Connecting ATO and transaction fraud dots: Bots are the key
A wave of credential stuffing, with no attempt to use the accounts. A pause. The accounts are accessed but not leveraged. A pause. Then, a flood of transaction fraud, using either the taken-over accounts or new ones set up with similar personal information.
The catch: The stages of this process may occur days or weeks apart. And they may not all take place on the same websites. What’s happening, and how does bot detection and analysis help clarify and prevent fraud?
The evolution of identity-based fraud: Why ATO attacks are at the top of the list
Digital identity is the new currency, and adversaries are chasing wealth. Research shows that 61 percent of data breaches are the result of compromised credentials. This is a common fraudster tactic, whereby using legitimate credentials allows them to avoid detection as they gather intelligence and stolen data that will allow them to undertake further fraudulent transactions.
Fundamental to the defense of systems is access control, but it has its limits. Attackers are continuously trying to circumnavigate these systems to access accounts, with login and payment flows frequently targeted. This is why many organizations have invested in anti-fraud technologies to detect and mitigate against such attacks.