Typology Tales July 2024: Account Takeover Surveillance

We are pleased to share the latest edition of "Typology Tales" for July 2024. This edition highlights the new typologies that our Anti-Financial Crime (AFC) community has carefully analysed and selected. Our community's collective efforts are crucial in staying ahead of evolving financial crime threats, and we are grateful for your continued participation and contributions.

AFC Community’s Role

Each month, our dedicated AFC community comes together to analyze and evaluate newly created typologies, selecting those that can significantly enhance the ecosystem's ability to prevent and combat financial crime. The typologies chosen for publication are those that offer the most promise in terms of effectiveness and applicability across various scenarios.

Key Highlights from July 2024 

These typologies have been meticulously curated to ensure they provide robust and actionable insights, ultimately helping to safeguard the financial ecosystem.

Theme of the Month: Account Takeover Fraud (ATO)

Account takeover fraud (ATO) is a type of cybercrime where unauthorised people access a user's account and use it for harmful purposes. This dangerous activity has increased significantly in recent times, posing a growing threat to both individuals and organisations. 

In this edition...

In this edition of Typology Tales, we delve into two typologies that compliance professionals can incorporate into their transaction fraud monitoring systems to proactively prevent account takeover in real time.

Typology 1: Surge in Multi-Party Transactions in Sizeable Values

A pattern of multiple parties making high-value transactions with one entity in a short period of  time suggests possible account takeover fraud. This requires a strategic review of transaction behaviours.

How It Works

• The typology monitors transactions involving a single customer who receives or transfers funds with multiple parties within a short time span.
• To identify potential account takeover risks, the typology groups transactions by the unique identifiers of senders and receivers within a specified time frame. By tracking these identifiers over a defined period, it can determine how many different parties have transacted with a particular entity.

• Simultaneously, the typology aggregates the transaction amounts linked to unique senders and receivers.

• It flags any entity that engages in transactions with a large number of different parties and exceeds a cumulative transaction threshold. This signals potential account takeover risks due to unauthorised access and high-value transactions.

Typology 2: Monitoring High-Value Transactions Across Multiple Payment Modes

Financial institutions may implement advanced monitoring to detect high-value transactions between senders and receivers through various modes, aiming to uncover potential account takeover fraud.

How It Works

• To effectively oversee the flow of funds, the typology tracks and aggregates transaction amounts based on the mode of transfer.
• Transaction amounts, including those made through cash or alternative payments, are further aggregated by the unique identifiers of the sender and receiver over a specific period.
• Entities showing high-value transactions across multiple payment modes over specified time frames are potentially flagged as suspicious. This increased activity may indicate that an account has been compromised and is being used to funnel funds illegally.

From the Media: Account Takeover Attacks Overtake Ransomware as Leading Security Concern

Research by cybersecurity firm Abnormal Security highlights that account takeover (ATO) attacks have become a top concern for security leaders. The 2024 State of Cloud Account Takeover Attacks report reveals that 83% of organisations experienced at least one ATO incident in the past year. 

Over 75% of security leaders rank ATOs among the top four global cyber threats, with nearly 50% facing more than five incidents annually and around 20% encountering over ten incidents. ATOs are now considered more significant than other threats such as spear phishing and ransomware.

Read More

Unite in the Fight Against Financial Crime

Financial crime is a pervasive issue that requires a collective, centralised approach to intelligence gathering. That's why we have created the Anti-Financial Crime (AFC) Ecosystem, a network of experts who work together to share knowledge and develop strategies for combating financial crime.

If you are an AFC expert, we invite you to join our efforts and help us grow the AFC Ecosystem. And if you know any other AFC experts, please refer them to us so we can continue to expand and strengthen our network. Together, we can make a real difference in the fight against financial crime.