Risk-Based Authentication and The Evolving Threat of Account Takeover

Posted July 21, 2017

Risk-Based Authentication and The Evolving Threat of Account Takeover

Among the many threats facing digital businesses, account takeover (ATO) is quickly becoming a common — and troublesome — one.

Forrester estimates that ATO causes at least $6.5 billion to $7 billion in annual losses across financial services, insurance, eCommerce, healthcare, gaming and gambling, utilities, and other industries.

But why has this become the attack of choice for many cybercriminals? It is, in part, due to the evolving relationship between digital businesses and the consumer.

It’s no longer good enough for online businesses to simply provide goods and services. That transaction-based relationship has morphed into a continuous and evolving relationship, propelling businesses to better personalize the digital experience.

Customers have also changed their behavior when interacting with digital businesses. A preponderance of caution has given way to measured trust where many are now comfortable with storing personal information on websites they frequent. We are all aware of data breaches, but those feel like corner cases. In reality, cybercriminals routinely obtain account credentials, and for those affected it’s anything but a corner case.

Anatomy of an ATO Attack

Stolen identity and credential information is the new currency for cybercriminals. It is the lifeblood of most of their schemes. But, the way they use this information goes beyond simply setting up a false account to, for example, get a free subscription.

What might begin as a simple account validation using a basic bot often evolves into something more complex, for example, using a slightly sophisticated bot to guess a password or an even smarter bot to masquerade as genuine human traffic to trick unsuspecting businesses.

Once a set of credentials is proven effective, fraudsters use them in various ways, including augmenting those existing identity credentials for use in new attacks. They can add a stolen credit card for example. Change billing addresses. Beyond the immediate gains, this helps build up account histories before they are re-packaged and sold at a premium.

ATO fraud not only leads to billions in financial losses, it also damages the personal relationship with your customers and harms the brand.

Evolving Threats

When looking at ATO and other threats, it’s hard not to feel overwhelmed. After all, companies have to deal with everything from simple stolen account credentials to the mysterious zero-day vulnerabilities on a seemingly daily basis.

This gives security and risk professionals a lot to do — from legacy system patches to integrating the latest-and-greatest security software throughout your global organization.

At ThreatMetrix, we council our customers on the virtues of dynamic threat protection vs. static authentication. Businesses need to apply this same thinking to threats in general. In essence, companies must have a dynamic, not a static, mindset when it comes to cybersecurity because cyberthreats of all types are changing and evolving. No one knows for sure how they will evolve, but it is a certainty that they will.

According to the Q1 2017 Cybercrime Report, attacks have evolved from high-volume, single-vector attacks, such as the identity validation and bot attacks of 2015, to more complex, multi-vector, high-value attacks specifically targeting retailers and financial institutions.

The next massive attack is probably being worked on as you read this. It is up to digital businesses to prepare to fight tomorrow’s threats — even if we can’t envision what they will be. How exactly can you do that?

The Power of Global Shared Intelligence

Risk and security professionals are turning to dynamic, risk-based authentication (RBA) solutions to deal with these evolving threats.

Despite the rapid evolution of these threats, digital identities built on global shared intelligence, powerful machine learning and the ThreatMetrix expertise are evolving faster and responding instantly to this new wave of attacks. This is due to the power of the Digital Identity Network, which analyzes millions of transactions in real time and grows more powerful with each transaction.

Having more than 5,000 global customers gives the Digital Identity Network it’s the true power — the power of scale — and puts ThreatMetrix in a unique position to be recognized as the sole Leader in The Forrester WaveTM: Risk-Based Authentication, Q3 2017.

There are 3 billion global Internet users, and our Digital Identity Network knows something about 1.5 billion of them. This global reach and scale of our Network puts ThreatMetrix in a unique position. When we see a threat for the first time, so does the entire network. The data is anonymized to protect privacy, but threats are no longer hidden from our customers.


The digital economy is built on trust, but cybercriminals use that trust as a curtain — hiding behind it in an attempt to stay anonymous. Global share intelligence pulls back that curtain to expose the fraudsters, regardless of the new type of threat or attack they have invented.

According to Forrester, a major factor in ThreatMetrix achieving its top ranking for RBA providers is its demonstrated thought leadership, it’s robust portfolio of dynamic authentication solutions, and its vision for securing against threats as they continue to evolve.

At ThreatMetrix, we have a long history of innovation to mitigate these evolving threats. Like many organizations, our capabilities have grown extensively over the years, and we will continue to grow them in our effort to power and secure the digital economy.

To learn more about how ThreatMetrix earned the sole leadership position in the risk-based authentication market, download the Forester WaveTM: Risk-Based Authentication, Q3 2017 here.

Alisdair Faulkner

Alisdair Faulkner

Chief Identity Officer, Business Services, LexisNexis Risk Solutions

close btn