Merchant Fraud Journal

The Growing Concern of Account Takeover and Identity Theft

geralt / Pixabay

Editor’s Note: This post was contributed by David Lukić at ID Strong.

We live in an age where almost everything is done digitally, or at least can be. From video conferences to online banking, things that involved a meeting in person years ago can now take place over an internet connection, and though this is fantastic for most of our lifestyles, it is also an opportunity for people who are less than honest to exploit the situation. 

Both account takeover and identity theft are unfortunately rife, and in this guide we’re looking at some account takeover statistics and analysis, plus we’re looking into the reasons why you should be cautious in this digital age.

What is account takeover and how does it happen?

An account takeover is when somebody manages to gain access to an account that you have with a website, payment platform or even a bank. By stealing the information you would use as your login details and even getting information used as password reset prompts (mother’s maiden name, for example) then they might be able to breach any number of accounts.

Access to e-commerce accounts, Paypal accounts and bank accounts are all fairly common, and this type of account takeover can lead to hefty bills.

You might think that these kinds of crimes will be easy to track down, as they often require some sort of delivery address, or bank details if they are going to transfer themselves your money. However, in the modern age, there are a number of ways people can even mask this; converting money to bitcoin, ordering checkbooks and making checks out to cash, and even buying expensive items and having them sent to pick up locations rather than risk giving up their own address. People who are involved in account takeovers are pros, they know what they are doing and often make a lot of money before they are caught.

One of the scariest things about account takeover is that it can be done by people who have accessed your details by hacking your own private information, or who have hacked into the servers of online businesses such as ecommerce platforms in order to steal their customer details. You might be a victim even if you have done nothing wrong and followed all of the advice on protecting your accounts.

What is identity theft and how does it happen?

Identity theft is when someone uses your personal details to pose as you. A lot of us have an incorrect image of this from the movies, thinking of people using fake passports, for example. It is much more likely that identity theft will come in the form of someone taking your details for their own personal gain. For example, they can get lending in your name, take out credit cards or even get phone contracts. The schemes are quite sophisticated and identity theft can be equally financially damaging.

Identity theft often comes in the form of people stealing your information from social media or other online platforms you have signed up to and given personal details. In some cases, leaks can come from websites and companies who store details on file, and this can cause uproar. Some of the scariest identity theft statistics involve the data breaches we are seeing regularly. Did you know that over the last decade, over 300 data breaches have taken place which involve the theft of 100,000 or more records?

The differences between account takeover and identity theft

An account takeover is often a targeted attack on one person’s details, allowing a fraudster to get into their account such as an online banking platform. An account takeover involves stealing passwords or resetting passwords and accessing an account before sending money or buying products, for example.

Identity theft is different, fraudsters are still posing as the person but sometimes not through their existing accounts. Instead, they are using your details in order to make new accounts and take out new lending. Car leases, cell phone contracts and even credit cards can be obtained in this way, with the victim of the fraud potentially even being liable for the financial losses attached.

The growing concern of account takeover and identity theft

Figures and identity theft statistics suggest that account takeover and identity theft forms of crime are here to stay for the long term. People are gaining more accounts all of the time, new apps and new websites launch and you may part with your details, thinking nothing of it. However, every time there is a new opportunity for fraudsters.

Because of the fact that people can steal details directly from you, or take them from the companies you are linked to via your account, you can get hit from either angle. You can be incredibly cautious but there is still always some risk.

The rise of cryptocurrencies, along with more intelligent ways to hide the money, and the dark web, means that people who are committing these crimes can also hide from authorities with more ease. This leads more and more people into these criminal activities, and every person provides a potential new threat. 

The future of account takeovers and identity thefts – is the problem here to stay?

Unfortunately, the suggestion is that these forms of online fraud are not going anywhere quickly as we still don’t have all the effective tools needed to stop people from benefiting from it. There are fraudsters making money out of stealing identities and taking over accounts. What’s more, some of the laws in America regarding identity theft across states can get confusing, and make it tough to bring people to justice. 

Some databases online contain millions of peoples’ details and if one of these is breached, we could see some huge issues regarding identity theft and account takeovers.

We are getting slightly better as a population when it comes to keeping things private, and there are some examples of technological advancements to help with this, so the problem may eventually be beaten, but for now, it is something that everyone needs to consider and mitigate for as it can be a real issue for all of us. Even if you assume your identity and accounts are safe, there is the chance for a hacker or fraudster to take advantage.

How to prevent Data Breach

There are a few things you can do in order to try and stop your data being used. You should always be proactive when it comes to protecting your data and your personal information, but there is only so much you can do.

We recommend that you always enable two-factor identification when you get the option on new accounts, and sometimes you can even use your fingerprint to allow for a unique login to you. On top of this, change passwords regularly, and an auto-generated password is usually a lot better than something you have chosen. Don’t use the same password for everything, and always make sure your password is strong. Don’t put lots of information on social media that could be used to steal your identity. Some people don’t think a lot about how their data could be used, but it is definitely time to start considering this.

In some cases, prevention might be out of your hands, so monitoring might be the best option so that you can quickly take action if anything does happen to your details. Identity monitoring services are designed to protect you in this way and alert you of the use of your details in scenarios where you have not authorized it or created a new account. These sorts of services can save you time, money and hassle in the long run.

Hopefully in time, we will reach the stage where this kind of crime is virtually non-existent, but at the moment it is definitely not that time yet. Sadly, the identity theft statistics out there point to growth as virtual crimes like these overtake physical thefts in the world. You should always be wary and take precautions to try and put yourself in the best position, and act quickly should the worst happen to you. Identity theft doesn’t have to change your life if you act quickly. 


David Lukić is an information privacy, security and compliance consultant at idstrong.com. The passion to make cyber security accessible and interesting has led David to share all the knowledge he has.

Exit mobile version