What is ATO Fraud and How Can it be Prevented?

ATO fraud unlocks access to a victim’s personal information. Here's how to prevent it

Several businesses operating online require customers to open an account to access products and services. This makes recordkeeping easy and ensures customers’ transactions, information, or investments are secured and monitored. These customers require login credentials to access their accounts and complete transactions on the system. These credentials are unique to each customer.

As clients and businesses continue to get comfortable with the convenience that comes with carrying out transactions online, cybercriminals are also exploring more opportunities for fraud. According to an identity fraud study by Javelin, business operations on digital platforms present the greatest opportunity for fraud. Due to this, Account Takeover (ATO) fraud and identity theft are some of the common crimes that will likely continue to rise with that trend. Which leads to the question - what is ATO fraud?

What is ATO Fraud?

ATO fraud is a kind of cybercrime where a fraudster assumes control over an account without the account owner’s permission. This is also known as account takeover identity theft in some circles. Access to many online services requires that users submit identification documents. This is to ensure that all activities on the account are traced to the account owner. However, fraudsters try to find loopholes through which they hack an account and carry out fraudulent activities without any link to them. That’s why business platforms request for identity verification and liveness checks to be certain that an account and its assets are safe and handled by the owner, to improve system integrity, and to build client’s trust.

In ATO fraud cases, hackers change login credentials that lock the genuine owner out of the account, then further change email, telephone numbers, and passwords, which could make it difficult to resolve this form of identity theft. According to a Google survey, 52% of respondents reuse the same password for their accounts across multiple platforms, so if one account is compromised, users could lose several others. Sometimes, the activities of the impostor may not be flagged if they are peculiar to the legitimate account owners - until fraudulent transactions are made.

The Impact of ATO Fraud and Related Vulnerabilities

Account takeover identity theft unlocks access to a victim’s personal information like home address, date of birth, and answer to security questions. The stolen data allows them to create more digital accounts for completing fraudulent transactions.

Although the primary targets of ATO fraud are individuals, businesses are also impacted as potential customers lose trust in the integrity of the system. Account takeover identity theft starts with attacks in the following forms:

1. Phishing

Phishing is a form of cyberattack that takes the approach of posing like a friendly entity making seemingly harmless requests. Fraudsters can impersonate financial institutions, cryptocurrency exchanges, brokerage firms, or other types of companies requesting certain data from authenticated users. Engaging with these cybercriminals may lead to users divulging critical information through fake payment gateways or malware infiltration.

Although there are instances when victims receive phone calls, phishing attacks are usually by email. Attachments in such emails are capable of introducing malware into a user’s device when downloaded. When successful, attackers can retrieve contact details and sensitive information of other victims as they try to take over more accounts.

2. Data Exfiltration with Malware

Malicious software has the capability of retrieving information from a device without authorization. The stolen credentials are used to get into accounts accessed from the affected gadget, and all transactions completed on the device could be diverted to illegitimate accounts. In other cases, the genuine user is locked out of the system and required to pay a ransom to regain access to encrypted files.

3. Man-in-the-Middle (MITM) Attacks

The MITM system of attack involves setting up a framework that allows the interception of user data during an exchange. A popular technique is setting up public Wi-Fi networks to entice unsuspecting victims. Login would eventually get hijacked, allowing the hacker to steal financial information or scam other people on the victim’s contact list. Aside from using unsecured Wi-Fi in hotels, airports, and coffee shops, platforms with little or no encryption are also vulnerable to MITM attacks. Having HTTPS in the URL no longer cuts it, but a protected versatile framework with an extra layer of security makes a difference.

4. Credential Stuffing

Stolen digital credentials from a data breach are often sold on the dark web, making it possible for hackers to compromise several accounts simultaneously. Since most people reuse the same login credentials on several platforms, the username and password pairs are tried across several websites. Automated tools make it possible to test all credentials to quickly identify valid ones. And account takeover identity theft occurs with every successful login.

5. Business Email Compromise (BEC)

BEC fraud involves impersonating a trusted entity to make requests from authorized persons in an organization. Attackers often use a domain spoofing technique, creating emails that look like that of the original to exploit staff into authorizing transactions on their behalf. They may also request changes to the login credentials of specified accounts to gain access.

When a fraudster takes over the account of a trusted client or colleague, they continue BEC-style attacks to gain access to other user accounts. And while using the original account of a victim, detection will be difficult. Since BEC does not result from technical vulnerabilities of a system, proper education on account takeover prevention is recommended for employees.

ATO Fraud Prevention

Verifying if a user is always in control of their account’s activities is one challenge businesses online face. That’s why combining the right account takeover prevention strategies will ensure that a platform remains secure and less inviting to a cybercriminal. Here are some top ATO fraud prevention strategies:

Multi-factor Authentication: Implementing multi-factor authentication frameworks can help minimize incidents of ATO fraud on your platform. Aside from providing a password, users could be asked to input an OTP (One-Time Password) retrieved from registered phone numbers, emails, or separate code generators. It means that after providing comprehensive KYC (Know Your Customer) data and completing online ID verification is essential, setting up security questions and completing biometrics can provide that added layer of security needed to maintain system integrity.

Ongoing Monitoring: Employing sophisticated technologies such as ongoing monitoring ensures that dubious activities are flagged in real-time. For instance, multiple login attempts from one IP address or simultaneous logins from multiple locations can be identified and flagged. Activities from that account can then be monitored for further actions. This also applies to high value transactions from an account owned by a Politically Exposed Person (PEP). Therefore, platforms can pre-set login attempt limits to make spamming difficult, as having to wait for an hour or more before making another attempt could be frustrating for hackers.

Employee Education: Training employees on effective strategies to resist social engineering ensures that there are no loopholes for bypassing a firm’s account takeover protection solution. Increasing awareness of the use of fake domains and the forms of phishing messages will ensure that they are better prepared when faced with such situations. Sometimes, an organization’s staff might be the last line of defence against BEC and ATO fraud during cyberattacks since bots are easier to detect than humans.

Liveness Check: Criminals often use bots for credential stuffing, and after an account takeover they might only possess the digital credentials necessary for login. Liveness checks ensure that every transaction request takes the user through another authentication process – which would deter fraudsters.

Web Application Firewall: Firewalls are designed to limit traffic or prevent access from a specific source. They are also effective against malware infiltration, ensuring that unauthorized access into a system remains difficult.


Compliance with AML regulations and the adoption of multiple security measures ensures account takeover protection. Fraud detection tools can ensure that users of a platform do not lose their accounts and critical data, while businesses retain control of system activities and acceptable risks. Robust identity verification infrastructure provided by digital security experts like Passbase can offer account takeover protection while online platforms maintain a frictionless customer experience.

Passbase provides a convenient way for crypto businesses to perform KYC and AML checks through identity verification. You can integrate Passbase into your platform via the Passbase API or with SDKs for iOS, Android, and web. To see how identity verification can work for your business today, book a demo.

Get the latest news from Passbase

Passbase © 2023


Passbase is an identity verification solution that makes facial recognition, liveness detection, ID verification and KYC and AML compliance accessible through a suite of flexible developer tools. A zero-knowledge architecture ensures that companies using Passbase can securely verify users from over 190 countries without having to store their data. Built for developers, it can be integrated with just a few lines of code on iOS, Android, and Web.