Account Takeover also knows as ATO, is one of the most common threats to financial services and e-commerce. The techniques to steal user information and impersonate him are consolidated and effective. This type of fraud involves consistent reputational damage and monetary cost. Despite that, many merchants lack security measures.
WHAT IS IT?
The scenario shows an attacker taking complete control of the victim’s account. Often the ATOs are the result of Data breaches, Phishing, or Overlay Attacks accomplished.
The usual target for ATO are accounts with some value for the attacker such as banking credentials, payment systems (Paypal), services such as Uber to which a credit card or e-commerce sites are associated (electronic or resellable goods).
It’s challenging to prevent the credentials exfiltration in the first place. Users using the same credential between different services, and effective phishing campaign, tend to be nearly impossible to stop just by training the end-user.
Phone calls made by the fraudsters are incredibly realistic, and they always seem to know the same client’s details that only the bank should know.
Thanks to Behavioural Biometrics, we recognize attackers when they try to access the service on behalf of the legitimate user and prevent the fraud from being successful.