Let’s talk

Jan. 06, 2022

Account Takeover Fraud is Rising. Here’s How Financial Institutions Can Combat Them

Share this:

By Harinder Singh Sudan and Nadee Wije @BlackSwan Technologies


Financial institutions are projected to lose billions to compromised accounts, but there are tools firms can use to catch fraudsters in the act

When a customer receives a notification for a fund transfer that was not authorised by them, it’s already too late. By then, their account has been hijacked and they’ve been blocked from regaining access. The customer is stupefied as the fraudster continues on their spending spree. In a frantic rush to minimise losses, the customer alerts the bank but it may take minutes before the customer regains full control. By then, thousands, if not hundreds of thousands of dollars, have already been lost. This customer is not alone. 

Every day, consumers and businesses fall victim to financial account takeovers and the number of cases is on the rise. Account takeovers are also happening more quickly as fraudsters use increasingly sophisticated and automated methods to launch attacks. Javelin Strategy & Research reported that 40 per cent of all fraudulent activities associated with account takeovers occur within a day.

Account takeovers contribute to online payment fraud, which costs financial institutions billions of dollars each year. A recent study by Juniper Research revealed that losses resulting from online payment fraud will amount to an excess of $206 billion over the next five years. This growth in online payment fraud will primarily be driven by identity theft, which is also on the rise. The Consumer Sentinel Network Data Book 2020 published by the Federal Trade Commission (FTC) reported a 113 per cent increase in identity theft in the U.S. alone. 

While account takeovers inevitably result in monetary losses, financial institutions are also at risk of reputational damage, as well as higher churn rates, increased chargebacks, and additional transaction disputes — all due to the loss of customer trust. As fraudsters become more sophisticated, financial institutions are increasingly having trouble detecting account takeovers and mitigating potential risks in a timely manner with existing systems.

Advancements in technology are enabling account takeovers

Account takeovers have always been favoured over new account creation due to the ease of intruding into already existing accounts — the potential rewards are greater, the payoffs are quicker, and the risks of getting caught are lower. Advancements in technology have made account takeovers even more favourable. 

Cybercriminals commonly use credential stuffing to launch account takeover attacks by mimicking the typical customer behaviour, making several login attempts during popular login times with botnets — networks of hijacked computer devices. Using bots, fraudsters test combinations of stolen usernames and passwords retrieved from the millions of records of sensitive information leaked from data breaches, phishing scams, and malware attacks. 

Fraudsters also use credential cracking to identify valid login information by trying different values for usernames and passwords to guess valid combinations. Such credential cracking attacks include dictionary attacks, which involves testing common passwords and dictionary terms.

Once the fraudster gains access, the customer account information such as login credentials is changed to prevent the legitimate owner from regaining control since the financial institution may send notifications when transactions are made. Thereafter, the attacker launches unauthorised transactions, making online purchases or fund transfers to mule accounts in an attempt to remain anonymous.

Automated tools such as Sentry MBA have simplified the process of launching account takeover attacks, enabling cybercriminals to rapidly test millions of usernames and passwords to know which combinations are valid on the target web application. As a result, cybercriminals are able to take over online banking accounts with unprecedented levels of scale and efficiency.

While launching account takeover attacks, fraudsters may also take precautionary measures to avoid detection such as testing a limited number of passwords per user account to remain under the threshold of failed attempts required to trigger blocks. And to circumnavigate preventive measures such as web application firewalls and CAPTCHAs which are made to identify bots, attackers have engineered more sophisticated tools and bots such as human-assisted bots. As a result, current fraud prevention measures often prove ineffective and financial institutions are struggling to keep up.

For detection, financial institutions have traditionally relied on manual procedures and rule-based scenarios to identify suspicious transactions which are then flagged for manual review. Although effective, these measures fail to detect new forms of fraudulent behaviours with unknown patterns. 

To keep up with the increasingly sophisticated methods of fraud attacks, in addition to existing lines of defence, financial institutions need to leverage increasingly sophisticated tools such as those powered by artificial intelligence with real-time analytics.

Using improved methods to combat account takeover fraud

In addition to encouraging customers to use unique, strong passwords and verification methods such as two-factor authentication, AI-powered techniques such as network analysis, behavioural analysis, and login analysis can be used to detect account takeovers and combat online payment fraud.

With behavioural analysis, patterns are generated based on customer information to predict acceptable activity. By using data mining and natural language processing to analyse existing profile data such as KYC information and transaction history, acceptable patterns can be generated for each customer. Customer profiles can also be further enriched with structured and unstructured information from other sources such as global news outlets, social media, company profiles, and the dark web to better predict acceptable behaviours.

Through network analysis, financial institutions can identify relationships between all entities involved in transactions by tracking the flow of funds and analysing KYC information, transaction history and data from other relevant sources to determine any unusual associations. Such relationships may include hidden connections between organisations through mutual managers, common shareholders, common counterparties, and unrelated counterparties. 

With login analysis, financial institutions can detect suspicious logins by examining the customer’s transaction and login history for unusual times and durations. For instance, a login after midnight and with a duration of fewer than 3 minutes; a login by an IP network provider outside the resident country of the customer; or logins with several IP addresses and from different locations can be identified and flagged as suspicious.

These methods enable financial institutions to better detect fraudulent activities in near real time. For instance, if a fraudster should gain access to a customer’s pre-existing account and make transfers from the victim’s account to an intermediary account, financial institutions will be able to identify these unusual activities swiftly. Using behavioural analysis, the bank can detect the fraudster’s suspicious behaviours such as unusual login times and transaction frequency. With network analysis, the bank can identify the lack of association with the intermediary account based on the victim’s transaction history. And with login analysis, the bank can identify the unusual login based on the fraudster’s unfamiliar IP address. 

BlackSwan’s ELEMENT of Compliance™ for Fraud Detection and Prevention

BlackSwan Technologies’ ELEMENT™ of Compliance is a leading anti-fraud solution recognised by Chartis Research, an industry analyst firm dedicated to risk and compliance. Chartis took special note of the innovativeness of the platform’s artificial intelligence technology, particularly its revolutionary Knowledge Graph to powerfully represent entities, relationships and transaction behaviours.

ELEMENT of Compliance challenges traditional approaches to fraud detection and prevention by combining all available sources of information with AI/Cognitive Computing capabilities to automatically infer insights, strengthen team decision-making abilities, and enhance operational efficiencies. With built-in machine learning, the application automatically adapts with experience and new patterns. Highlights include:

  • End-to-End Anti-Fraud Solution: Incorporates data acquisition, rules engine, pattern diagnostics, alert optimisation, alert management, workflows, and case management.
  • Unified entity, fact and relationship tracking: Enables the enrichment and visualisation of entities, transactions, direct relationships, non-obvious relationships and networks via revolutionary Knowledge Graph technology.
  • Continual insight improvement: Generates quality insights by using machine learning to quickly identify risks and repeated patterns, enabling analysts to make faster and more informed decisions, thus improving compliance effectiveness.
  • Network, login and behavioural analysis: Detects suspicious activities by analysing customer transactions, login patterns, and relationships between all entities involved in transactions using data mining and natural language processing.
  • AI Automation: Streamlines alert investigations by including alert triaging and alert grouping and enabling the creation of advanced scenarios based on rules, networks, and relationships.

ELEMENT of Compliance is a complete solution that includes pKYC, Watchlist Screening, Adverse Media Monitoring, Transaction Monitoring, and Transaction Intelligence. With a highly modular architecture, ELEMENT can be implemented as an end-to-end enterprise solution or a bespoke set of integrated solutions.

Learn more about BlackSwan Technologies’ ELEMENT of Compliance here.


Harinder Singh Sudan is a Senior Vice President of the Financial Intelligence Unit at BlackSwanTechnologies. He has close to 20 years industry experience in banking and financial services and leads BlackSwan Technologies’ FIU practice globally.

Nadee Wije is a Copywriter at BlackSwan Technologies. Certified in copywriting and content marketing, she has over 3 years of experience writing sales and marketing content for emerging B2B technology companies across the globe.



Follow BlackSwan on Twitter and LinkedIn