What is Mobile Account Takeover?

Account Takeover (known as ATO) is a type of identity theft where a bad actor gains unauthorized access to an account via the manipulation of a user’s mobile device.

What is the difference between mobile and desktop ATO?

The fraudsters’ objective is the same, unlawful access to a user’s bank account. The means, methodology and approach are somewhat different.  With the influx of smartphones, and the development of web fraud security, fraudsters are going mobile. This year alone mobile ATO attacks rose by 200%.

What types of organization are targeted by mobile ATO attacks?

ATO was preeminently a concern for financial institutions, but today ATO attacks can affect any organization with a customer-facing login. ATO targets regularly include technology, eCommerce. In other scenarios, the criminal’s goal is to collect personally identifying information (PII) to be used for other forms of fraud and identity theft.

What is the business impact of mobile ATO?

Losses from ATO related fraud impact businesses into the billions of dollars per year. According to Juniper Research, losses from fraudulent online transactions are expected to reach $25.6 billion by 2020. These types of attacks also lead to the erosion of customer trust and harm to brand reputation.

What are the common ATO fraud methods?
  • Phishing
  • SIM Swap Attack
  • Malware
The Four Stages in The Lifecycle of An ATO Attack:













How Can Organizations Prevent Mobile ATO attacks?

The most sophisticated account takeover criminals use the latest trends and tools, and organizations need the latest technology to not fall prey to the ATO attackers. Most traditional fraud detection solutions are inept in standing-up to present-day fraud schemes, relying on passwords, two-factor authentication, and device ID to stop fraudsters at login. Today, a considerable amount of fraud occurs within authenticated sessions. Paygilant’s unique fraud prevention methodology includes a combination of device fingerprinting, behavioral biometrics and transaction analysis to detect account takeover fraud, providing enhanced prevention from login to logout with no disruption to the user experience.

How Does Paygilant Prevent Account Takeover Fraud?
  • Identifies behavioral activity and actions taken by the user that are generally associated with fraud
  • Recognizes deviation from a users’ regular purchasing patterns
  • Identifies the presence of inconsistencies and anomalies associated with users’ device