NCR Wins Four GOOD DESIGN™ Awards
What can providers do to tackle the problem of account takeovers?
It was recently noted by PYMNTS.com that since hitting a low point in 2014, hackers have begun using more intelligent and sophisticated techniques to gain access to databases where valuable user credentials are stored.
As a result of this, the amount lost to account takeovers reached $2.3 billion last year - a 61 percent increase from 2015, which itself saw a 31 percent rise in losses compared with the low of 2014.
So does this indicate that criminals are once again gaining the upper hand when it comes to this form of fraud? And if so, what can providers do about it to reduce their losses and protect customers?
Why are account takeovers on the rise?
One reason why this form of attack is rising in popularity among hackers is because it is often relatively simple to execute, yet can offer high rewards. One of the most common ways of conducting such an attack is to take advantage of human errors, such as individuals who inadvertently share login details with fraudsters as the result of phishing attacks, or reuse credentials across multiple accounts.
For example, fraudsters can take over legitimate websites that users already trust in order to gain access to credentials, or they can set up fake sites that look like the genuine version, but send information users input directly to fraudsters.
Angel Grant, director of global market strategy for RSA's Fraud and Risk Intelligence solutions, told PYMNTS.com: "Even with all of the fancy, high-tech attacks and methods that have been created and are out there, the number one vulnerability in any system are still humans."
How providers can tackle the issue
In order to prove worthwhile for hackers, such sites must be able to gather large volumes of credentials quickly, and this gives financial services providers opportunities to identify and block potential security breaches.
In order to establish which of the huge number of details they collect will actually have value, fraudsters typically use bots or credential stuffing tools to test them. This can therefore be used by providers to alert them to suspicious activity, as long as they have the right tools in place.
"What someone can do to help identify this credential testing, which is often a precursor or warning sign for pending account takeovers, is to invest in their own tools that detect robotic behavior in a website," Ms Grant said. "That way, they can trigger an alert and attack a potential weakness when those tools show that something is up."
It's also important for enterprises to be aware of channels such as mobile, as this is where account takeovers and other types of fraud are especially on the rise. RSA's research estimates that around 60 percent of fraudulent transactions now originate from a mobile device.
When it comes to account takeovers, some fraudsters have started to build apps that pretend to be legitimate apps from a business, but are really built solely to account credentials.
As well as monitoring app stores for such apps, companies should also take steps to educate customers on where and how to appropriately download mobile apps.