Account takeover is when a fraudster gains control of an account that belongs to a genuine customer. Phishing, spyware and malware can all be used to commit account takeover attacks. However, for many merchants credential stuffing is the most common tactic used. Credential stuffing is the automated process of using stolen username and password combinations in order to gain access to customer accounts.
Fraudsters can monetize the attack in a number of ways, from making unauthorised transactions with a saved card or stolen card details to selling accounts and personal details to others.
You can read more about account takeover in our Insights Guide.
Ravelin can prevent account takeover from taking place at login, and also prevent fraudsters from placing orders from compromised accounts at checkout.
To do this we ask that you send us details about each attempt to log in and each attempt to place an order. We’ll make a recommendation as to whether we believe you should allow the customer to log in or place the order.
We generate these recommendations using custom machine learning models and rules which are explained in further detail below.
Account takeover recommendations need to be enabled on your account before they can be used. Please speak to your account manager about enabling account takeover recommendations.
Ravelin will use your data to build machine learning models to stop account takeover. We use custom supervised learning models at login and at checkout. Machine learning is the best way to stop attacks; models are adaptable, scalable and less easy to circumvent. Models also allow you to optimize conversion.
Every business is different and each custom machine learning model will care about different things.
Models at login will typically pick up on:
The login history for the customer
What do logins usually look like?
Location information
Where did the customer sign in from? Are they signing in from an unusual location?
Network information
What IP address was used? What was the ASN?
Device information
What device was used? Have they signed in from this device before?
Behavioural data
What did the customer do on the login page?
Customer specific data
What email domain did the customer use? How old is the account?
Models at checkout may look at things like:
Transaction and order history
Does the customer usually order from this restaurant? Do they usually spend this much?
Updates to customer details
Did the customer use a new delivery address or update their phone number?
Device information
Have they used this device to make an order before? Has this device been used by other customers?
Ravelin continuously monitors the performance of machine learning models, retraining them, adjusting thresholds and identifying and adding important features.
You can learn more about machine learning for fraud detection in our Insights Guide.
Rules can be an effective way to either enforce business logic around account security and to add some basic account takeover safeguards.
For example, rules can:
Enforce business policy
If there are markets you don’t operate in, you can block all traffic from IP addresses in certain countries.
Enforce limits on device, username or IP usage
Use velocity rules to apply limits over various periods of time.
Provide additional protection during attacks
This can be especially useful as a temporary measure whilst models are
being retrained and new features are added to improve performance as fraudsters change tactics.
Rules can be used in combination with machine learning, for example, if you want to challenge all logins from a new device where the machine learning score is below a certain threshold.
Ravelin continuously monitors the performance of rules and suggests any improvements.
Learn about the account takeover integration process
Request an account takeover recommendation
Was this page helpful?