How to Prevent Account Takeover

With more businesses promoting online transactions, there is an increasing need for account takeover fraud prevention. Requirements and safeguards like usernames and passwords that used to keep transactions safe are now used by fraudsters to assume control of users’ accounts. Even worse, if cyber criminals have the login information for one of a user’s accounts, they can often gain access to others because people tend to use the same login information for multiple accounts.

Unlike credit card fraud which can be detected the moment a transaction occurs, account takeover can go undetected for weeks or months because the criminal can alter email account details so merchants cannot send notifications to the victim.

When the fraud is discovered, the account holder must go through a long ordeal of contacting banks, applying for new incur the cost of the havoc caused by the fraud and damage to their reputation even if the problem was not their fault. Therefore it is better to detect fraud and prevent it from happening in the first place.

The EU recently adopted PSD2 SCA requirements to make account takeover more difficult. However, both merchants and users need to understand there is no single solution that will prevent account takeover. A multi-pronged approach that includes the following will prove more effective.

How Customers Can Prevent Account Take Over

Customers are key in the fight against account takeover fraud because they are the main victims. They should do the following to prevent fraud occurring:

- Install virus and malware protection on their devices and update them regularly.

- Adopt more than just one authentication and procedure.

- Create unique passwords that include numbers and symbols.

- Use reliable password management tools to manage different login accounts.

- Be cautious about sites that require them to provide their personal information.

How Merchants Can Prevent Account Takeover

Merchants are also key in the fight against account takeover fraud because they can potentially suffer revenue loss as well as risk damaging their reputation. They should do the following to prevent fraud occurring:

- Adopting SCA requirements and enforce them effectively.

- Be on the lookout for fake websites that are using their company name to steal user information.

- Set up Google alerts to notify them whenever their business name is mentioned online.

- Set up filters to track rapid transactions since they are usually associated with fraud.

- Have minimum and maximum transaction thresholds for genuine transactions.

- Use end-to-end encryption for data shared with customers.

- Use updated virus protection software to ensure their site is not hacked.

- Encourage (or require) users to frequently change their passwords. 

It is important to remember that criminals are constantly looking for loopholes to exploit. So both consumers and merchants must be vigilant to keep a step ahead of them.