Understanding Mobile Account Takeover in 7 Min.

What is Mobile Account Takeover?

Account Takeover (known as ATO) is a type of identity theft where a bad actor gains unauthorized access to an account via the manipulation of a user’s mobile device.

What is the difference between mobile and desktop ATO?

The fraudsters’ objective is the same, unlawful access to a user’s bank account. The means, methodology and approach are somewhat different. With the influx of smartphones, and the development of web fraud security, fraudsters are going mobile. This year alone mobile ATO attacks rose by 200%.

What types of organization are targeted by mobile ATO attacks?

ATO was preeminently a concern for financial institutions, but today ATO attacks can affect any organization with a customer-facing login. ATO targets regularly include technology, eCommerce. In other scenarios, the criminal’s goal is to collect personally identifying information (PII) to be used for other forms of fraud and identity theft.

What is the business impact of mobile ATO?

Losses from ATO related fraud impact businesses into the billions of dollars per year. According to Juniper Research, losses from fraudulent online transactions are expected to reach $25.6 billion by 2020. These types of attacks also lead to the erosion of customer trust and harm to brand reputation.

What are the common ATO fraud methods?

Phishing
SIM Swap Attack
Malware

The Four Stages in The Lifecycle of An ATO Attack:

How Can Organizations Prevent Mobile ATO attacks?

The most sophisticated account takeover criminals use the latest trends and tools, and organizations need the latest technology to not fall prey to the ATO attackers. Most traditional fraud detection solutions are inept in standing-up to present-day fraud schemes, relying on passwords, two-factor authentication, and device ID to stop fraudsters at login. Today, a considerable amount of fraud occurs within authenticated sessions. Paygilant’s unique fraud prevention methodology includes a combination of device fingerprinting, behavioral biometrics and transaction analysis to detect account takeover fraud, providing enhanced prevention from login to logout with no disruption to the user experience.

How Does Paygilant Prevent Account Takeover Fraud?

Identifies behavioral activity and actions taken by the user that are generally associated with fraud
Recognizes deviation from a users’ regular purchasing patterns
Identifies the presence of inconsistencies and anomalies associated with users’ device

Device Attributes

Various attributes observed on the device can contribute to the detection of fraudulent behavior and to the derivation of a device ID. Device model, screen, memory, UUID, OS, IP, geolocation, app permissions, and more are observed. Geolocation is probably the best example for a device attribute used for detecting fraud - if a transaction is attempted from Moscow a short while after the preceding transaction was carried out in New York, then that is a strong indicator of fraud. Restricted app permissions is another indicator that the user might be hiding something. Another example is app permissions that are restricted by the user – that, in combination with other things, night suggest that the user might be hiding something.

Transaction Data

Paygilant employs propriety transaction behavioral maps. The Behavioral Maps represent the purchasing patterns/behavior of a specific customer and her nearest neighbors and are created using Paygilant's proprietary machine learning algorithms. The behavioral maps typically comprise a large amount of information but must be compact 9 enough since they are securely transmitted to the mobile device. To achieve this Paygilant utilizes its depth of field (DOF) approach from digital photography to compress the information so that complex calculations that do not require work intensive CPU and memory. A Behavioral Map shows a clear, high resolution picture of the different risk zones and is a key factor in determining the risk of a specific transaction and has the following key characteristics: - User specific: each map is unique, calculated and maintained on a per user basis, therefore representing a transaction risk level for each customer’s transaction. - Lightweight: Resolution variations enable maintaining only the necessary data, reducing the map's weight to a bare minimum. - Dynamic: As the purchase behavior changes, the map will be modified.

Device DNA

Bio Markers

Paygilant observes bio markers to passively identify the user behind the transaction. Common bio markers Paygilant observes include touch time, time between touches, size of touch inputs, finger velocity, scrolling pace and drag length, typing biometrics, and more. Paygilant’s robust bio markers are just one of the several intelligence sets that make up the broader solution and is designed to augment the fraud/no-fraud decision that precedes any step-up authentication request.

App Interactions

Paygilant looks at how the user interacts with the mobile application to determine if the interactions are consistent with a legitimate user. For example, if a user navigates directly to a high-ticket item and immediately proceeds to check-out, then that suggests something fraudulent might be happening. If a user inputs his name and address on the payment form in a manner that is not consistent with how normal users would do it (i.e. slower than expected because typing-in unfamiliar strings), then that provides another clue that something fraudulent might be happening.

User Data

Intelligent, privacy preserving analysis of user data on the mobile device provides valuable insights into fraudulent activities. User data analysis is especially helpful in hard-to-analyze scenarios like new account origination, where there is no established history for the user/account. Some examples for how device data can be used include comparing user accounts on the device with the payment cardholder identity, or the identity disclosed on a new account registration form – a mismatch provides a strong indicator for fraud. No media on the device, empty contacts list, and sparse call logs are also examples of fraud indicators that can be collected from user data on the device.

[contact-form-7 id="1746" title="Contact+PDF_new"]

[contact-form-7 id="1390" title="Contact+PDF_copy"]

[contact-form-7 id="1397" title="Contact_copy"]