Account Takeover Integration


What is Account takeover?

Account takeover is when a fraudster gains control of an account that belongs to a genuine customer. Phishing, spyware and malware can all be used to commit account takeover attacks. However, for many merchants credential stuffing is the most common tactic used. Credential stuffing is the automated process of using stolen username and password combinations in order to gain access to customer accounts.

Fraudsters can monetize the attack in a number of ways, from making unauthorised transactions with a saved card or stolen card details to selling accounts and personal details to others.

You can read more about account takeover in our Insights Guide.

How Ravelin Protects Against Account Takeover

Ravelin can prevent account takeover from taking place at login, and also prevent fraudsters from placing orders from compromised accounts at checkout.

To do this we ask that you send us details about each attempt to log in and each attempt to place an order. We’ll make a recommendation as to whether we believe you should allow the customer to log in or place the order.

We generate these recommendations using custom machine learning models and rules which are explained in further detail below.

Account takeover recommendations need to be enabled on your account before they can be used. Please speak to your account manager about enabling account takeover recommendations.

Machine Learning

Ravelin will use your data to build machine learning models to stop account takeover. We use custom supervised learning models at login and at checkout. Machine learning is the best way to stop attacks; models are adaptable, scalable and less easy to circumvent. Models also allow you to optimize conversion.

Every business is different and each custom machine learning model will care about different things.

Models at login will typically pick up on:

  • The login history for the customer
    What do logins usually look like?

  • Location information
    Where did the customer sign in from? Are they signing in from an unusual location?

  • Network information
    What IP address was used? What was the ASN?

  • Device information
    What device was used? Have they signed in from this device before?

  • Behavioural data
    What did the customer do on the login page?

  • Customer specific data
    What email domain did the customer use? How old is the account?

Models at checkout may look at things like:

  • Transaction and order history
    Does the customer usually order from this restaurant? Do they usually spend this much?

  • Updates to customer details
    Did the customer use a new delivery address or update their phone number?

  • Device information
    Have they used this device to make an order before? Has this device been used by other customers?

Ravelin continuously monitors the performance of machine learning models, retraining them, adjusting thresholds and identifying and adding important features.

You can learn more about machine learning for fraud detection in our Insights Guide.


Rules can be an effective way to either enforce business logic around account security and to add some basic account takeover safeguards.

For example, rules can:

  • Enforce business policy
    If there are markets you don’t operate in, you can block all traffic from IP addresses in certain countries.

  • Enforce limits on device, username or IP usage
    Use velocity rules to apply limits over various periods of time.

  • Provide additional protection during attacks
    This can be especially useful as a temporary measure whilst models are being retrained and new features are added to improve performance as fraudsters change tactics.

Rules can be used in combination with machine learning, for example, if you want to challenge all logins from a new device where the machine learning score is below a certain threshold.

Ravelin continuously monitors the performance of rules and suggests any improvements.

Next steps

Learn about the account takeover integration process

Request an account takeover recommendation