Experts Partner with eCommerce fraud protection experts, such as specialized service providers like Radial. Leverage the experience of fraud prevention professionals to implement sophisticated measures tailored to the retail industry’s unique challenges. By collaborating with retail fraud experts, retailers can effectively address vulnerabilities and leverage advanced technologies like machine learning to detect and prevent sophisticated attacks. Furthermore, partnering with these experts ensures comprehensive reviews of security processes, staying ahead of evolving fraud strategies.

By combining these measures, retailers can significantly enhance the protection of customer accounts, creating a more secure and trustworthy environment for online transactions. It’s crucial for retailers to continually reassess and adapt their strategies to stay ahead of emerging threats in the dynamic landscape of account takeover fraud.

person on laptop monitoring for account takeover fraud in real time

Real-Time Monitoring Safeguards Against Scams and Financial Losses

Radial offers fully managed fraud prevention services designed specifically for merchant fraud protection. With deep expertise in retail (including ten years in BOPIS) and a vast network of customer data across the retail industry, we are able to detect account takeover attempts to help keep your customer accounts secure.

We assess for risk factors, such as:

  • Are the account changes being requested similar across other businesses?

  • Do the changes follow typical account takeover patterns?

  • If personal info is being changed, is that info associated with fraudulent or risky behavior elsewhere?

  • Is there a sudden large volume of login attempts, change requests, multiple changes to an account in one session, transfers of a large number of reward points, shipping addresses being changed, very large purchases, or suspicious changes in browser use, ISP, country, or VPN, etc.?

In addition to the proactive measures outlined above, staying informed about current eCommerce fraud trends and analyzing relevant eCommerce fraud statistics can further enhance retailers’ readiness to combat evolving threats during peak seasons. As retailers prepare for peak and high volumes of transactions, taking the time now to add additional measures to mitigate account takeover is essential. Radial is here to help advise on fraud protection and provide complete fraud solutions.


Follow Radial on LinkedInFacebook and Twitter.

Talk to us today.