Account Takeover (ATO) is the act of illegally obtaining access to people’s sensitive personal information (such as bank details, Social Security number, or address) and performing changes in the user’s login credentials, causing the victim to be denied access to their own accounts and information. The invader then uses the stolen information for criminal purposes such as selling the information to a third party, scamming, or using it for reputation damage.
With said information, criminals can also often take control of the victim’s bank accounts and in some cases can even prevent the victim from accessing its own account(s) by using the stolen information.
Loss of access and the inconvenience of dealing with potential undue financial debt are some of the main problems that can be caused by an account takeover on personal accounts.
But individual users are not the only ones at risk, as companies and juridical entities are also at risk of account takeovers, and such an attack can lead to the loss of product, defamation, and further security breaches. In fact, account takeovers result in billions of dollars lost or stolen every year and continue to grow at a frightening pace.
To secure yourself and your business, these are 5 crucial account takeover prevention steps that you can follow:
1. Adopt Multi-Factor Authentication (MFA)
Entering a second identifying factor, instead of only a password, is an effective way to avoid account takeover actions. Added authentication steps can be SMS or email code confirmation, facial recognition, voice recognition, confirmation through a secondary account, and more.
In the same line of using SMS notification as an added security measure, your company can also adopt activity notifications by sending messages to users whenever any activity or change occurs on their accounts.
2. Track User Behavior
Knowing how users and customers behave on your website will help you identify suspicious behavior and act quickly. Account takeover fraud is not a non-traceable action, as the fraudster’s behavior is different from how users and clients normally behave.
Some evidence of account takeover includes:
- Multiple orders or transactions carried out with the customer’s account in a single day or in a short period of time;
- The account underwent multiple changes in the same day or at one time, such as change of delivery address, change of password, or access email;
- An order with a value way above the customer’s average purchase was placed;
- The account was accessed from a different device or location than usual.
When actions like the above are identified, send an email to the user’s email originally registered in the system informing of said activity. Another alternative is to block access to the account momentarily and send an email to the customer with an access code for use on the page to continue browsing. In more extreme or urgent cases, including phone-based support can also be helpful.
Implementing periodic checks to validate the identity of users can also increase security.
An AI or machine learning application can further help track user behaviors and what kinds of activities and patterns are suspicious.
3. Cross Check Compromised Credentials
Databases of breached credentials and personal information can be a useful tool to prevent account takeovers, as you can use those databases to cross-check with information used during account creation. When users create an account using breached credentials, you can notify them of said breach and that the information they’ve used is compromised.
4. Set Strict Limits on Login Attempts
Actions such as an account takeover being accessed from an IP significantly different than the one the user generally uses, or trying to access from multiple different devices in short succession, or having an unusually high amount of failed account logins are all clear indicators of a fraudulent action being exercised on the account.
Setting strict limits on login attempts, whereby an account is blocked from being accessed or requiring extra authentication steps, is a useful method to prevent account takeover. By setting certain parameters, such as account logins from an unusual IP, you can prevent a takeover attempt in its tracks.
5. Use a Web Application Firewall (WAF)
A Web Application Firewall is a firewall app that can help your website’s or app’s server from attacks such as DDoS, SQL, spamming, and many other cyberattacks.
Even though they’re not primarily created with takeover attacks, WAFs can still be customized and set up to detect and prevent takeover attacks by configuring them to do so. Additionally, WAFs are also good protection against a plethora of other fraudulent actions and can make your system safer.