Account Takeover: Static Authentication Enables Access Without Confirmation

Ongoing and pervasive exposure of U.S. consumers’ personal information has made account takeover (ATO) the lowest-hanging fruit for criminals. Criminals are using legitimate credentials and mimicking typical customer behavior to impersonate accountholders to slip past fraud controls. ATO risk signals are often subtle and difficult to detect, especially with outdated authentication models that validate users only at login. To thwart ATO risks, financial institutions must address gaps in user authentication and use identity-proofing and authentication solutions that go beyond onboarding or initial login. 

This Javelin Strategy & Research report examines the growing impact of ATO and identifies where static authentication falls short. It outlines what financial institutions must do to strengthen their defenses to detect and thwart account takeover fraud in real time to protect customers and their holdings.

Key questions discussed in this report: 

• How can FIs strengthen identity verification and authentication strategies to stop account takeover?
• Why should FIs move away from static fraud defenses?
• Why is it so critical for banks and consumers to address ATO fraud immediately? 

Companies Mentioned: 

Beyond Identity, BioCatch, Forter, Imperva, Kasada, Memcyco, Mitek, Okta, PingIdentity, Signifyd, Telesign