Account takeover fraud prevention

Covery Blog / Covery, Fraud types / Account takeover fraud prevention

Account takeover fraud prevention

Account takeover in brief

Account takeover is one of the most spread fraud types, and it is also known as account compromise. 
Account takeover occurs when someone not authorized gets access to the user’s account. 
All industries having user accounts suffer from account takeovers.

So, what they usually do with accounts?

In short, anything they want, and that does not help to spot them quickly.

  • unauthorized transactions
  • fraudulent orders
  • bonus and loyalty points abuses
  • credit card purchases and credential thefts
  • account and data re-sell
  • refund and chargeback claims

Typical account takeover attack has the next scheme:

  1. Attackers access an account with stolen credentials.
  2. In the majority of cases, fraudsters changes account details.
  3. Almost instantly, fraudsters use the account to re-sell it or order goods.

How do they get stolen credentials to access account?

Even though we live in a technology era and have 2FA and other security staff, unfortunately, fraudsters are almost always ahead. 
There are plenty of ways to access user credentials that require practically no time and effort.

The dark web sells credentials. Fraudsters, later on, use credential stuffing to access online accounts. Credential stuffing is a method of account takeover that requires specific tools or scripts to logic into the stolen account. These tools simply test thousands of password combinations with a username on a login page. Credential stuffing is a low-cost and fast method of account takeover.

The next one, which is the most known, however not the cheapest and fastest for a fraudster, is phishing.

Phishing is a fraudulent attempt to access your credentials and sensitive data via “trusted” emails, calls, and messages.
Usually, fraudsters send the user an email with signs of urgency and some kind of alerts, for instance, with subjects: “Change your password immediately”, “Your login information need to be updated immediately”, etc. 
Phishing is another big topic, so we are going to publish an article dedicated to this problem.

What are the consequences of account takeover?

They are apparent when it comes to customers:
loss of personal data and money, credit charges, stress.
When it comes to businesses, the consequences can be very dramatic.
It all starts with chargebacks increase, chargeback fees, frequent transaction disputes, and ends up with a decrease in customer satisfaction, customer lifetime value, brand damage, and revenue loss.

If everything so obvious, why is it hard to detect account takeover?

  1. Fraudsters use a customer’s positive purchase history, so they seem to be trusted.
  2. Fraudsters always try to look like a genuine customer. Thus they do not cause over trafficking and usually choose regular time spots to login to the stolen account.
  3. Most companies do not use fraud prevention tools on all product pages, only on conversion destinations. Thus they do not see the whole account takeover process. 
  4. Unfortunately, some companies do not pay attention to account fraud prevention at all because they have not met it before and do not know how to deal with it, and it’s results. They do not connect increased chargeback ratio with account takeover fraud.

How to detect an account takeover?

  1. You notice many account details change that is abnormal. Accounts that are not connected have the same phone numbers, email addresses, etc.
  2. Change of delivery addresses after change of personal details like phone number and email.
  3. Device, browser, operational system change within the account.
  4. Multiple country IP addresses within one account.
  5. Multiple accounts connected with the same number, email, device, IP address.

How does Covery help to spot and prevent account takeover fraud?

Account takeover is not the primary purpose of fraudsters, they chase bigger goals: 

  • reputation damage,
  • bank account takeover,
  • credential sales,
  • employee emails compromise,
  • identity thefts,
  • phishing campaigns,
  • loyalty programs exploiting.

Covery is a simple combination of tools allowing you to prevent any account takeover techniques. 


A global knowledge database that stores 300M reputation records of various user identifiers without linking them to each other to protect PII from improper usage according to the GDPR policies. 
While using Trustchain business can cut down the number of bots and fraudsters up to 40% having just reputation records of 12 user identifiers: 
Email, Card ID, Phone, IP, Email domain, System account ID, Device fingerprint, Device ID, Entity ID, Person ID, IBAN, SWIFT. 
Trustchain will detect any email or phone number that was changed in the account and say whether it is good.

Customizable Machine Learning

Supervised Machine Learning that gives unlimited capabilities for creating custom ML models with no development resources.
Machine Learning is usually efficient when it comes to account takeover and identity thefts because it quickly notices any anomalies in customer behavior and adapts to new fraud schemes.

Device Fingerprinting

Device Intelligence technology designed by Covery that collects device data during the user journey at any life cycle point.
Device Fingerprinting detects device emulations of any kind.
Implement this technology and secure yourself from:

  • bot attacks 
  • fraudulent traffic
  • application fraud
  • account takeovers
  • identity thefts
  • credit card and CNP fraud

Risk-Trust scoring

Indicates not only fraudsters but also the right users, VIP customers, and whales to trigger the correct business flow.

Device screening

Combination of Device Fingerprinting with AI risk assessment tool that gives a reputation of the device, its geolocation, and fraud trigger with reason:

  • Proxy 
  • Device emulation 
  • Browser usage: Tor +
  • Installed plugins: AdBlock +
  • Not valid country 
  • and many others

IP screening

Combines AI risk assessment tool with Trustchain, and shows IP reputation with a specific reason and connected devices.


Heps to avoid chargebacks by providing the ability to respond to cardholder inquiries about questioned charges and transactions.

Card ID

Card ID generation technology is one of our unique products that helps to spot previously seen credit cards without storing their PAN numbers. 
Our secure PCI DSS level 1 storage will make this happen. 
Unique Card ID allows to: 

  • get the reputation of cards on the private, industry, or global scale (inside Trustchain), 
  • spot the correlation between card users, devices, accounts, identifiers, 
  • spot countries of card usage with 100% efficiency.

KYC&AML automation

Helps to avoid manual work, comply with regulatory standards, conduct ongoing monitoring through PEPs, sanctions, and other global lists.

Secure your brand reputation with efficient account takeover protection.

We’ve already analyzed 5 billion user actions, prevented 80 million bot attacks attempt, and 250 million risky activities.
Covery team has 5+ years of experience in fraud prevention and risk assessment.

Have questions? Contact us.