Account takeover fraud

Entersekt | Encyclopedia | Account takeover fraud
What is account takeover fraud?

Account takeover (ATO) fraud is a type of fraud where a criminal gains unauthorized access to a user's bank account or financial services account by stealing login credentials or exploiting security vulnerabilities. Once they’ve taken over an account, they can steal the customer’s funds, open additional accounts in that customer’s name, or use it as a mule account to transfer funds to other fraudulent bank accounts.

How does account takeover fraud impact FIs?

ATO fraud results in enormous financial losses for FIs and their customers, as well as reputational damage to the FI. With this type of attack, consumers may not become aware of the attack until a few days later, by which time their account is compromised. This type of banking fraud is popular with cyber criminals as their attacks can reach far and wide, quickly. Instead of taking over one account only, like with a stolen credit card, they obtain their victim’s account information, enabling them to scale their attack to any of the victim’s accounts, and any connected business systems.

How do fraudsters perform account takeover fraud?

Account takeover fraud typically starts with fraudsters obtaining their victim’s credentials through a phishing attack, social engineering scam, or data breach. They may try to intercept an SMS one-time password (OTP), for instance. Or they may purchase a list of stolen credentials from a data breach on the dark web. After gaining access to an account, they make changes to the account details, such as changing the password or email address or adding another account user. At that point, the fraudsters are free to use the account for their criminal exploits.

How to prevent account takeover fraud

To protect customers from these attacks, financial institutions need modern authentication solutions that cover more than one or two factors of authentication. Multi-factor authentication provides better security against ATO attacks, in addition to passwordless solutions like biometrics and risk-based authentication solutions that ramp up security for suspicious or high-risk transactions. FIs should also educate customers about when they will and won’t ask for account compromising information to be provided. This helps customers to spot and avoid attacks that can lead to ATO.


A consumer notices that their mobile phone is no longer working properly. A few days later, they receive a letter from their bank regarding an approved new account, which the consumer did not open. These are red flags that should prompt the consumer to contact their bank immediately and block all their accounts.

Explore further:


Account takeover fraud (ATO) | Fraudsters | Payment authentication