An Intelligent Response To Account Takeover (ATO) Fraud

Covery Blog / Antifraud, Covery, Fraud prevention, Fraud types / An Intelligent Response To Account Takeover (ATO) Fraud

An Intelligent Response To Account Takeover (ATO) Fraud

While not business-critical, account takeover or ATO fraud is one of the more widespread and quite devastating types of cyberattacks. Unfortunately, unlike other types of CNP fraud, this one can’t be handled by issuing banks or payment processors. Thus said, takeover protection is the sole responsibility of an online merchant, which leads us to the topic of this article. How do you identify and prevent an account takeover attack, or how to recuperate from its consequences? Let’s take a closer look, based on Covery’s experience as an anti-fraud system working with the US, UK, and EU customers.

What type of fraud is an account takeover?

Account takeover attack is a type of multi-step identity fraud, where fraudsters perform many small and seemingly insignificant steps which ultimately lead to loss of account ownership and business relations with a customer.

As such, it can be very detrimental for your business and should be identified quickly to give you a chance to prevent the negative outcome. The hardship here is that the steps of account takeover fraud are the same as legitimate changes many customers do regularly:

  • update of PII on file
  • change of password
  • change of credit card details
  • adding authorized account manager
  • adjusting email settings (adding a cc email address) to retain control even in case of a forced password reset
  • many, many more, which happen in the thousands daily.

Thus said it’s quite hard to analyze such actions in real-time and discern between legitimate and fraudulent ones.

How do you prevent account takeover then? 

Reliable ATO fraud prevention

The best approach to account takeover protection is to analyze all customer actions on the fly, highlight potentially fraudulent ones and halt them before the fraudster can take control of the account. Naturally, this is impossible to do manually 24/7. How to make it happen then?

Covery combines several features to ensure reliable ATO fraud prevention:

  • Trustchain — a global reputational knowledge base. It stores more than 500 million records about the reputation of various account identifiers like email addresses, phone numbers, IBAN for SEPA or BIC for SWIFT numbers, etc.

    If any of these identifiers are marked by any Covery community member as a part of a fraudulent scheme, all other Trustchain users are immediately notified if any of them are ever used again by their customers. This helps detect ATO fraud attempts as early as account registration and during all other steps of the customer journey.
  • Supervised ML. Covery uses a customizable ML algorithm that analyzes current customer actions and behavioral patterns and correlates them with logged activity to identify abnormal actions on the fly and highlight potential account takeover in progress.
  • Device fingerprinting. During every session, every device transmits a bunch of hardware and software IDs that help create a digital fingerprint of this device. By capturing these details, Covery is able to build a profile of every customer and immediately flag unusual activity.

    For example, when a customer that always logged in from Texas in the evening logs in from Nairobi in the night, from another device and proceeds to change the account password immediately — you can be pretty sure ATO fraud is in progress. 
  • Risk-trust scoring. Sometimes customers adjust their normal usage patterns legitimately — like when going for a road trip and using a public WiFi IP address instead of their usual home IP address. All such adjustments are automatically analyzed by the aforementioned anti-fraud solutions, and every transaction gets a risk score from -100 to 100.

    As a result, low-risk customers can skip some verification steps to have a smoother customer experience, while high-risk transactions can result in additional checks with 3D Secure and other scenarios. Covery offers a configurable risk logic engine with 15 predefined scenarios for 23 industries and an ability to create as many specific scenarios as you need. 

All of these measures working as a part of end-to-end risk management and anti-fraud solution ensure Covery provides reliable ATO fraud protection and timely prevention.


Account takeover is one of the most widespread and damaging forms of identity theft. If ATO fraud is left unchecked, losses to your bottom line and business reputation can quickly mount. Real-time automated takeover protection is essential to ensure long-term business success and growth.

As an end-to-end anti-fraud system, Covery has all the functionality needed to handle your daily risk management tasks — from KYC automation and account takeover prevention to chargeback solutions. Contact us for a free demo and see for yourself the value Covery can deliver for your business! Do you know of someone who needs such services? Tell about Covery, as every online business deserves a reliable anti-fraud system!