Shield your customer accounts from fraudsters

Account takeover fraud occurs when fraudsters use stolen consumer credentials (typically username/email and corresponding passwords) to take control of an existing account. These same individuals may also use stolen personal information to establish new fake accounts. Fraudsters can then use these accounts to carry out unauthorised activities, including loyalty fraud, card testing and creation of fake accounts.

In addition to fraudulent payments, account takeovers may have far-reaching consequences for victims, undermining trust and loyalty among valued customers and causing rapid attrition away from the brand. Make sure you’re taking steps to protect your business.

See how Account Takeover Protection works

Protect online accounts from unauthorised access

Stop fraudsters, while providing a streamlined experience for good customers. Account Takeover Protection actively monitors new account creation or login activity on your website to more accurately identify valid transactions versus high-risk requests.

Avert fraud attempts before they take place

Avoid the costs and risks associated with fraudulent transactions and chargebacks. Machine learning plus a flexible rules engine identifies suspicious activity based on requestor’s behaviour, email, device, communications and other attributes. You decide whether to accept, reject, or challenge account related requests—helping stop fraud before it happens.

Preserve customer trust and loyalty

Protect your brand by ensuring customers enjoy a secure online experience. Real-time decisions mean that account creation, login, and changes will be seamless and safe. You can also identify valuable returning customers to provide them with a frictionless path to purchase.

Protect customer accounts from credential stuffing

Cybercriminals are using increasingly sophisticated methods to access accounts, including phishing through malware, SQL injection attacks, spyware, Trojans, worms, and botnets (network of machines that can automate an attack.) The now prevalent use of botnets means fraudsters can conduct rapid, large-scale automated login attempts to validate and use stolen credentials. 

This is known as credential stuffing, and it puts businesses at an even greater risk of account related fraud on their sites. Account Takeover Protection screens for credential stuffing to help keep your business safe.

Stay ahead of card testing attacks

More and more fraudsters are using botnets to superpower their card testing schemes. In these attacks, fraudsters run thousands of low-value transactions on a merchant’s site to “test” the validity of card details. By the time merchants notice, they often face a staggering number of authorisation fees, and the chargebacks may jeopardise their standing with major acquirers and processors. 

Account Takeover Protection can help identify and block bots or fraudsters prior to logging in and attempting to load and test cards.

Safeguard your loyalty programmes too

Fraudsters are also on the lookout for weak points in loyalty programmes. In this scenario, cybercriminals take over good customers’ accounts to steal reward points and resell or redeem them. Account Takeover Protection monitors high-risk behaviour at account access, purchase and redemption of points—so you can protect your incentive programmes and drive customer loyalty.

Identify suspicious activity from account creation through checkout

Account Takeover Protection and Loyalty Programme Protection work together to screen each user interaction for suspicious characteristics.

305%

Spike in account creation attacks

In the first six months of 2019, bot-based account creation attacks perpetrated against online retailers spiked by 305%.1

347%

Rise in account takeover attempts

From 2018 to 2019, there was a 347 percent increase in account takeover attempts and a 391 percent rise in shipping fraud attempts globally for online retail customers.2

How it works


The user-friendly Cybersource Enterprise Business Center interface makes it easy to configure risk strategies.

Create profiles for each event you’d like to review:

Account Creation, Account Login, and/or Account Update events (such as password changes). For each profile, create review rules based on comprehensive strategies, including device, email, communications, velocities, bot detection and user behaviour.

These rules can flag anomalies about the requestors trying to access your systems, such as jailbroken devices or suspicious proxy IP activities. Cybersource can access cross-merchant device data, providing insight into past device usage and other attributes.

Rules can also incorporate velocities around items:

This includes the number of times a device is used in conjunction with username, password, name, billing address, phone number and payment card information.

Based on rule output, decide whether to accept, monitor, challenge or reject the user action. For instance, events originating from new devices for existing customers could be challenged, requiring users to verify their identities before they’re allowed to create, access or change data in their accounts.

Supported on web and mobile devices, with SDKs for iOS and Android implementation in mobile apps.

Easy integration

Account Takeover Protection operates on the same platform as our payment fraud and risk management solution, Decision Manager, providing the critical ability to share learnings from the payment side to the account review side, and vice versa. By using Account Takeover Protection in combination with Decision Manager, you can access information about pre-purchase account activity during review. Since Account Takeover Protection uses the same integration, customers can easily add the Account Takeover Protection service. Enable Account Takeover Protection and start safeguarding your customer accounts today.

Read the latest news from our blog

Understanding account takeover and its impacts

Learn what account takeovers are and how they can impact a business and its customers.

How real is the loyalty fraud threat?

Fraudsters who successfully take over accounts will take anything that has immediate or resale value—and that includes loyalty points and rewards.

Identifying and preventing loyalty takeover fraud

Learn about the steps your business can take to guard against account takeover and loyalty fraud, and preserve customer trust.

Interested? Let’s talk.