There are faceless armies of robots arrayed against you. They are legion, they are tireless and, if they overwhelm your defenses, they can be lethal—to your business. Bots are not the minions of an evil super-intelligence in a science fiction film bent on dominion over mankind. They are simply tools that can be used by anyone who picks them up. And, the people picking them up these days often are criminals employing them to take over or create online accounts.
While account takeover (ATO) fraud used to concern mainly bankers and insurance companies, the range of online accounts being illegally accessed and monetized is exploding. E-commerce sites frequently allow consumers to store their payment credentials to make subsequent visits easier or to make recurring purchases automatic. Media companies are storing card numbers to enable streaming video services. Telecommunications companies are providing direct-carrier billing for online purchases. Digital wallets, funded by bank accounts or payment cards, store value that can be accessed online.
And, not only do fraudulent transactions associated with ATO result in higher average loss, according to Towhidul Hoque, senior manager of fraud decision analytics at Radial, they are also more difficult to spot than other types of fraud because they raise fewer red flags.