Shield your customer accounts from fraudsters

Account takeover fraud occurs when fraudsters use stolen consumer credentials (typically username/email and corresponding passwords) to take control of an existing account. These same individuals may also use stolen personal information to establish new fake accounts. The fraudsters can then use these accounts to carry out unauthorized activities, including loyalty fraud, card testing and bad transactions.

In addition to fraudulent payments, account takeovers may also have far-reaching consequences for victims, undermining trust and loyalty among valued customers and causing rapid attrition away from the brand. Make sure you’re taking steps to protect your business.

See how Account Takeover Protection works

Protect online accounts from unauthorized access

Stop fraudsters, while still providing a streamlined experience for valid customers. Account Takeover Protection actively monitors new account creation and login activity on your website to more accurately identify valid transactions vs. high-risk requests.

Avert fraud attempts before they take place

Avoid the costs and risks associated with fraudulent transactions and chargebacks. Machine learning plus a flexible rules engine identifies suspicious activity based on the requestor’s behavior, email, device, communications and other attributes. You decide whether to accept, reject or challenge account related requests—helping stop fraud before it happens.

Preserve customer trust and loyalty

Protect your brand by ensuring customers enjoy a secure online experience. Real-time decisions mean that account creation, login and changes will be seamless and safe. You can also identify valuable returning customers to provide them with a frictionless path to purchase.

Protect customer accounts from credential stuffing

Cybercriminals are using increasingly sophisticated methods to access accounts, including phishing through malware, SQL injection attacks, spyware, Trojans, worms, and botnets (network of machines that can automate an attack.) The now prevalent use of botnets means fraudsters can conduct rapid, large-scale automated login attempts to validate and use stolen credentials.

This is known as credential stuffing, and it puts businesses at an even greater risk of account related fraud on their sites. Account Takeover Protection screens for credential stuffing to help keep your business safe.

Safeguard your loyalty programs

Fraudsters are also on the lookout for weak points in loyalty programs. In this scenario, cybercriminals takeover good customers’ accounts to steal reward points and resell or redeem them.

Account Takeover Protection monitors high-risk behavior at account access, purchase and redemption of points—so you can protect your incentive programs and drive customer loyalty.

Stay ahead of card testing attacks

More and more fraudsters are using botnets to superpower their card testing schemes. In these attacks, fraudsters run thousands of low-value transactions on a merchant’s site to “test” the validity of card details. By the time merchants notice, they often face a staggering number of authorization fees, and the chargebacks may jeopardize their standing with major processors.

Account Takeover Protection can help identify and block bots or fraudsters prior to logging in and attempting to load and test cards.

Identify suspicious activity from account creation through checkout

Account Takeover Protection and Loyalty Program Protection work together to screen each user interaction for suspicious characteristics.


Spike in account creation attacks

In the first six months of 2019, bot-based account creation attacks perpetrated against online retailers spiked by 305%.1


Rise in account takeover attempts

Increase in account takeover attempts and a 347 percent rise in shipping fraud attempts globally for online retail customers from 2018 to 2019.2

How it works

The user-friendly Cybersource Enterprise Business Center interface makes it easy to configure risk strategies.

Create profiles for each event you’d like to review:

Account Creation, Account Login, and/or Account Update events (such as password changes). For each profile, create review rules based on comprehensive strategies, including device, email, communications, velocities, bot detection and user behavior.

These rules can flag anomalies about the requestors trying to access your systems, such as jailbroken devices or suspicious proxy IP activities. Cybersource can access cross-merchant device data, providing insight into past device usage and other attributes. 

Rules can also incorporate velocities around items:

Such as number of times a device is used in conjunction with username, password, name, billing address, phone number and credit card information. 

Based on rule output, decide whether to accept, monitor, challenge or reject the user action. For instance, events originating from new devices for existing customers could be challenged, requiring users to verify their identities before they’re allowed to create, access or change data in their accounts.

Supported on web and mobile devices, with SDKs for iOS and Android implementation in mobile apps.

Easy integration

Account Takeover Protection operates on the same platform as our payment risk review service Decision Manager, providing the critical ability to share learnings from the payment side to the account review side, and vice versa. By using Account Takeover Protection in combination with Decision Manager, you can access information about pre-purchase account activity during review. Since Account Takeover Protection leverages the same integration, customers using Decision Manager can easily add the Account Takeover Protection service. Enable Account Takeover Protection and start safeguarding your customer accounts today.

Read the latest news from our blog

Understanding account takeover and its impacts

Learn what account takeovers are and how they can impact a business and its customers.

How real is the loyalty fraud threat?

Fraudsters who successfully take over accounts will take anything that has immediate or resale value—and that includes loyalty points and rewards.

Identifying and preventing loyalty takeover fraud

Learn about the steps your business can take to guard against account takeover and loyalty fraud, and preserve customer trust.

Interested? Let’s talk.