Prevent Account Takeover Fraud – Just Speak!

According to Javelin Research’s annual “Identity Fraud Study: The Virtual Battleground” Account Takeover (ATO) fraud increased by 90% to an estimated $11.4 billion in 2021 when compared with 2020.

CyberEdge Group also released research that corroborates the same findings about ATO. In its 2022 “Cyberthreat Defense Report,” which surveyed 1,200 IT security personnel worldwide, account takeover was one of the two most pervasive and expanding threats (along with malware).

So, the question is why is ATO so prevalent and how do we stop it?

Account takeover (ATO) fraud happens when a fraudster poses as the genuine customer, succeeds in gaining control of the customer’s account (phone, online, mobile, card), and conducts fraudulent transactions. According to Javelin Research, 61% of all account takeover involves the Contact Center.

It’s no surprise that Contact Centers are a primary target since the majority still rely on Knowledge Based Authentication (KBA) as the primary mode of customer authentication. KBA is fundamentally flawed because

  • it is based on a premise that only the genuine customer will know the answers to specific questions.
  • Fraudsters easily get hold of such information through many different methods.
  • and once in possession of such information, the contact center agent is convinced that the genuine customer is on the call.

What is further aggravating the problem?

Customers continue to use passwords to access their online accounts and many organizations continue to accommodate this. And what we also know is many people still reuse the same password across multiple accounts for multiple organizations, regardless of the constant advice to the contrary.

We also know that logins, email addresses, and passwords are routinely stolen through all-too-common data breaches and then resold to other bad actors. These rogue actors perform automated ATO attempts on large organizations, knowing there’s a good chance of getting a successful hit given the propensity of people to reuse the same passwords. It is simply a numbers game.

What this means is that any organization reliant on knowledge “secrets” or “passwords” for their customers’ accounts are at risk of ATO fraud, regardless of how securely they protect their customers’ credentials.

The risk may not emanate from themselves, but from all of the other password-based organizations their customers deal with. That stolen password is like a key and sooner or later a fraudster will find the door it opens.

So how do we stop Account Takeover Fraud (ATO)?

Firstly, assume people will continue to reuse the same password across multiple sites, and secondly, assume data breaches will continue to occur and passwords and Personally Identifiable Information (PII) will continue to be stolen.

Therefore, we have to ensure that this information is not used regardless of whether it’s stolen, and regardless of whether a fraudster finds a website that it would open.

The way to do this is to either replace the password with appropriate Identity Assurance or layer Identity Assurance over the password or the multi-factor authentication protocol. Only voice biometric authentication provides effective and accurate Voice Identity Assurance; everything else is simply a proxy form of identity and every proxy form of identity can be stolen and used by whoever has possession of it.

Why is Voice the preferred choice of biometric authentication to combat ATO?

Voice is the strongest and easiest-to-use form of biometric authentication. A stolen password or an intercepted OTP, without the voice that effectively activates it, is useless.

ValidSoft’s voice biometric Identity Assurance provides the ability to prevent ATO through data breaches, OTP interception, or Proxy/Device takeover.

  • Unlike passwords, its voice models are impervious to data theft as they don’t contain audio
  • Are simply digital representations that cannot be reverse-engineered into audio
  • Contain no PII and are effectively useless to anyone and anything except the algorithms that created them.
  • And those algorithms not only detect imposters, but they also detect recordings and synthetically generated audio (Deepfakes).


At ValidSoft we understand the importance of network and data security.  Data breaches and associated ATO attempts will continue to occur, so organizations need to work with that premise and protect customer accounts with appropriate voice-based Identity Assurance. Stopping ATO fraud is as easy as speaking!

We take the protection of customer data and identity seriously, and we are the only security vendor in the world with four European Privacy Seals, guaranteeing compliance with GDPR and all similar State/Federal privacy regulations.  

ValidSoft was recognized as a Global Voice Biometrics Leader in Opus Analysis on Intelligent Authentication and Fraud Prevention. We earned leadership due to the accuracy, speed, extensibility, privacy, and momentum of ValidSoft Voice Identity Solutions. 

Request a demo at https://validsoft.com/request-demo/   

 

Share this post

Twitter
LinkedIn