Account Takeover - What to Watch Out For
July 17, 2015
Data is being compromised by some significant data breaches, and phishing attacks are on the increase.
The reality is, many people use the same password and this gives fraudsters free reign across all their accounts. The impact of this can be anything from stealing loyalty points, to placing unauthorized transactions.
Takeover is hard to spot. Customers who have never been a problem in the past suddenly are. Some watch-outs for you to consider:
- Review and update your positive lists regularly – would you spot it if a customer turned bad?
- Ensure your review process has ways to contact genuine customers, not just numbers provided in the transaction being reviewed
- Ensure you have change detection rules in place for changes to account details, i.e. email addresses, IP address, device ID
Spot changes in purchasing behavior – compare current transaction value to historical purchase values; digital content versus physical content; different city pairs for travel; different types of events for ticketing.
About the Author
Catherine has over 15 years' experience fighting the bad guys from many angles, as a merchant, consultant and vendor. She also leads the Accertify EMEA team and is a member of the European MRC Board.