BioCatch is once again warning about the threat of account takeover fraud. The behavioral biometrics specialist noted that account takeover fraud has gone up since the onset of the COVID-19 pandemic, due at least in part to the increased amount of online traffic in a remote work environment. People can no longer go to the mall to do their shopping or visit a local bank branch to take out a loan, so those activities are now taking place online.
With that in mind, BioCatch detailed some of the key factors that are driving account takeover fraud, which occurs when a hacker gains access to someone’s personal account, and then uses that access to make fraudulent purchases or complete unauthorized transactions. Since the fraudster has control of the account, any transactions will seem to be legitimate, making the activity nearly impossible to spot with fraud detection tools that only secure the login window.
So how do fraudsters get hold of an account? Data breaches are one of the most common source of login information. About 9.5 million credentials have been exposed in data breaches in the past few years, and hackers will test those usernames and passwords to see if they have been reused with any other sites. Automated tools like SNIPR automate that credential stuffing process, allowing fraudsters to test thousands of accounts in a very short period of time.
Social engineering attacks also take advantage of human vulnerability. People will still click on strange links from unknown sources, and hackers can exploit that to install malware and mine information from people’s devices.
As always, BioCatch pitched behavioral biometrics as a potential solution to the problem, explaining that the technology provides an ongoing layer of passive security that can help identify suspicious behavior after the initial login. The company recently received $145 million in Series C funding to continue to develop its security solution.
May 11, 2020 – by Eric Weiss