Search Icon
Back to Blog

As the world becomes more digital, account takeover continues to cause pain for most modern organizations, and this topic comes up regularly in Socure customer conversations. For those unfamiliar with the concept, account takeover (ATO) is an attempt to gain unauthorized account access in a digital environment using the following steps:

  • Step 1: A fraudster gains access to victims’ account(s)
  • Step 2: That fraudster then makes non-monetary changes to account details, like:
    • A: Modifying personally identifiable information (PII)
    • B: Requesting a new card
    • C: Adding an authorized user
    • D: Changing the password
  • Step 3: From there, the fraudster carries out unauthorized transactions resulting in a financial loss, resulting in a potential loss of the victim’s customer relationship between the business and the consumer

Balancing ATO Prevention With A Seamless User Experience

Countering ATO fraud while minimizing consumer experience friction poses an ongoing challenge for financial services, fintechs, and other digital enterprises. It’s critical to stop the bad actors while not inconveniencing or frustrating good customers. This is where Risk Scores provide a valuable tool to passively control ATO while maintaining an optimal customer experience.

Enterprises usually have controls in place to mitigate ATO attacks; these include bot mitigation, behavioral biometrics, device telemetry, and transaction/event monitoring. However, as Gartner® points out, “Sophisticated fraudulent attacks can circumvent many of the legacy tools used to identify unusual activity. At the same time, the behavior of many legitimate consumers is becoming more fluid between devices and geographies and more privacy focused. This makes legacy device fingerprinting and IP address policies ineffective.” 1

Account Profile Changes: An Underutilized Control Point for Preventing ATO Fraud

Fraudsters frequently need to modify account profiles in order to execute their nefarious activities, and that means changing an account email address or phone number. Once the fraudster has redirected the account, they can take full control and make unauthorized transitions to make their illicit profit.

An underutilized control point is when those account profile changes are made: specifically, the modifying of an email address, phone number, or physical address on file.  Before making a requested change, enterprises can validate the riskiness of that email, phone number, or address, and check the device risk level, while also checking on how closely correlated these various presented digital identity elements are with the user itself (see Figure 1).

Multichannel Risk & ATO: Added Protection for Critical Flows

Screen Shot 2022-03-07 at 5.16.59 PM

Moving beyond the profile change process, device risk can help control risk at every point of interaction on the homepage, login, and profile page for sign-ups, logins, account updates, high-value and risky transactions, and more (see below Figure 2).

Device Risk & ATO: Added Protection for Critical Process Flows

Screen Shot 2022-03-07 at 5.17.57 PM

The Socure Solution

Socure’s Email RiskScorePhone RiskScore, and Sigma Device products enable you to protect your profile change process while ensuring a smooth customer experience.

ATO is a painful and persistent problem that damages brand reputation and causes big fraud losses. To learn more about best practices in countering ATO or to speak with one of our fraud experts, please give us a shout today.


1 (“Don’t Treat Your Customer Like a Criminal”, Gartner, 1 July 2021. GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.)

Todd Thiemann
Posted by

Todd Thiemann

Todd Thiemann

Todd is Senior Director for Product Marketing at Socure, where he manages marketing for Socure’s Fraud suite of offerings. Prior to Socure, Todd worked in cybersecurity and identity at companies including Arctic Wolf Networks, Nok Nok Labs, Vormetric/Thales, and Trend Micro.