Current Ways of Fending Off Account Takeovers

Account takeover fraud has skyrocketed, costing consumers $15.6 billion in 2024—double the loss from new-account fraud the previous year. Static authentication methods, while effective for verifying identity at the initial login, are increasingly inadequate as cybercriminals refine their tactics.

When a criminal uses stolen credentials to log into an account, static authentication may still validate them as the user. To detect fraud, financial institutions must monitor unusual behavior afterward. Continuous authentication systems gather real-time data on the user’s actions and compare it with known patterns for genuine access.

“Continuous authentication doesn’t repeatedly prompt you to log in or ask for your credentials,” says Jennifer Pitt from Javelin Strategy & Research. “These systems use AI to track account activity, ensuring that all actions align with the verified user.”

If suspicious behavior is detected, such as attempting a transaction in a high-risk jurisdiction, financial institutions can implement step-up authentication—requiring an additional verification step like a fingerprint or knowledge-based question.

Overcoming Legacy Systems

Many businesses have hesitated to adopt continuous authentication due to the technological requirements and potential customer pushback. However, Jennifer Pitt suggests that vendors need to better educate both consumers and financial institutions on the benefits of these systems.

Legacy solutions often lack advanced technology and can lead to two outcomes: overly restrictive measures causing user frustration or lenient policies missing crucial security signals.

Risk indicators such as a failed login attempt or using a Virtual Private Network (VPN) are common behaviors that traditional systems might misinterpret. Continuous authentication addresses this by continuously monitoring account activity, flagging unusual patterns for further review.

Perpetual Know-Your-Customer (KYC)

Traditional KYC processes assess customer risk only during onboarding or annual reviews. This can leave financial institutions in the dark about evolving user behaviors and potential fraudsters.

“Continuous KYC, powered by AI, evaluates the risk of each transaction,” Pitt explains. “This dynamic approach ensures that any changes in behavior are promptly identified and addressed.”

Implementing perpetual KYC could prevent significant fines from missed or false reports, as seen with TD Bank’s recent charges for failing to detect money laundering.

Beyond Banks

Account takeovers are not exclusive to financial institutions. Any account is a potential target. For instance, social media and email accounts can be exploited for scams targeting friends and colleagues.

Criminals often use compromised credentials from one account to access linked accounts at other banks or services. Continuous monitoring helps identify these threats before they escalate into major issues.

Banks must adapt their fraud detection strategies to reflect the present landscape, including advanced AI tools that detect subtle behavior changes continuously. Failing to do so could leave institutions vulnerable to sophisticated cyberattacks.

In summary, financial institutions and other organizations need robust continuous authentication and perpetual KYC systems to stay ahead of account takeover threats and protect their users effectively.