MaxMind Blog

MaxMind Main Site

E-commerce Fraud 101: Account Takeover

In the battle against e-commerce fraud, it is incumbent upon online merchants to know the enemy and the tactics they employ. When it comes to account takeover, online merchants face the added challenge of recognizing a fraudster masquerading as a valued and trusted customer.

In this blog post, we will provide you with information on what account takeover is, and how to combat it.

Account Takeover

As the term suggests, account takeover is a type of fraud attack where a fraudster gains access to a good customer’s account. The takeover can occur in a number of ways but one of the most common is when compromised information from a data breach gets into the hands of a fraudster. Even if a fraudster doesn’t get unhashed usernames and passwords, other sensitive information can potentially be used for social engineering or other exploits. Malware, such as a keylogger, or phishing scams are other common ways for fraudsters to get a hold of the keys to the castle.

Having used stolen credentials to access an account, fraudsters can potentially fly under the radar of several layers of fraud detection that online merchants typically have in place. By using a trusted customer’s account (perhaps with credit card information already stored), the fraudster can place unauthorized orders or engage in other bad activities while appearing squeaky clean. As a result, it is important to not let your guard down when it comes to this method of attack. Account takeover is no small problem for online merchants, with losses in 2016 estimated to be $2.3 billion.

Friendly Fire?

Seeing as an account takeover scenario allows a fraudster to appear as a legitimate customer, you may believe chargebacks initiated by the true cardholder constitute friendly fraud. Friendly fraud refers to the filing of illegitimate chargebacks by customers. The US Fair Credit Billing Act (FCBA) allows cardholders to dispute credit card charges and file chargebacks to get their money back only in disputes related to billing errors. This definition includes unauthorized charges, double-billing, incorrect charge amounts, etc. In cases of friendly fraud, the conditions for a legitimate chargeback are not met but the merchant still incurs losses (e.g. lost merchandise, chargeback fines and fees, time and resources disputing the chargeback).

If you confuse account takeover with friendly fraud, you may dispute a chargeback only to find it is a legitimate chargeback after you’ve already spent time and resources in the dispute process.

What Do I Do?

Typical signs of account takeover include a change in email address, shipping address and password, and perhaps a sudden change in buying patterns. Using MaxMind’s minFraud service with Custom Inputs and Custom Rules can bolster your capabilities in fighting account takeover. Implementing rules using inputs related to recent account changes or buying pattern changes can help identify orders that should be scrutinized more closely with manual review. Additionally, IP, email, and device intelligence from the minFraud service provides you with the tools and context to identify suspicious activity and make better decisions. Below are some tips on detecting account takeover with the help of the minFraud service.

  • Implement the Device Tracking Add On to evaluate the riskiness of an IP address making account changes or placing orders on your site
  • Use Custom Inputs and Custom Rules to flag potential account takeover scenarios. For example, you may define Custom Inputs for the number of days since the last email, password, and shipping address change, and manually review orders from accounts where those pieces of information were recently changed
  • Check IP address distances, such as distance between IP location and billing/shipping/historical login locations
  • Check for sudden pattern changes in the IP address or ISP used. For example, a customer who lives in Miami, FL who typically connects from Comcast cable in Miami suddenly changes to connecting from T-mobile in Bronx, NY
  • Watch out for package rerouting scenarios where existing emails and addresses are used but where a fraudster is able to contact the shipping service and reroute or hold the package for pickup

To learn more about how our minFraud service can help you, please visit our website or contact our sales team.

Authored by: Miguel Atienza

Share on FacebookShare on TwitterShare on Linkedin
This entry was posted in Online Fraud Prevention and tagged account takeover, bestpractices, ecommerce, ecommerce fraud detection, fraud screening, manual review, minFraud, online fraud detection on August 16, 2017 by maxmind.

Post navigation

← Using Custom Inputs to Refine Your Response to Fraud MaxMind’s Paladin Report Is Now Available →
  • Blog Home
  • MaxMind Main Site
  • MaxMind Dev Site
  • Contact Us

Recent Posts

  • Enriching MMDB files with your own data using Go
  • Data Changes to GeoIP Legacy and minFraud Legacy Web Services in May 2022
  • Retirement of GeoIP Legacy Downloadable Databases in May 2022
  • MaxMind Statement on Coronavirus (COVID-19)
  • Using MaxMind GeoIP2 Databases with HAProxy Enterprise

Archives

  • September 2020
  • June 2020
  • March 2020
  • February 2020
  • January 2020
  • December 2019
  • April 2019
  • March 2019
  • January 2019
  • April 2018
  • March 2018
  • February 2018
  • January 2018
  • October 2017
  • August 2017
  • July 2017
  • June 2017
  • May 2016
  • April 2016
  • March 2016
  • January 2016
  • October 2015
  • September 2015
  • August 2015
  • July 2015
  • June 2015
  • May 2015
  • March 2015
  • February 2015
  • January 2015
  • December 2014
  • April 2014
  • February 2014
  • January 2014
  • December 2013
  • June 2013
  • May 2013

Categories

  • Featured entry 1
  • Featured entry 2
  • Featured entry 3
  • IP Geolocation
  • Miscellaneous
  • Online Fraud Prevention
MaxMind, GeoIP, minFraud and related marks are registered trademarks of MaxMind, Inc.
Copyright © 2020 MaxMind, Inc. All Rights Reserved.
Terms of Use | Privacy Policy | Contact