What is Account Takeover Fraud?

When people think of "identity theft" they often think credit card fraud

When people think of “identity theft” they often think credit card fraud which is just one form of Account Takeover Fraud. In the next series of posts we will discuss how it happens and how criminals are winning the war on cybercrime. As criminal hackers continue to seek out vulnerabilities in corporate networks and citizens are lax in their own home networks, account takeover fraud will continue to plague the public.

There are numerous types of account takeover and many ways account takeover can occur. Here are 10 examples:

  1. Credit Card Fraud
  2. Hacking
  3. Scams
  4. Change of mailing address
  5. Skimming
  6. Phishing
  7. Telephone fraud
  8. Vishing
  9. Mortgage refinance fraud
  10. Check fraud

In this post we will discuss credit card fraud.

Account Takeover Fraud

Financial identity theft in the form of account takeover fraud generally means using another person's account information (e.g., a credit card number) to obtain products and services using that person’s existing accounts. It can also mean extracting funds from a person's bank account. Account numbers are often found in the trash, hacked online, or stolen out of the mail or from lifted wallets or purses. Once the thieves obtain this data, they may use the information right at a point of sale or access individual accounts online, over the phone, or through the postal service. Social engineering of the entity processing the data is almost always required at some level: Lying to turn the data into cash, the criminal poses as the victim.

Victims are often the first to detect account takeover when they discover charges on monthly statements they did not authorize or funds depleted from existing accounts. Sometimes the victim will find out their bank account was compromised as a result of numerous charges from bounced checks.

Credit Card Fraud

The most lucrative and most prevalent form of account takeover is credit card fraud. Credit card fraud equates to almost half of all identity theft. Credit card fraud exists as new account fraud or the more prevalent account takeover.

Stealing Data

There are numerous ways to take over existing bank and credit card accounts. A common breach is when credit card or even debit card data and the CVV code is simply copied down at the point of sale by a sales clerk, waiter or any other sales attendant. The theft of the physical card when a wallet or purse is stolen is also a major factor. Once the credit card or information on it is stolen, the thief simply impersonates the victim and uses the card wherever identification isn’t requested. In card-not-present transactions the thief can simply make charges over the phone or internet.

Credit Card Security

Combining words “credit card - security” is like saying “hot ice”; they simply don’t go together. For the credit card holder, security may consist of entering a pin code or zip code, verifying a signature or requesting identification. In card-not-present transactions, security might consist of a CVV code, which may verify that the user is in control of the card.

With the exception of entering a pin, none of these security features are proactive or in any way a form of "security." And even a pin can be compromised in a number of different ways.

A little known fact in regards to showing identification at the point of sale is the card holder has a right to refuse to show additional verification, and asking for such verification is usually a violation of the merchant's agreement with the credit card companies. And when a card holder elects to sign their name “See Driver's License” or “CID” or “See ID”, they are in fact voiding the agreement with the card issuer. All terms and agreements are acknowledged via a handwritten signature on the card itself.