As with Card Not Present fraud, layered security is the best way to spot ATO fraud attempts. A robust anti-fraud program should verify customer identity, device, and geolocation and IP address. It should also analyze returning customers’ orders in the context of past purchases. These parameters should be adapted to the risks in each channel.

For example, as mobile account takeover rates rise, it’s wise to closely monitor your m-commerce channel’s rates of attempted fraud, completed fraud, and false positives. That data can help you improve your fraud screening process in that channel.

Flagged transaction: alerting customers

One technique that reduces false declines can also help identify ATO attacks. When an experienced fraud analyst manually reviews a flagged transaction, they may contact the customer directly. That call is a chance to see if the account holder is the person placing the order. If the analyst has a way to communicate with the account holder besides SMS and mobile voice (such as a work phone number or an email address), they can alert the real customer when there’s a problem–even if that customer’s phone number has been hijacked.

As we can see, fraud techniques are always evolving. When your business keeps improving its fraud prevention techniques—replacing phone numbers with more secure authentication methods, monitoring your fraud data in each channel, and giving your analysts multiple ways to reach customers—your layers of security will grow stronger and more effective.


Original article at: