By Stuart Tarmy, Global Director, Financial Services Industry Solutions, Aerospike, Inc

Account takeover fraud is one of the most dangerous types because a person actually gains access and takes over someone else’s banking, brokerage, credit card, or another critical financial account. The Q3 2022 Digital Trust & Safety Index by fraud prevention platform Sift revealed a 131% increase of these fraudulent attacks across its global network in the first half of 2022, with the fintech industry (and hence its customers) being the worst affected, experiencing a rise of 71%.

Thanks to a combination of information-stealing malware and the continued use of insecure credentials, over 24 billion account usernames and passwords have been exposed by cyber-threat actors so far in 2022. And this trend is on the up.

Experts say that attackers have developed more sophisticated tactics – and attack from multiple fronts—making traditional fraud and account security solutions vulnerable. By taking over accounts, criminals can use them as money laundering devices to fund organised crime or clean out the accounts. They can also use the seized accounts to open fraudulent credit applications or get loans.

Account takeover fraud can take many forms to ‘fool’ customers. “Smishing” – traditional phishing scams sent through SMS text messages – often offer a link to a site that masquerades as a popular bank and then tries to get the user to submit personal information. But now phishers are using a hybrid form of smishing, which sends out linkless text messages about suspicious bank transfers as a pretext for them calling and scamming whoever responds via text.

Arkose Labs reports that human-driven attacks grew six times in the first half of 2021, with low-cost human labour from developing economies around the world helping to ramp up attacks. In addition, attackers are also successfully using: “identity farms” that offer large numbers of stolen and synthesized identity credentials, stolen cloned fingerprints from personal devices, and spoofing tools to make them appear to be trusted sources. Even if the attackers fail in an account takeover, they use what they’ve learned about that user’s behaviour to mimic them again in the future and evade anti-fraud measures.

At the same time, phishing, malware, brute force, and man-in-the-middle attacks are still popular with criminals, especially with more people doing business online since the start of the pandemic. Security.org says that 58% of the reported account takeovers happened within the last year.

Account takeover solutions

Online banking and digital financial services are only set to expand, with the fintech market predicted to grow to $310 billion, with an annual growth rate of nearly 25%. It is estimated that 46% of people globally exclusively use digital channels for their financial services and that 88% of legacy financial service institutions will lose market share to standalone fintech companies in the next five years. We expect a rapid increase in focus on digital innovation across the entire financial services sector to improve customer retention.

But, as the number of fintech customers grows, so do the number of attacks, and as account takeover fraud continues, consumers will begin to demand better safeguards. Security breaches can damage a company’s reputation and customer loyalty, not to mention the costs of investigations and recovery. But how can organisations continue to offer the speed of service consumers demand while ensuring that users are legitimate?

• More data, faster.While criminals are adept at adopting digital trickery to sidestep prevention barriers, the one thing they cannot easily replicate is the genuine behaviour of a valid customer. Behavioural biometrics is, therefore, an essential front-line weapon to combat fraud and ensure safe, streamlined customer experiences by analysing users’ physical and cognitive behaviour to distinguish between genuine users and criminals, detecting fraud and identity theft.

This analysis, however, is only possible thanks to machine learning supported by powerful real-time data platforms. Located at the edge, machine learning allows a real-time data platform to analyse millions of events, billions of data points, and petabytes of data in milliseconds. For example, a leading global financial services firm uses Aerospike’s real-time data platform to process and analyse data to identify emerging fraud patterns in less than 30 milliseconds, even at volumes of more than 150TBs

• Improve AI/ML and reduce false positives.Real-time fraud management at scale is only helpful if it also provides customers with a great experience. The ability to quickly process enormous amounts of data enables scientists to use increasingly sophisticated AI algorithms, such as neural nets, to optimise their results and reduce false positives. By reducing false positives early in the transaction process, the overall customer experience is enhanced. The speed of the transaction is also optimised, and the negative aspect of the customer abandoning the shopping cart or the purchase is minimised

With growing account takeover fraud, companies offering fintech services need to take immediate steps to ensure their users are safe from criminal activity. They require a real-time data platform that can rapidly process data (<20ms) across huge data sets measuring at terabyte or petabyte levels. This will give them the ability and high-performance bandwidth they need to utilise sophisticated fraud analytics. This will not just repel bad actors, but also deliver valuable insights into customers that can be used to improve services further and carve out a competitive advantage.