During our second session of Fraud Office Hours, an attendee asked, "What are some of the biggest risk signals that precipitate an account takeover, and how are accounts of suspected money mule victims handled?" Watch this video clip and read below to see how Unit21's Head of Fraud Risk, Alex Faivusovich, responded.
Account Takeover Detection and Protection
"Accounts are being taken over and used as a tool to move money from one place to another.
'What are some of the biggest risk signals that precipitate an account takeover, and how are accounts of suspected money mule victims handled?' That is an interesting question, and the answer has two parts - which we will get to.
First, it’s important to note that this is a prevalent problem that we are seeing trend among some of our customers.
Most prominently, accounts are being taken over and used almost exclusively as a tool to move money from one place to another. The initial ATO event is used to immediately turn the account into a money muling entity.
The attacker understands that they have a very short amount of time where they have actual access to the account before the true customer realizes they’ve lost access or the financial institution realizes an account takeover has occurred.
Account Takeover Red Flags to Look For
Right after the takeover event, fraudsters will try to funnel as much money as they can through the system.
For solving this from an account takeover perspective, we want to take the approach of controlling ‘doors and keys.’
Building a good strategy around ATO starts with identifying the unique way customers are accessing their accounts.
Institutions need to monitor login portals, web browsers, devices being used, IP addresses, and geolocation data to detect anomalies. By considering all of these factors, companies can pinpoint the most relevant elements to their ecosystem - and adequately root out fraud.
The second core strategy involves trying to detect the money mules themselves.
First of all, organizations should look at the problem from a business perspective, asking themselves:
'Is the money movement really relevant to what others are doing on my platform?
Does this spending behavior make sense for this account's intended use?
Are funds immediately being flushed out of the account after being deposited?'
Once you truly understand how abnormal behavior for money movements looks on your ecosystem, you can write rules that detect those money mules in action - allowing you to intervene."
How Unit21 Helps Detect ATO Fraud
Unit21’s solution allows risk and compliance teams to create dynamic rules that monitor for specific behaviors that may signal an account takeover. For example, teams can set up rules that trigger an alert when an account experiences a recent password change in conjunction with a high-value transaction—a common indicator of ATO. This alerts the investigative team, potentially allowing them to take action and secure the account.
Looking for more insights? Check out our second session of Fraud Office Hours on-demand for a deeper dive into current fraud trends and which preventative measures to consider.