Account-takeover (ATO) fraud is an identity theft strategy whereby a bad actor obtains the legitimate details of a person’s online account and uses it, impersonating that person, often to make credit card transactions or to transfer money under false pretenses.

Obviously, every business wants to guard against account-takeover fraud.

In the past, an account-takeover scenario could be prevented by assessing identity risk when the user opened his or her account. Identity risk was confined to a single event, and exposure to financial loss was limited. A criminal might spend the credit available on a fraudulently opened retail card or make bad deposits into a bank account and then spend the deposited amount before it was returned — but the damage was minimal.

However, what worked yesterday won’t work today. Once confidence in a consumer’s identity is established, risk moves away from identity fraud toward transaction-oriented fraud. A card or checkbook might be stolen, but the consumer’s identity wasn’t considered a factor subject to compromise. Today, with digital commerce, the individual’s identity and online credentials are the primary means of accessing deposits, borrowing money, and making purchases. Consumer identity is now a vulnerability. Criminals don’t need to steal a debit card if they can log on to an account and transfer funds.

The world has moved from single transaction fraud to identity-centric fraud — and the damage is far from minimal. In fact, existing non-card fraud affected more than twice as many consumers in 2017 as in 2016, increasing at a record high incidence rate of 2.52%.

Full whitepaper available upon request.