ATO Fraud: Why It Remains FIs' Greatest Fraud Risk

Financial losses linked to identity fraud continue to increase, but 2023 did see some bright spots for financial institutions and consumers. Although overall identity fraud losses increased 13% year over year, Javelin Strategy & Research’s 2024 Identity Fraud Study notes that the number of fraud incidents resulting in losses for consumers dropped between 2022 and 2023. What’s more, fraud losses linked to scams—which experienced marked increases during the pandemic—fell 13% year over year, proving to Javelin analysts that financial institutions’ investments in heightened cybersecurity educational strategies and enhanced scam detection technologies and features are paying off. 

But that’s where the positive side of the fraud story ends. Conversely, despite years of anti-fraud investment, account takeover (ATO) continues to plague financial institutions and consumers. Traditional authentication methods offer too many gaps of opportunity for cybercriminals, primarily because of easily compromised or acquired credentials. Among traditional identity fraud typologies tracked by Javelin, ATO losses are among the most impactful to consumers. In 2023, ATO fraud losses suffered by consumers increased 15% from the previous year. This report explores why FIs’ short-term focus on identity verification and authentication is adversely affecting their ability to dramatically reduce ATO. 

Key questions discussed in this report:

• Why do full account takeover trends highlight growing risks for identity verification? 
• How do simple authentication measures leave wide gaps for fraud and cybercrime? 
• What lessons should account takeover fraud teach us, relative to other fraud typologies, such as new-account fraud?

Companies Mentioned: 

Centers for Disease Control and Prevention (CDC), U.S. Department of Treasury, Federal Financial Institutions Examination Council (FFIEC), Federal Trade Commission (FTC)